August 2020 MacAtoZ eNewsletter

August 2020 Newsletter

Sentinel Ultra: A quick thank you

We are gratified by the overwhelming response.

Just a quick note of thanks to everyone who's signed up for Sentinel Ultra, our new Next Level Security service. We got pretty busy there for a bit during the initial rollout, and we've appreciated everyone's patience.

As a reminder, during this introductory phase we are offering a 60-day no-extra-charge trial to existing Sentinel or Sentinel+ clients who want to try Ultra's 4-in-1 service (malicious web site protection, content filtering, email phishing protection, and faster web surfing).

If you'd like more information about Sentinel, Sentinel+, or Sentinel Ultra or if you'd like the 60-day trial, please contact us via email or phone (503-507-0410). We're incredibly excited to be able to bring this level of protection to our clients.

Our recommended security stack

What to use—and what we use—to keep your Mac safe.

A secure operating system
If you're not running a secure operating system, it's very difficult to maintain the security and privacy of your data. Apple secures the current operating system and the two previous version of macOS. Right now, that means the much-maligned 10.15 Catalina, 10.14 Mojave, and 10.13 High Sierra. Because an operating system is foundational—all the software runs atop it—it is crucial that it be secure.

Encryption
We recommend using Apple's built-in whole disk encryption, FileVault. It can be turned on in System Preferences > Security & Privacy. If your computer is stolen, your data will be absolutely inaccessible without your password—even Apple can't break it.

Backups
When we think of security we frequently think of external threats, bad guys trying to get into our stuff. The internal threats to our data, like a hard drive failing, can get overlooked. But they shouldn't be. Because all physical things ultimately fail, having a second copy of your data is crucial. We recommend and use Apple's built-in Time Machine backup system. You'll need an external hard drive so that the data is automatically saved to a second location.

The industry rule is "data in three places, one of which is off-site." Time Machine solves the local backup, but to be fully protected (from, say, fire or theft) you need your data off-site as well. There are a variety of services that can work, but we like BackBlaze because it's only $6 month for unlimited data. It works transparently in the background to first encrypt your data then to shoot it up to Backblaze's servers.

Sentinel, Sentinel+, Sentinel Ultra, Sentinel AM [warning: we are tooting our own horn here]
Sentinel provides professional 24/7 oversight of the health of your Mac. We're monitoring all kinds of things (RAM, hard drive, Time Machine backups, battery, etc.)—150 different data points every hour. That means if something starts to go wrong, we have a great chance at catching it before it becomes serious or at least we can care for it in a reasonable manner rather than in a panic. We recommend Sentinel as a minimum for everybody and at $14.99/mo we've tried to make it incredibly affordable.

Sentinel+ adds maintenance and security to Sentinel's 24/7 monitoring. Sentinel+ will handle most software updates so you don't have to as well as run maintenance routines to keep things running tip-top. This is includes basic scanning and quarantine of malware. For $24.99/mo, Sentinel+ is like having your own Residential IT. It's long been our most popular service.

Sentinel Ultra is our new top-of-the-line, four-in-one service that includes everything in Sentinel and Sentinel+. Ultra blocks malicious web sites, filters objectionable content, protects against email phishing threats, and even increases the speed of your web surfing. Ultra is like having a shield for when you surf the web. As long the web sites are kosher, the shield stays down. As soon as you inadvertently attempt to go to a bad site, up pops the Sentinel Ultra shield to block access to the site so that you don't accidentally download malware or otherwise have your Mac compromised. It's proactive security. At $34.99, Ultra represents our best effort and the best tool in our arsenal to keep clients safe on the web.

Sentinel AM is our anti-malware offering. It's a $5/mo add-on for Sentinel+ or Sentinel Ultra services, but it's probably not needed in the case of Ultra because we don't think you're going to get malware in the first place if you're using Ultra. That said, different people have different tolerances for risk, and if you want as much protection as we can offer, adding Sentinel AM to Sentinel Ultra is the way to do. (Despite not thinking it necessary in most cases, we use Sentinel AM with Sentinel Ultra.)

A secure web browser with ad blocking
Not so fast there, Chrome. We get that some folks really like Chrome, but the bottom line is that Google has a vested interest in knowing where you're surfing on the net, and they've designed Chrome to help them find out. If you choose to use Chrome, you should know that it's probably impossible to keep your data from Google's eyes. If you're okay with that trade, knock yourself out. Chrome is your boy.

If you'd prefer your browsing be more private, Firefox with the free open source content blocker uBlock Origin is our first choice. Safari with AdGuard (and blocking cross-site tracking turned on) is another fine option. AdGuard is no longer free, but Safari extensions are getting enhanced in macOS 11 Big Sur, so we're hopeful that getting uBlock Origin (our favorite) back on Safari is just a matter of time.

