What to use—and what we use—to keep your Mac safe.
A secure operating system
If you're not running a secure operating system, it's very difficult to maintain the security and privacy of your data. Apple secures the current operating system and the two previous version of macOS. Right now, that means the much-maligned 10.15 Catalina, 10.14 Mojave, and 10.13 High Sierra. Because an operating system is foundational—all the software runs atop it—it is crucial that it be secure.
We recommend using Apple's built-in whole disk encryption, FileVault. It can be turned on in System Preferences > Security & Privacy. If your computer is stolen, your data will be absolutely inaccessible without your password—even Apple can't break it.
When we think of security we frequently think of external threats, bad guys trying to get into our stuff. The internal threats to our data, like a hard drive failing, can get overlooked. But they shouldn't be. Because all physical things ultimately fail, having a second copy of your data is crucial. We recommend and use Apple's built-in Time Machine backup system. You'll need an external hard drive
so that the data is automatically saved to a second location.
The industry rule is "data in three places, one of which is off-site." Time Machine solves the local backup, but to be fully protected (from, say, fire or theft) you need your data off-site as well. There are a variety of services that can work, but we like BackBlaze
because it's only $6 month for unlimited data. It works transparently in the background to first encrypt your data then to shoot it up to Backblaze's servers.
Sentinel, Sentinel+, Sentinel Ultra, Sentinel AM
[warning: we are tooting our own horn here]
Sentinel provides professional 24/7 oversight of the health of your Mac. We're monitoring all kinds of things (RAM, hard drive, Time Machine backups, battery, etc.)—150 different data points every hour. That means if something starts to go wrong, we have a great chance at catching it before it becomes serious or at least we can care for it in a reasonable manner rather than in a panic. We recommend Sentinel as a minimum for everybody and at $14.99/mo we've tried to make it incredibly affordable.
Sentinel+ adds maintenance and security to Sentinel's 24/7 monitoring. Sentinel+ will handle most software updates so you don't have to as well as run maintenance routines to keep things running tip-top. This is includes basic scanning and quarantine of malware. For $24.99/mo, Sentinel+ is like having your own Residential IT. It's long been our most popular service.
Sentinel Ultra is our new top-of-the-line, four-in-one service that includes everything in Sentinel and Sentinel+. Ultra blocks malicious web sites, filters objectionable content, protects against email phishing threats, and even increases the speed of your web surfing. Ultra is like having a shield for when you surf the web. As long the web sites are kosher, the shield stays down. As soon as you inadvertently attempt to go to a bad site, up pops the Sentinel Ultra shield to block access to the site so that you don't accidentally download malware or otherwise have your Mac compromised. It's proactive security. At $34.99, Ultra represents our best effort and the best tool in our arsenal to keep clients safe on the web.
Sentinel AM is our anti-malware offering. It's a $5/mo add-on for Sentinel+ or Sentinel Ultra services, but it's probably not needed in the case of Ultra because we don't think you're going to get malware in the first place if you're using Ultra. That said, different people have different tolerances for risk, and if you want as much protection as we can offer, adding Sentinel AM to Sentinel Ultra is the way to do. (Despite not thinking it necessary in most cases, we use Sentinel AM with Sentinel Ultra.)
A secure web browser with ad blocking
Not so fast there, Chrome.
We get that some folks really like Chrome, but the bottom line is that Google has a vested interest in knowing where you're surfing on the net, and they've designed Chrome to help them find out. If you choose to use Chrome, you should know that it's probably impossible to keep your data from Google's eyes. If you're okay with that trade, knock yourself out. Chrome is your boy.
If you'd prefer your browsing be more private, Firefox
with the free open source content blocker uBlock Origin
is our first choice. Safari with AdGuard
(and blocking cross-site tracking turned on) is another fine option. AdGuard is no longer free, but Safari extensions are getting enhanced in macOS 11 Big Sur, so we're hopeful that getting uBlock Origin (our favorite) back on Safari is just a matter of time.
There's really no good reason to use Google, Bing, or any of the other search engines. Not only does DuckDuckGo
return excellent search results, you can use commands in the search bar (like "!g"—that's exclamation point plus the letter g) to search Google anonymously. You can search other search engines anonymously too via DuckDuckGo, and DuckDuckGo won't track you. In the search engine preferences for either Safari or Firefox, you can set DuckDuckGo as your default search engine.
