Transferring files from external hard drive to Mac: any security tips?

Discussion in 'Mac Basics and Help' started by Hefdok, Nov 14, 2016.

  1. Hefdok macrumors newbie

    Joined:
    Nov 14, 2016
    #1
    I heard that Safari is quarantine supporting app and any file downloaded with it is observed and notified if it is suspicious. I wanted to ask if there is such system in Mac when transferring files from external hard drive?

    In case there is something that could be harmful on the external hard drive, would Mac detect it? is there a way to transfer files from external harddrive in a way that Mac could observe them and block anything suspicious?
     
  2. BrianBaughn macrumors 603

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #2
    You could run MalwareBytes after your transfer. The OS won't scan file copying like that on its own.
     
  3. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #3
    That’s beyond the scope of the OS X security sub-systems. You’ll need to use third-party software. What you can still do is verify executables if they are signed.
     
  4. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #4
    Thanks, using Malwarebytes then.


    Third-party being Malwarebytes? I keep hearing that any other program for malicious stuff is harmful for Macs.

    Executables - for that Gatekeeper would alert me?



    There is several hundred GBs of video, image and music files and no programs, but I rather be safe or sorry. Most of it came from Windows, but some from Mac before clean install after upgrading issues.

    This is gonna sound dumb, but if there is anything malicious for Mac, there isn't really any meaning in scanning the external HDD when connecting it to my Windows PC and using the spyware checkers in there?
    Windows anti-malware programs can't really find anything harmful for Mac if I access external hard drive from Windows?
     
  5. MacUser2525 macrumors 68000

    MacUser2525

    Joined:
    Mar 17, 2007
    Location:
    Canada
    #5
    Correct they are looking for windows related code they do not care about mac code unless on the off chance it might look like windows infection code.
     
  6. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #6
    Thank you. This solves it. Though I am surprised to hear Mac malware might resemble Windows malware.
     
  7. MacUser2525 macrumors 68000

    MacUser2525

    Joined:
    Mar 17, 2007
    Location:
    Canada
    #7
    That is not what I said those programs look for signatures of the malware they are trying to find now there is always some random chance that a mac malware may end up with a signature like a windows one probably one in a multi-trillion chance...
     
  8. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #8
    Okay, got it. Thanks.
     
  9. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #9
    Malwarebytes only looks for malware/adware that you have installed, i.e. post-infection. It won’t do anything else. You cannot use it to check files.
     
  10. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #10
    I see. So when something infected comes from external hard drive and infects Mac, Malwarebytes will find it then?
     
  11. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #11
    Probably. If you want some continuous scanning, then you should check out ClamXav. It is a fairly decent scanner that can ‘watch’ certain folders for you and scan new items as they come in. It is also not as intrusive as many other AV programs nowadays are.
     
  12. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #12
    Seems nice, though is it paid or free program? I can't clearly understand from the posts.
     
  13. mildocjr macrumors 65816

    #13
    ClamXav used to be awesome back in 2007 now it's starting to lose it's flair and shows up fairly low on test. Checkout https://www.av-test.org for the latest and greatest. I personally like Bitdefender, it's lightweight, pretty fast, and does very well with scans on Mac and PCs. macOS's Gatekeeper service provides some anti-virus protection much like Windows Defender, but I have yet to download a virus on my Mac. The antivirus solutions out there will provide extended support against crypto-ware viruses so it's good to have that if you are concerned about the safety of your data, but Gatekeeper definitions are downloaded in high and regular priority security patches. Here is a link to the av-test.org page on Mac Antivirus programs from June 2016. https://www.av-test.org/en/news/news-single-view/12-security-suites-for-mac-os-x-put-to-the-test/

    And here's an attachment to the image that I'm referring to

    [​IMG]
     
  14. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #14
    So Bitdefender hasn't given your system any problems? From this list, I've heard AVG and Avast are both under some company technically and both are too keen in spying on user. Heard something about Avira being connected to MacKeeper too. Not sure about Kaspersky. It did eventually mess with my old Windows.
     
  15. mildocjr macrumors 65816

    #15
    I've ran Bitdefender on both Macs and Windows, I've never heard any bad press about Bitdefender. I've used it after a Malwarebytes scan and it found stuff so I can only assume it's a great piece of software. The performance is there and shows true even while gaming without gaming mode on, gaming mode just does extra stuff like disable automatic scans that impact loading. It is a very lightweight program on CPU, GPU, RAM, and disk space which is why it's become my go-to antivirus solution.

    The company also offers Bitdefender Box which is said to protect every device in your house including your mobile devices, however it's only rated for 100 Mbps and my WAN connection is 300 Mbps. Even then I like having my 1 Gbps LAN connection for local transfers. I have not tried it but I really like the idea of it and it may be a cheaper alternative if you have a lot of devices in your house that you want to protect.
     
  16. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #16
    Thank you for information!

    Did this happen in Windows or even in Mac?
     
