globe showing Americas Diese Seite auf Deutsch anzeigen

System protection on macOS

To ensure that your Mac is as secure against external threats as possible, please be advised about the following recommendations.

If your Mac is managed by an IT administration group, some or all of these recommendations may have been enforced on your computer already.

Keep the system up to date

The most recent versions of Apple operating systems are the most secure, because they contain the latest security patches. Always install macOS software updates as soon as possible.

It is strongly recommended that you enable the automatic check, download and installation of all updates. To do this, open System Settings, go to GeneralSoftware Update, click on the (i) symbol next to Automatic Updates, and enable all options. This ensures that the security updates and XProtect definitions (see below) are kept up to date.

Note that in older versions of macOS, you go to System Preferences, Software Update, click on the Advanced button, and check all the boxes. But please upgrade to the newest macOS if possible!

See also: Apple-Sicherheitsupdates

 


System Integrity Protection (SIP)

This prevents the system volume from being altered, providing a high level of protection. It is enabled by default. Some legacy third party applications may ask you to set SIP to a lower setting. We strongly recommend against this.

It should not be necessary, but if you want to check the status of SIP, enter the following Terminal command: csrutil status.

Gatekeeper

This checks the integrity of applications after they have been downloaded from the internet. It is enabled by default, and cannot normally be disabled from within System Settings. Gatekeeper prevents opening apps that cannot be verified.

To check that Gatekeeper is enabled, open System Settings, go to Privacy & Security, scroll down to the Security section, and check that the setting “Allow applications downloaded from” is set to either “App Store” or “App Store and identified developers”. These should be the only options available.

Although it is possible to disable Gatekeeper completely via a Terminal command (with admin rights), we strongly recommend against this. If you see an additional option that says “Anywhere”, then Gatekeeper has been disabled and should be re-enabled to a minimum level of "App Store and identified developers".

Gatekeeper protections may also be bypassed by opening an newly downloaded application or installer while pressing the Ctrl key. We strongly recommend against this unless you are absolutely sure of the origin of the software.

For full information about Gatekeeper, see: Gatekeeper und Laufzeitsicherheit in macOS

XProtect

XProtect is a set of tools that act to remediate malware that has managed to successfully execute. XProtect is enabled by default and cannot be removed or disabled. Updates happen automatically on a daily basis.

For more information about XProtect, see: Protecting against malware in macOS

Optional: Checking the status of on-board security features

Since the Mac security features are all enabled and kept up to date by default, there is no built-in application to view their status, and you should not need to check. However, for advanced users and for troubleshooting, we can recommend the application SilentKnight by Howard Oakley, which provides a useful summary of checks that the onboard security frameworks and software update mechanisms are functioning and updated. It compares the versions of security tools such as XProtect (and it's included Malware Removal Tool (MRT)) and Gatekeeper against an online database of expected current versions. It also provides a list of recent system updates.