Can ads infect Mac?

[Hagellom]

Good day!

I was browsing image board site and suddenly there are some penis size increasing ads at the bottom of page.

1) I haven't clicked them - they just are there - could this infect Mac? If they are just there?

2) Accidents happen and should I accidentally click one of those, could it infect Mac?

 

[keysofanxiety]

Nah they won't infect if they're just there. You can install an Adblocker if you haven't already.

Clicking on them wouldn't normally infect a Mac. There are a few exceptions if it's using a Javascript/Flash exploit; just another reason why it's best not to have Java or Flash installed. Regardless there are very few points of infection on a Mac and the only current known threats are malware (needs user password to install), rather than self-replicating viruses that you'll find on Windows computers.

If you ever have a problem with popups or odd applications finding their way onto your computer, just run a scan through MalwareBytes for Mac and it'll solve the problem: https://www.malwarebytes.com/mac/

 

[Hagellom]

Nah they won't infect if they're just there. You can install an Adblocker if you haven't already.

Clicking on them wouldn't normally infect a Mac. There are a few exceptions if it's using a Javascript/Flash exploit; just another reason why it's best not to have Java or Flash installed. Regardless there are very few points of infection on a Mac and the only current known threats are malware (needs user password to install), rather than self-replicating viruses that you'll find on Windows computers.

If you ever have a problem with popups or odd applications finding their way onto your computer, just run a scan through MalwareBytes for Mac and it'll solve the problem: https://www.malwarebytes.com/mac/

Thank you for explanation.
I have AdBlockPlus, but seems like these sudden ads somehow get past it. Site's policy likely.

I have no Flash Player and no Java Runtime/Java Virtual Machine - if that is what you meant?
https://en.wikipedia.org/wiki/Java_virtual_machine

I use NoScript, but have to allow some scripts to run.

So unless something asks my password, I can safely ignore those ads?

 

[keysofanxiety]

So unless something asks my password, I can safely ignore those ads?

Yep that's right. If you don't have any Java Runtime installed then you're fine, as that's what the exploits would use. Apple disable older versions of Flash/Java anyway, so even if you have an older one, it's no real cause for concern.

 

[Hagellom]

Yep that's right. If you don't have any Java Runtime installed then you're fine, as that's what the exploits would use. Apple disable older versions of Flash/Java anyway, so even if you have an older one, it's no real cause for concern.

Thank you, thread solved!

 

[KALLT]

There is always a slight risk that this can happen, but there is no need to worry. Adblock and NoScript are decent solutions to protect you against this. Also consider disabling any Internet plug-ins you might have, in Safari’s security settings.

 

[Hagellom]

There is always a slight risk that this can happen, but there is no need to worry. Adblock and NoScript are decent solutions to protect you against this. Also consider disabling any Internet plug-ins you might have, in Safari’s security settings.

Slight risk IF I click on ads? Not when they just are there?

 

[Intell]

Slight risk if they're even there. There are drive by infections. All you need to do is visit the page and you'd be infected. The risk of this happening are always there, but can be greatly reduced so long as you are using up to date software.

 

[Hagellom]

Slight risk if they're even there. There are drive by infections. All you need to do is visit the page and you'd be infected. The risk of this happening are always there, but can be greatly reduced so long as you are using up to date software.

So just visiting web page with infected ad could download and install something into Mac?

 

[KALLT]

So just visiting web page with infected ad could download and install something into Mac?

Theoretically, yes. Web engines are very complex programs that support a whole range of formats. A vulnerability in the web engine or one of its supporting processes could be exploited by a website, which compromises the security of your system. That is why you should still be cautious when browsing to suspicious websites and keep your browser and system software up to date.

There is no need to worry though, I just wanted to put this on the record. You are already doing the right thing by not using any plug-ins (which independently execute any input that a website might give to them) and using blockers that restrict JavaScript execution. Safari has a fairly complicated security structure that tries to protect you against drive-by attacks. The only other things you can do, in Safari at least, is to disable the ‘Open “safe” files after downloading’ option in Safari’s general settings, and disable WebGL in Safari’s security settings. Chrome and Firefox have their own security models.

