Automatically audit your Mac for basic security hygiene.

Last update: Jun 23, 2022

Automatically audit your Mac for basic security hygiene

The simplest security is the most important. 80% of hacks are caused by 20% of common preventable mistakes. Pareto Security is a Menu Bar app that quietly runs in the background and reminds you if you forget to enable your firewall, turn on disk encryption and perform similar basic security hygiene tasks.

More info and newsletter signup at https://paretosecurity.app/.

image

Other checks that you want to be implemented? Let us know at https://github.com/ParetoSecurity/pareto-mac/discussions/3

Download the latest release from https://github.com/ParetoSecurity/pareto-mac/releases

GitHub

https://github.com/ParetoSecurity/pareto-mac
Comments

  • 1. Redesign of the menu bar

    ref: https://github.com/niteoweb/pareto/issues/83 ref: https://github.com/niteoweb/pareto/issues/82 ref: https://github.com/niteoweb/pareto/issues/88 ref: https://github.com/niteoweb/pareto/issues/89 ref: https://github.com/niteoweb/pareto/issues/75

    Reviewed by dz0ny at 2021-09-08 09:40

  • 2. Add new update UI

    https://user-images.githubusercontent.com/239513/131977528-ee91623a-0ca9-42f1-aeb7-07f1844a2016.mov

    Closes https://github.com/ParetoSecurity/pareto-mac/issues/43

    Reviewed by dz0ny at 2021-09-03 08:46

  • 3. [Bug]: Version 1.6.15 crashes when running checks

    What happened?

    App crashes when running checks

    Version

    HW: MacBook Pro 16" Intel macOS: 11.6.1 App Version: 1.6.15 Build: 3626

    Relevant log output

    Process:               Pareto Security [29927]
Path:                  /Applications/Pareto Security.app/Contents/MacOS/Pareto Security
Identifier:            niteo.co.Pareto
Version:               1.6.15 (3626)
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           Pareto Security [29927]
User ID:               501

Date/Time:             2021-12-13 16:18:58.548 +0100
OS Version:            macOS 11.6.1 (20G224)
Report Version:        12
Bridge OS Version:     6.0 (19P549)
Anonymous UUID:        C01133AD-0FE4-7607-73F8-06C78E701A3E

Sleep/Wake UUID:       0CE03438-9F19-40CB-8CC5-2A86EF609C54

Time Awake Since Boot: 220000 seconds
Time Since Wake:       2400 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Illegal instruction: 4
Termination Reason:    Namespace SIGNAL, Code 0x4
Terminating Process:   exc handler [29927]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   niteo.co.Pareto               	0x0000000104a3bf76 0x1049df000 + 380790
1   niteo.co.Pareto               	0x00000001049e4f81 0x1049df000 + 24449
2   niteo.co.Pareto               	0x00000001049f0887 0x1049df000 + 71815
3   niteo.co.Pareto               	0x00000001049fa6ee 0x1049df000 + 112366
4   libdispatch.dylib             	0x00007fff2018619e _dispatch_block_async_invoke2 + 83
5   libdispatch.dylib             	0x00007fff20179806 _dispatch_client_callout + 8
6   libdispatch.dylib             	0x00007fff20185b4f _dispatch_main_queue_callback_4CF + 940
7   com.apple.CoreFoundation      	0x00007fff20457f18 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9
8   com.apple.CoreFoundation      	0x00007fff2041a112 __CFRunLoopRun + 2755
9   com.apple.CoreFoundation      	0x00007fff20418f8c CFRunLoopRunSpecific + 563
10  com.apple.HIToolbox           	0x00007fff28660a83 RunCurrentEventLoopInMode + 292
11  com.apple.HIToolbox           	0x00007fff286607e5 ReceiveNextEventCommon + 587
12  com.apple.HIToolbox           	0x00007fff28660583 _BlockUntilNextEventMatchingListInModeWithFilter + 70
13  com.apple.AppKit              	0x00007fff22c22172 _DPSNextEvent + 864
14  com.apple.AppKit              	0x00007fff22c20945 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1364
15  com.apple.AppKit              	0x00007fff22c12c69 -[NSApplication run] + 586
16  com.apple.AppKit              	0x00007fff22be6e6c NSApplicationMain + 816
17  com.apple.SwiftUI             	0x00007fff41c2594d specialized runApp(_:) + 100
18  com.apple.SwiftUI             	0x00007fff4245715c runApp<A>(_:) + 162
19  com.apple.SwiftUI             	0x00007fff42040d31 static App.main() + 61
20  niteo.co.Pareto               	0x00000001049e2601 0x1049df000 + 13825
21  libdyld.dylib                 	0x00007fff2033ef3d start + 1
    Reviewed by buchi at 2021-12-13 15:40

  • 4. [Bug]: Failing "AirPlay receiver is off"

    What happened?

