My thoughts on Malware and Macs

[pwygant]

For many years I have converted family/friends to the Mac which although comes with the standard "can you help me with remote support" assistance but I can live with that.

However, in the last year or so... and maybe I'm imagining this. I feel there's an increased presence of malware finding it's way onto the mac in form of hiding "extensions" within app updates, or file add-ons, packages, or even clicking a link or "ok" to download in Safari by not thinking.

I'm particularly frustrated with the way these companies are messing with the younger crowd and preying on children by hiding this stuff inside "Minecraft" skins etc. Recently I have spent some time removing Search.anysearchmanager.com and other software that I consider malware. I find it incredibly complicated to remove all bits to these "extensions" and simply takes time to remove. Several posts here recently take about malwarebytes but I still feel this software is either malware itself or doesn't detect or do anything about "extensions".

Thoughts?

 

[revmacian]

How does malware get installed on a Mac? I mean, can you just visit a website and malware gets automatically installed on a Mac? Aren't there safeguards in macOS that prevent such things?

 

[26139]

My dad installs malware about every six months now.
We've been Mac users since the mid 1980s, he's only had issues the past few years.
Flash seems to be the big issue here, he's constantly asked to update it and I think it eventually wears him down so he's tricked into thinking it's legit.
But he's definitely typing in passwords and installing ****, nothing is being installed without permissions.

 

[revmacian]

My dad installs malware about every six months now.
We've been Mac users since the mid 1980s, he's only had issues the past few years.
Flash seems to be the big issue here, he's constantly asked to update it and I think it eventually wears him down so he's tricked into thinking it's legit.
But he's definitely typing in passwords and installing ****, nothing is being installed without permissions.

It sounds as if your dad could benefit from some reeducation, and an ad blocker to stop those fake flash update pop-ups.
[automerge]1577985560[/automerge]

nothing is being installed without permissions.

This.. is part of the malware problem. If my system asks me for permission to install something.. everything in my world comes to a screeching halt until I find out exactly what is going on. Nothing, and I do mean nothing, in my house moves until I figure out exactly what has triggered the system security in one of my machines - I won't even answer a telephone or a door. I think, if people put that amount of attention and investigation into a security prompt.. we may see fewer malware problems.

 

[26139]

It sounds as if your dad could benefit from some reeducation, and an ad blocker to stop those fake flash update pop-ups.
[automerge]1577985560[/automerge]

This.. is part of the malware problem. If my system asks me for permission to install something.. everything in my world comes to a screeching halt until I find out exactly what is going on. Nothing, and I do mean nothing, in my house moves until I figure out exactly what has triggered the system security in one of my machines - I won't even answer a telephone or a door. I think, if people put that amount of attention and investigation into a security prompt.. we may see fewer malware problems.

...yeah, okay, great. Happy to hear your suggestions on re-educating a lifelong alcoholic with memory issues who never really felt like he was able to understand computers in the first place.

My reaction would be like yours, but you can't honestly expect a non-expert to react that way in the slightest.

 

[pwygant]

How does malware get installed on a Mac? I mean, can you just visit a website and malware gets automatically installed on a Mac? Aren't there safeguards in macOS that prevent such things?

What I consider malware or not is in the eye of the beholder. For example, I feel that that most chrome and safari extensions these days are turning into malware and we have all opened ourselves up to it.

 

[Super Spartan]

For many years I have converted family/friends to the Mac which although comes with the standard "can you help me with remote support" assistance but I can live with that.

However, in the last year or so... and maybe I'm imagining this. I feel there's an increased presence of malware finding it's way onto the mac in form of hiding "extensions" within app updates, or file add-ons, packages, or even clicking a link or "ok" to download in Safari by not thinking.

I'm particularly frustrated with the way these companies are messing with the younger crowd and preying on children by hiding this stuff inside "Minecraft" skins etc. Recently I have spent some time removing Search.anysearchmanager.com and other software that I consider malware. I find it incredibly complicated to remove all bits to these "extensions" and simply takes time to remove. Several posts here recently take about malwarebytes but I still feel this software is either malware itself or doesn't detect or do anything about "extensions".

Thoughts?

Simple solution, ad blocker, I never see any of these bundled apps or malware apps that disguise themselves, like EVER (ie. download this program to speed up your MacBook)

On a side note, Malwarebytes NEVER found anything neither on Mac nor on PC. The only thing it was able to find on my PC are false positives (ie. not REAL viruses or malware). Malwarebytes is good for cleaning previously infected PCs (not Macs) provided one didn't have an AntiVirus in the first place.