A Virtual Private Network
A Virtual Private Network, or VPN, is an encrypted tunnel between your Mac (or iPhone or iPad) and another computer run by the VPN company. It protects your internet traffic so that anyone who might want to spy on your traffic locally can't.
Let's say I'm at Starbucks and I hop on their WiFi. Without a VPN anyone on that same WiFi could potentially sniff my traffic and see what I'm up to. By using a VPN, I protect my internet data so that other people at Starbucks (including Starbucks itself) can't see my internet data. Bear in mind that a VPN only protects my traffic between point A (my Mac at Starbucks) and point B (the VPN company's computers). Depending on what I'm doing after that, my data might still be hackable—just not between points A & B. We use PIA VPN
which covers multiple devices (Mac, iPad, iPhone) for about $75 a year.
A Password Manager
If we had a dollar for every client we've seen over the years who had passwords in a little black book next to their Mac or on Post-Its around the edge of the screen, we could start our own bank. Suffice to say that these storage techniques might be convenient but they're not exactly secure. Much better is a password manager like 1Password
. We've used 1Password for years and consider it indispensable. Instead of having to remember lengthy passwords or reusing the handful that we can remember, we remember one password to unlock 1Password, and the program takes care of the rest. It will store a whole lot more than passwords, too, which adds to its value.
1Password can be a little complex to set up, so we typically will help clients with that. Actual use isn't too bad though and is typically within the reach of even basic users.
A Spam Filter
Apple's built in Junk Mail filter works for most spam assuming your email address isn't widely dispersed on the internet. If you're swamped with spam email, though, SpamSieve
can rescue you. It has a one-time price of $30, but if spam is overwhelming you it's a bargain because SpamSieve is highly effective. I get several hundred spam message a day and of those I'll get 1 or 2 in the Inbox on a bad day. More typical is that no spam hits the Inbox. Even then, I just train SpamSieve that those message are bad and they don't get through again. Like 1Password, it's not uncommon for us to help clients with the SpamSieve setup. After that, actual use is a breeze.
Avoid Social Media
If you find it troubling that a major corporation should take such a large interest in your affairs, then don't post to Facebook. That's a blunt statement, but Facebook, like Google, is on a mission to know everything they can about you and sell that information to advertisers. Facebook's not alone among social networks in this, but they're the biggest and therefore the most notorious. If you're posting to social media, you're not just telling your friends something. You're telling Facebook, and Facebook is hardly keeping your information top secret.
Want to say something privately to a friend? Use Apple Messages or Apple's FaceTime. Both are end-to-end encrypted, and not even Apple has the keys.
Apple’s workhorse desktop Mac, the 27-inch iMac with Retina 5K display
, hasn’t seen an update since March 2019—nearly a year and a half ago. Happily, the company has finally released a new version of the popular iMac, outfitting it with 10th-generation Intel processors, increasing its RAM and storage capacities, and improving its audio and video capabilities. Prices haven’t changed, with the low-end model starting at $1799, the mid-range model at $1999, and the high-end configuration at $2299.
Separately, although Apple didn’t update either the 21.5-inch iMac or the iMac Pro, it tweaked both of their configurations. The company finally stopped selling the small, inexpensive 21.5-inch iMac with a performance-robbing hard drive. It now comes with SSDs standard across the line, with a 1 TB Fusion Drive as an alternative. (We recommend against the Fusion Drive for reliability reasons.) For the iMac Pro, Apple dropped the 8-core Intel Xeon W processor configuration, making the base model a 10-core processor configuration.
There are no industrial design changes this time around, unsurprisingly, but the rest of the enhancements will be extremely welcome to anyone who has been holding out for a new iMac.
For those who are concerned about performance but don’t want to spend thousands more on an iMac Pro or Mac Pro, Apple increased the 27-inch iMac’s specs in noteworthy ways. You have choices of four of the latest 10th-generation Intel Core processors: a 3.1 GHz 6-core i5, a 3.3 GHz 6-core i5, a 3.8 GHz 8-core i7, and a 3.6 GHz 10-core i9. Performance and cost both rise through that list.