    The AirPlay receiver is off check fails on my machine. But in the sharing control panel I have nothing activated. I'm not sure what I have to do now. Bildschirmfoto 2021-11-07 um 13 02 38

    Version

    HW: MacBookPro14,1 macOS: 11.6.0 App Version: 1.4.1 Build: 2736

    Relevant log output

    No response

    Reviewed by jone at 2021-11-07 12:04

  • 5. [Bug]: unprompted, browser asks what to do about the .dmg

    What happened?

    image

    I am not taking any action nor am I asked anything by Pareto, but occasionally I am getting these

    Version

    HW: MacBookAir10,1 macOS: Version 12.0 (Build 21A5294g) App Version: 1.1.3 Build: 1832

    Relevant log output

    State:
ParetoCheck-05423213-50e7-4535-ac88-60cc21626378-Enabled=1
ParetoCheck-05423213-50e7-4535-ac88-60cc21626378-Passes=1
ParetoCheck-05423213-50e7-4535-ac88-60cc21626378-TS=1631617939274
ParetoCheck-13e4dbf1-f87f-4bd9-8a82-f62044f002f4-Enabled=1
ParetoCheck-13e4dbf1-f87f-4bd9-8a82-f62044f002f4-Passes=1
ParetoCheck-13e4dbf1-f87f-4bd9-8a82-f62044f002f4-TS=1631617939201
ParetoCheck-2e46c89a-5461-4865-a92e-3b799c12034a-Enabled=1
ParetoCheck-2e46c89a-5461-4865-a92e-3b799c12034a-Passes=1
ParetoCheck-2e46c89a-5461-4865-a92e-3b799c12034a-TS=1631617939202
ParetoCheck-37dee029-605b-4aab-96b9-5438e5aa44d8-Enabled=1
ParetoCheck-37dee029-605b-4aab-96b9-5438e5aa44d8-Passes=1
ParetoCheck-37dee029-605b-4aab-96b9-5438e5aa44d8-TS=1631617939195
ParetoCheck-4ced961d-7cfc-4e7b-8f80-195f6379446e-Enabled=1
ParetoCheck-4ced961d-7cfc-4e7b-8f80-195f6379446e-Passes=1
ParetoCheck-4ced961d-7cfc-4e7b-8f80-195f6379446e-TS=1631617939275
ParetoCheck-b59e172e-6a2d-4309-94ed-11e8722836b3-Enabled=1
ParetoCheck-b59e172e-6a2d-4309-94ed-11e8722836b3-Passes=1
ParetoCheck-b59e172e-6a2d-4309-94ed-11e8722836b3-TS=1631617939344
ParetoCheck-b96524e0-150b-4bb8-abc7-517051b6c14e-Enabled=1
ParetoCheck-b96524e0-150b-4bb8-abc7-517051b6c14e-Passes=1
ParetoCheck-b96524e0-150b-4bb8-abc7-517051b6c14e-TS=1631617939273
ParetoCheck-b96524e0-850b-4bb8-abc7-517051b6c14e-Enabled=1
ParetoCheck-b96524e0-850b-4bb8-abc7-517051b6c14e-Passes=1
ParetoCheck-b96524e0-850b-4bb8-abc7-517051b6c14e-TS=1631617939204
ParetoCheck-b96524e0-850b-4bb9-abc7-517051b6c14e-Enabled=1
ParetoCheck-b96524e0-850b-4bb9-abc7-517051b6c14e-Passes=1
ParetoCheck-b96524e0-850b-4bb9-abc7-517051b6c14e-TS=1631617939477
ParetoCheck-c3aee29a-f16d-4573-a861-b3ba0d860067-Enabled=1
ParetoCheck-c3aee29a-f16d-4573-a861-b3ba0d860067-Passes=1
ParetoCheck-c3aee29a-f16d-4573-a861-b3ba0d860067-TS=1631617939476
ParetoCheck-f962c423-fdf5-428a-a57a-816abc9b252d-Enabled=1
ParetoCheck-f962c423-fdf5-428a-a57a-816abc9b252d-Passes=1
ParetoCheck-f962c423-fdf5-428a-a57a-816abc9b252d-TS=1631617939184
ParetoCheck-f962c423-fdf5-428a-a57a-816abc9b253e-Enabled=1
ParetoCheck-f962c423-fdf5-428a-a57a-816abc9b253e-Passes=1
ParetoCheck-f962c423-fdf5-428a-a57a-816abc9b253e-TS=1631617939164

