I'm not saying your statement isn't valid, but at the same time it'd be a poor decision to disregard the data and not do some sort of malware scan on your Mac.
Become a MacRumors Supporter for $25/year with no ads, private forums, and more!
Malwarebytes: Macs Outpaced PCs in Number of Malware Threats Detected Per Endpoint in 2019, But Most Are Adware
- Thread starter MacRumors
- Start date
- Sort by reaction score
I'm not saying your statement isn't valid, but at the same time it'd be a poor decision to disregard the data and not do some sort of malware scan on your Mac.
Viruses and unwanted programs today do not attack the computer. They attack the user. So adware is how these programs get into your computer. An increase, especially a sharp increase, of adware attacks shows that the malicious folks are preying on Mac users. Too many here are discrediting this due to "oh it's just adware" when that is the REAL problem today.
Mac users need to get off their high-horse and realize they are vulnerable. Very vulnerable.
Mac users need to get off their high-horse and realize they are vulnerable. Very vulnerable.
Comment
I can't say that I'm surprised simply due to the fact that so many mac owners that I know have an attitude that Macs can't get these sorts of things and so antivirus is totally unnecessary.
Having a head in the sand attitude could lead to issues, that is If people are not vigilant, then getting malware is a very real possibility.
Having a head in the sand attitude could lead to issues, that is If people are not vigilant, then getting malware is a very real possibility.
Comment
The ”Profiles” preference pane is legit for sure and can be used by organizations to set up configuration profiles on the computers. It is true that the pane isn't visible when no profile is present, so nothing fishy about that part at least.
I also had to remove a dodgy profile from there on a person's computer, so I recognize what you describe.
While it is possible to clean out the other malware stuff usually residing in ~/Library/Application Support and other locations the MalwareBytes software makes that process quick and easy. That is if it manages to detect all the bad stuff, but I guess they're trying to keep up with the malware creators.
Comment
i've only installed software from the app store and only big name software (like Adobe, Foundry, etc...) outside the app store. never really done malware scans on my current MBP.
i'm sure there were some malware apps that snuck into the app store once or twice, but usually Apple has been quick to respond to those threats. not worth installing real-time anti malware scanning apps on my machine.
Comment
So you're also saying you don't visit any websites? You could be on Mac Rumors (for example) and if their ad network happens to have been compromised... GG.
Comment
so you think this third party software is going to protect you from something that is able to bypass an ad blocker, safari security, app sandboxing, and Apple's gatekeeper? that's called a zero day vulnerability and no $50 software is going to save you from that.
i'm done. see ya.
Comment
This is the thing sites are not talking about as much as they should. Ad blockers don’t just save you data in your limited data plan, time, and battery life, they block the most common vector for malware.
Comment
My grandpa's Mac was somehow hacked recently. He says he didn't do anything, but said he may have clicked on a popup that said there was a problem with his computer.
Comment
Yeah, they have to include those in the number to make it more impressive. The only “dangerous” one on their list is not even on the chart shown... it’s down at number 30. Come to think of it, malwarebytes utility doesn’t even apply to letting tech challenged family members use your computer, because if you don’t give them admin rights, they can’t install anything anyway.
Actually, doesn’t macOS ship by default with certain permissions disabled (permissions that most of us may have enabled a long time ago)? I’m wondering if your average person is at any risk at all... I may have to check this.
It’s not likely a poor decision for anyone in these forums as they’re more than likely the type to see an “INSTALL ADOBER FLASHINGS” pop up and dismiss it. And you have to remember, this is NOT a list of “folks that got pwned”, this is “folks that saw the pop up even if they dismissed it and it never caused any issues”.
All users are vulnerable by precisely the same vector. If you’re the type to download executables from random sites and run them because they promise “How to pick lottery numbers” or “Pictures of film star”, there’s NOTHING that can protect you. You could have your personal security guy sitting in a seat next to you telling you “Sir, I don’t think you should do that.” but it won’t help if you’re the type that’s gonna do it anyway.
You get a lot of adware that annoys you, opening new tabs that you don’t want, maybe a few .dmg’s and .exe’s downloaded that you need to trash. Alert me when there’s an actual remote exploit that doesn’t require user intervention.
[automerge]1581523058[/automerge]
Whenever someone says they didn’t do anything, they absolutely did something (that they, unfortunately consider as ‘nothing’)
”The grass on my iMac’s wallpaper looked a little dry, so I watered it. But, I water all my plants all the time, so that’s nothing odd to report.”
Comment
Thanks, that's quite helpful. I may try Malwarebytes just out of curiosity (I don't expect it to find anything - actually I expect it'll get all excited about finding some cookies).
