New AdLoad malware variant slips through Apple's XProtect defenses

Discussion in 'all things Mac' started by guest, Aug 11, 2021.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, even on a Mac I will take security still quite seriously, I will not be relying on XProtect and Gatekeeper, that's for sure. Too bad that you haven't got a lot of behavior blockers for the Mac. You did use to have Little Flocker, but it got sold to FSecure who decided to stop development. So it seems like currently Objective See is the only company that is focused on specialized Mac security tools. Of course, Little Snitch also looks quite good, and a firewall stays one of the most important things to secure computers.

    https://www.imore.com/little-flocker-getting-dumbed-down-good-all-mac-users
    https://objective-see.com/products.html
    https://www.obdev.at/products/littlesnitch/index.html
     
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I've finally outgrown the need for third party FUDware on Unix, especially macOS. It's not that I don't take security seriously, it's just that with my browsing habits and internet surfing I'm pretty confident that common sense, browser hardening, and macOS' integral security is all I need on either of my Mac computers. I waved goodbye in the rearview mirror to 'Windows paranoia' several years ago. :eek:

    It's just a mindset cultivated and promoted by companies that make their profits by persuading you that you need what they're selling. Even freeware has a price as these programs are usually harvesting information for profit.
     
  3. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
  4. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    IMHO, Apple's unexplained lack of XProtect/MRT updates for all of July, and much of August, surely could have endangered the macOS community. But, certainly installed, quality, real-time security products helped to fill that possible chink in Apple's macOS armour.

    Last week's XProtect/MRT update belatedly includes an AdLoad variant and others.

    Reference: https://eclecticlight.co/2021/08/23/apple-has-pushed-updates-to-xprotect-and-mrt-27/

    My extra protected macOS system was unaffected but I remain disappointed...

    Thank you.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, but this is exactly my point. With safe computing habits you should be just as safe on Windows. Windows Defender, Windows SmartScreen and common sense should keep you safe 98% of the time. For protection against more advanced attacks you probably need additional tools. Also, don't pin me down on this because I'm not an expert on the macOS, but seems that sandboxing isn't applied to all apps, just like on Windows, see links.

    https://www.howtogeek.com/210605/why-the-mac-app-store-doesn’t-have-the-applications-you-want/
    https://www.howtogeek.com/243559/why-desktop-apps-arent-available-in-the-windows-store-yet/


    You do realize that Windows has this feature called UAC? It works exactly the same. So no, the macOS isn't safer.
     
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    You know those links are a few years old, right? Personally, I never felt safe on Windows even with additional security measures. I just don't think Windows will ever be particularly secure. Secondly, I was just as concerned with AV's and third party anti-malware programs bricking my computer due to false-positives. In all the years I ran MBAM it only ever found my own system drivers, SpyBot S&D couldn't even find itself, and only SUPERAntiSpyware ever found anything that needed to be removed once. Every AV I ever ran for any length of time (except for MSE) had at least one false-positive. So yeah, if you want to believe in Windows alleged security that's fine. I sleep better knowing I run macOS and Ubuntu than I ever did with the ongoing security nightmare that is Windows.
     
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I only use antiviruses which have the option not to auto quarantine, so that nothing gets quarantined without asking me first. However, this severely limits my choice of antivirus. All antiviruses have at least very minor issues with false positives.

    While Windows may have been a security nightmare for you. It's quite the opposite for me. I'm just careful about what files I open, which means that it is incredibly rare for me to get infected. I've never felt the need to harden my system, or even been too concerned about having the best antivirus.
     
    Last edited: Sep 4, 2021
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    LOL, you describe it in a funny way. And I agree with you, most AV's suck and the funny thing is that it's actually Windows Update that caused Windows 10 to malfunction on my IdeaPad 3, not malware. However, my point is that it seems that you did let paranoia get the best of you and mostly based on this you consider macOS to be way safer than Windows, while this isn't necessarily true from a technical point of view. And yes, those articles are quite old, but what they describe is that more advanced apps can't be sandboxed in an easy way, I believe this is still the case even on the newest macOS.