Logs:
App: Snooze expired <private>
App: Running check scheduler
App: Running check for f962c423-fdf5-428a-a57a-816abc9b253e - Automatic login is off
App: Running check for f962c423-fdf5-428a-a57a-816abc9b252d - Password to unlock preferences
App: Running check for 37dee029-605b-4aab-96b9-5438e5aa44d8 - Password after inactivity is on
App: Running check for 13e4dbf1-f87f-4bd9-8a82-f62044f002f4 - Screen saver shows in under 5min
App: Running check for 2e46c89a-5461-4865-a92e-3b799c12034a - Firewall is on and configured
App: Running check for b96524e0-850b-4bb8-abc7-517051b6c14e - Sharing files is off
App: Running check for b96524e0-150b-4bb8-abc7-517051b6c14e - Sharing printers is off
App: Running check for 05423213-50e7-4535-ac88-60cc21626378 - Remote Management is off
App: Running check for 4ced961d-7cfc-4e7b-8f80-195f6379446e - Remote Login is off
App: Running check for b59e172e-6a2d-4309-94ed-11e8722836b3 - Gatekeeper is on
Check: spctl fallback, status <private>
App: Running check for c3aee29a-f16d-4573-a861-b3ba0d860067 - FileVault is on
App: Running check for b96524e0-850b-4bb9-abc7-517051b6c14e - Boot is secure
App: Checks finished running
App: Snooze expired <private>
App: Running check scheduler
App: Running check for f962c423-fdf5-428a-a57a-816abc9b253e - Automatic login is off
App: Running check for f962c423-fdf5-428a-a57a-816abc9b252d - Password to unlock preferences
App: Running check for 37dee029-605b-4aab-96b9-5438e5aa44d8 - Password after inactivity is on
App: Running check for 13e4dbf1-f87f-4bd9-8a82-f62044f002f4 - Screen saver shows in under 5min
App: Running check for 2e46c89a-5461-4865-a92e-3b799c12034a - Firewall is on and configured
App: Running check for b96524e0-850b-4bb8-abc7-517051b6c14e - Sharing files is off
App: Running check for b96524e0-150b-4bb8-abc7-517051b6c14e - Sharing printers is off
App: Running check for 05423213-50e7-4535-ac88-60cc21626378 - Remote Management is off
App: Running check for 4ced961d-7cfc-4e7b-8f80-195f6379446e - Remote Login is off
App: Running check for b59e172e-6a2d-4309-94ed-11e8722836b3 - Gatekeeper is on
Check: spctl fallback, status <private>
App: Running check for c3aee29a-f16d-4573-a861-b3ba0d860067 - FileVault is on
App: Running check for b96524e0-850b-4bb9-abc7-517051b6c14e - Boot is secure
App: Checks finished running
    Reviewed by tkimnguyen at 2021-09-14 11:32

  • 6. [idea]: Warn user that they will have to click "Open" a few times

    What happened?

    Before app can be first run the user needs to click "Open"/"Allow" a few times.

    It's good practice to tell the user in advance this will happen so they can expect it.

    Version

    HW: MacBookPro16,2 macOS: Version 11.5.2 (Build 20G95) App Version: 1.1.3 Build: 1832

    Relevant log output

    No response

    Reviewed by zupo at 2021-09-13 20:24

  • 7. Screen saver time should be configurable

    What happened?

    Checking for screen saver time (actually screen lock time!) is good security. However, everyone's threat model is different and 5 minutes may not be appropriate for everyone

    The screen saver time should be configurable, at least to a point. Perhaps the check could default to 5 minutes, but allow the user to specify a acceptable time up to 10 minutes, or some other reasonable maximum.