DuckDuckGo
There's really no good reason to use Google, Bing, or any of the other search engines. Not only does DuckDuckGo return excellent search results, you can use commands in the search bar (like "!g"—that's exclamation point plus the letter g) to search Google anonymously. You can search other search engines anonymously too via DuckDuckGo, and DuckDuckGo won't track you. In the search engine preferences for either Safari or Firefox, you can set DuckDuckGo as your default search engine.

A Virtual Private Network
A Virtual Private Network, or VPN, is an encrypted tunnel between your Mac (or iPhone or iPad) and another computer run by the VPN company. It protects your internet traffic so that anyone who might want to spy on your traffic locally can't.

Let's say I'm at Starbucks and I hop on their WiFi. Without a VPN anyone on that same WiFi could potentially sniff my traffic and see what I'm up to. By using a VPN, I protect my internet data so that other people at Starbucks (including Starbucks itself) can't see my internet data. Bear in mind that a VPN only protects my traffic between point A (my Mac at Starbucks) and point B (the VPN company's computers). Depending on what I'm doing after that, my data might still be hackable—just not between points A & B. We use PIA VPN which covers multiple devices (Mac, iPad, iPhone) for about $75 a year.

A Password Manager
If we had a dollar for every client we've seen over the years who had passwords in a little black book next to their Mac or on Post-Its around the edge of the screen, we could start our own bank. Suffice to say that these storage techniques might be convenient but they're not exactly secure. Much better is a password manager like 1Password. We've used 1Password for years and consider it indispensable. Instead of having to remember lengthy passwords or reusing the handful that we can remember, we remember one password to unlock 1Password, and the program takes care of the rest. It will store a whole lot more than passwords, too, which adds to its value.

1Password can be a little complex to set up, so we typically will help clients with that. Actual use isn't too bad though and is typically within the reach of even basic users.

A Spam Filter
Apple's built in Junk Mail filter works for most spam assuming your email address isn't widely dispersed on the internet. If you're swamped with spam email, though, SpamSieve can rescue you. It has a one-time price of $30, but if spam is overwhelming you it's a bargain because SpamSieve is highly effective. I get several hundred spam message a day and of those I'll get 1 or 2 in the Inbox on a bad day. More typical is that no spam hits the Inbox. Even then, I just train SpamSieve that those message are bad and they don't get through again. Like 1Password, it's not uncommon for us to help clients with the SpamSieve setup. After that, actual use is a breeze.

Avoid Social Media
If you find it troubling that a major corporation should take such a large interest in your affairs, then don't post to Facebook. That's a blunt statement, but Facebook, like Google, is on a mission to know everything they can about you and sell that information to advertisers. Facebook's not alone among social networks in this, but they're the biggest and therefore the most notorious. If you're posting to social media, you're not just telling your friends something. You're telling Facebook, and Facebook is hardly keeping your information top secret.

Want to say something privately to a friend? Use Apple Messages or Apple's FaceTime. Both are end-to-end encrypted, and not even Apple has the keys.

Apple's new 27" iMac

Apple’s workhorse desktop Mac, the 27-inch iMac with Retina 5K display, hasn’t seen an update since March 2019—nearly a year and a half ago. Happily, the company has finally released a new version of the popular iMac, outfitting it with 10th-generation Intel processors, increasing its RAM and storage capacities, and improving its audio and video capabilities. Prices haven’t changed, with the low-end model starting at $1799, the mid-range model at $1999, and the high-end configuration at $2299.

Separately, although Apple didn’t update either the 21.5-inch iMac or the iMac Pro, it tweaked both of their configurations. The company finally stopped selling the small, inexpensive 21.5-inch iMac with a performance-robbing hard drive. It now comes with SSDs standard across the line, with a 1 TB Fusion Drive as an alternative. (We recommend against the Fusion Drive for reliability reasons.) For the iMac Pro, Apple dropped the 8-core Intel Xeon W processor configuration, making the base model a 10-core processor configuration.

There are no industrial design changes this time around, unsurprisingly, but the rest of the enhancements will be extremely welcome to anyone who has been holding out for a new iMac.

Faster Processors
For those who are concerned about performance but don’t want to spend thousands more on an iMac Pro or Mac Pro, Apple increased the 27-inch iMac’s specs in noteworthy ways. You have choices of four of the latest 10th-generation Intel Core processors: a 3.1 GHz 6-core i5, a 3.3 GHz 6-core i5, a 3.8 GHz 8-core i7, and a 3.6 GHz 10-core i9. Performance and cost both rise through that list.

