Q: Best Security Settings for Mac Newbie

Just make sure the firewall is on and use common sense with websites. You don't need additional software on a Mac. All it does is hinder performance.

OS X's software firewall is superfluous if you are using a Mac behind a router you control among others you trust using its same network. It's harmless but protects you from nothing.

When I used to have a windows computer I used to use 3rd security software. Do I need to purchase similar for my Mac, and if so any recommndations?

No. Make no comparison between Macs and Windows. They followed two completely separate design philosophies, and their respective evolutions have only diverged since then.

Windows PCs need constant care and pampering just to keep them operating, whereas all a Mac requires is benign neglect. If your Mac should ever do anything odd or unexpected, the very last thing you should suspect is a "virus" and the very last thing you should do is seek a magical cure-all to fix it. The first thing you should do is contact AppleCare. If and when that is no longer an option, describe the symptoms here and you will receive competent assistance.

OS X already includes everything it needs to protect itself from viruses and malware. Keep it that way with software updates from Apple. Third party "security" products generally cause problems and account for the vast majority of Mac-related complaints posted on this site.

A much better question is "how should I protect my Mac":

• Never install any product that claims to "speed up", "clean up", "optimize", or "accelerate" your Mac. Without exception, they will do the opposite.
• Never install pirated or "cracked" software, software obtained from dubious websites, or other questionable sources. Illegally obtained software is almost certain to contain malware.
• Don’t supply your password in response to a popup window requesting it, unless you know what it is and the reason your credentials are required.
• Don’t open email attachments from email addresses that you do not recognize, or click links contained in an email:
  • Most of these are scams that direct you to fraudulent sites that attempt to convince you to disclose personal information.
  • Such "phishing" attempts are the 21st century equivalent of a social exploit that has existed since the dawn of civilization. Don’t fall for it.
  • Apple will never ask you to reveal personal information in an email. If you receive an unexpected email from Apple saying your account will be closed unless you take immediate action, just ignore it. If your iTunes or App Store account becomes disabled for valid reasons, you will know when you try to buy something or log in to this support site, and are unable to.
• Don’t install browser extensions unless you understand their purpose. Go to the Safari menu > Preferences > Extensions. If you see any extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone.
• Don’t install Java unless you are certain that you need it:
  • Java, a non-Apple product, is a potential vector for malware. If you are required to use Java, be mindful of that possibility.
  • Disable Java in Safari > Preferences > Security.
  • Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.
• Block browser popups: Safari menu > Preferences > Security > and check "Block popup windows":
  • Popup windows are useful and required for some websites, but popups have devolved to become a common means to deliver targeted advertising that you probably do not want.
  • Popups themselves cannot infect your Mac, but many contain resource-hungry code that will slow down Internet browsing.
  • If you ever see a popup indicating it detected registry errors, that your Mac is infected with some ick, or that you won some prize, it is 100% fraudulent. Ignore it.
• Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them:
  • The most serious threat to your data security is phishing. To date, most of these attempts have been pathetic and are easily recognized, but that is likely to change in the future as criminals become more clever.
  • OS X viruses do not exist, but intentionally malicious or poorly written code, created by either nefarious or inept individuals, is nothing new.
  • Never install something without first knowing what it is, what it does, how it works, and how to get rid of it when you don’t want it any more.
  • If you elect to use "anti-virus" software, familiarize yourself with its limitations and potential to cause adverse effects, and apply the principle immediately preceding this one.
  • Most such utilities will only slow down and destabilize your Mac while they look for viruses that do not exist, conveying no benefit whatsoever - other than to make you "feel good" about security, when you should actually be exercising sound judgment, derived from accurate knowledge, based on verifiable facts.
• Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.

Summary: Use common sense and caution when you use your Mac, just like you would in any social context. There is no product, utility, or magic talisman that can protect you from all the evils of mankind.

Richie1965 wrote:

 

Also I should have said that I only use the laptop at home via a secure router running WPA whatever that is!

That's good. If it is not an Apple router be sure to change its default configuration password (the default is usually something simple like "admin") and to use a reasonably secure wireless network password. There have been some very successful attacks on common routers from popular manufacturers. Many run open-source firmware that can be hacked, and doing so doesn't require much in the way of specialized skills.

If you take your laptop away from your home router and use a public Wi-Fi hotspot though, that's a different story. In that case justification for using OS X's software firewall exists, to hinder attempts to access your Mac from untrusted others using the same network. Just be aware that any information sent via unencrypted wireless networks can still be intercepted fairly easily regardless of OS X's firewall settings.

The very term "firewall" is unfortunately misleading. There is no fire and there is no wall, and its purpose is frequently misunderstood to be something it's not. Whoever came up with the term as it applies to computers probably regrets it, or should.

"Phishing" scams targeting your Apple ID and password are very prevalent and are becoming more successful. Read this post for a recent example with screenshots: I received an email from appleid@id.apple.com requesting that I verify my Apple ID and password.  Is it legitmate?

It's easy to understand how someone can fall victim to such techniques. Similar scams targeting PayPal accounts are equally prevalent. There is no defense against them other than your own common sense, which is the reason for the recommendations above.

Best is WPA2/AES, if it's available.

Software from an untrustworthy source

• Software of any kind is distributed via BitTorrent or Usenet.
• Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website.
• Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
• The software is advertised by means of spam or intrusive web popups.

Software that is plainly illegal or does something illegal

• Software that you would otherwise have to pay for is "cracked" or "free."
• An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.

Conditional or unsolicited offers from strangers

Unexpected events

♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe

There is absolutely NO HARM in running an on demand AV scanner, such as VirusBarrier Express (available free from the App Store.) It will not make any system modifications, uses very little CPU while it's running a scan and is highly rated at detecting KNOWN malware. And for an OS which may no longer be supported by Apple, as 10.6 may be, it may make very good sense to run a full entry point scanner like Sophos Home (free), if it doesn't upset your system in any way. If it does, then it now has an uninstaller, and can easily be removed. It may not catch everything, but where an OS may no longer be supported, including for XProtect--10.6 XProtect still is, it may make very good sense.

Although I don't use any other AV (I used to run ClamXav once in a blue moon--no longer, since its definitions are not being kept up to date), but I do occasionally run VBE to check something in particular, or very rarely, to run a full scan.

However, even if it finds nothing, that does not mean it hasn't missed something for which it has not yet been updated. And I don't allow it to lull me into complacency. It's just another tool, if used properly and appropriately.

There is no one thing to rely on, including best browsing and download practices, for full protection.