 

[xnsys]

Adobe products I would class as malware - the amount of crap that comes with their products for example, the bits that do the updates, connect you to the creative destructive cloud all need special firewall ports opened to be able to launch the application, which don't work with HTTPS scanning proxies. This is my main concern with regards to infections being able to find their way into the macOS as these programs are connecting to god knows what/where and has the freedom to do what it likes under the hood of the OS.

Application vendors need to approach things better, contain your app in the .app package, don't litter the drive like in Windows - and give the user control over what's installed and launched.
[automerge]1577996716[/automerge]

My dad installs malware about every six months now.
We've been Mac users since the mid 1980s, he's only had issues the past few years.
Flash seems to be the big issue here, he's constantly asked to update it and I think it eventually wears him down so he's tricked into thinking it's legit.
But he's definitely typing in passwords and installing ****, nothing is being installed without permissions.

In all honesty, flash is dead and I've not had it installed for a few years now - just tell him he doesn't need flash and to ignore any request to install.

 

[Strangedream]

Simple solution, ad blocker, I never see any of these bundled apps or malware apps that disguise themselves, like EVER (ie. download this program to speed up your MacBook)

On a side note, Malwarebytes NEVER found anything neither on Mac nor on PC. The only thing it was able to find on my PC are false positives (ie. not REAL viruses or malware). Malwarebytes is good for cleaning previously infected PCs (not Macs) provided one didn't have an AntiVirus in the first place.

I can confirm this. My current MBP has been running almost daily for 3+ years without any antivirus. I recently installed MalwareBytes and I was expecting to find loads of viruses/malwares; but after 3 scans the software kept reporting clean sheets.

I do use 3 to 5 adblocks (depending on the browser) so maybe that helps.

 

[revmacian]

I can confirm this. My current MBP has been running almost daily for 3+ years without any antivirus. I recently installed MalwareBytes and I was expecting to find loads of viruses/malwares; but after 3 scans the software kept reporting clean sheets.

I do use 3 to 5 adblocks (depending on the browser) so maybe that helps.

I can confirm this as well. I haven't used anti-virus apps in many years. I tried MalwareBytes and it found nothing, so I deleted the app and won't use it again until I actually have reason to.

I believe the advertisement system is a danger to site visitors and will continue to be dangerous until the system is revamped and limitations are implemented - such as banning all executable code like javascript.

 

[pwygant]

I can confirm this. My current MBP has been running almost daily for 3+ years without any antivirus. I recently installed MalwareBytes and I was expecting to find loads of viruses/malwares; but after 3 scans the software kept reporting clean sheets.

I do use 3 to 5 adblocks (depending on the browser) so maybe that helps.

Any recommendations of ad-blockers?

 

[revmacian]

Any recommendations of ad-blockers?

I recently switched to Wipr and found it stays out of my way while blocking ads. It seems to be easy on system resources and requires little user intervention.

 

[pwygant]

I recently switched to Wipr and found it stays out of my way while blocking ads. It seems to be easy on system resources and requires little user intervention.

Thanks, will give it a shot. After reviewing the macrumors forums I also see lots of feedback on uBlock Origin.

 

[revmacian]

Thanks, will give it a shot. After reviewing the macrumors forums I also see lots of feedback on uBlock Origin.

uBlock Origin is also very good, I used it a lot when I was running Linux.

 

[jw2002]

...yeah, okay, great. Happy to hear your suggestions on re-educating a lifelong alcoholic with memory issues who never really felt like he was able to understand computers in the first place.

One thing to consider is to set up parental controls on his computer and configure the Apps and Web options as needed.

 

[Strangedream]

Any recommendations of ad-blockers?

I'm using nano Adblock, ABP, ADB; and my personal favorite, uBlock Origins

 

[maflynn]

[MOD NOTE]
A number of posts have been ruined as they were derailing this thread. Please stay on topic.

 

[Big Bad D]

Adguard Pro works well and invisibly for me.

 

[Mac03ForLife]

Simple solution, ad blocker, I never see any of these bundled apps or malware apps that disguise themselves, like EVER (ie. download this program to speed up your MacBook)

On a side note, Malwarebytes NEVER found anything neither on Mac nor on PC. The only thing it was able to find on my PC are false positives (ie. not REAL viruses or malware). Malwarebytes is good for cleaning previously infected PCs (not Macs) provided one didn't have an AntiVirus in the first place.