  17. mildocjr macrumors 65816

    #17
    This was on Windows, as far as Mac malware goes, I've yet to get a single virus on Mac, I had Norton SEP installed on my original Mac back in 2006, didn't get a virus after 2 years, so I dropped to a free AV once my contract ended with the military. I ran that up until 2012 when I just gave up waiting on the software to find something, multiple products. For giggles I installed antivirus on my old MacBook Pro from 2010 after 5 years of daily use and it came up clean. At this point I just rely on Gatekeeper for everything. My Windows computer on the other hand I just run with Windows Defender. I've got a BA in Computer Security and I'm willing to live with my own mistake (and fix it) if I download a virus on accident, my business computers all use antivirus software, out of 300 users we probably get 2 to 5 pops a year. Most of the employees have been trained on suspicious emails with attachments. Our biggest fight is from spam. We block approximately 90,000 spam emails a day, an estimated 10 get through and we only get 1 of those each month that has a malicious attachment.
     
  18. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #18
    That is good information to hear. I'm going to just be safe and trust Apple. Out of curiosity, what was the free anti-virus You used?
     
  19. mildocjr, Nov 18, 2016
    Last edited: Nov 18, 2016

    mildocjr macrumors 65816

    #19
    Bitdefender on the Mac App Store
    MalwareBytes has a Mac version, I can only guess it should be the next runner up
    Kapersky on the Mac App Store when it was free, since then it has upped to 12 bucks for the full version (no subscription). no link because it's not free
    ClamXAV but cannot recommend as I had a hacking tools disk in my computer and copied the files to my computer, it should have recognized them as trojans, spyware, and worms but it only found 2 of nearly 30 tools so I'm just going to say no.
    Maybe AVG, but it's pretty bloated, while it performs a fairly quick full scan, relative to others, and offers a lot more features than Bitdefender, the performance hit is noticeable when doing other things.
    Trend also has an antivirus solution but they got popped for security holes in their own protection software so I pass on their stuff.

    As with anything, if you've never heard of the software, don't download it, if you feel like you really need it, do some quick 5 minute research on it, don't go off the first article you read, instead take an average, and if the website is bloated with ads or looks very similar to another that you just visited (taboola websites), don't trust it.

    Ads are one of the biggest reasons for malware because of the big green download buttons (see cnet.com's download area). Instead of running ad blocking software I just download a hosts file and block them that way. The website I'm going to link you to looks sketchy (and dated) but I use this same hosts file. All you are interested in is the stuff under localhost 127.0.0.1 and the IPV6 version of that. It should start where it says # [Start....]. Just copy that line and everything below it into your own hosts file below your own localhost entry. It is constantly updated to include the newest stuff. But it should work well for some time. It isn't an end-all to ads but it helps. Even though it says for Windows, it works on Mac.

    Anyways here's the link: http://winhelp2002.mvps.org/hosts.htm

    For Windows you'll want to paste the selection into the hosts file (admin needed) located at C:\Windows\System32\drivers\etc\hosts

    For Mac and Linux it's even easier
    /etc/hosts

    The "hosts" at the end is the actual file. If you run into any issues with websites, you have two options 1) restore the hosts file (might make a backup) or 2) guess which entry it is by either removing a selection at a time until the page works correctly, then narrow it down by pasting selections back in (brute force way) or you can view the page source (right click menu on the webpage) and try to figure out what the page is requiring, search for it in the hosts file and remove the entry one at a time.
     
  20. Hefdok thread starter macrumors newbie

    Joined:
    Nov 14, 2016
    #20
    You have been a great help!
     
  21. thomasareed macrumors member

    thomasareed

    Joined:
    Aug 24, 2015
    #21
    I've come to the party a little late, but just wanted to make a few comments.

    First, note that copying something from an external hard drive isn't sufficient to infect your Mac. If there happens to be a malware installer on that external hard drive, you might get infected if you opened it. (Or it might be Windows malware or extinct malware that will no longer infect anything.)

    If the files on the hard drive are coming from an untrusted source, be cautious what you open.

    Second, the security features in macOS depend on a "quarantine flag" being set. The only way this gets set is when a file is downloaded from a quarantine-savvy app. All Apple apps that you can use to download are quarantine-savvy, as are most legit apps, like web browsers, e-mail clients, chat clients, FTP programs, etc. Some - most notably torrent apps - are not, and will not set the quarantine flag as they are supposed to.

    Most likely, the files on the external hard drive will not have that quarantine flag set, and thus will not be examined in any way by macOS security features like XProtect or Gatekeeper.

    Finally, Mac malware is still quite rare. Adware is becoming much more common, but is still unlikely to be just sitting around on some external hard drive, unless the owner of that drive has pretty terrible judgement and copies all kinds of crap to that drive.
     
  22. Robert_James_the_Third macrumors newbie

    Joined:
    Nov 22, 2016
    #22
    By using external hard drives and just dumpingfiles to your Mac, you are begging for trojans to infest you.
     
  23. thomasareed macrumors member

    thomasareed

    Joined:
    Aug 24, 2015
    #23
    I'm sorry, that's just not how this works. There is no parallel between using external hard drives and getting infected, and as I said yesterday, you can't get infected simply by copying files from one hard drive to another.
     

Share This Page