Apple Has Made Major Updates to macOS Malware Protection in 2022

[ponzicoinbro]

I don't know anyone uses Linux needs malware protection or whatever protection

Nearly all diehard crypto users run Linux and many have been compromised and robbed with malware delivered by apps and browser plugins.

They are always so sure they did everything possible for max security and then they still get robbed because they trusted an app or a site.

Many companies running Linux and had their systems locked down with ransomware. It wasn’t just a Windows server problem.

Security on every platform is always one or two steps behind attackers.

Must always remember, “open source” doesn’t automatically mean safe unless you read and compile the source yourself.

 

[progx]

I still have a third party Antivirus installed on my Mac, Norton, since I get it as a benefit through work. I always thought AV should be built in functionality of the operating system. Its only on Windows I no longer use third party AV's, but it looks like Apple has stepped up its game. I might just remove Norton.

I use BitDefender since it isn’t very resource heavy and pretty effective.

On my Windows PC, I still have anti-virus. There’s no way I trust Microsoft to protect its product since it makes a lot of other companies money.

 

[svenmany]

I don't use any type of security software on my computers, Mac or PC. The best case scerio is it's slowing down your computer and eating battery and worst case is it creating new vulnerabilities. No anti virus or anti malware software can fix PEBKAC issues.

How do you disable them? I don't see any user controls for XProtect and Windows Defender seems very insistent on running. I have no issue with XProtect, but Windows Defender gets in my way sometimes.

 

[Mr. Dee]

I use BitDefender since it isn’t very resource heavy and pretty effective.

On my Windows PC, I still have anti-virus. There’s no way I trust Microsoft to protect its product since it makes a lot of other companies money.

I have not had a malware infection, virus, worm, trojan or anything of the sort in years. The last infection I had to deal with was Windows Vista ironically. This was a lab computer I used to scan and clean student thumb drives before printing their course work. Even with all security settings turned up the wazoo: UAC, standard user account, group policy settings applied, disabling .exe from executing using secpool malware still managed to infect the system and this was on top of having a highly recommended third party AV installed.

This was partly an exception though because on my work computer and personal computer at home, I never experienced this. Gradually with Windows 8 and later versions security has gotten extremely better. But that’s because it’s not a shared system, I don’t visit shady sites, I know what’s suspicious and I use a mixture of devices.

So, I’m not your average target.

 

[spinedoc77]

It's not really necessary. Just don't install anything stupid like MacKeeper, TotalAV, or some cleaner app. Be aware of random browser extensions that pop up, any random profiles shown in System Preferences, and Green search magnifying glass icons in your Applications folder.

View attachment 2049688

Malwarebytes is pretty good that removing this kind of crap though.

Thanks, good to know. I do have CleanMyMac installed, I don't even remember why I installed it, but I'm getting rid of it. So just run malwarebytes every so often and keep my eye on any notifications.

 

[ApfelKuchen]

I wish Apple was more forthcoming about what their anti-malware engines were actually doing, and when....I wish they would log the scans, log the definition updates, give the user some idea of the protection being offered.

That data is useless to the average user, but having logged, step-by-step documentation of what is being done is a great tool for people looking for weaknesses in a system. Those people may be white hat or black hat.

Personally, I'd rather the black hats have a harder time rather than an easier time penetrating a system. "Oh, XYZ exploit doesn't have a definition? Guess what I'm going to use!"

Do banks publish the details of their security systems so that their depositors can review them for adequacy? You might argue that they ought to, but again, secrecy makes it harder for the bad actors to come equipped with the proper tools/techniques to penetrate the vault.

 

[bv1507]

I’m fairly certain that Malwarebytes was causing kernel panics on my Mac and in my experience third party antivirus are the mostly likely types of software to do that. I uninstalled it and the random restarts nearly ceased immediately. I didn’t even have Malwarebytes in an active state (Scanning was turned off, etc) so, it can be tricky.

I had a similar experience with Norton. When I got my latest iMac in 2019, it was constantly freezing, crashing, and restarting. After several in-warranty visits to my local Apple store, on an impulse I uninstalled Norton, and have now enjoyed three years of malware-free, crash-free use.

 

[VineRider]

That data is useless to the average user, but having logged, step-by-step documentation of what is being done is a great tool for people looking for weaknesses in a system. Those people may be white hat or black hat.

Personally, I'd rather the black hats have a harder time rather than an easier time penetrating a system. "Oh, XYZ exploit doesn't have a definition? Guess what I'm going to use!"