    Version

    1.6.29 - 3941 (setapp subscription)

    Relevant log output

    No response

    Reviewed by zcutlip at 2022-01-18 05:30
Related tags
Security macos security
Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.

Description Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities. List of vulner

Jun 21, 2022
Virgil Core SDK allows developers to get up and running with Virgil Cards Service API quickly and add end-to-end security to their new or existing digital solutions to become HIPAA and GDPR compliant and more.
 Virgil Core SDK allows developers to get up and running with Virgil Cards Service API quickly and add end-to-end security to their new or existing digital solutions to become HIPAA and GDPR compliant and more.

Virgil Core SDK Objective-C/Swift Introduction | SDK Features | Installation | Configure SDK | Usage Examples | Docs | Support Introduction Virgil Sec

Aug 11, 2021
CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

RNCryptor Cross-language AES Encryptor/Decryptor data format. The primary targets are Swift and Objective-C, but implementations are available in C, C

Jun 25, 2022
Simple Objective-C wrapper for the keychain that works on Mac and iOS

SAMKeychain SAMKeychain is a simple wrapper for accessing accounts, getting passwords, setting passwords, and deleting passwords using the system Keyc

Jun 15, 2022
TouchEncryptedJson - Simple project that accepts an input and encrypts it with the TouchID on a Mac

TouchEncryptedJson Simple project that accepts an input and encrypts it with the

Feb 11, 2022
PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. PGPro is made in Switzerland.
 PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. PGPro is made in Switzerland.

PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. P

Jun 24, 2022
Helps you define secure storages for your properties using Swift property wrappers.

?? Secure Property Storage Helps you define secure storages for your properties using Swift property wrappers. ?? Features All keys are hashed using S

Jun 23, 2022
TouchID used easy on one line in your ViewController.

TouchIDExtension TouchID used easy on one line in your ViewController. ##Installation At this moment, You can install only a way, manually. For instal

Feb 26, 2020
Obfuscate your strings in Swift easily

TPObfuscatedString TPObfuscatedString is a simple extension for String in Swift. It allows you to obfuscate hardcoded Strings in your compiled binary.

Jan 9, 2020
Framework for biometric authentication (via TouchID) in your application
 Framework for biometric authentication (via TouchID) in your application

Features Requirements Communication Installation Usage Intro Biometric authentication availability Feature enabled/disabled for biometric authenticati

Apr 24, 2022
Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication.
 Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication.

BiometricAuthentication Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication. It's very simple and easy to use that ha

Jun 15, 2022
Find who executes a target binary inside your MacOS.

whoexec Whoexec is a tool that will monitor every exec call inside MacOS by using the latest Endpoint Security Framework, with this it's able to detec

Feb 12, 2022
A wrapper to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

A wrapper (written only in Swift) to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

Mar 29, 2022
Automatically set your keyboard's backlight based on your Mac's ambient light sensor.
 Automatically set your keyboard's backlight based on your Mac's ambient light sensor.

QMK Ambient Backlight Automatically set your keyboard's backlight based on your Mac's ambient light sensor. Compatibility macOS Big Sur or later, a Ma

Jun 3, 2022
Tutanota is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.
 Tutanota is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.

Tutanota makes encryption easy Tutanota is the secure email service with built-in end-to-end encryption that enables you to communicate securely with

Jun 23, 2022
Secure your app by obfuscating all the hard-coded security-sensitive strings.

App Obfuscator for iOS Apps Secure your app by obfuscating all the hard-coded security-sensitive strings. Security Sensitive strings can be: REST API

Jun 20, 2022
VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift)VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift)

VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift) VidyoPlatform reference application highlighting how to integrate video chat into a na

Nov 19, 2021
A Mac command-line tool that automatically downloads macOS Installers / Firmwares.
 A Mac command-line tool that automatically downloads macOS Installers / Firmwares.

MIST - macOS Installer Super Tool A Mac command-line tool that automatically downloads macOS Installers / Firmwares: Features List all available macOS

Jun 17, 2022
Sideload iOS apps regardless of security settings

m1-ios-sideloader Sideload iOS apps regardless of security settings Notes Does not support encrypted IPAs at this time - you can grab decrypted IPAs w

Jun 18, 2022
Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.

Description Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities. List of vulner

Jun 21, 2022