    Exactly my point, false positives will always be a problem, and so far I've noticed that Win Defender will let you easily restore wrongly detected files, so it depends on the AV. And Windows doesn't have to be a security nightmare as long as you follow basic rules. I think most people on this forum are more paranoid than average, but they mostly think it's fun to secure computers with all kinds of tools. It's not like they believe they are under attack all of the time.
     
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Yes, I get it. You like Windows, you don't like Mac. You've been expressing this opinion since the Spyware Warrior forums. As you have no definitive proof or evidence that Windows is actually as safe as macOS, I'll have to decline to believe it.

    I was unhappy with the whole Windows security debacle. :(

    I am happy with macOS security. :)
     
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Yes, Windows made me paranoid lol. And, like I stated earlier, with actual evidence, macOS is 'way' safer from a technical point of view. You can keep telling yourself that Windows is inherently as safe as Unix, but it will never make it true.
     
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I actually have no doubt that macOS is much safer, as there is so little malware written for it compared to Windows. But my point is that as a Windows user, I don't have to worry about malware. Keeping Windows updated and being somewhat careful about what files I open, is enough to keep my computers malware free. The only extra thing I do is use an ad blocker, which in my case is included with my browser. But I do nothing else to secure my computers. Not a single thing. If I was to open random files (which is mostly how people get infected), the chances of getting infected would be significantly less is if I used macOS. But as someone who doesn't do that, it's not an issue. While it's not something I recommend, if not for that fact that I like using antiviruses, I would quite happily ditch my antiviruses and not worry about getting infected. In the past, there have been times when I've gone for a month or two without using an antivirus.

    Sure, I make no secret of the fact I can't stand macOS. But I feel just as safe using a supported version of Windows as I would do if I was using macOS or Linux.

    It's a shame about the death of the SpywareWarrior forums. I have good memories of when it was active.
     
  12. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I accept that the paucity of malware deliberately written for macOS is a significant factor in it being less of a target, although this isn't the only reason why it's less vulnerable than Windows.

    I think it was keeping Windows updated and the whole Bork Tuesday fandango that finally convinced me to ditch Windows. I never really liked it as an OS. I did think XP was quite useable, and 7 was pretty good considering. I'm not even going to discuss Vista. I know you liked it, but I wasn't impressed by its bloat or its myriad of other problems. I thought the interface was aesthetically nice lol. Admittedly, by the time I ran it Mickey had swatted many of the original bugs. Either way, it inevitably soured me to Windows; an OS that was always second rate and insecure compared to Unix IMO.

    I think a common sense approach to surfing and opening downloaded files is a good thing whatever the operating system. I use a fair amount of browser hardening on macOS and Ubuntu. On the principle that prevention is better than a cure. I'm really glad to see the back of AV's. I'm still convinced most of the FUD is being generated by AV companies desperate to stay in business now Mickey's bundling an effective AV with Windows. I'm just not falling for it anymore. I believe as various different threats emerge an AV running on a local hard drive is becoming less relevant to overall internet security anyway.

    Interestingly the Spyware Warrior homepage is still up, although the forums are defunct. I don't know why they closed.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Exactly my point. If you consider the macOS to be safer because there is less malware written for it, then yes macOS is safer. But all of the built-in security for the macOS is also present in Windows. So how on earth is it more secure? It doesn't make any sense.

    In general there are two ways to get malware on a system, no matter if it's Windows or macOS. Namely by manual install via user or automatic install via exploit. On both operating systems you can protect against this in the exact same way, by safe computing habits and usage of security tools, either third party or built-in security.

    It seems that with Daveski17 it's more about perception, since there is so little malware available for the Mac he feels like he doesn't have to worry about it anymore, and I completely understand this, but that's not what this discussion is about.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It's still not clear to me why you consider the macOS to be more secure. Is it perhaps because there are less known vulnerabilities for the macOS? While this might be true, I already explained that it's not that easy to exploit Windows based PC's anymore and then I'm talking about home user PC's.

