From the moment I first started using MacOS X, I fell in love.  It was like my long-time favorite Macintosh <= v9 had spawned with my other love, NeXTStep, to create an exquisite underlying

The Jurassic Park scene where the girl says “This is a UNIX system! I know this!”?  That was me…

In high school, I had read a *NIX book during detention (There was a time when I just didn’t like going to class…), and I consider that experience to be one of the defining moments of my life.

UNIX System Administration HandbookQ

I had been coding sprites since I lost my first teeth, learned BASIC and was already on IRC and BBS’s, but UNIX was a gloriously complex and special thing.  We didn’t have Linux back then really, People primarily used FreeBSD and some of the other commercial distros.

I still consider myself a System V fangirl, after paying many years of dues in UNIX Technical Operations for a large managed hosting company.  That’s how I got into security, so I’m really a paranoid UNIX admin who happened upon security.

But I digress.  UNIX is awesome. And MacOS + *NIX is even awesome-r.

Mac OS X is extremely secure to begin with, with fantastic built-in features such as full-disk encryption with FileVault, a firewall, many sharing and other more risky features disabled by default, and GateKeeper for application protection.

The standard features are great for most people, but remember – I’m paranoid. Security can generally always be improved for any device, system, solution, etc.

When I install a fresh copy of MacOS X, there are certain pieces of software that I absolutely must install, and most are security tools.

I’ve compiled a list of the security software I tend to install on every Mac I use.  These vary from network firewalls to monitoring of specific IOCs (indicators of compromise).

I’m not affiliated with any of these companies (that I know of), these are just awesome tools I recommend.

You’re perfectly okay only using stock Mac OS X, as these tools are mostly monitoring tools for the truly paranoid.  E.g. The Mac OS X Firewall works perfectly fine, but there are tools that offer additional functionality. These tools may also adversely affect performance, because they are constantly watching.

In no particular order, these are my top pieces of software for protecting your Apple Mac OS X computers:





    • Binary Ninja (Paid)
      • Binary editor/viewer/reverse engineering tool. You may not need this, but it’s sometimes handy for troubleshooting.


    • Xcode (Download from the Mac App Store) (Free)
      • Apple’s code editor. Also includes many libraries you may need if you decide to install a package manager like Pip or Brew.


    • Sophos AV is a good option with NO ADS (so it’s my favorite, but go with what you like) (Free)
      • Anti-virus



    • MacKeeper (Paid)
    • and/or Clean My Mac (Paid)
      • Some people seem to not like MacKeeper, but I use it and have no issues.  I turn off all of the ‘get help from a human’ and ‘find my mac’ features, and just use it for general cleanup.



    • Little Snitch (Paid, but worth every penny)
      • If you only buy one piece of software for your Mac, let this be int. An extremely robust firewall with temporary and permanent rulesets – Coolest new feature is a map showing where connections are going to/from



  • Arq (Paid)
    • This is rsync-like functionality with a GUI that encrypts backups before you store them in the cloud. Can enforce size limits and remove dereferenced files.
  • I’ve never personally used it, but some have said that SpiderOak is another good alternative for encrypted backups and end-to-end encryption.


I’d love to hear about YOUR favorite security tools!

What do you use and why? Comment below or mention @aprilwright on Twitter