Before we jump into secure Linux distribution and what options you have to make your computer really secure, let's cover off MacOS.
Firstly, I recommend to start with a fresh copy of your OS. Even though this step is optional for you, I strongly recommend you to do so.
Boot into Recovery Mode
Hold command + R when you boot up your Mac
Now go to Utilities —> Firmware Password and set a Password
Next format your boot drive and install MacOS
Now boot up your Mac and create an administrator account.
Use a really strong password, perhaps even a passphrase (a sentence with multiple words and a number and special character) for example
Now create a User account with unprivileged (non-administration) power for day to day usage.
Next System Preferences —> Security & Privacy —> General and set Require password after sleep to Immediately
Set also Allow apps from to App Store and identified developers
System Preferences —> Security & Privacy —> Firewall and turn it ON
—> Firewall Options
Check Block all incoming connections
System Preferences —> Security & Privacy —> Privacy —> Location
Uncheck Enable Location Services
System Preferences —> Security & Privacy —> Analytics
Uncheck Share Mac Analytics
System Preferences —> Sharing
Turn OFF every service
System preferences —> Spotlight — Search Results
Uncheck Spotlight Suggestions and allow Spotlight Suggestions Look up
System Preferences —> General
Uncheck Allow Handoff between Mac and iCloud devices
System Preferences —> Bluetooth
Turn it OFF (you can turn it on whenever you use a Bluetooth devices I recommend switching it off during the time when no device is connected)
System Preferences —> Security & Privacy —> FileVault
Turn it ON
Finder —> Preferences — Advanced
Check Show file name extension
Disable Captive Portal (you can use your browser to archive the same) & Crash report
Start the terminal
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool false sudo defaults write com.apple.CrashReporter DialogType none Also secure your FileVault on sleep sudo sh -c 'pmset -a destroyfvkeyonstandby 1; pmset -a hibernatemode 25; pmset -a powernap 0; pmset -a standby 0; pmset -a standbydelay 0; pmset -a autopoweroff 0'
LuLu is a great open-source outbound firewall, consider using it or
Little Snitch what is sadly not open-source but does have great features.
Now reboot your Mac and log in with the user account (not the administrator).
System Preferences > Security & Privacy > Privacy > Contacts/Calendars/Reminders/Photos
Remove any app that you don’t want to have access to those folders
System Preferences > Security & Privacy > Privacy > Camera/Microphone
Remove any app you don’t actually use the camera or microphone with
System Preferences > Security & Privacy > Privacy > Full Disk Access
Remove any app you don’t need to have full-disk access
System Preferences > Security & Privacy > Privacy > Advertising
Check Limit Ad Tracking and reset your Advertising identifier (same as on iOS)
You know I am always recommending to use your own DNS servers
System Preferences > Network > Advanced > DNS
Use any of our recommended list
The Privacy Cookbook - Chapter 2 – Protecting your DNS
You can also install AdGuard which we also always recommend as a better Firewall/DNS option
Next, just as always, do not use the pre-installed browser. We recommend Firefox with the following setup and tweaks:
Privacy Cookbook - Chapter 3.4 - Browser Security
Open the terminal and type
sudo nano /etc/hosts
Use any of this blocklists
Make sure to have MacOS and all software installed updated at all times.
A safe and secure OS is only as secure as the latest treats being patched ;)
Also encrypt sensitive data and don't use the iCloud!
Make your backups locally and don't upload your pictures to the cloud. It might be handy, but it is not secure!
In the next few chapters we will focus on Linux and different Linux distributions & setups. See you soon!