 

[Hagellom]

Theoretically, yes. Web engines are very complex programs that support a whole range of formats. A vulnerability in the web engine or one of its supporting processes could be exploited by a website, which compromises the security of your system. That is why you should still be cautious when browsing to suspicious websites and keep your browser and system software up to date.

There is no need to worry though, I just wanted to put this on the record. You are already doing the right thing by not using any plug-ins (which independently execute any input that a website might give to them) and using blockers that restrict JavaScript execution. Safari has a fairly complicated security structure that tries to protect you against drive-by attacks. The only other things you can do, in Safari at least, is to disable the ‘Open “safe” files after downloading’ option in Safari’s general settings, and disable WebGL in Safari’s security settings. Chrome and Firefox have their own security models.

OK, thank you! I use Firefox mostly, due to NoScript and easier layout.

1) Which would you consider safest, Safari, Firefox or Opera? Or is that impossible to say?

2) Are there infections that could get in even without asking me to type in password?

3) Malwarebytes would find anything that could slip in? Or should I use some different security app as well?

 

[keysofanxiety]

So just visiting web page with infected ad could download and install something into Mac?

Only if it uses a software exploit. Java and Flash are the most common cases, so not having these will vastly reduce the chance of that happening.

Of course there are exploits in browsers and the like but Macs aren't really targeted -- not due to security through obscurity as some maintain, but simply because it's a lot more difficult to pull off. Even if an exploit somehow runs, all system files are locked down with SIP since El Capitan and infections can't elevate privileges as easily as they can in Windows. Certainly no way they can run sudo commands without the users' knowledge; definitely no way they can get close to running a root command.

Saying this is likely to prompt a number of commenters pointing to hypothetical scenarios or the odd previously discovered Safari exploits/root exploits as 'proof' that it's possible; however the point remains that there has not been a single virus in OS X's history and no known virus that used the aforementioned exploits. Lots of malware, sure, but no viruses. That's not to say you should be carefree or think that it's impossible to get infected; of course you should continue to practice safe browsing habits and vigilance. But you can be reassured that you can enjoy your machine without needing to be too paranoid or concerned.
[doublepost=1487605001][/doublepost]

OK, thank you! I use Firefox mostly, due to NoScript and easier layout.

1) Which would you consider safest, Safari, Firefox or Opera? Or is that impossible to say?

2) Are there infections that could get in even without asking me to type in password?

3) Malwarebytes would find anything that could slip in?

1) Personally I'd say Safari, though that doesn't mean to say you should stop using your browser of choice.
2) None that I know of. Hypothetically possible with exploits, but then almost everything in the computer world is hypothetically possible.
3) That's pretty much the case!

 

[Hagellom]

Only if it uses a software exploit. Java and Flash are the most common cases, so not having these will vastly reduce the chance of that happening.

Of course there are exploits in browsers and the like but Macs aren't really targeted -- not due to security through obscurity as some maintain, but simply because it's a lot more difficult to pull off. Even if an exploit somehow runs, all system files are locked down with SIP since El Capitan and infections can't elevate privileges as easily as they can in Windows. Certainly no way they can run sudo commands without the users' knowledge; definitely no way they can get close to running a root command.

Saying this is likely to prompt a number of commenters pointing to hypothetical scenarios or the odd previously discovered Safari exploits/root exploits as 'proof' that it's possible; however the point remains that there has not been a single virus in OS X's history and no known virus that used the aforementioned exploits. Lots of malware, sure, but no viruses. That's not to say you should be carefree or think that it's impossible to get infected; of course you should continue to practice safe browsing habits and vigilance. But you can be reassured that you can enjoy your machine without needing to be too paranoid or concerned.
[doublepost=1487605001][/doublepost]

1) Personally I'd say Safari, though that doesn't mean to say you should stop using your browser of choice.
2) None that I know of. Hypothetically possible with exploits, but then almost everything in the computer world is hypothetically possible.
3) That's pretty much the case!

Thank you for clarifying!