Safety. Built in.
We designed macOS with advanced technologies that work together to constantly monitor, encrypt, update — and ultimately keep your Mac safer. And with macOS Sierra, it’s easy to protect your Mac.*
The best way to keep your Mac secure is to run the latest software. When new updates are available, macOS sends you a notification. Just accept the updates with a click and they download automatically. macOS checks for new updates every day, so it’s easy to always have the latest and safest version.
Gatekeeper makes it safer to download apps by protecting you from inadvertently installing malicious software on your Mac. The safest place to download apps for your Mac is the Mac App Store. Apple reviews each app before it’s accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store. When you download software from any other place on the Internet, Gatekeeper makes that safer too. Developers can get a unique Developer ID from Apple and use it to digitally sign their apps. The Developer ID allows Gatekeeper to block apps created by malware developers and to verify that apps haven’t been tampered with. If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.
Gatekeeper gives you more control over what you install.
Gatekeeper gives you three security options. You can download and install apps from anywhere on the web. Or you can choose the safest option and download and install apps only from the Mac App Store. Or use the default option, which allows you to download apps from the Mac App Store as well as those signed with a Developer ID. If an app is unsigned, Gatekeeper blocks the app from being installed and warns you that it did not come from an identified developer. If you’re sure the app is safe, you can manually override Gatekeeper by Control-clicking the app and choosing to open it.
With FileVault 2, your data is safe and secure — even if your Mac falls into the wrong hands. FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. Initial encryption is fast and unobtrusive. It can also encrypt any removable drive, helping you secure Time Machine backups or other external drives with ease. Want to start afresh or give your Mac to someone else? FileVault 2 makes it easy to clean data off your Mac. Instant wipe removes the encryption keys from your Mac — making the data completely inaccessible — then proceeds with a thorough wipe of all data from the disk.
System Preferences contains privacy controls for location sharing and diagnostic information sharing. And Safari preferences include a privacy pane that allows you to limit or block cookies, and limit website access to location services.
The strongest passwords are long and use uppercase and lowercase characters, punctuation and numbers. Choosing a different strong password for every site can be tedious, but the Password Generator in Safari will suggest strong passwords for your online accounts.
Once you have a unique, strong password, iCloud Keychain will remember it so you don’t have to. iCloud Keychain stores your user names and passwords, and syncs them between the devices you choose — Mac, iPhone, iPad and iPod touch. When you visit a site, iCloud Keychain will fill in your login information to give you access to your online accounts, and it can also autofill your credit card information when you’re checking out online. And your information is always protected with robust, 256-bit AES encryption.
The App Sandbox in macOS helps ensure that apps do only what they’re intended to do. App sandboxing isolates apps from the critical system components of your Mac, your data and your other apps. Even if an app is compromised by malicious software, sandboxing automatically blocks it to keep your computer and your information safe. macOS delivers sandboxing protection in Safari by sandboxing the built-in PDF viewer and plug-ins such as Adobe Flash Player, Silverlight, QuickTime and Oracle Java. And macOS sandboxes apps like Mail, Messages, FaceTime, Calendar, Contacts, Photos, Notes, Reminders, Photo Booth, Quick Look previews, Game Center, Dictionary, Font Book and the Mac App Store.
The technically sophisticated runtime protections in macOS work at the very core of your Mac to help keep your system safe. Built into the processor, the XD (execute disable) feature creates a strong wall between memory used for data and memory used for executable instructions. This protects against malware that attempts to trick the Mac into treating data the same way it treats a program in order to compromise your system. Address space layout randomisation (ASLR) changes the memory locations where different parts of an app are stored. This makes it difficult for an attacker to do harm by finding and reordering parts of an app to make it do something it wasn’t intended to do. macOS brings ASLR to the memory used by the kernel at the heart of the operating system, so the same defences work at every level in your Mac.
Phishing is a form of attack in which online thieves try to acquire sensitive information such as user names, passwords and credit card details by creating fake websites that look like sites from legitimate companies — like your bank or a social networking site. The antiphishing technology in Safari can protect you from such scams by detecting these fraudulent websites. And if you try to visit a suspicious site, Safari disables the page and displays an alert warning you about its suspect nature.
Innocent-looking files downloaded over the Internet may contain dangerous malware in disguise. That’s why files you download using Safari, Mail and Messages are screened to determine if they contain applications. If they do, macOS alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And if a file contains software identified as malicious, macOS offers to move it to the Trash.
macOS and iCloud can help keep your Mac safe even when you misplace it. Sign in to iCloud.com from another computer or use the Find My iPhone app on an iPhone, iPad or iPod touch to locate your missing Mac on a map. If your Mac is offline when you try to find it, you can ask to receive an email as soon as it makes a Wi-Fi connection. You can also display a message on your Mac screen so whoever has it knows how to get it back to you. And until your Mac is back in safe hands, you can set a passcode lock remotely, suspend Apple Pay, or even initiate a remote wipe to delete your personal data and restore your Mac to its factory settings.
While no system can be 100 per cent immune from every threat, macOS lets you do even more to keep your information as safe as possible. You’ll find most of these additional security features in the Security & Privacy pane of System Preferences. Here are just a few of the things you can do:
Touch ID on the new MacBook Pro gives you a seamless way to use your fingerprint as a passcode and make purchases with Apple Pay using eligible cards on participating shopping sites. As a security safeguard, Touch ID never stores an image of your fingerprint — just a mathematical representation of it that is impossible to reverse-engineer. And the chip in your Mac also includes an advanced security architecture called the Secure Enclave. The Secure Enclave is walled off from the rest of the chip, so macOS never has access to your fingerprint data. In addition, it’s never stored on Apple servers or backed up to iCloud.