We’re releasing Harden, a native macOS tool that audits your Mac’s security configuration against 52 best-practice checks and helps you fix what it finds — no Terminal required.

The gap it fills

Your Mac has dozens of security settings spread across System Settings, command-line tools, and kernel parameters. Guides exist for hardening them, but they’re aimed at sysadmins and expect you to run commands like defaults read com.apple.alf globalstate and interpret the output. Harden does all of that for you and presents the results in plain language with one-click fixes.

It’s inspired by Lynis and Netflix Stethoscope, but built as a native Mac app for people who want security visibility without the command line.

What it checks

Harden runs 52 checks across seven categories:

  • Firewall — application firewall, stealth mode, logging, outbound filtering, pf
  • Encryption — FileVault, Time Machine encryption
  • System Protection — SIP, Gatekeeper, XProtect, Secure Boot, auto-updates, macOS version
  • Sharing — SSH, screen sharing, file sharing, AirDrop, remote management, Bluetooth sharing
  • Authentication — auto-login, password after sleep, guest account, lock delay, screensaver timeout
  • Network — DNS, Wi-Fi security, saved open networks, sysctl hardening
  • Privacy — analytics sharing, Safari suggestions, Siri, Lockdown Mode, TCC permissions

Each check is weighted by severity, and your overall score reflects how much of your security surface is covered. 25 of the 52 checks can be auto-fixed — user-level settings apply instantly, and system-level changes prompt for your admin password through the standard macOS dialog.

Why hardening matters

Default settings are chosen for convenience, not security. FileVault might be off. Your firewall might be in permissive mode. Remote management services you’ve never used might be enabled. These aren’t theoretical risks — they’re configuration gaps that any security audit would flag.

Harden doesn’t change anything without your permission. It shows you the landscape, explains the risks, and lets you decide. The same philosophy behind Tapped (network visibility) and Survey (wireless privacy) — observe first, then act.