Apple Macs are silently being infected with ultra stealthy malware, on both Intel and M1

[Roswell]

To argue Mac security is as insecure as Windows is real silly. macOS is Unix. *nix is so extremely more secure than Windows that it’s not even funny.

 

If one was to install malware on a Mac, you literally need to ignore a tsunami of warnings, say you’re cool with installing software from an unsigned or revoked source and then go into settings and individually grant the malware access to disk access, keyboard access, accessibility, network, etc one by one. You’d have to be an absolute moron. 
 

What does Windows do? It pops up a magic UAC GIVE ME ROOT button and that’s it.

[rcmaehl]

10 minutes ago, Vitamanic said:

To argue Mac security is as insecure as Windows is real silly. macOS is Unix. *nix is so extremely more secure than Windows that it’s not even funny.

 

If one was to install malware on a Mac, you literally need to ignore a tsunami of warnings, say you’re cool with installing software from an unsigned or revoked source and then go into settings and individually grant the malware access to disk access, keyboard access, accessibility, network, etc one by one. You’d have to be an absolute moron. 
 

What does Windows do? It pops up a magic UAC GIVE ME ROOT button and that’s it.

No to decrease your arguements validity but this malware had a valid signed certificate. I'm sure that's not common however

[leadeater]

20 minutes ago, Vitamanic said:

you literally need to ignore a tsunami of warnings, say you’re cool with installing software from an unsigned or revoked source

tsunami = all of one so...

 

A lot of power users also turn off requiring signed applications as well and if you grant an installer permissions to install nothing stops as part of that installer to go change other settings during that install. There are some more protected areas of Mac OS that you can't change as easily but once you granted something root, even temporarily your hosed regardless as you've just allowed it to do as much as possible that it wishes to do including exploiting any other vulnerabilities that require root.

 

Hit yourself in the hand with a hammer, hit yourself in the hand with a mallet. Both still hurt.

 

20 minutes ago, Vitamanic said:

What does Windows do? It pops up a magic UAC GIVE ME ROOT button and that’s it.

Not true if you actually leave Defender on.

[Roswell]

26 minutes ago, leadeater said:

tsunami = all of one so...

 

A lot of power users also turn off requiring signed applications as well and if you grant an installer permissions to install nothing stops as part of that installer to go change other settings during that install. There are some more protected areas of Mac OS that you can't change as easily but once you granted something root, even temporarily your hosed regardless as you've just allowed it to do as much as possible that it wishes to do including exploiting any other vulnerabilities that require root.

 

Hit yourself in the hand with a hammer, hit yourself in the hand with a mallet. Both still hurt.

 

Not true if you actually leave Defender on.

It's more than one. You need to click the initial run an app downloaded outside the ecosystem message, then the one saying "unknown developer" if they don't have a certificate, then you need to right click after that warning yet again and hit run on the context menu, then you need to click through warnings if it comes back as a signature match for malware and so on.

 

...all of that is still ignoring the fact that you need to go into security settings and manually enable all of the access check boxes for said piece of malware.

 

Also as far as I'm aware, there's no way for an app to gain root access unless you fire up terminal and launch as such. Even then, sudo open is still in user territory and typing out the full location of an app to truly launch it as root is way out of the realm of possibility for a regular user to do by mistake.

[Ashley MLP Fangirl]

8 hours ago, FakeKGB said:

"mAcS dOnT gET vIrUSeS!!"

- almost every Apple person ever

i've never claimed that lol and people who do are misinformed

[Ashley MLP Fangirl]

mine isn't infected... it would be good to know how this malware is spread. 

 

[leadeater]

51 minutes ago, Vitamanic said:

It's more than one. You need to click the initial run an app downloaded outside the ecosystem message, then the one saying "unknown developer" if they don't have a certificate, then you need to right click after that warning yet again and hit run on the context menu, then you need to click through warnings if it comes back as a signature match for malware and so on.

Again that's if you haven't already gone in to security and changed the global setting, which many power users actually do. Once you suffer the pain of having to do that once you tend to go change the setting that made it like that, human nature, "I don't like that so I'll change it".

 

51 minutes ago, Vitamanic said:

 

Also as far as I'm aware, there's no way for an app to gain root access unless you fire up terminal and launch as such. Even then, sudo open is still in user territory and typing out the full location of an app to truly launch it as root is way out of the realm of possibility for a regular user to do by mistake.

If an application is using a packaged install script it will ask to be granted root, from that point RIP. I managed software that actually does this btw, I think they finally updated to not do it that way but it was for years.

[Spindel]

9 hours ago, pythonmegapixel said:

That said, claiming that Macs don't get viruses is clearly ludicrous. I don't understand how anyone believes that in this day and age.