Higher Performance Graphics Chips
Apple also moved to the next-generation AMD Radeon Pro graphics chips, with the Radeon Pro 5300 with 4 GB of memory in the low-end and mid-range models. The high-end model starts with a Radeon Pro 5500 XT with 8 GB of memory, and you can upgrade to a Radeon Pro 5700 with 8 GB for $300 or a Radeon Pro 5700 XT with 16 GB for $500. The more expensive options would be useful for graphics-intensive workflows, complex video editing, or developing 3D content.

Higher RAM Ceiling
All configurations of the 27-inch iMac start with 8 GB, but you can expand that to 16 GB ($200), 32 GB ($600), 64 GB ($1000) or, for the first time in the iMac line, 128 GB ($2600). If your first thought is that some of these prices sound outrageous, your first thought is correct. Unlike on most other Macs, RAM is user-accessible through a panel on the back, so you’d be smart to buy RAM separately, where it will be far cheaper—perhaps as much as two-thirds less. (Sentinel members should contact us directly to buy RAM at this sort of steep discount.)

Increased SSD Storage
Storage is locked at 256 GB for the low-end model, whereas the mid-range model starts at 512 GB and lets you upgrade to 1 TB ($200) or 2 TB ($600). The high-end model also starts at 512 GB, offering the same 1 TB and 2 TB upgrades and adding 4 TB ($1200) and 8 TB ($2400) options. The Fusion Drive is no longer an option for the 27-inch iMac, a change for which Apple consultants everywhere give grateful thanks.

Stronger Security and Processing with the T2 Security Chip
New to the 27-inch iMac is Apple’s T2 security chip. Along with encrypting all data on the SSD and ensuring that macOS hasn’t been tampered with at boot, the T2 chip includes custom processors that provide computational improvements for both audio and video. On the downside, the T2 chip’s added security makes certain kinds of troubleshooting and hardware repair difficult or impossible, so it’s extra important to have reliable backups.

Improved Glare and Ambient Light Handling
For those who have problems with screen glare, the 27-inch iMac now offers a $500 option for “nano-texture glass,” which Apple says provides “better viewing under various lighting conditions, such as a bright room or indirect sunlight.” Previously, nano-texture glass was available only for Apple’s Pro Display XDR screen. The iMac’s Retina display also now supports True Tone, enabling it to adjust its color temperature automatically for ambient light conditions. Early reviewers like the nano-texture glass, but almost universally conclude that it is not worth the $500 premium.

Better Video and Audio for Videoconferencing
Those who spend their days on video calls will appreciate the new 1080p FaceTime HD camera, a notable improvement on the previous 720p camera. Apple also says the 27-inch iMac now features higher-fidelity speakers and a studio-quality three-mic array for better audio output and input.

Faster Networking
Finally, if you need the ultimate networking performance, a $100 option gets you 10 Gigabit Ethernet. This is unlikely to be useful in a home context, but for some businesses, this will be a great addition.

Overall, if you need a powerful desktop Mac with a gorgeous display, you can’t go wrong with the new 27-inch iMac. It’s significantly cheaper than the iMac Pro and more powerful than both the Mac mini and the 21.5-inch iMac. Just remember that some of the options are available only if you start with the high-end configuration.

Skipping Catalina

It's a painful and disappointing decision, but we've concluded that macOS 10.15 Catalina does not offer enough benefit to warrant upgrading. Apple has had no end of problems with Catalina, the latest update of 10.15.6 being no exception. Because Catalina imposes the penalty of not running 32-bit applications, many Mac users face the prospect of losing some working applications for correspondingly little benefit.

Unless Apple issues 10.15.7 Catalina—which we do not expect—and we love it—which we also do not expect—our final advice will be for users to remain on macOS 10.14.6 Mojave until we can move, en masse, to macOS 11 Big Sur.

We've faced some dodgy operating system versions over the years, but Apple always ironed them out sufficiently in the end. That they've not been able to do so with Catalina is hardly reassuring, but it's always possible that their best talent has been working on Big Sur, and the "B Team" is responsible for Catalina. Let's hope, anyway.

For those users who've already upgraded to Catalina or who've purchased a new Mac with Catalina on it, our general suggestion is to upgrade to the latest version of Catalina as it will contain bug-fixes for previous problems. Note that even the latest version of Catalina (10.15.6) has a major issue with a memory leak causing Kernel Panics (which, among other things, crashes VMWare's Fusion). If you're on 10.15.5 right now, you might want to wait a bit.

