Why would that be? There‘s nothing inherent in an Arm processor making „lockdowns“ easier. Literally nothing.
Its all a software thing; just because iOS is a walled garden running on Arm does NOT mean any Arm must be walled as well
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New Mac Malware Found to Infect via Xcode
- Thread starter MacRumors
- Start date
- Sort by reaction score
Its all a software thing; just because iOS is a walled garden running on Arm does NOT mean any Arm must be walled as well
People who don't review what they commit should not be paid to code
Easier said than done. Did you read (AND fully understand) the code of any library you ever used? How about non-open sourced libraries (including Apple‘s)?
You did? Your‘e akin an unicorn then
Last edited:
Apple should only allow installing Mac Apps from the Mac App Store. We'd have the same level of safety as with iOS.
I'm talking about infecting existing project. It's very easy to track unwanted changes to the project if you don't mindlessly commit whatever diffs show up, like some people unfortunately do
Won't help as this attack vector is possible on software distributed via Mac App Store
Turn on the option to only allow software installations from AppStore on your machine.
Problem solved for you
- your machine is more secure.
Don’t dedicate how others should use their machines.
other users need to install software that originates from other sources. such software may not be submitted to the Mac AppStore due to apple’s rules.
Problem solved for you
- your machine is more secure.
Don’t dedicate how others should use their machines.
other users need to install software that originates from other sources. such software may not be submitted to the Mac AppStore due to apple’s rules.
Last edited:
It’s theoretically not, but operating system developers are approaching to that direction (lock down the OS to average user) as security risk becomes more apparent and more devastating. If for nothing else, allowing mac app being installed from only Mac App Store would provide a lot of people some sense of safety that they trust apple doing their job to review every single app submitted to Mac App Store, even though this approach can cause other problems and it does not remove the security threat of downloading malicious apps from Mac App Store.
If every single app must be downloaded and installed from Mac App Store, what chance do you think Apple will still keep macOS as a platform that somewhat open as it is today?
While I agree, the switch to ARM, as it will introduce a new OS architecture would allow Apple to integrate hardware level locks more tightly with the OS and remove the option to allow non-App Store software to run; potentially making a complete lockdown a reality. It would signal the end, for the Mac at least, of programs that provide functionality beyond their App Store equivalent, such as IVI Pro DVD, or those that have no App Store equivalent because they would either not work in a sandbox or violate other App Store rules. A sad day, even in down under...
Still has nothing to do with Arm.
What‘s more, its not Arm operating system developers per se doing so - most Arm based systems run Linux, i.e. pretty much the opposite of a “locked down“ system.
They will let the users decide between "full security" or "more flexibility" and they will allow you to switch between those instances and boot up what you prefer.
A lot of public source code I'll download for Xcode isn't close to being a full-fledged app. "Here's how I did this cool animation", for example. I guess that means no compiling it.
Yes, but its likely that apple's move to ARM for the mac will include "higher walls" for their walled garden, i.e., increased restrictions.
Well, we‘ll see. Doubt it though. And again: has nothing to do with Arm, really. They could do the same on any platform
This whole thing is super fishy. From Trend Micro's technical brief:
So out of the millions of users on GitHub and trillions of lines of code, Trend Micro found just 2 repos with Mac malware?
No self-respecting developer is going to ever use these two repos in the first place. Developers use projects with good documentation that serve an actual need.
Occam's razor more likely says they found malware authors posting to GitHub. A conspiracy theorist might even say they perhaps planted it themselves.
And why are these repos even still active? Malware is against GH's TOS. If Trend Micro actually cared, they'd report these repos as nefarious. Otherwise they have little proof as reporting anything.
And on the linked page:
This is really the definition of FUD, no?
So out of the millions of users on GitHub and trillions of lines of code, Trend Micro found just 2 repos with Mac malware?
No self-respecting developer is going to ever use these two repos in the first place. Developers use projects with good documentation that serve an actual need.
Occam's razor more likely says they found malware authors posting to GitHub. A conspiracy theorist might even say they perhaps planted it themselves.
And why are these repos even still active? Malware is against GH's TOS. If Trend Micro actually cared, they'd report these repos as nefarious. Otherwise they have little proof as reporting anything.
And on the linked page:
Alerting users to security threats is one thing. Hawking your products at the exact same time is a little desperate IMO.
Last edited:
Correct, but it would give Apple more of an excuse.. 'well, we are moving to Arm, good time to up the restrictions'.
Though, I don't think Apple would do this, I think they realize enough Mac users depend on applications not found on the Mac AppStore.
I know its not related to hardware, but apple will move to closing it off more. Its in their best financial interest to force developers onto the MAS
Well, this is why I support Apple's 30% cut. It keeps our systems safe. They do the hard work, they deserve to be paid. I don't care too much about Epic or TenCent, so they both can go screwercs themselves.
I agree. However, if they choose to lock down macOS like iOS I‘m out once and for all.
And I‘m guessing I wouldn‘t be the only one...
... which is why it would be in Apples best financial interest not to force devs away.
Of course, we don‘t actually know which line of thought Apple is eventually going to follow at this point
Last edited:
You definitely wouldn't!
If you've been to tech conferences, such as PyCon, you'll see a lot of people using Apple laptops, which often are company owned. If Apple restricted software to Mac AppStore, these companies will be forced to stop using Macs in their businesses, which means loss of corporate sales, and consumer sales. I'm not buying a new Mac if I can't do software development at home. Mac OS is a popular dev platform for software development and software developers need to use non Mac AppStore applications. I'm sure there are other industries in the same boat.
No hairy way!! I have very useful apps that are not on the App Store (Drive Dx, TG Pro as examples) that the reason they are NOT on the App Store is they would not have the functionality that do otherwise. Drive Dx could not check the health of USB drives without an extra driver which is not allowed to be in the App Store. TG Pro can control fans completely (such as lowering fan speed after replacing HDD in older iMacs rather than buying the expensive inline sensor) which I don’t believe is allowed for the App Store
Why in this articled and all of the comments up to here is there no description on how to detect the malware, or what repos are poisoned?
Have we lost the journalists here at MacRumors? Or did I miss something.
Have we lost the journalists here at MacRumors? Or did I miss something.