3rd Party Mac OS Security Tools¶
Last Update: Jan 09, 2022
Mac OS X is a popular technology choice among security professionals, offering excellent flexibility due to its strong BSD roots and the power of it’s GUI tools.
One area where Mac OS still lags a little is in terms of security, an area where Microsoft Windows has improved greatly in recent years.
There are some great 3rd party applications that anyone keenly interested in security should consider when looking to increase the posture of their Mac OS device. As a caveat it’s worth noting that installing any additional tool potentially introduces an additional vector of attack so bear that in mind when using these tools. I won’t be looking at the potential issues these applications bring with them, but rather focusing on what strengths they bring to the table…
Little Snitch¶
Mac OS comes bundles with a firewall capable of blocking inbound connections. It can also be used to prevent outbound connections, but that’s not something supported from the interface and involves a little more tinkering. The strength of Little Snitch is not just that it’s able to block outbound connections, but also that it’s able to track which application that connection request is coming from.
blockblock¶
Patrick Wardle gave some excellent talks at BlackHat and Defcon surrounding Malware, and one of the tools he wrote to help prevent these attacks is Blockblock. It’s designed to alert you when something on your system attempts to gain persistence; a typical goal of malware.
suidguard¶
SUIDGuard is designed to protect SUID/SGID binaries on your system, as well as prevent dynamic library loading attacks when used against those binaries.
Know of any others? Drop me a mail and I’ll add ‘em to this list.