A left over from Windows XP days, when just having a Win XP machine connected to the internet in a lot of cases led to the computer being infected by worms and viruses. Back then this was highly unlikely on a Mac or Linux machine, partly because of security by obscurity and by the way the OSs are designed. 

[RejZoR]

3 hours ago, Vitamanic said:

To argue Mac security is as insecure as Windows is real silly. macOS is Unix. *nix is so extremely more secure than Windows that it’s not even funny.

 

If one was to install malware on a Mac, you literally need to ignore a tsunami of warnings, say you’re cool with installing software from an unsigned or revoked source and then go into settings and individually grant the malware access to disk access, keyboard access, accessibility, network, etc one by one. You’d have to be an absolute moron. 
 

What does Windows do? It pops up a magic UAC GIVE ME ROOT button and that’s it.

This is such a common misconception. Unix is not more secure. You're all assuming Unix is secure because its 80% market share is being run on servers by trained professionals. Opposed to Windows 80% desktop market share being predominantly run by casual users with often less than zero knowledge about computer things.

 

Yes, servers running Unix may be more high value targets, but their non-interactive nature and the fact they are predominantly operated by professionals means it's much harder to brute force your way in. Often it's easier to do it through exploitation of bad deployment or known unpatched vulnerability than tricking the operator.

 

Now lets apply that logic with Unix (Linux) on desktop operated by a normie. When users are determined to run something, no amount of UAC or passwords that they need to input will stop them from giving elevated access to some malware. Or input their credentials into a phishing e-mail. Or bunch of other scenarios that just don't happen on Unix servers because of non-interactivity and ultimately who's running them, a professional.

 

There is also usability factor. General users expect system to have a balance of usability and security. That's pretty much Windows 10 in its current form. All Linux versions are leaning far too hard to security side which is among things why casuals don't Like Linux. It's too fiddly and asks for permissions too much to a point users just type that damn thing in or have password "1234" just to get past it faster.

 

As for the second paragraph, ever wondered why Mac only has like 2% of the dekstop OS market share? Well, there's your answer. Windows is just easier to deal with in terms of just getting it on any system and running it whatever way you want without the hassle of Linux, but with enough of ease of use that they don't go with MacOS. Android is Unix based and look at what kind of malwarefest it is unless you bolt it down and lock it out. It's always all about balance between usability and security. And you simply can't have both at the same time. Windows has actual Admin, User and Guest hierarchy, yet no one uses it because it's same pain in the ass to deal with as it is on Linux.

[Sauron]

10 hours ago, pythonmegapixel said:

Ah yes, Browser. my favourite operating system...

You kid but nowadays they might as well be one

[Roswell]

2 hours ago, leadeater said:

Again that's if you haven't already gone in to security and changed the global setting, which many power users actually do. Once you suffer the pain of having to do that once you tend to go change the setting that made it like that, human nature, "I don't like that so I'll change it".

 

If an application is using a packaged install script it will ask to be granted root, from that point RIP. I managed software that actually does this btw, I think they finally updated to not do it that way but it was for years.

You can't disable a global setting in the security UI (they removed it), or permanently turn off GateKeeper for that matter anymore. It's been like that for a while, I think with the original release of Catalina? You can go into terminal and disable it for the current session but it will immediately enable again next time you boot. You would also still need to go into settings and individually enable like 10 separate permissions by hand for the malware too just for it to function properly.

 

Regardless... you can't argue that Microsoft's security policy is as good as *nix... Out of the box macOS is Fort Knox with app policy. Couple that with the baked in hardware encryption, sandboxing, certificate process, lack of data harvesting and so on and it's no contest. While I was poking fun earlier, Windows literally throws all security to the wayside with single click UAC or right click run as admin. It's a very stupid approach.

 

33 minutes ago, RejZoR said:

This is such a common misconception. Unix is not more secure. You're all assuming Unix is secure because its 80% market share is being run on servers by trained professionals. Opposed to Windows 80% desktop market share being predominantly run by casual users with often less than zero knowledge about computer things.

 

Yes, servers running Unix may be more high value targets, but their non-interactive nature and the fact they are predominantly operated by professionals means it's much harder to brute force your way in. Often it's easier to do it through exploitation of bad deployment or known unpatched vulnerability than tricking the operator.

 

Now lets apply that logic with Unix (Linux) on desktop operated by a normie. When users are determined to run something, no amount of UAC or passwords that they need to input will stop them from giving elevated access to some malware. Or input their credentials into a phishing e-mail. Or bunch of other scenarios that just don't happen on Unix servers because of non-interactivity and ultimately who's running them, a professional.

 

There is also usability factor. General users expect system to have a balance of usability and security. That's pretty much Windows 10 in its current form. All Linux versions are leaning far too hard to security side which is among things why casuals don't Like Linux. It's too fiddly and asks for permissions too much to a point users just type that damn thing in or have password "1234" just to get past it faster.

