Pareto Auditor

Avoid common security
mistakes on your Macs

Pareto Security's Auditor makes sure your Mac devices are correctly configured for security.

Avoid easily preventable security misconfigurations on your Macs

Auditor is a menu bar app that regularly checks your Mac's native security settings. It helps you take care of 20% of security tasks that prevent 80% of problems.

See the Security Checks

Pareto Security helped me to detect 3 security leaks and decided me to enable FileVault. Lightweight, discreet and efficient. Top feature: automatic checks.

Guillaume Droulez

Mobile Developer

Why use Pareto Auditor?

How Pareto Auditor keeps you safe

Here are a few completely scenarios that can happen if you have your Mac's security misconfigured.

😱

Mike forgot to enable FileVault disk encryption after OS reinstall, then someone stole his MacBook, and now they have all of his photos, documents, and business files.

😨

Suzie turned off the Firewall to debug a router, did not remember to turn it back on, and accidentally exposed her local webserver to the entire Starbucks network.

😦

James lent his MacBook to mom for a weekend, forgot he enabled automatic login for her convenience, then found his son playing on his company's Slack.

😫

Paul needed to turn off Gatekeeper to install an app he found on the Internet, then failed to turn it back on again, and his Mac got infected with malware.

😞

Marie did not set auto-updating of apps and got hacked because she was not running a recent app version with the security patch applied.

😠

Mia used her MacBook for a presentation, disabled automatic screen locking, forgot to re-enable it, only to find coworkers having fun with her Facebook.

The simplest security is the most important

24 Security Checks: Aimed at regular users, not security geeks.
Zero Hassle: Running automagically in the background. Snoozable.
Transparent & Private: Open-sourced. Runs locally on your device.

What does the Auditor app check?

Pareto Security app follows Center for Internet Security benchmark guidelines.
The app currently verifies 23 out of 73 checks quoted as automated. More are coming soon.

Install Updates, Patches and Additional Security Software (6)

Verify all Apple-provided software is current
Enable Auto Update
Enable Download new updates when available
Enable app update installs
Enable system data files and security updates install
Enable macOS update installs

Bluetooth (2)

Turn off Bluetooth, if no paired devices exist
Show Bluetooth status in menu bar

Date & Time (2)

Enable "Set time and date automatically"
Ensure time set is within appropriate limits

Desktop & Screen Saver (2)

Set an inactivity interval of 20 minutes or less for the screen saver"
Secure screen saver cornerss

Sharing (12)

Disable Remote Apple Events
Disable Internet Sharing
Disable Screen Sharing
Disable Printer Sharing
Disable Remote Login
Disable DVD or CD Sharing
Disable Bluetooth Sharing
Disable File Sharing
Disable Remote Management
Disable Content Caching
Disable Media Sharing
Ensure AirDrop Is Disabled

Security & Privacy (7)

Enable FileVault
Enable Gatekeeper
Enable Firewall
Enable Firewall Stealth Mode
Enable Location Services
Disable sending diagnostic and usage data to Apple
Limit Ad tracking and personalized Ads

Time Machine (6)

Time Machine Auto-Backup
Time Machine Volumes Are Encrypted
Disable Wake for network access
Disable Power Nap
Enable Secure Keyboard Entry in terminal.app
Ensure EFI version is valid and being regularly checked

Logging and Auditing (5)

Enable security auditing
Retain install.log for 365 or more days with no maximum size
Ensure security auditing retention
Control access to audit records
Ensure Firewall is configured to log

Network Configurations (4)

Disable Bonjour advertising service
Enable "Show Wi-Fi status in menu bar"
Ensure http server is not running
Ensure nfs server is not running

System Access, Authentication and Authorization (4)

Secure Home Folders
Check System Wide Applications for appropriate permissions
Check System folder for world writable files
Check Library folder for world writable files

Password Management (16)

Configure account lockout threshold
Reduce the sudo timeout period
Automatically lock the login keychain for inactivity
Use a separate timestamp for each user/tty combo
Ensure login keychain is locked when the computer sleeps
Do not enable the "root" account
Disable automatic login
Require a password to wake the computer from sleep or screen saver
Ensure system is set to hibernate
Require an administrator password to access system-wide preferences
Ensure an administrator account cannot login to another user's active and locked session
Do not enter a password-related hint
Disable Fast User Switching
System Integrity Protection status
Enable Sealed System Volume (SSV)
Enable Library Validation

User Accounts and Environment (7)

Display login window as name and password
Disable "Show password hints"
Disable guest account login
Disable "Allow guests to connect to shared folders"
Remove Guest home folder
Turn on filename extensions
Disable the automatic run of safe files in Safari

A few months after I bought my new Air, I was checking some settings, and I noticed with horror that FileVault was turned off. When I started thinking of all the travel I did and where I left my Mac, I broke out in cold sweat. I have important company documents on my computer that would be easily accessible if anyone got their hands on it.

So I was telling this story to my coworker, and we were musing at my carelessness. Then I asked him to check his computer with our app, then in just the alpha version. And, lo and behold, his FileVault was also disabled. He couldn't believe it. Same as me, he was 100% sure he had it turned on.

Macs have great security out-of-box. But it's not worth anything if it's not turned on. Pareto Auditor makes sure it is.

Nejc Zupan

Founder of Pareto Security