New WD My Passport for Mac - questions!

I think you covered everything, and you described essentially what I would do. Some comments:

• I'm not 100% certain about the Stickies database since I haven't used it in a long time, but as I recall it can be found in ~/Library and can be copied as you describe.
• Apple keeps making changes to iMovie. I adapt to new versions as they come along, or try to, but others prefer the older versions. I believe merely copying your existing iMovie program (icon) to the backup will suffice for archival purposes. In the event OS X offers to upgrade it to the newer version, it will archive the one it replaces in an appropriately named folder in Applications.
• Yes AirPort will continue to work with no additional intervention, unless your Express is a very old, 802.11b/g - only model, in which case you won't be able to use the current version of AirPort Utility to configure it. Those models were discontinued seven years ago so it's unlikely this will be a concern.

Should I take note of any specific security or user settings

No more so than you probably already have. Your Apple ID including its password is one essential requirement. If you haven't done so already, develop a method for keeping additional passwords that works for you.

The important part of all this is to create and preserve the Time Machine backup, since restoring your system from that backup is an easy way of undoing everything if you make a mistake. Unless your backup volume has an abundance of free space, make sure that Time Machine doesn't start a new backup immediately after erasing your Mac and rebuilding it. The reason is that Time Machine only guarantees one complete backup of the source volume's contents. Older backups become candidates for deletion when Time Machine requires more space to create a newer backup, but they won't be deleted until after the newer backup is complete.

The easiest way to prevent older backups from becoming deleted is to turn "off" Time Machine until you conclude your newly reconfigured Mac is working to your complete satisfaction. It's also a good reason to maintain more than one backup.

mach_kernel being visible was an anomaly that I thought Apple addressed with a subsequent update. Don't erase it, but if you want to make it invisible that's easily accomplished with the following:

Open Terminal - it's in your Mac's Utilities folder.

Copy and paste the following in the Terminal window, followed by the Return key:

sudo chflags hidden /mach_kernel

It will ask for your password. Type it and press Return. What you type will not be echoed, not even with ••••••• characters. That will make mach_kernel invisible, as it should be.

Quit Terminal when you're finished with it.

Should I be shutting off my Wifi and/or whole MacBook at night?

It's not necessary to do either one. Macs are designed to be ignored when you're not using them. They literally work best when treated with benign neglect. If you're not using it, just walk away. Close the lid if you feel like it. OS X's default energy saver settings will result in negligible power consumption in sleep mode.

-- is there a specific way I should now set up Time Machine or just plug it in when I'm ready to back it up?

Not really, once you format a Time Machine disk using Disk Utility, it's best to leave Time Machine alone to work as designed. If the disk is unplugged or not available, Time Machine will create "local snapshots" using your MacBook's internal storage that are written to the Time Machine backup disk when it becomes available. If local storage requirements for them becomes excessive, it stops doing that. If a long period of time passes without your Mac being backed up (ten days, I believe) Time Machine will tell you. The same happens if the Time Machine backup device runs out of space.

It's another manifestation of Apple's benign neglect philosophy. Just plug in the Time Machine backup disk when you are ready to back up, when it's convenient for you.

About the only thing you can do to improve upon Time Machine is to have two or more redundant backup drives. Time Machine will back up to as many backup devices as you have, in sequence. If one device is not available, it looks for the next one, etc. It does that every hour, as long as the MacBook's power adapter is connected.

On the Time Machine backup, you will find a folder named backups.backupdb. That folder will contain other folders named for the Macs being backed up. If you find one for your old MacBook that you are certain you no longer need, yes you can drag it to the Trash.

Don't delete any of the backups contained within the folder designated for the new MacBook. You can do that, but besides being time-consuming it's not recommended nor is it necessary.

Time Machine will never delete anything that exists on the source volume, but when you delete a file from the source, its backup becomes a candidate for deletion. Time Machine does that when it requires the space.