 

As for the second paragraph, ever wondered why Mac only has like 2% of the dekstop OS market share? Well, there's your answer. Windows is just easier to deal with in terms of just getting it on any system and running it whatever way you want without the hassle of Linux, but with enough of ease of use that they don't go with MacOS. Android is Unix based and look at what kind of malwarefest it is unless you bolt it down and lock it out. It's always all about balance between usability and security. And you simply can't have both at the same time. Windows has actual Admin, User and Guest hierarchy, yet no one uses it because it's same pain in the ass to deal with as it is on Linux.

It is more secure by design. You can't, and I mean cannot have a piece of software run as root in macOS unless you fire up terminal, find the complete directory tree, copy and paste said location of whatever you're trying to run and input a sudo command. Otherwise any application is running as a user.

 

How do you give a Windows app root? You click "okay" when the window pops up.

 

Also Unix is not Linux, Mac marketshare is approaching 15% in the US, 8% worldwide and Android is Linux. Android also sandboxes and malware has no access to root... only the permissions you grant it. There's some fringe cases of specific devices being exploited with privilege escalations but it's extremely rare.

 

 

[leadeater]

8 minutes ago, Vitamanic said:

You can't disable a global setting in the security UI (they removed it), or permanently turn off GateKeeper for that matter anymore. It's been like that for a while, I think with the original release of Catalina?

Sound about right, was also around the time that mentioned app got updated to change how it installed.

 

8 minutes ago, Vitamanic said:

Couple that with the baked in hardware encryption, sandboxing, certificate process,

All things both Windows and Defender do, other than hardware encryption which you can use with Bitlocker but that's optional rather than on by design. That said storage encryption doesn't protect the system from malware at all.

 

8 minutes ago, Vitamanic said:

While I was poking fun earlier, Windows literally throws all security to the wayside with single click UAC or right click run as admin. It's a very stupid approach.

No it doesn't lol. Defender will block anything known before you even get the UAC, if you get the UAC first and it extracted an embedded executable and tries to run it then also blocked. Defender has been Sandboxed since late 2018 FYI.

 

GateKeeper does have a few extra features but if you care about flexibility and freedom to use your computer how you like then those make it worse in that respect. Better at handling the lowest common denominator user however.

[pythonmegapixel]

18 minutes ago, leadeater said:

No it doesn't lol. Defender will block anything known before you even get the UAC, if you get the UAC first and it extracted an embedded executable and tries to run it then also blocked.

These days, Defender seems to block most things which don't come either from Microsoft or their pathetic excuse for an app store.

It also obscures the "run anyway" button behind a link called "Show more details", so less computer-literate folks will find it harder to find.

In particular, if it's a browser then it will claim that you are putting your security at risk by not using Edge and so on.

 

I wonder how many people have become completely desensitized to the warnings by this insanity.

[LAwLz]

3 hours ago, leadeater said:

Again that's if you haven't already gone in to security and changed the global setting, which many power users actually do. Once you suffer the pain of having to do that once you tend to go change the setting that made it like that, human nature, "I don't like that so I'll change it".

That's a silly argument and you know it.

Someone: You have to ignore a lot of warnings in order to even get to this point.

You: Nuh uh. If you have already disabled these X number of things then you don't get a warning.

 

Sure, but when you make generalized statements you typically talk about what most people do. Most Mac users have probably not gone into multiple settings and disabled the various security features. I am not sure where you got the statistics that "many power users do" from either.

By the same logic nothing is secure because no matter what type of defense you come up with someone can just say "no that doesn't matter if a user has disabled it, which many do".

 

33 minutes ago, leadeater said:

No it doesn't lol. Defender will block anything known before you even get the UAC, if you get the UAC first and it extracted an embedded executable and tries to run it then also blocked. Defender has been Sandboxed since late 2018 FYI.

No, Windows Defender doesn't block anything if you have it turned off, which many people have.

See how ridiculous your argument is now?

[leadeater]

4 minutes ago, LAwLz said:

That's a silly argument and you know it.

Someone: You have to ignore a lot of warnings in order to even get to this point.

No it isn't, fat load of good a one time protection will do you later if the user doesn't like it and turns it off (one time as in "well that's annoying, I'm disabling it"). Granted sounds like that ability has been removed now though.

[LAwLz]

9 minutes ago, leadeater said:

No it isn't, fat load of good a one time protection will do you later if the user doesn't like it and turns it off. Granted sounds like that ability has been removed now though.

