Increase Safari security and privacy in OS X

Posted: November 3, 2014

There is still a widespread believe that Apple Macs do not get viruses, Trojans, spyware and other types of malware, but this simply is not true. It is much safer to access the internet with a Mac running OS X than a Windows PC, but it is not completely safe and some types of malware target Apple users. After installing OS X Yosemite you should open Safari and fix the security and privacy issues that afflict it.

It may be surprising that Safari has problems out of the box, but the default settings simply are not the best. Start Safari by clicking the icon in the Dock at the bottom of the screen and then go to the Safari menu and select Preferences. Select the General tab.

Open with the Homepage

Safari opens with a new window and new windows and new tabs display your Favorites. It doesn’t seem to do it every time, but I have also seen recently visited websites listed too. Anyone next to you or behind you when you start Safari or open a new tab or window will be able to see your Favorites and (sometimes) recently visited websites.

Are you OK with this? Maybe you have nothing to hide, but a list of leisure websites on a work computer doesn’t look good.

A lot of people load a web browser to perform a search and setting the home page to a search engine makes it more convenient to use. Enter a URL for the Homepage, such as http://www.google.co.uk, http://www.bing.com, http://www.duckduckgo.com or whatever your favourite search engine is.

Here is a useful tip. Set the home page to Google, select the Search tab and set the search engine to Bing. When you open a new window or tab, Google is displayed and you can enter a search term on the web page. If you enter a search term in the address box at the top of the browser window, the search will be performed at Bing. You therefore have a choice of two search engines by setting the home page and Search engine on the Search tab to different ones.

Back to the General tab in Safari preferences. Set New window opens with and New tabs open with to Homepage.

Hide your history

Your web browsing history is stored for a whole year and you have to wonder whether this is really necessary. Does your Mac need to record and store every website you visit for so long? Click the item and select a shorter time period, such as one month or even just two weeks.

Hide your downloads

Safari stores a list of files you have downloaded for one day. This is actually a reasonable setting, but there are options to clear the download list when Safari quits or as soon as a download is completed. If you have never needed to check the downloads list, after all, the downloads are in the Downloads folder, then set this to Upon successful download.

Boost security and privacy

So far the security and privacy settings have been quite minor and you might find the defaults OK. What is not OK is the default option at the bottom of the General tab in Preferences to Open “safe” files after downloading. It then goes on to say that safe files are movies, pictures, sounds, PDFs, text documents and archives.

It is not a good idea to automatically open downloaded items. It is possible to create a web page that automatically downloads a file and if it is then automatically opened, then clearly it may be possible to hide malware within the download and automatically install it. Macs are not immune from malware and it surely makes sense not to automatically open downloads without your knowledge. Clear the tick on this option.

If you need to open a download, go to the Downloads folder and open it (preferably after scanning it with anti virus software).

Another privacy default that must be changed is on the Privacy tab in Safari Preferences. Tick Ask websites not to track me. Why would Apple automatically set this to allow websites to track you by default? Surely the default should be not to track you.

There is one more issue with Safari. Go to the Security tab and the first option listed is Warn when visiting a fraudulent website. This is a Google service that protects you from scams and phishing by identifying fake websites and displaying a warning message before the website is displayed. You then have the choice of navigating away from the site or proceeding to it anyway.

It is an important security service, but sometimes it fails to update. Here you can see that the service is not available and has not been updated for 16 days.

Once this error occurs, it does not seem to fix itself. The solution is quite simple though. Clear the tick to turn off the warning. Close the preferences window and quit Safari. Wait a minute, open Safari, wait a minute, go to Preferences, Security and tick Warn when visiting a fraudulent website. The error message should no longer be displayed.

Author: 
Roland Wadddilove
Tags: 
Apple apps
Browsers
How-To
Security and privacy

Comments

3
Submitted by Khurt Willaims (not verified) on Thu, 01/08/2015 - 08:22

The latest proposed draft of the Do Not Track specification requires that users must choose to turn on the anti-behavioral tracking feature in their browsers and software. Apple is adhering to the specification. "A user agent must have a default tracking preference of unset (not enabled) unless a specific tracking preference is implied by the user's decision to use that agent. For example, use of a general-purpose browser would not imply a tracking preference when invoked normally as SuperFred, but might imply a preference if invoked as SuperDoNotTrack or UltraPrivacyFred." http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining
Submitted by rwaddilove on Thu, 01/08/2015 - 10:18

<p>Just because it's the specification, it doesn't mean it is right. Surely privacy should be the default and we should choose to share stuff only if we want to.</p>
Submitted by Tommo (not verified) on Fri, 03/20/2015 - 03:27

I do not have this option in the privacy section. Is it a relatively new feature?

Add new comment

By submitting this form, you accept the Mollom privacy policy.