Do banks publish the details of their security systems so that their depositors can review them for adequacy? You might argue that they ought to, but again, secrecy makes it harder for the bad actors to come equipped with the proper tools/techniques to penetrate the vault.

As Macs are more and more in the enterprise, this kind of disclosure is something IT departments like to see. For example, Microsoft publishes a change log for their definition updates for their Defender endpoint and consumer products. This way, IT departments can see what their vulnerabilities are and take appropriate actions to protect their infrastructure. It also gives companies confidence in their vendors to see that they are taking security seriously by seeing the frequency and depth of the updates.

In my view, not disclosing does not protect you, the bad actors are already testing every known vulnerability and are probing for the unknown ones. Just because I can't see it doesn't mean I am not vulnerable to it.

 

[zoozx]

Well if this is working in the background it just missed and never fixed a Search Marqis issue that just brought my browsing to a halt last week .
Lasted a week until their 3 teir support helped me fix it.
And they were never sure what fixed it.

 

[russell_314]

How do you disable them? I don't see any user controls for XProtect and Windows Defender seems very insistent on running. I have no issue with XProtect, but Windows Defender gets in my way sometimes.

I mean third party antivirus software. You can disable Microsoft defender but I don’t bother with it just because I’m lazy. If you look up Chris Titus Tech on YouTube he has a video on how to do it. I doubt you can disable XProtect just because the way macOS is locked down.

My issue with a lot of these third party antiviruses besides slowdowns is they require so much system access and this has been known to be exploited. Also you’re giving that program access to everything trusting the company isn’t spying on you. Not too long ago you had Norton putting a crypto miner in their antivirus.

For my purposes I don’t see a reason to use any type of third party antivirus. With macOS one of the more popular ways to get malware is downloading pirated software. Perhaps if you’re in some sort of economic situation where you need to do that then use anti malware but even then I wouldn’t trust it 100% to protect you.

 

[babyexercise]

Nearly all diehard crypto users run Linux and many have been compromised and robbed with malware delivered by apps and browser plugins.

They are always so sure they did everything possible for max security and then they still get robbed because they trusted an app or a site.

Many companies running Linux and had their systems locked down with ransomware. It wasn’t just a Windows server problem.

Security on every platform is always one or two steps behind attackers.

Must always remember, “open source” doesn’t automatically mean safe unless you read and compile the source yourself.

Keep installing random stuff online then of course risky. I don't think those crypto miners really do anything or know about security.

Linux servers got hacked mainly because very outdated and almost never update at all.

 

[ApfelKuchen]

As Macs are more and more in the enterprise, this kind of disclosure is something IT departments like to see. For example, Microsoft publishes a change log for their definition updates for their Defender endpoint and consumer products. This way, IT departments can see what their vulnerabilities are and take appropriate actions to protect their infrastructure. It also gives companies confidence in their vendors to see that they are taking security seriously by seeing the frequency and depth of the updates.

In my view, not disclosing does not protect you, the bad actors are already testing every known vulnerability and are probing for the unknown ones. Just because I can't see it doesn't mean I am not vulnerable to it.

"IT departments want to see" is the story of Microsoft's bloatware. Every feature any significant purchaser of a site license wanted seemed to find its way into Microsoft's products.

Apple has a very different company culture. The benefits they're selling to enterprise have far more to do with lower maintenance/help desk costs/TCO and far less to do with telling a customer everything they think they need to know. Enterprise is buying plenty of iOS without demanding this kind of info, and despite many years of sales to enterprise and education, I don't see a hint of this behavior there, either.

I do remember the Wild West days when every anti-virus maker had to trumpet its response to the virus-of-the-day. Monitoring whether your AV vendor was staying on top of things was more or less a reasonable way to manage IT. But those also are the days before widespread internet connections/pushed updates.

Apple's "We control the horizontal, we control the vertical" approach to systems hasn't changed appreciably since Steve J pushed Steve W into a corner. What matters is Apple's execution. Since nobody's execution will be flawless, it's always going to be a matter of whether they execute at a sufficiently high level. IT managers aren't likely to spend endless hours reading logs if the number of incidents doesn't justify the effort. Since this thread is all about how Apple has upped its game again...

 

[MajorFubar]

I don't want to rekindle the old conspiracy theory that claimed mfrs of anti-virus software were behind the viruses to start with in order to sell their products, but I do want to know who's funding the virus-writers. My low-level programming knowledge is frozen some time in the early 1990s, but I do have acquaintances who are cross-platform software-developers of the modern era, who could theoretically probably write viruses and malware for Windows or Mac, but they're the kind of well-paid professionals who won't get out of bed for less than ten grand.

