Firewall
You can set specific rules to limit the traffic.
FileVault
No recovery once this password is lost.
Partitions
It has a hidden partition installed (MacOS recovery). It replaces the installation disks that came with older PCs. Restart and hold down the R-key. It doesn’t touch the user directories, only reinstalls the OS. If this option is not available, Internet recovery will be launched.
Disk Utility
When erasing data choose from the three options:
- Just mark all as deleted, files are recoverable;
- Re-write three times;
- Re-write seven times;
Gatekeeper
Prevents third-party application from being installed.
SMC
The SMC is the system management controller. It’s responsible for a number of processes, including the cooling fans, keyboard, and LED lights. It also affects the power supply of your Mac. [1]
To reset it, power on and hold the Shift, Control, and Option keys while simultaneously holding the power button for 10 seconds.
PRAM
This stands for parameter random access memory. This essentially stores information about your control settings and is powered by a battery to ensure that your settings remain the same even if you turn your computer off. [1]
If the Mac’s running slow or keep getting overheated even if there is not much system resources in use, reset it by rebooting and pressing Command, Option, P, and R until you hear the startup beep for the second time.
Disk Arbitration Daemon
When you insert a disk, diskarbitrationd probes the disk to determine its file-system format, checks the disk for issues, mounts the file system, and updates the disk arbitration table. Writes to system.log.
disktool
Not working on macOS Big Sur, 11.2.3, M1, returning diskutil: please use diskutil(8) instead of disktool diskutil: interrupted
diskutil
This command line utility is usually used for all the things that can normally be accomplished with Mac OS X application Disk Utility.
drutil
For interacting with CD and DVD burners.
mount and umount
Mostly used for network volumes. You will also need to refresh disk arbitration with disktool r (which is not available on the latest Mac versions) after using either of the two commands.
volinfo.database
Keeps track of the volumes. sudo su && cat /var/db/volinfo.database to see the list of volumes’ UIDs.
fstab
Doesn’t exist by default. To create it run sudo vifs and then quit saving the file (Esc > Shift + ZZ). Now, /etc/fstab exists. Allows mounting file systems in particular locations at system startup.
Important note here.
Because of disk arbitration, the device files on Mac OS X are not static. [1]
So, if you want to mount a disk to a specific location like disk /dev/disk0s1 to mount at / , this won’t work, since you might get another disk number the next time the system reboots. Create a label in fstab instead (for example, LABEL=Disk2 /Disk2 hfs rw 0 0).
SIP
System Integrity Protection. Introduced in El Capital OS (10.11). Restricts user actions on protected parts of the OS (System, usr, bin, sbin, pre-installed apps). SIP prevents imaging of a live system. Can be disabled:
# Boot into recovery mode by pressing CMD+R on restart
# Open Terminal
csrutil disable
# Restart
Later versions protect a whole separate read-only volume.
Anti-malware Mechanisms
Apple integrated its own frameworks (XProtect and, more recently, Endpoint Security) and YARA antivirus signatures.
References
[1] Zapping The PRAM: How, When, and Why To Reset The PRAM and SMC On Your Mac, Team Recompute on 29th Apr 2019