That is assuming someone has disabled it. It's completely asinine to say a generalized statement is wrong just because it might not be true if some users have changed the default settings in some way. When you make generalized statements you typically talk about the default settings or most common settings. In this case you are saying a generalized statement is wrong just because some users might (a big assumption from your end) have disabled some security features.

 

It's not a one-time protection either. Something isn't a "one time protection" just because you can permanently disable it. By that logic Windows Defender is also a "one time protection".

[Video Beagle]

Boy, it'd sure be nice to go into one of these threads and gain technical insight rather than the same BS apple-hate flame wars that show up in every thread where the company gets mentioned.

 

I'd ask mods to step in, but since @leadeaterseems to be one, and can't seem to keep from getting into pissing matches with @LAwLz in EVERY thread, I guess there's no point there.

 

Here's a clue to your job...when someone posts this in the #$#$@!$# news forum..where it's supposed to be more serious talk:

You give them a warning for trying to derail a thread or be a troll...and if they do it again, you @!@# ban them.

[leadeater]

22 minutes ago, LAwLz said:

It's completely asinine to say a generalized statement is wrong

No I didn't, other than "tsunami of warnings" that I did refute because it isn't. Sure hyperbole was being used but it's no major amount more than Windows, being one UAC prompt if Defender has already allowed it otherwise you'll be dealing with Defender prompts first.

 

22 minutes ago, LAwLz said:

When you make generalized statements you typically talk about the default settings or most common settings

Yes which is why I said power users because these are the ones that most often run in to problems with these default security settings and inevitably end up disabling them through frustration and impact to workflow. Are you a developer or DevOps engineer, do you use CI/CD tools and run builds and Vagrant/VM instances on your Mac with other custom tools either inhouse and otherwise, then you'll like strike issues with default Mac OS security settings.

 

The biggest security weakness is the person at the keyboard, if EULA's and humans habits around those and installers has taught us is that "Next, yes to everything" is largely how those are dealt with with near zero reading of what is happening. <-- Power users and normal people alike.

 

The other thing I sort of object to is the ignoring of Defender and what it does but then GateKeeper is added to how Mac OS is more secure, either include Defender and GateKeeper or exclude both.

[leadeater]

51 minutes ago, Video Beagle said:

I'd ask mods to step in, but since @leadeaterseems to be one, and can't seem to keep from getting into pissing matches with @LAwLz in EVERY thread, I guess there's no point there.

They don't have to jump in and argue either and others don't need to make over zealous and incorrect claims about OS security compared to another and completely ignore features that the other one actually does have that were said to not have.

 

Pointing out such failures is in fact a technical discussion.

[leadeater]

14 minutes ago, Video Beagle said:

Here's a clue to your job...when someone posts this in the #$#$@!$# news forum..where it's supposed to be more serious talk:

We do not moderate topics we are commenting in, if you see something that should be reviewed you need to report it, if you don't then it's got an extremely high chance of not being dealt with or seen. Reports are largely how issues are brought to the attention of the moderation team, these come from community members.

[owwnoooo]

13 hours ago, FakeKGB said:

"mAcS dOnT gET vIrUSeS!!"

- almost every Apple person ever

elephants

[Video Beagle]

On 2/23/2021 at 2:26 AM, leadeater said:

We do not moderate topics we are commenting in, if you see something that should be reviewed you need to report it, if you don't then it's got an extremely high chance of not being dealt with or seen. Reports are largely how issues are brought to the attention of the moderation team, these come from community members.

Maybe you should moderate first, THEN comment. Just a thought if you're gonna wear a badge.

[leadeater]

50 minutes ago, Video Beagle said:

Maybe you should moderate first, THEN comment. Just a thought if you're gonna wear a badge.

Well I start from the last page of topics and I also choose to comment on topics that interest me. Moderation is voluntary and there is no obligation to dedicate time towards it, neither can you see how much I do or what I do towards that effort. However if you are not happy with how a topic is going and any problems within it it is directly your responsibility to report it (including my own or anyone else's comments as you think are necessary), not to publicly complain about it and then do nothing to actually help out with the issue. I went ahead and reported the post you indicated, that being the only report for this topic at all.

 

That's all I'll say on that matter.

[rcmaehl]

On 2/23/2021 at 3:56 AM, pythonmegapixel said:

These days, Defender seems to block most things which don't come either from Microsoft or their pathetic excuse for an app store.

Defender definitely throws a cloud heuristics detection every time I create a new software package, but it doesn't prevent end users from running it.

[pythonmegapixel]

1 minute ago, rcmaehl said:

Defender definitely throws a cloud heuristics detection every time I create a new software package, but it doesn't prevent end users from running it.

But realistically, the warning is intimidating enough to make at least some people give up.

 

The first time I saw one, I couldn't even find the "run anywhere" button, because for some reason they obscure it behind a "details" button and then a scroll down.