I don't buy into the only alternative notion that the world's viruses and malware are written by introverted, grudge-holding, anaemic, Cheeto-eating, unpaid teenage prodigies with long greasy hair, who never come out of their cold candle-lit cellars. Someone (some entity) is actually paying for this.

 

[progx]

I have not had a malware infection, virus, worm, trojan or anything of the sort in years. The last infection I had to deal with was Windows Vista ironically. This was a lab computer I used to scan and clean student thumb drives before printing their course work. Even with all security settings turned up the wazoo: UAC, standard user account, group policy settings applied, disabling .exe from executing using secpool malware still managed to infect the system and this was on top of having a highly recommended third party AV installed.

This was partly an exception though because on my work computer and personal computer at home, I never experienced this. Gradually with Windows 8 and later versions security has gotten extremely better. But that’s because it’s not a shared system, I don’t visit shady sites, I know what’s suspicious and I use a mixture of devices.

So, I’m not your average target.

I’ve been hit once or twice in the past 10 years between my last two Macs and current one. BitDefender is an extra layer, so I’ve never had anything infect a Mac ever. My Internet travels never go to shady sites, although if I happen to land on one I know how to navigate out of it.

Windows… I don’t even trust it to log into my banking account. My Mac is way more secure in my eyes. Windows has been home to so many attacks and viruses, it’s created an industry that still demands this layer of protection. If my BitDefender falls out of date on Windows 10, it starts squawking at me that my machine isn’t secured. Frankly, I could never use Windows as a personal daily driver, so playing video games on it once in a while is the best use case to me. If I want to work on something, my Mac is the best tool for the job.

 

[Mr. Dee]

I’ve been hit once or twice in the past 10 years between my last two Macs and current one. BitDefender is an extra layer, so I’ve never had anything infect a Mac ever. My Internet travels never go to shady sites, although if I happen to land on one I know how to navigate out of it.

Windows… I don’t even trust it to log into my banking account. My Mac is way more secure in my eyes. Windows has been home to so many attacks and viruses, it’s created an industry that still demands this layer of protection. If my BitDefender falls out of date on Windows 10, it starts squawking at me that my machine isn’t secured. Frankly, I could never use Windows as a personal daily driver, so playing video games on it once in a while is the best use case to me. If I want to work on something, my Mac is the best tool for the job.

It’s not like that all. Considering I use along 300,000 people use Windows in a mission critical environment, tying it to its past is not the past. At one point Mac OS never had preemptive multi-tasking or memory management, an awful file system that corrupt your data. That’s in the past though. Windows has improved tremendously in the past 15 years: ASLR, Kernel Patchguard, Secure Boot, Standard User Account, Ransomeware protection built in, bi-directional Firewall on by default, sandboxing on top of the different layers of protections not mention here you can enable at a policy level.

Remember, Craig Federighi was the one who threw macOS under a bus for not being secure enough when compared to iOS.

 

[LV426]

I’ve been hit once or twice in the past 10 years between my last two Macs and current one. BitDefender is an extra layer, so I’ve never had anything infect a Mac ever. My Internet travels never go to shady sites, although if I happen to land on one I know how to navigate out of it.

Windows… I don’t even trust it to log into my banking account. My Mac is way more secure in my eyes. Windows has been home to so many attacks and viruses, it’s created an industry that still demands this layer of protection. If my BitDefender falls out of date on Windows 10, it starts squawking at me that my machine isn’t secured. Frankly, I could never use Windows as a personal daily driver, so playing video games on it once in a while is the best use case to me. If I want to work on something, my Mac is the best tool for the job.

Care to share how you managed to get hit?

 

[progx]

Care to share how you managed to get hit?

Sure. Wrestling news sites are terrible at security. Same with sites similar to CDKeys.com when trying to find cheaper license keys to purchase.

 

[Minghold]

Malwarebytes is pretty good that removing this kind of crap though.

IMO Malwarebytes hasn't been much better than default since it went "corporate" some odd five or ten years ago and bought out a dozen or so tiny competitors (and it became clear that antipiracy was more important to its new bosses than keeping actually malicious vermin at bay). I swear to god: I haven't had Malwarebytes find a single thing on a Mac in the last five years, even on machines known to be infested with various browser-related rodent-droppings. I install it once every half year or so, run a full scan once, then uninstall it.

I don't know; maybe I'm just not visiting the best Russian porn sites without uBlock.

 

[cr2]

even on machines known to be infested with various browser-related rodent-droppings.

Any thoughts/recommendations to clean these?