The profiles sound similar to Apple's MDM facility (mentioned here), which is intended to be used for enforcing corporate policy on company-owned machines (to prevent employees installing software, visiting inappropriate sites, etc.). Sounds like the malware is (mis)using that or something similar. It's the same facility that a number of software companies have been getting in trouble for using lately (for, e.g. enabling parental control software on customer machines rather than company-owned machines).
Comment
Anecdotally, my work unit has ~40 computers, 5-8 being Macs at any given time. IT will shut off any computer when it detects malicious activity. The only instance of this happening in years was a Mac, just this last month. 10 years ago, we'd have a couple problems per year, and almost always PC's. Mostly, I think security has gotten much better all around.
Comment
In a different lifetime, the company I worked for installed our accounting software at a movie studio. It ran on a Unix system, and multiple users could connect via serial terminals, or using their PC's (communicating over serial port) and a terminal program I'd written. The studio was having terrible problems with my terminal program dropping characters on their PCs, and we grilled them on what else they may have installed on the PCs, and they insisted there was nothing out of the ordinary. So, we scheduled a trip and drove two hours to the studio. Yep, found that the PCs had special IBM networking cards installed in them, with software for accessing their corporate mainframe, and these cards were sucking up all the processor cycles and interrupt processing. And they acted surprised, "no, that's completely normal, everyone uses that". (I don't recall how the situation resolved - special serial cards with 16550 UARTs, which had a 16-byte hardware buffer, would have helped, but wouldn't be a guarantee that it'd work - they may have just bought Wyse terminals to sit next to the PCs.)Whenever someone says they didn’t do anything, they absolutely did something (that they, unfortunately consider as ‘nothing’)
Comment
all this time I use macOS because of safe and secure web browsing. Now Windows 10 seems to be safer
Not a good selling point going forward for the Mac. Especially when it is loosing OS Marketshare and Very Pricy to buy their new laptop and especially the Mac Pro
Not a good selling point going forward for the Mac. Especially when it is loosing OS Marketshare and Very Pricy to buy their new laptop and especially the Mac Pro
Comment
And therein is the real REAL problem. Believing this can only happen to those people.
I've seen these malware installers on all kinds of sites that "normal" people would not likely say are "weird". The most prevalent (currently) seem to be sites that offer PDF manuals or books. The bad guys have figured out that people often go searching for manuals and books online, and, apparently, people go searching for manuals and books online quite a lot! It is the new "pirating a movie", methinks. So… is it "weird" that you're downloading a Kubota tractor maintenance manual off a website with a .ru TLD? To me? Yeah. To you, Amazing Iceman? Probably. But to my 75 year old father? He searched, they had it, why not download it? Oh, and it is in a DMG… that if he double clicks on it, it opens and tells him he needs to install Adobe Acrobat to open the manual and helpfully offers to do that? That's "computer", so he does. You or I… no… we know better. But it isn't weird at all to him. And that's the level we're dealing with.
Guess what, dear Dad lost his $3000 27" iMac account Admin privileges. He can't install anything now. But Apple is still making every default first log-on user with Admin privileges!
Have any of you tried to operate a Mac recently with only Standard User privileges?
(Here's a hint: go download Privileges by SAP; it is a nice app to have in the arsenal.
https://github.com/SAP/macOS-enterprise-privileges )
Comment
Yeah I think root's disabled by default, only signed code can be executed (regardless of who you are) and all apps need permission to access HD locations outside the sandbox.
IMO tricking somebody's the only way you're gonna get past that and even then, you'll have to get past Apple being like 'DO NOT DO THIS!!! THERE ARE BETTER WAYS... DOES THIS APP FROM AN UNIDENTIFIED DEV **REALLY** HAVE TO ACCESS YOUR SYSTEM FILES AND HAVE ADMIN/ROOT PERMISSIONS?'
The only issue I have is that all the security steps almost encourage people to leave their door unlocked. I mean I know some older people who use their Macs for basic needs and don't use passwords because they can't remember them. Given there's no root user + unsigned code and unidentified devs are blocked I question how much damage you can do even with the admin password.
Last edited:
Comment
Ah the RISC days when no one would program maliciously for that instruction set. Granted it was a much smaller market back in those days.
Comment
Yeah, I cleaned stuff up but I should install that for him. It's one of those things that I set up when I first get a computer and then I don't even think about it. Could have swore I installed it for Safari but maybe he installed Firefox, I can't remember. But it's also possible he could have gotten it from their Windows laptop which he swaps external HDDs with that and the Mac. My grandma still uses a PC because she couldn't get used to the Mac, although she uses her iPad for like 90% of the stuff she does on a computer and had no trouble learning that. I give my grandpa my old Macs and he edits family videos and old photos and does research on our family tree and history in general.
Comment
