Avoid common security
mistakes on your Macs
Pareto Security's Auditor makes sure your Mac devices are correctly configured for security.
Avoid easily preventable security misconfigurations on your Macs
Auditor is a menu bar app that regularly checks your Mac's native security settings. It helps you take care of 20% of security tasks that prevent 80% of problems.
Pareto Security helped me to detect 3 security leaks and decided me to enable FileVault. Lightweight, discreet and efficient. Top feature: automatic checks.
How Pareto Auditor keeps you safe
Here are a few completely scenarios that can happen if you have your Mac's security misconfigured.
Mike forgot to enable FileVault disk encryption after OS reinstall, then someone stole his MacBook, and now they have all of his photos, documents, and business files.
Suzie turned off the Firewall to debug a router, did not remember to turn it back on, and accidentally exposed her local webserver to the entire Starbucks network.
James lent his MacBook to mom for a weekend, forgot he enabled automatic login for her convenience, then found his son playing on his company's Slack.
Paul needed to turn off Gatekeeper to install an app he found on the Internet, then failed to turn it back on again, and his Mac got infected with malware.
Marie did not set auto-updating of apps and got hacked because she was not running a recent app version with the security patch applied.
Mia used her MacBook for a presentation, disabled automatic screen locking, forgot to re-enable it, only to find coworkers having fun with her Facebook.
The simplest security is the most important
23 Security Checks
- Aimed at regular users, not security geeks.
- Running automagically in the background. Snoozable.
Transparent & Private
- Open-sourced. Runs locally on your device.
What does the Auditor app check?
Pareto Security app follows Center for Internet Security benchmark
The app currently verifies 23 out of 73 checks quoted as automated. More are coming soon.
Install Updates, Patches and Additional Security Software (6)
- Verify all Apple-provided software is current
- Enable Auto Update
- Enable Download new updates when available
- Enable app update installs
- Enable system data files and security updates install
- Enable macOS update installs
- Turn off Bluetooth, if no paired devices exist
- Show Bluetooth status in menu bar
Date & Time (2)
- Enable "Set time and date automatically"
- Ensure time set is within appropriate limits
Desktop & Screen Saver (2)
- Set an inactivity interval of 20 minutes or less for the screen saver"
- Secure screen saver cornerss
- Disable Remote Apple Events
- Disable Internet Sharing
- Disable Screen Sharing
- Disable Printer Sharing
- Disable Remote Login
- Disable DVD or CD Sharing
- Disable Bluetooth Sharing
- Disable File Sharing
- Disable Remote Management
- Disable Content Caching
- Disable Media Sharing
- Ensure AirDrop Is Disabled
Security & Privacy (7)
- Enable FileVault
- Enable Gatekeeper
- Enable Firewall
- Enable Firewall Stealth Mode
- Enable Location Services
- Disable sending diagnostic and usage data to Apple
- Limit Ad tracking and personalized Ads
Time Machine (6)
- Time Machine Auto-Backup
- Time Machine Volumes Are Encrypted
- Disable Wake for network access
- Disable Power Nap
- Enable Secure Keyboard Entry in terminal.app
- Ensure EFI version is valid and being regularly checked
Logging and Auditing (5)
- Enable security auditing
- Retain install.log for 365 or more days with no maximum size
- Ensure security auditing retention
- Control access to audit records
- Ensure Firewall is configured to log
Network Configurations (4)
- Disable Bonjour advertising service
- Enable "Show Wi-Fi status in menu bar"
- Ensure http server is not running
- Ensure nfs server is not running
System Access, Authentication and Authorization (4)
- Secure Home Folders
- Check System Wide Applications for appropriate permissions
- Check System folder for world writable files
- Check Library folder for world writable files
Password Management (16)
- Configure account lockout threshold
- Reduce the sudo timeout period
- Automatically lock the login keychain for inactivity
- Use a separate timestamp for each user/tty combo
- Ensure login keychain is locked when the computer sleeps
- Do not enable the "root" account
- Disable automatic login
- Require a password to wake the computer from sleep or screen saver
- Ensure system is set to hibernatet
- Require an administrator password to access system-wide preferences
- Ensure an administrator account cannot login to another user's active and locked session
- Do not enter a password-related hint
- Disable Fast User Switching
- System Integrity Protection status
- Enable Sealed System Volume (SSV)
- Enable Library Validation
User Accounts and Environment (7)
- Display login window as name and password
- Disable "Show password hints"
- Disable guest account login
- Disable "Allow guests to connect to shared folders"
- Remove Guest home folder
- Turn on filename extensions
- Disable the automatic run of safe files in Safari
A few months after I bought my new Air, I was checking some settings, and I noticed with horror that FileVault was turned off. When I started thinking of all the travel I did and where I left my Mac, I broke out in cold sweat. I have important company documents on my computer that would be easily accessible if anyone got their hands on it.
So I was telling this story to my coworker, and we were musing at my carelessness. Then I asked him to check his computer with our app, then in just the alpha version. And, lo and behold, his FileVault was also disabled. He couldn't believe it. Same as me, he was 100% sure he had it turned on.
Macs have great security out-of-box. But it's not worth anything if it's not turned on. Pareto Auditor makes sure it is.
Pareto Security is focused on privacy and transparency.
The device owner keeps full control over the device and the app. Only the following data sent is to Pareto Security servers every eight hours:
- The passed, failed, and disabled checks
- Unique device ID & device name
- macOS and app version
- Date and time of last check
All Pareto Security apps are open source.