We live in a world where criminals no longer need to rob banks or mug people. They can make far more money with far less risk by stealing information and infiltrating computer systems. And that makes your computer and mobile devices the frontline for securing your personal information.
For many years, Apple touted its superior security credentials, even making it the subject of one of its famous ‘I’m a Mac, I’m a PC” ads.
But today’s world is very different to 2006. [Note – has it really been 17 years since those ads came out?]
Viruses and spyware are no longer the big threat. Ransomware and stolen passwords are far bigger problems. And Macs are not immune.
That brings us to where we’re today. Mac users need to think seriously about security. While there are many things you can do to secure your online experience – using strong unique passwords for every site as well as multi-factor authentication makes a huge difference – I want to focus on three things: Apple’s Private Relay, Virtual Private Networks (VPNs) and endpoint protections software (we use to call this antivirus).
Private Relay
| What is it? | Private Relay is a tool that Apple provides as part of any paid iCloud subscription. It protects your privacy when you’re online so no one, not even Apple, can see what you’re doing or the sites you visit. |
| What does it do? | Private Relay sends your requests through two separate, secure internet relays. The first is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay is operated by a third-party content provider that generates a temporary IP address, decrypts the name of the website you requested and connects you to the site. Private Relay only protects data your activity in Safari and insecure apps that use HTTP rather than HTTPS. |
| What doesn’t it do? | Private Relay doesn’t completely hide your location so that location specific services are not impacted. But it doesn’t log any of your activity so, even if someone asked Apple for that information, it doesn’t have it to hand over. Private Relay does not encrypt and protect all your internet traffic. |
| What does it cost? | Private Relay is included with all iCloud subscriptions. These start at $1.49 per month. |
| Where do you get it? | As part of any iCloud subscription. |
VPNs
| What is it? | A VPN, or Virtual Private Network, encrypts all the data entering and leaving your computer. When you make a request online, the data is encrypted and sent to a server which can be located anywhere in the world. That encrypted request is then sent to the intended target and the response is sent back to you via the server. |
| What does it do? | A VPN encrypts all the data entering and leaving your computer. Every application and service is covered. And, as you can choose the location of the server that is sending and receiving that traffic, it’s possible to obfuscate your location. For example, if you’re in Sydney, Australia, you could use a VPN service in Zurich so it appears your computer is in Switzerland. While many VPN providers tout their strong privacy protections, some do log activity and may hand that over to third parties. Meta was recently fined for collecting such data without users’ permission. |
| What doesn’t it do? | Any tool that encrypts and reroutes your Internet activity will have an impact on overall performance. Some VPNs have a greater impact than others. Also, it’s worth noting that when you choose. VPN provider you are putting a lot of trust in them and assessing the bona fides of VPN providers is extremely difficult. Most say they don’t log user activity but determining if such claims are true is difficult, as we learned from the recent fines issued to Meta. |
| What does it cost? | Cost can vary significantly but you can expect to pay anywhere from a couple of dollars per month, to around $100 per year. Many endpoint protection providers offer a VPN as part of their package of services. |
| Where do you get it? | There are literally hundreds of VPN providers. My suggestion is carefully look at online reviews and search for instances where the provider may have been caught out logging or sharing user data. |
Endpoint protection software
| What is it? | Endpoint protection software used to be called antivirus software. This is software that monitors activity on your computer in order to detect anomalous activity. |
| What does it do? | Endpoint software has come a long way over the years. In the past, it searched for and identified malicious software based on recognition. The software loaded a database of things to look for (called signatures) and if it found a file that matched its database, it would alert you and typically quarantine the suspicious file. Modern endpoint security software looks for anomalous activity rather than specific files. Using machine learning (some will even say they use artificial intelligence) and other techniques, the software identifies malicious activity, alerts you and tries to stop it. |
| What doesn’t it do? | Endpoint protection software doesn’t encrypt or otherwise manage any of your computers input or outputs. It causes on what’s happening on your computer. For example, if an application tries to send data out of your computer and that’s not a typical action, you should get an alert. Or if an application tries to encrypt your files, this is probably an indicator of a ransomware attack. |
| What does it cost? | Cost can vary significantly but usually involve an annual subscription so you have access to the latest features. |
| Where do you get it? | There are literally hundreds of endpoint protection software providers. Look at online reviews to find an option that fits your budget. |
What should you use?
This can be a tricky question to answer as it will depend on how you use your Mac, iPad or iPhone.
At a minimum, I would suggest using Private Relay. Its impact on performance is minimal in my experience and it works well for me as I use Safari for all my web browsing. Apple has invested heavily in increasing the privacy of the user experience and this is an easy step.
I’ve stopped using a VPN for a couple of reasons. I rarely need to hide my location and the vast majority of online services are now encrypted (that’s what the padlock next a web address in your web browser signifies). So, a VPN effectively encrypts data that is already encrypted. In addition, the performance hit can be very annoying.
Also, I avoid using public Wi-Fi. When I travel, I hotspot via my iPhone as that is less likely to be compromised in my view.
I’m of the view that endpoint protection is worthwhile. While the design of macOS does make it less vulnerable to attack than some other operating systems, it’s possible I’ll be duped by a well-crafted email or some other attack vector. Endpoint protection software minimises the risk of that happening and minimises the impact if it does get past the first line of defence.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.