Spy Engine
Sounds like it could flag all sorts of machine events and make judgments based on them. It could just as easily be used to flag suspicious employee behavior and report it as well.
Infosec guru Patrick Wardle has found a novel way to attempt to detect and stop malware and vulnerability exploits on Macs – using Apple's own game engine. The boss of Objective-See, a maker of in-our-opinion must-have macOS security tools, explained at this year's RSA Conference, held this week in San Francisco, how he and …
Overconfidence is a huge problem - and we’re all guilty of it sometimes (I’m sure this USB stick my friend gave me is fine, yeah, I’ll plug that in). Nothing gives 100% protection but, at the very least you need a decent AV package (I use ClamXAV), a decent firewall (I use the built in firewall plus LittleSnitch), backups of important files in addition to TimeMachine, and caution about what websites you’ll visit and what software you’ll run.
This monitor kit looks very interesting - I look forward to checking it out of Git and, maybe, adding it to my arsenal.
I like the sound of this, but installing (more*) security tools on Macs is only going to work if it doesn't get in the way much, which is where the conflict lies. I'm sure everyone remembers the Windows Vista "you have moved the mouse, permit/block?" era which was a good example of how NOT to implement security.
As for USB sticks, I just finished playing around with encryption. That doesn't stop the use of external USB sticks yet, but sharing an encrypted one means that loss isn't an issue despite being wholly transparent to the authorised users. Tests also show that APFS for USB stick crypto appears significantly faster than MacOS Extended, but it's still a long process if the file is big (as in multiple GB big).
"Macs are softer targets, they're easier to attack, and Mac users are overconfident."
Are there any examples of Apple malware of the click-and-get-infected variety. That achieves root by opening an email attachment or clicking on a malicious weblink?
I read
"If you look at the market for zero-days, Safari vulnerabilities are cheaper than Windows browsers, and it's not because of supply and demand," Wardle mused. "Macs are softer targets, they're easier to attack, and Mac users are overconfident."
and thought...
it could also be that the payoff from raiding Windows machines is greater what with the larger number and greater enterprise penetration. Market pricing would dictate that a greater payoff begats a greater price. Never rule out the obvious eh?
(inter) active policy enforcement by monitoring exactly what those 1s and 0s are doing deep in the guts, neat approach
I think there might be a high correlation between Mac fanbois and highly libertarian privacy pedants who will react in horror to the development of yet-another line in spyware