Windows Defender Antivirus comes to macOS as Microsoft Defender ATP

[DrMacintosh]

2 minutes ago, mr moose said:

Then at the very least be half decent person and don't promote it to people looking for advice. 

Was someone looking for advice on how to use their computers? I posted saying that I don’t believe an antivirus is incredibly necessary. I didn’t say nobody should install them. 

[LAwLz]

Some random thoughts:

 

APT is pretty good, but as some people have already pointed out this is most likely just so that corporate environments can have the same AV suit on both Windows and MacOS. Chances are they already have that because they use F-Secure or McAfee, but whatever. Now they have another cross-platform choice.

 

I got a feeling one of the major reasons Microsoft are doing this is so that they can collect user data on Mac users. Windows Defender is very privacy intrusive, at least if you allow the cloud service to be running. It makes it so that Microsoft collects data on pretty much every file on your computer. Sure, they claim that they do it to keep you safe, but personally I have next to no trust in Microsoft.

 

Some people here (mainly those telling others to use an AV on MacOS) kind of have the wrong idea about security. At least those talking about how "since it's not impossible to get a virus, you need to defend yourself". When evaluating security threats, you need to do risk evaluation. You need to take these things into consideration:

What can go wrong? In this case, a computer gets infected by malware.

How likely is it that it happens? Here, Windows and MacOS computers differs greatly.

What are the potential consequences?

How tolerable are the identified risks?

 

If you do not take these things into consideration and always only think about protecting yourself, then you will end up with a computer that can't be used for anything (after all, simply being able to execute code is a security risk and potential vulnerability) by anyone (letting a human do things on a computer introduces potential for human errors, social engineering, etc).

 

So it's not enough to just think and say "if something can go wrong, you need to protect yourself against it". You need to take into consideration HOW LIKELY is that thing to happen, and what is the result of it happening.

[mr moose]

9 minutes ago, LAwLz said:

So it's not enough to just think and say "if something can go wrong, you need to protect yourself against it". You need to take into consideration HOW LIKELY is that thing to happen, and what is the result of it happening.

I don't think anyone is really saying that.   Most of us are just not so simple as to think of adblocker and the odd very rare scan with MWB as an alternative. 

 

 

[captain_to_fire]

1 hour ago, DrMacintosh said:

Even if I found an antivirus with free real time protection, I still wouldn’t use it. 

 

Its just not something that concerns me on my Mac. 

I hope you don't encounter a spearphishing email or a cryptojacking scripts that can bypass most adblockers. 

[LAwLz]

22 minutes ago, mr moose said:

I don't think anyone is really saying that.

See:

1 hour ago, D13H4RD said:

Not a 100% possibility though 

Insinuating that if something is not 100% safe, you need to take precautions against it which is wrong.

 

 

 

2 hours ago, Arika S said:

What kind of magical boats have no possibility of never having holes ever? better to have more plugs than assume you're never going to have a leak

Again, this is the same type of "if there is any possibility for a risk, then you need to prepare for it!".

This comment in particular was as a response to Macintosh saying that some boats are more watertight than others, so the implication here is 100% "if something can happen, we should ignore the likelihood of it happening and defend ourselves against it".

 

 

There is also a very real case to be made that having an anti-virus on your computer lowers the overall security of the system, although it highly depend on which software it is.

[D13H4RD]

14 minutes ago, LAwLz said:

Insinuating that if something is not 100% safe, you need to take precautions against it which is wrong.

That was a response to the boat thing. 

 

You can't fully avoid collisions, but you can make it extremely unlikely. 

 

I don't see anything wrong with taking some precaution against potential hazards, but don't overdo it. 

[mr moose]

3 minutes ago, LAwLz said:

See:

Insinuating that if something is not 100% safe, you need to take precautions against it which is wrong.

 

 

 

Again, this is the same type of "if there is any possibility for a risk, then you need to prepare for it!".

This comment in particular was as a response to Macintosh saying that some boats are more watertight than others, so the implication here is 100% "if something can happen, we should ignore the likelihood of it happening and defend ourselves against it".

they were general comments regarding his comments of:

 

6 hours ago, DrMacintosh said:

Why would I install Windows defender when I could install MalwareBytes for the extremely rare occasion where I might need to scan a file? 

 

Also installing an adblocker kinda removes the need for an anti-virus if you use common sense. 

 

2 hours ago, DrMacintosh said:

Most Mac owners never install an antivirus at all

 

 

 

2 hours ago, DrMacintosh said:

 But you really do have to go looking for trouble these days to find it. 

 

So, according to him, you have to go looking for viruses because they are so rare, most mac owners don't even use an AV, and an Ad blocker is a suitable substitute for an AV on top of MWB needing only to be a very rarely used tool.

 

 

The boat analogy was mine, All it meant was that there is more than one way to get viruses and an ad blocker is only going to mitigate one of them to any degree,  ignoring AV in favor of an adblocker or compounding the rhetoric that macs don't get viruses is ignoring the reality of the other ways a user can get infected. 

 

Surely you are not going to argue that a basic AV isn't good policy, especially given these days they don't suck the resources.

 

 

 

 

[Blademaster91]

43 minutes ago, LAwLz said:

Insinuating that if something is not 100% safe, you need to take precautions against it which is wrong.

Explain how that is wrong?

43 minutes ago, LAwLz said:

Again, this is the same type of "if there is any possibility for a risk, then you need to prepare for it!".

