There is some seriously folkloric jibber-jabber in here. For instance, you do not need to wait until after installation to enable FileVault because "there is more entropy available to the system". Nor can you test the security of a CSPRNG by running "ent" on it!<p>In the same vein: <i>don't</i> run out and sign up for a commercial OpenVPN hosting service, and for Christ's sake don't install AV software on your Mac.<p>I kind of love how this is like 19 pages of rubber chicken "defaults write" commands, followed by advice to use Transmission to torrent videos to watch in VLC.
<i>>a modern Apple Macintosh computer ("MacBook")</i><p>I don’t get this. Does the author think Apple only makes laptops now? Don't the iMac and Mac Mini qualify as modern?
Ridiculous guide.<p>> Care should be taken when installing new software. Always prefer free and open source software (which macOS is not)<p>“Free” doesn’t have anything g to do with security and there are plenty of profound security flaws with all software — open source doesn’t make it inherently more safe.<p>One of the most serious security issues of the past few years came from OpenSSL/Heartbleed. Equifax was from unpatched Apache Struts — while the cause was negligence on the part of Equifax, happened due to a vulnerability in open source software. I am definitely not arguing that closed source is more secure, but I am arguing that open and closed source can have significant vulnerabilities. One is not inherently safer than another; it depends on how it is used. Apache Struts has a significant vulnerability before it was patched — which means that it was unsafe at some point. How many years was OpenSSL vulnerable before the exploit was discovered? Closed source certainly doesn’t fare much better, however implying that open source is always safer is just incorrect. I use “always” here because the author said to “always” prefer free and open source over closed source. His qualifier, not mine. Always is a very strong word. Many open source projects are often at the level of a hobby, with part time, occasionally unprofessional management and processes. Of course many closed source software also has unprofessional management and processes as well. I am simply disputing the implication that open source is always better: it’s not. Often and perhaps generally, but not always. I would trust Apple closed source more than some rubygem created and maintained by a single developer as a side project, with dependencies created by other hobbyists as a side project. A rubygem, for example, is dependent on the security competency of the weakest dependency. Often the projects are well secured — but definitely not always.<p>I am a big supporter of open source, but arguing that open source is always more secure is just factually incorrect. And the “free” aspect is a political benefit, not a security one.<p>The author also has a clear lack of understanding of how FileVault works as an example, which calls into question any other recommendations made in this guide.
I have been running Linux for some months now on my workplace MPB ever since the whole root with empty password fiasco. I don't trust macOS in any manner no matter how many fixes you try and apply to it, for some reason I feel like I simply can't trust macOS security wise for my part.<p>Only darn problem is I can't get my speakers working so I use Bluetooth headphones, but for a workmachine it's fine.
Goodness, I'm floored. There's an absolutely incredible amount of insight in that document. I can only imagine how many years of collective experiences and digging have resulted in this compilation.