back to article Level up Mac security, and say game over to malware? System alerts plus Apple game engine equals antivirus package

Infosec guru Patrick Wardle has found a novel way to attempt to detect and stop malware and vulnerability exploits on Macs – using Apple's own game engine. The boss of Objective-See, a maker of in-our-opinion must-have macOS security tools, explained at this year's RSA Conference, held this week in San Francisco, how he and …

  1. redpawn Silver badge

    Spy Engine

    Sounds like it could flag all sorts of machine events and make judgments based on them. It could just as easily be used to flag suspicious employee behavior and report it as well.

  2. 45RPM Silver badge

    Overconfidence is a huge problem - and we’re all guilty of it sometimes (I’m sure this USB stick my friend gave me is fine, yeah, I’ll plug that in). Nothing gives 100% protection but, at the very least you need a decent AV package (I use ClamXAV), a decent firewall (I use the built in firewall plus LittleSnitch), backups of important files in addition to TimeMachine, and caution about what websites you’ll visit and what software you’ll run.

    This monitor kit looks very interesting - I look forward to checking it out of Git and, maybe, adding it to my arsenal.

    1. asdf Silver badge

      >I’m sure this USB stick my friend gave me is fine, yeah, I’ll plug that in

      USB Killer 3.0 strikes again! Though I think Apple tested well against it IIRC.

      1. 45RPM Silver badge

        Yup. Although that’s not particularly what worries me. A hardware killer is bad - a data destroyer that insidiously wipes out backups too is worse.

  3. Anonymous Coward
    Anonymous Coward

    I hope they keep it user friendly..

    I like the sound of this, but installing (more*) security tools on Macs is only going to work if it doesn't get in the way much, which is where the conflict lies. I'm sure everyone remembers the Windows Vista "you have moved the mouse, permit/block?" era which was a good example of how NOT to implement security.

    As for USB sticks, I just finished playing around with encryption. That doesn't stop the use of external USB sticks yet, but sharing an encrypted one means that loss isn't an issue despite being wholly transparent to the authorised users. Tests also show that APFS for USB stick crypto appears significantly faster than MacOS Extended, but it's still a long process if the file is big (as in multiple GB big).

  4. Walter Bishop Silver badge
    Linux

    Malware and vulnerability exploits on Macs

    "Macs are softer targets, they're easier to attack, and Mac users are overconfident."

    Are there any examples of Apple malware of the click-and-get-infected variety. That achieves root by opening an email attachment or clicking on a malicious weblink?

    1. BebopWeBop Silver badge
      Facepalm

      Re: Malware and vulnerability exploits on Macs

      Certainly example of Adobe and Microsoft led raids

      1. Walter Bishop Silver badge

        Re: Malware and vulnerability exploits on Macs

        > Certainly example of Adobe and Microsoft led raids

        For the two down voters: “To even start carrying out this Rube Goldberg–style attack, a hacker would need a victim to already have some form of malware running on their computer.” ref

    2. Anonymous Coward
      Anonymous Coward

      Re: Malware and vulnerability exploits on Macs

      I read

      "If you look at the market for zero-days, Safari vulnerabilities are cheaper than Windows browsers, and it's not because of supply and demand," Wardle mused. "Macs are softer targets, they're easier to attack, and Mac users are overconfident."

      and thought...

      it could also be that the payoff from raiding Windows machines is greater what with the larger number and greater enterprise penetration. Market pricing would dictate that a greater payoff begats a greater price. Never rule out the obvious eh?

  5. Anonymous Coward
    Anonymous Coward

    Macs don't get viruses

    FACT.

  6. N2 Silver badge

    looks interesting

    currently use Sophos Knock Knock and avoid Safari. Prefer FF with No Script ghostery and Ad Block etc and always keep a disconected drive made with CCC

  7. chivo243 Silver badge
    Thumb Up

    3 easy pieces

    1. Firewall

    2. Content filter - PIHole all the ads at home, ghostery, stop social, NoRef, on Opera.

    3. Common Sense

    If your account is the only admin account, I doubt you're reading this.

    More common and annoying are dodgy browser extensions, yes, I'm looking at you Chrome.

  8. Down in the weeds
    Big Brother

    Clever

    (inter) active policy enforcement by monitoring exactly what those 1s and 0s are doing deep in the guts, neat approach

    I think there might be a high correlation between Mac fanbois and highly libertarian privacy pedants who will react in horror to the development of yet-another line in spyware

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019