Software Recommendations

macOS 10.14.6 Mojave. macOS 10.13.6 High Sierra is acceptable until Fall 2020 when macOS 11 Big Sur is released. Earlier versions should be upgraded ASAP. You can see your Mac's operating system version by going to the Apple menu in the top left corner of the screen and choosing "About This Mac." macOS 10.15 Catalina continues to be bug-laden. If you have already upgraded to Catalina (or if it came on a new Mac), you should update to the latest possible version, which contains bug-fixes.

iOS 13.6.1. iOS 12.4.1 (or 12.4.2 for some models) acceptable. Any device that can run iOS 11 should be upgraded to 12.4.2. You can see your iPhone or iPad's operating system version by going to Settings > General > About > Version.

iPadOS 13.6.1. iPadOS 12.4.1 (12.4.2 for some models) also acceptable.

watchOS 6.2.8. Older versions of WatchOS acceptable if necessary; upgrade if your devices (iPhone and Apple Watch) support it. You can see your Apple Watch's operating system version by going to Settings > General > About > Version.

tvOS 13.4.8. tvOS 12 also acceptable. Note that earlier models of Apple TV do not run tvOS and are fine for what they do; not all channels, features, or apps will be available. You can see if there's a software update available for your Apple TV by going to Settings > System > Software Updates > Update Software.

Third-Party Software
Backblaze. Off-site backup remains important in mitigating the risk of fire or theft. We use and recommend Backblaze. At a cost of $6 a month per Mac, Backblaze will encrypt then backup an unlimited amount of data from your Mac. Data has a 30-day retention window, though longer time periods are possible for an additional couple bucks.

Private Internet Access. A Virtual Private Network (or VPN) creates an encrypted tunnel between your computer and the VPN company's computers. From there, you surf the internet as you regularly do. Using a VPN means that anyone who might be spying on your at the hotel, Starbucks, etc. won't be able to see what you're doing. All they'll see is encrypted internet traffic. Private Internet Access (PIA) costs about $75 a year—a cost that covers 5 or 6 devices including Mac, iPhone, and iPad.

Hardware Recommendations

Macintosh

iMac: iMac10,1 (Late 2009) or newer
Mac mini: Macmini4,1 (Mid 2010) or newer
Mac Pro: MacPro5,1 (Mid 2010) or newer
MacBook: MacBook6,1 (Late 2009) or newer
MacBook Air: MacBookAir3,1 (Late 2010) or newer
MacBook Pro: MacBookPro7,1 (Mid 2010) or newer
- Note that 2016-2019 MacBook Pro models have a higher than usual keyboard failure rate. Used 2015 models, which use a different style keyboard, may be a more reliable option. The new 2019 MacBook Pro 16" model uses a new keyboard mechanism and should be fine.

These are minimum hardware recommendations based on what is necessary to run a secure operating system (macOS 10.13.6 High Sierra).

The following are the macOS 10.14 Mojave/10.15 Catalina system requirements. If your Mac does not meet these specifications, it will need to be replaced by fall of 2020, when High Sierra will no longer be secure.

macOS 10.14 Mojave/10.15 Catalina system requirements

MacBook (Early 2015 or later)
MacBook Air (Mid-2012 or later)
MacBook Pro (Mid-2012 or later)
Mac mini (Late 2012 or later)
iMac (Late 2012 or later)
iMac Pro (all models)
Mac Pro (Late 2013 or newer)

macOS 10.15 Catalina was released in October 2019 and has the same system requirements as Mojave.

iPhone and iPad

iPhone 6S or newer. Older iPhones cannot run iOS 13.
- iPhone 7 models have a higher than normal failure rate over time. Given the choice, we would recommend iPhone SE (2020) model as a strong alternative to iPhone 7 models.
iPad Air 2 or newer will be needed for the new iPadOS coming this fall
iPad mini 4 or newer will be needed for the new iPadOS coming this fall
iPad Pro (all models)
iPad 5th generation or newer

The iPad line is made confusing by the multitude of model names and types (Air, mini, Pro, and just plain iPad). Generally speaking, devices introduced in October 2014 and later will run iPadOS. iPads that will not run iPadOS and should be replaced unless they will not be used on the internet.

Apple Watch

Apple Watch Series 5 is highly recommended.
All versions are secure and acceptable though Apple Watch Series 0 will not run the latest version of WatchOS and therefore lacks both the speed and features of later Apple Watches.

Apple TV

Apple TV 4K is recommended. Apple TV (4th generation) is fine as well.
Older models of Apple TV do not support tvOS and cannot run Apple TV Store apps, though we are unaware of any major security issues.