I don't use Chrome or any Google products for that matter, and do not advocate their use for many reasons, privacy among them. Chrome will infect a Mac in the exact same manner as a virus, if such a thing were to exist on a Mac — which it doesn't.

ls15 wrote:

As for "Chrome will infect a Mac in the exact same manner as a virus"

I can't imagine what John could possibly mean by that, and can only thinking he's overstating his case due to anti-Google bias. Many people do not like Google, and by association Chrome, because of Google's strong ties with information gathering and advertising. There is certainly reason to be cautious, but Chrome is not anything like a virus, and the fact is that millions of people use Google products every day with no issues at all. Google's "evil" is greatly over-rated, though I wouldn't recommend giving them your full trust either.

So I should just plug in my backup and use it like I used to?

Yes.

What email service would you recommend?

I wish I knew of a "free" one to recommend, but after using a number of them that are either no longer free, became too inconvenient, or have other strings attached (like Gmail) I use Apple's iCloud, and my own OS X server. The latter is strictly for personal and business use. iCloud is free for Mac users.

At one time I had a paid email service provider. They migrated to Google's servers. I no longer have a paid email service provider.

Do you use Safari?

Yes, as well as Firefox on occasion, for troubleshooting purposes.

Besides its overall system burden, Google Chrome litters a Mac with a plethora of "helpers" and agents including a process that automatically updates Google's components in the background. Chrome was developed and exists for the sole purpose of uploading personal information to Google for reasons both known and unknown. Whereas a "virus" clearly implies malicious intent, it's up to the user to decide what's malicious and what isn't.

Harvesting one's personal information for the purposes of selling it to anyone – a client list that can include businesses big and small, public or private law enforcement agencies, governments, quasi-governments, organized or disorganized criminal enterprises, future former spouses and their attorneys, medical and other insurance companies – with no limits imposed upon who's qualified to see it and who isn't, other than what Google decides, is malicious... in my opinion. Others are entitled to theirs.

ls15 wrote:

If I delete Chrome from my system, will it leave a lot of stuff hanging around? What a shame since I just wiped clean everything.

Not a lot, no. There are removal instructions here:

https://support.google.com/chrome/answer/95319?hl=en

You will also want to delete the following file:

~/Library/LaunchAgents/com.google.keystone.agent.plist

Although, this really doesn't do anything anymore if you remove the items at Google's link, but still, it should be removed if you're removing Chrome.

How can I most safely and securely browse Safari without worrying about plug-ins and anything like that (other than obvious link-clicking... I mean stuff in the preferences).

First and foremost, don't install any Safari extensions except for at most a few carefully-chosen ones.

Second, don't install Java on your computer, and if you do need Java, don't enable it in Safari.

Third, don't install Adobe Flash Player on your computer. Ironically, Chrome can help you with this, as it includes a version of Flash that only works within Chrome, within an additional security sandbox. I use Safari as my primary browser, but on those rare occasions that I need to view some Flash content, I fire up Chrome and use it for that purpose.

Bear in mind Gmail has its own problems, besides the obvious privacy concerns it uses a highly nonstandard version of IMAP that Apple had to specifically address in their Mail client. At one time Gmail was convenient; I can no longer say that.

As far as I know Chrome's removal instructions are adequate.

How can I most safely and securely browse Safari ...

Use the same commonsense precautions that would apply to any Internet activity, the most essential of which involves not succumbing to common scams that seek to deceive you into revealing personal information or installing garbage software you do not want or need. Those practices aren't limited to Safari, or even Internet browsing in general. The most prevalent scam at the moment is broadly described in this User Tip: How to install adware.

Additional information follows the horizontal rule below.

Mac users don't have to fear that their computers are constantly at risk of being infected by some malevolent code designed to harvest personal information or corrupt their data, however, there are plenty of common scams that seek to deceive them into doing essentially that. Those scams are social exploits that prey upon human frailties, not technologically sophisticated hacks. Sadly, they are also very common. They often appear in the guise of something you need to do with great urgency, or "for your protection". Regard dubious claims like that with judicious skepticism.

At the other end of the personal information-harvesting spectrum are highbrow implementations of exactly the same idea, Google being the most prominent example. It's not as though they try to hide that fact.

OS X Server is here: http://www.apple.com/osx/server/. It will set you back $20. Some assembly required though...