Okay but have you ever seen an adblocker that truly works? Even ABP now lets a LOT of ads through, and it still does a terrible job of actually remembering that those tiny little boxes labeled "ad" are ACTUALLY advertisements and not just part of the website that is normal and should be allowed through to begin with.

 

[xnsys]

If you really want to stop it, best way is at the perimeter - there are various devices out there that will allow blocking of certain domains, Sophos XG for example - if you have a cheap PC with dual NIC, you can use this to filter traffic and block known malware sites.

We have it here in the office and it's brilliant, has stopped loads of potential attacks according to the logs - but you also have to bear in mind that some sites check for blockers and if the cookie isn't there it will stop it.

Also, because of the move more towards https and SSL encryption, it's harder to block ads - you can block the domain but not the whole URL - which if a domain is being used to host both ads and also genuine traffic how do you block it without the potential of opening up a man in the middle attack?

 

[me55]

A Raspberry Pi and Pi-Hole works surprisingly well to block ads on all devices, no noticeable delays even with an older Pi.

 

[xnsys]

A Raspberry Pi and Pi-Hole works surprisingly well to block ads on all devices, no noticeable delays even with an older Pi.

Indeed they do - but only at the domain level..

If you have, for example: -

https://www.domain.com/genuinesite/pictures/

&

https://www.domain.com/advertisingcompany/advert

Then if you block the domain you will block both the genuine site and the advertisement - so in incidents like this they won't block anything for fear of blocking the genuine site.

When a SSL handshake is done, it's done at the domain level first, then the URL full path is requested - nothing gets to see this apart from the server and end device...

The only way to do this would be to have a device in the middle that could decrypt the full url, re-encrypt it and then send it to the device - this would open the possibility of the man in the middle attacks.

With a lot of devices, you will have to install a certificate to allow the device to be a CA, what it does is to request the site, decrypts it, scans it and the re-encrypts it...

 

[Super Spartan]

Okay but have you ever seen an adblocker that truly works? Even ABP now lets a LOT of ads through, and it still does a terrible job of actually remembering that those tiny little boxes labeled "ad" are ACTUALLY advertisements and not just part of the website that is normal and should be allowed through to begin with.

ABP doesn't block all ads on Safari anymore (works great on Windows though)

AdGuard needs to be run at startup which annoys me and breaks some sites for me

WIPR is the best in my experience, doesn't require a separate app running as it's very well integrated in Safari and I have not seen one ad so far with it. It's also one of the ad blockers that I rarely had issues loading some sites with and if you do, simply go to Safari > site preferences then disable content blocking for that particular site.

 

[jw2002]

Even ABP now lets a LOT of ads through, and it still does a terrible job of actually

ABP has always been weaker than its name suggests. People think that the "Pro" means that it is stronger than regular AB when actually the opposite was always the case. If you read the fine print of ABP, they do mention that they intentionally let more, so-called "good" ads through. What this means is that at its heart ABP has always been a fundamentally weak method for filtering ads or malware.

Therefore, my recommendation for avoiding malware and ads (which pretty much amount to malware) would be to delete AB/ABP and use one of the modern, better maintained services such as AdGuard or Wipr.

 

[Ruggy]

...yeah, okay, great. Happy to hear your suggestions on re-educating a lifelong alcoholic with memory issues who never really felt like he was able to understand computers in the first place.

My reaction would be like yours, but you can't honestly expect a non-expert to react that way in the slightest.

Hi
May I make a practical suggestion?
If possible, treat your dad the same as you would a kid and set up parental controls to limit the sort of thing he can do on the mac. This will stop this sort of thing from happening.
Similarly, 'Accessibility' setting can simplify the mac for elderly and that can make it easier for someone like him to use.
Same on the phone. Loads of controls in 'restrictions' or whatever it's called these days and you can simply the phone a lot to just the basics if necessary so it's less confusing
Use family sharing with you as the manger too so he has to ask permission.

You can also put in controls at the DNS level if he won't let you do that. That is, instead of using the DNS servers of the internet provider you manually set up DNS to go over someone like Open DNS and you can configure parental controls there. I used to do this with my kids and its something they never think of looking for.

Also you can get routers that have anti virus and malware so if you want to spend a bit of money, you can go down that route and that's the best solution of all. One router stopping malware to everything connected. It's got to be the best way to go.
good luck.