In this post, we’ll spare the fake news and simply lay out the facts. Do Macs get viruses? And if so, how do Macs get viruses? Is a Mac safer than a Windows PC? There’s a lot of confusion, misinformation and frankly (sadly) ignorance among so-called ‘Mac gurus’ who should know better. The recent outbreak of the.It’s not the first time we’ve discussed this topic and it almost certainly won’t be the last, but this week’s report by one AV vendor that cyber threats on Mac endpoints have surpassed those on Windows devices, followed by accusations from a prominent Apple evangelist that the vendor was peddling in exaggeration and fear-mongering, have brought the topic into sharp relief once again. Prevent Mac Virus & Trojan Infection. Get AVG today to remove Mac spyware, prevent ransomware and other kinds of malware, and block unsafe links and malicious downloads.8 Simple Tips to Secure a Mac from Malware, Viruses, & Trojans. AVG offers one of the best free antivirus apps for Mac thanks to customizable tools, powerful layers of security, and our database of virus definitions that’s updated in real time to catch even zero-day threats.“Virus” is a legacy term, and technically there are very few genuine viruses on any platform at all these days, not even Windows. One commentator went so far as to accuse the researchers of stoking fears to drum up business for themselves and concluded that, despite unquestionably accepting the data, “the statement that Macs don’t get viruses is still overwhelmingly true”.Also see: Scripting Macs With Malice | How Shlayer and Other Malware Installers Infect macOSCentral to the argument that “Macs don’t get viruses” is equivocation over what we’re really talking about. That also represented a huge jump from the 4.8 detections per endpoint that they found on Macs in the year previous to that.The data led to a flurry of headlines, not least because it was a surprise to many people who’ve long fantasized that Macs have some magical aura that makes them impervious to the same kind of criminal attacks that plague Microsoft Windows machines. That, my friends, is a list of 30 potentially bad things thatyou guessed it, were found on my Mac while I was running a test virus scan, one of which is a Windows virus.Do Macs Get More Malware Than Windows PCs?According to a report by Malwarebytes, the average number of threats they detected per endpoint was nearly double on Macs compared to Windows, at 11.0 and 5.8 respectively during 2019. With password manager, generate, store, and sync all your passwords to. It is designed to provide multiple layers of protection for your PC or Mac, including firewall protection.That’s 5,800 individual pieces of malicious software that have been written specifically for macOS in its native binary format over the last 90 days. About 75% of my customers have/had malware on their computers and did not know it”.If we look at a public malware repository like VirusTotal and query how many threats have been uploaded that are tagged as ‘macho’ (the native macOS binary, though macOS runs other kinds of executables which are also used in malware) and have more than 4 independent vendors detecting them, then today we’ll get a list of around 5,800 samples. Malware campaigns by APTs and other threat actors are also regular occurrences.As one Twitter user pointed out, “I own a small computer consulting company that focuses on Apple products in the residential market. Our recent posts on Adload, Shlayer and Lazarus APT go into some of the technical details.Once you stop arguing about what counts as what kind of threat and accept that in all cases, you’re dealing with unwanted, deceptive and possibly dangerous code running on your machine, then what the data shows is that when you look at these categories together, Macs are heavily-targeted, particularly by adware and coinminers, and more Mac users than ever are being infected. For businesses and personal users alike, these different threats are all of a piece: they steal data, hog resources, interfere with productivity and – at worst – lead to more serious network intrusions.In fact, Apple’s built-in security tools rely on outdated-technology similar to legacy AV products – file hashes, hardcoded path searches and Yara rules – as well as a few proprietary Apple technologies like Gatekeeper, Notarization and code signing, which we’ll say a little bit more about below.Importantly, all the Mac’s detection and malware removal capabilities are historical – meaning, they are updated to detect threats that have been seen to infect Mac users in the past. Apple do not possess some secret sauce that makes them impervious to malware and that Microsoft and other OS vendors have failed to invent. This script was uploaded to VT 8 months ago and is still barely detected by the static engines there, to give but one example:So, how do Macs get infected, then, given that the data categorically disproves the myth that Macs don’t get malware?Also see: Detecting macOS.GMERA Malware Through Behavioral InspectionMacs, of course, are just Unix-based general purpose computers. It doesn’t include malware that we’re aware of that doesn’t register on VirusTotal, such as this launcher script for OSX.DarthMiner, a threat that appeared in late 2018.
Virus Mac Safer ThanThe takeaway there, if it isn’t obvious, is that Apple’s behavior mirrors what we’re seeing at SentinelOne and what Malwarebytes report pointed out: more threats than ever before are targeting macOS users.And yet, despite all the evidence, we still find Mac gurus who believe and spread the myth that Macs don’t get malware and users don’t need additional security protections. In contrast, we’ve seen three updates to XProtect since the start of 2020. Those who follow Apple security issues will recall the lament during much of 2018 that XProtect hardly saw a single update, despite lots of new threats appearing during that year. Gameboy emulator macWhy Apple’s Tools Won’t Stop All MalwareAre Apple’s built-in tools sufficient to protect users? As we’ve already noted, Apple’s security tools rely on historical data – an attack needs to have happened to someone, some Mac, somewhere, before Apple will add a detection rule for it. Anyone who does get infected have themselves to blame for making ‘bad decisions’.Neither of those beliefs are helpful, and propagating them only serves to do what malware authors most want: keep Mac users unprotected and believing in a false sense of security.Let’s look at those two claims individually and see how they cash out. Apple’s built-in tools are sufficient to protect users2. Best tablet for mac bookNeither Gatekeeper nor Notarization apply if the app is installed without a quarantine bit, even on Catalina. In all versions of macOS except the new Catalina, XProtect will also fail to scan code that does not have a quarantine bit.Third, notarization – Apple’s new demand that all 3rd party apps need to be vetted by Apple for malware before they can run on macOS – doesn’t apply in certain situations. Threat actors can see how Apple detect their malware within minutes of Apple updating these rules, and in most cases it’s a simple thing for these actors to refactor existing code to avoid Apple’s rules. Regardless of the “why”, and particularly in an enterprise context where social engineering is well understood, all that matters is that they do, and that that they do in sufficient numbers to make it a worthwhile enterprise for bad actors.Second, Apple’s detection technology, XProtect, relies on very simple, lightly-obfuscated, string and data pattern matching YARA rules. First, Apple’s blocking technology, Gatekeeper, is easily overridden by users (yup, those same users making those same ‘bad decisions’). ![]() Whether such users “deserve what they get” is a matter of one’s personal opinion, but what is undoubtedly true is that the methods used by such malware are viable – and reliable – infection vectors that could equally be used against anyone. Torrents, cracked software and websites of dubious legality are all favorite hunting grounds for malware authors on macOS, just as they are on Windows.
0 Comments
Leave a Reply. |
AuthorLori ArchivesCategories |