There will always be threats to your information security associated with using any Internet - connected communications tool:

1. You can mitigate those threats by following commonsense practices
2. Delegating that responsibility to software is an ineffective defense
3. Assuming that any product will protect you from those threats is a hazardous attitude that is likely to result in neglecting point #1 above.

OS X already includes everything it needs to protect itself from viruses and malware. Keep it that way with software updates from Apple.

A much better question is "how should I protect my Mac":

• Never install any product that claims to "clean up", "speed up", "optimize", "boost" or "accelerate" your Mac; to "wash" it, "tune" it, or to make it "shiny". Those claims are absurd.

  Such products are very aggressively marketed. They are all scams.

• Never install pirated or "cracked" software, software obtained from dubious websites, or other questionable sources.
  • Illegally obtained software is almost certain to contain malware.
  • "Questionable sources" include but are not limited to spontaneously appearing web pages or popups, download hosting sites such as C net dot com, Softonic dot com, Soft pedia dot com, Download dot com, Mac Update dot com, or any other site whose revenue is primarily derived from junk product advertisements.
  • If you need to install software that isn't available from the Mac App Store, obtain it only from legitimate sources authorized by the software's developer.
• Don’t supply your password in response to a popup window requesting it, unless you know what it is and the reason your credentials are required.
• Don’t open email attachments from email addresses that you do not recognize, or click links contained in an email:
  • Most of these are scams that direct you to fraudulent sites that attempt to convince you to disclose personal information.
  • Such "phishing" attempts are the 21st century equivalent of a social exploit that has existed since the dawn of civilization. Don’t fall for it.
  • Apple will never ask you to reveal personal information in an email. If you receive an unexpected email from Apple saying your account will be closed unless you take immediate action, just ignore it. If your iCloud, iTunes, or App Store account becomes disabled for valid reasons, you will know when you try to buy something or log in to this support site, and are unable to.
• Don’t install browser extensions unless you understand their purpose:

  Go to the Safari menu > Preferences > Extensions. If you see any extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone.

• Don’t install Java unless you are certain that you need it:
  • Java, a non-Apple product, is a potential vector for malware. If you are required to use Java, be mindful of that possibility.
  • Java can be disabled in System Preferences.
  • Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.
  • The same precaution applies to Adobe Flash Player. Newly discovered Flash vulnerabilities appear almost weekly.
• Beware spontaneous popups: Safari menu > Preferences > Security > check "Block popup windows".
  • Popup windows are useful and required for some websites, but unsolicited popups are commonly used to deceive people into installing unwanted software they would never intentionally install.
  • Popups themselves cannot infect your Mac, but many contain resource-hungry code that will slow down Internet browsing.
  • If you ever receive a popup window indicating that your Mac is infected with some ick or that you won some prize, it is 100% fraudulent. Ignore it.
  • The same goes for a spontaneously appearing dialog insisting that you upgrade your video player right this instant. Such popups are frequently associated with sites that promise to deliver "free" movies or other copyrighted content that is not normally "free".
  • The more insistent it is that you upgrade or install something, the more likely it is to be a scam. Close the window or tab and forget it.
• Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them:
  • The most serious threat to your data security is phishing. Most of these attempts are pathetic and are easily recognized, but that hasn't stopped prominent public figures from recently succumbing to this age-old scam.
  • OS X viruses do not exist, but intentionally malicious or poorly written code, created by either nefarious or inept individuals, is nothing new.
  • Never install something without first knowing what it is, what it does, how it works, and how to get rid of it when you don’t want it any more.
  • If you elect to use "anti-virus" software, familiarize yourself with its limitations and potential to cause adverse effects, and apply the principle immediately preceding this one.
  • Most such utilities will only slow down and destabilize your Mac while they look for viruses that do not exist, conveying no benefit whatsoever - other than to make you "feel good" about security, when you should actually be exercising sound judgment, derived from accurate knowledge, based on verifiable facts.
• Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.

Summary: Use common sense and caution when you use your Mac, just like you would in any social context. There is no product, utility, or magic talisman that can protect you from all the evils of mankind.