This comment in particular was as a response to Macintosh saying that some boats are more watertight than others, so the implication here is 100% "if something can happen, we should ignore the likelihood of it happening and defend ourselves against it".

 

 

There is also a very real case to be made that having an anti-virus on your computer lowers the overall security of the system, although it highly depend on which software it is.

It is still better to lower the risk of getting malware than insisting you're 100% safe without any protection at all. With that logic I might as well leave the tool kit and tire sealant at home rather than in the car because why be prepared when there is little risk of anything happening.

There isn't any such thing as a 100% watertight boat with no chance of leaking, or an OS that will have any less risk of getting things like a malicious email or a script that gets past an adblocker. And what that Mozilla engineer recommends isn't ideal for most users at all, Windows defender is decent but it shouldn't be used as the only security system.

[leadeater]

4 hours ago, DrMacintosh said:

Where do those exist? Mac in enterprise is pretty dead. 

Not in the education sector it isn't, wide ish usage in the developer community too. We've got a few thousand Mac computers and honestly Symantec Endpoint Protection is garbage on Mac and causes so much system slowness it's not worth the productivity penalty to use it, it is that bad.

 

Previous job we had a school get hit with a Mac virus, like Windows you don't actually bother to try and fix that sort of thing you just wipe and reload the OS as it's faster and safer. It's also why you don't store documents and files on the local device. For home that's a lot harder but Time Machine really is amazingly good, really good.

[leadeater]

5 hours ago, mr moose said:

The boat analogy was mine, All it meant was that there is more than one way to get viruses and an ad blocker is only going to mitigate one of them to any degree,  ignoring AV in favor of an adblocker or compounding the rhetoric that macs don't get viruses is ignoring the reality of the other ways a user can get infected. 

Macs can also be used to propagate and spread Windows viruses, for example on network shares by replacing the files with links to executable and making the original files system hidden so you only see the link files unless you have turned on show system files in explorer.

 

"I feel fine, why is every dying around me" 

[captain_to_fire]

3 hours ago, leadeater said:

Symantec Endpoint Protection is garbage on Mac

I think this is the same sentiment shared by our IT from my past two jobs who paid licenses for Symantec Endpoint Protection. I think with Windows Defender you can manage it on premise with Intune or Group Policy where you can adjust sensitivity on different workstations and apply Default Deny. 

3 hours ago, leadeater said:

Macs can also be used to propagate and spreed Windows viruses, for example on network shares by replacing the files with links to executable and making the original files system hidden so you only see the link files unless you have turned on show system files in explorer.

 

"I feel fine, why is every dying around me" 

I think this was the precursor to ransomware. My PC got infected by a virus that hid all of my files back in 2011 though you can restore those files with command prompt. attrib -h -r -s /s /d g:\*.*

[leadeater]

10 minutes ago, captain_to_fire said:

I think this was the precursor to ransomware. My PC got infected by a virus that hid all of my files back in 2011 though you can restore those files with command prompt. attrib -h -r -s /s /d g:\*.*

Yep, it's also a good way to get someone to run up a ransomware program because you clicked on the file and ran it so you'd naturally click yes to any, if any, UAC prompts. All your files 'are there', with the correct names but they all point to an exe.

[RejZoR]

That was when files were just hidden and easily recoverable. These days they are gone because of encryption.

[leadeater]

6 hours ago, RejZoR said:

That was when files were just hidden and easily recoverable. These days they are gone because of encryption.

No it's not as simple as that, re read what I said. The files were replaced with links to an executable..... to ransomware. One of the key requirements of ransomware is getting people to run it and that is an easy way to do it.

[orbitalbuzzsaw]

>Windows defender

>Mac

[mr moose]

12 hours ago, leadeater said:

Macs can also be used to propagate and spread Windows viruses, for example on network shares by replacing the files with links to executable and making the original files system hidden so you only see the link files unless you have turned on show system files in explorer.

 

"I feel fine, why is every dying around me" 

Back just after the dinosaurs roamed the earth, these macs were popular in schools.  It would have been '89 or '90 and our local school had a whole class room full.  The poor IT staff (teachers with a second portfolio) spent days wiping and reinstalling because of all the constant viruses they had.

 

Two things I find amusing,  one is the URL for that link, and the second is that was just before the whole "don't get viruses" rhetoric became a thing.

[RejZoR]

8 hours ago, leadeater said:

No it's not as simple as that, re read what I said. The files were replaced with links to an executable..... to ransomware. One of the key requirements of ransomware is getting people to run it and that is an easy way to do it.

They were still there. Just because EXE execution "protocol" was meddled with, that doesn't mean the files were gone. You just hooked up the drive to another OS and you could copy them over. Today, it doesn't matter because they are encrypted.

[leadeater]

4 hours ago, RejZoR said:

They were still there. Just because EXE execution "protocol" was meddled with, that doesn't mean the files were gone. You just hooked up the drive to another OS and you could copy them over. Today, it doesn't matter because they are encrypted.

No the point was a Mac can be used to seed the network share with the hidden ransomware program, hide all the legit files and replace with links of the same file names to that executable. Then a Windows user comes along to open the files and there you go one encrypted computer and any network shares mapped on that computer. I'm not saying this as a hypothetical either.

 

Ransomware relies on getting people to run the program by tricking them, extremely few are done via remote execution.