Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Virus/Malware program recommendations? [MERGED]
- Thread starter vjicecool
- Start date
- Sort by reaction score
Your link clicking narrative is false. Clicking a like may phish you where give up personal info or lose money but it will not get you a virus unless you download and install software from that link.
Recent info stealer malware https://forums.macrumors.com/threads/tinker-tool-malware-problem.2463235/
This is a common misconception, but it’s not correct. Please don’t get a false sense of security thinking if you don’t actually “download” and install something, you can’t get a virus. When you visit a webpage that webpage is downloaded to your computer.
Most websites are perfectly fine, but the problem is if someone sending you an email with malicious intent it’s possible the link they include with that email is not good. It could be a link to a phishing website or something else.
I believe it’s more common to get phishing links. Is much easier to have people enter their own personal information rather than having to infect their computer and get the information off of it. That doesn’t mean I would just click a link, hoping it was only a phishing website.
Edit: I also see how my post could be misunderstood. Normally if you get a email saying click this link and sign into your account that describes a phishing scenario. In this scenario, most likely the website is not infected by malware, but it could be. Most of the time they just have a website where you put your private information into it thinking it’s the actual legitimate website.
Apologies if my post caused confusion. There is phishing where the website will have the user enter their personal data and there’s also malicious websites that can infect your computer.
Not just links, but often can include a malicious attachment such as a word document or pdf.
For me I use Bitdefender with email integration no such much for me, but as a reputational damage limitation factor. I do not want to be seen ever as the source or passing it on to someone else. My machine may be immune but that doesn't mean others are. In a business context especially reputation is everything.
For commercial use an antivirus might be needed. I always recommend if you have a business that you have someone for IT. You don’t need a full-time IT staff but at least have some company you work with that handles that stuff. There’s all kinds of threats out there, and even the smart ones of us aren’t as smart as we think we are. It’s good to have professionals doing things.
Just for my personal use, I don’t think I’m worthy of a targeted attack. Most of the other stuff is relatively easy to avoid if you stop and think. I’m not going to lie, there’s been a couple times where they almost got me. My point to stop and think if something doesn’t feel right saved me every time.
If only I knew someone who is a seasoned cybersecurity expert
Unfortunately most attacks aren't targeted, they have a very broad brush. Varying from sites that are compromised, to data leak details being used to cast a wide net.
"Fake Mac fixes trick users into installing new Shamos infostealer"
https://www.bleepingcomputer.com/ne...users-into-installing-new-shamos-infostealer/
https://www.bleepingcomputer.com/ne...users-into-installing-new-shamos-infostealer/
That does help.If only I knew someone who is a seasoned cybersecurity expert
That’s a good thing for the most part. One time I was setting up a cable box when it popped up on the screen to call a number. I misread one digit and it was a scam call center. They tried to tell me I was picked for a $200 rebate but when they asked for my credit card information that was a red flag. One thing that should have been a red flag is the person spoke clear US English. Real customer service people are in an Indian call center.
If you don’t understand what you’re typing in command line then you probably shouldn’t be typing it. This is a case where a little knowledge is a very dangerous thing
The conclusion of this AppleInsider article has good advice:
...treat notarization as a security guard checkpoint, not an impenetrable fortress. Apple's checks catch a lot of junk, but they don't catch everything.
Sticking to apps from the Mac App Store is safer, though not foolproof. If you download software from the web, verify the developer's identity and reputation before installing.
Keep macOS updated since Apple often patches security gaps quietly. It also pays to run regular malware scans with a reputable security tool, especially if you work in sensitive fields.
And if you notice strange processes, unexpected system slowdowns, or odd files in places like /usr/local/bin, don't ignore them. That could be your first clue something unwelcome has moved in.
appleinsider.com
In other words, if you have sensitive or irreplaceable data to protect, it's not a good idea to rely solely on Gatekeeper and XProtect. Build up layers of security with other utilities and apps.
...treat notarization as a security guard checkpoint, not an impenetrable fortress. Apple's checks catch a lot of junk, but they don't catch everything.
Sticking to apps from the Mac App Store is safer, though not foolproof. If you download software from the web, verify the developer's identity and reputation before installing.
Keep macOS updated since Apple often patches security gaps quietly. It also pays to run regular malware scans with a reputable security tool, especially if you work in sensitive fields.
And if you notice strange processes, unexpected system slowdowns, or odd files in places like /usr/local/bin, don't ignore them. That could be your first clue something unwelcome has moved in.
ChillyHell' backdoor hid in notarized Mac apps for four years
Jamf researchers have detailed a Mac backdoor called ChillyHell that passed Apple's notarization checks in 2021 and went unnoticed until very recently.
In other words, if you have sensitive or irreplaceable data to protect, it's not a good idea to rely solely on Gatekeeper and XProtect. Build up layers of security with other utilities and apps.