Higher Performance Graphics Chips
Apple also moved to the next-generation AMD Radeon Pro graphics chips, with the Radeon Pro 5300 with 4 GB of memory in the low-end and mid-range models. The high-end model starts with a Radeon Pro 5500 XT with 8 GB of memory, and you can upgrade to a Radeon Pro 5700 with 8 GB for $300 or a Radeon Pro 5700 XT with 16 GB for $500. The more expensive options would be useful for graphics-intensive workflows, complex video editing, or developing 3D content.
Higher RAM Ceiling
All configurations of the 27-inch iMac start with 8 GB, but you can expand that to 16 GB ($200), 32 GB ($600), 64 GB ($1000) or, for the first time in the iMac line, 128 GB ($2600). If your first thought is that some of these prices sound outrageous, your first thought is correct. Unlike on most other Macs, RAM is user-accessible through a panel on the back, so you’d be smart to buy RAM separately, where it will be far cheaper—perhaps as much as two-thirds less. (Sentinel members should contact us directly to buy RAM at this sort of steep discount.)
Increased SSD Storage
Storage is locked at 256 GB for the low-end model, whereas the mid-range model starts at 512 GB and lets you upgrade to 1 TB ($200) or 2 TB ($600). The high-end model also starts at 512 GB, offering the same 1 TB and 2 TB upgrades and adding 4 TB ($1200) and 8 TB ($2400) options. The Fusion Drive is no longer an option for the 27-inch iMac, a change for which Apple consultants everywhere give grateful thanks.
Stronger Security and Processing with the T2 Security Chip
New to the 27-inch iMac is Apple’s T2 security chip. Along with encrypting all data on the SSD and ensuring that macOS hasn’t been tampered with at boot, the T2 chip includes custom processors that provide computational improvements for both audio and video. On the downside, the T2 chip’s added security makes certain kinds of troubleshooting and hardware repair difficult or impossible, so it’s extra important to have reliable backups.
Improved Glare and Ambient Light Handling
For those who have problems with screen glare, the 27-inch iMac now offers a $500 option for “nano-texture glass,” which Apple says provides “better viewing under various lighting conditions, such as a bright room or indirect sunlight.” Previously, nano-texture glass was available only for Apple’s Pro Display XDR screen. The iMac’s Retina display also now supports True Tone, enabling it to adjust its color temperature automatically for ambient light conditions. Early reviewers like the nano-texture glass, but almost universally conclude that it is not worth the $500 premium.
Better Video and Audio for Videoconferencing
Those who spend their days on video calls will appreciate the new 1080p FaceTime HD camera, a notable improvement on the previous 720p camera. Apple also says the 27-inch iMac now features higher-fidelity speakers and a studio-quality three-mic array for better audio output and input.
Finally, if you need the ultimate networking performance, a $100 option gets you 10 Gigabit Ethernet. This is unlikely to be useful in a home context, but for some businesses, this will be a great addition.
Overall, if you need a powerful desktop Mac with a gorgeous display, you can’t go wrong with the new 27-inch iMac. It’s significantly cheaper than the iMac Pro and more powerful than both the Mac mini and the 21.5-inch iMac. Just remember that some of the options are available only if you start with the high-end configuration.
It's a painful and disappointing decision, but we've concluded that macOS 10.15 Catalina does not offer enough benefit to warrant upgrading. Apple has had no end of problems with Catalina, the latest update of 10.15.6 being no exception. Because Catalina imposes the penalty of not running 32-bit applications, many Mac users face the prospect of losing some working applications for correspondingly little benefit.
Unless Apple issues 10.15.7 Catalina—which we do not expect—and we love it—which we also do not expect—our final advice will be for users to remain on macOS 10.14.6 Mojave until we can move, en masse, to macOS 11 Big Sur.
We've faced some dodgy operating system versions over the years, but Apple always ironed them out sufficiently in the end. That they've not been able to do so with Catalina is hardly reassuring, but it's always possible that their best talent has been working on Big Sur, and the "B Team" is responsible for Catalina. Let's hope, anyway.
For those users who've already upgraded to Catalina or who've purchased a new Mac with Catalina on it, our general suggestion is to upgrade to the latest version of Catalina as it will contain bug-fixes for previous problems. Note that even the latest version of Catalina (10.15.6) has a major issue with a memory leak causing Kernel Panics (which, among other things, crashes VMWare's Fusion). If you're on 10.15.5 right now, you might want to wait a bit.