    Fact of the matter is, that the same type of malware attacking techniques that work on Windows machines also work on macOS machines. I don't know how much more proof you want me to provide, but I found some more links, and most security experts agree that the macOS isn't more secure from a purely technical view, I'm not making this stuff up LOL.

    https://techcrunch.com/2021/05/24/malware-xcsset-macos/
    https://www.kaspersky.com/blog/black-hat-macos-macros-attack/36855/
    https://duo.com/decipher/apple-fixes-macos-flaw-under-attack-by-shlayer-malware
    https://www.bleepingcomputer.com/ne...zero-days-one-abused-by-xcsset-macos-malware/
     
  15. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Because macOS is actually more secure. There being less known vulnerabilities is basically irrelevant. As explained in the linked article pertaining to the more modular RPC design of Unix based systems. This isn't exactly a revelation and has been known since the very inception of Windows. In fact, it was one of the early criticisms of MS' approach to security. The vulnerability due to the intrinsic nature of the remote procedure call service in Windows is its Achilles' heel. If you want to believe macOS is less secure (or no more secure than) Windows because (insert explanation of your choice) that's your prerogative. It doesn't actually make it true though.

    You can believe in Father Christmas, faeries, hobgoblins, sprites, brownies, elves and the Cornish piskey if you want. It doesn't necessarily make them true or real though.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK I see, so you're sticking with this story. So to you, it's mostly about the architecture of the OS.

    That's exactly what I was trying to explain to you! No but all kidding aside, I look at it in a different way. To you it clearly doesn't matter that malware is able to do the exact same damage on a Mac and they can even bypass built-in OS security measures. In this case, it's probably best to stop this discussion.
     
  17. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    It's always been about the architecture of Unix versus Windows. The architecture of Windows is akin to Swiss cheese, the architecture of macOS has less holes.

    No OS is invulnerable. That's not the point. The point is about recognising why there is a need for FUD dissemination into non-Windows markets. I'm not buying it. Not sure about the Cornish piskey.
     
  18. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    The forums vanished in early 2018. I still visited there from time to time, even though it was sadly pretty much dead, but I never saw any posts saying that the forums would be discontinued.

    In regard to Windows, it is mostly problem free for me. If that wasn't the case, then I would quite possibly switch to Linux or even macOS. Just before replying to your post, Windows started becoming unresponsive. I tried to reboot, but that didn't happen. I had to hold the power button on my laptop to shut it down. When I restarted my laptop, as expected, it was working fine. Something like this is a very rare occurrence for me and the fact that I open don't reboot for a few weeks doesn't help. But this is usually the worst type of issue I face, and I can live with that.
     
    Last edited: Sep 5, 2021
  19. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Yeah, the sudden demise of the Spyware Warrior forums is a bit of a mystery. Win 7 ran well for me actually. The only problems I encountered were due to hardware issues as the computer was a custom build. Once they were sorted it was mainly trouble free. I am so happy to see the back of Bork Tuesday though. It got to the stage that I was more scared of false positives and MS updates bricking the computer than actual malware. I've never regretted the move to macOS and Ubuntu from Windows. I do regret not switching to Unix sooner.
     
  20. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    480
    Location:
    Dallas, TX
    I find it interesting that two people that seemingly don't use... perhaps have never used... macOS for any actual, meaningful duration are arguing about its overall security. As was pointed out, "no OS is invulnerable." No one is debating that. The question isn't what's theoretically possible, it's what's encountered in the real world.

    Having continuously used various versions of both macOS and Windows for 20+ years, I can say without reservation that I have always had a far higher overall comfort level in the out-of-the-box security of macOS/OSX than in Windows. Sure, some of it comes down to relative market share / targetting... but just as much comes down to various technical factors between the two operating systems. Also, security isn't just an OS-level issue. Third-party user-mode applications can expose vulnerabilities (i.e., browser vulnerabilities, scripting in productivity suites, runtime environments like java & flash, etc). Overall, it's been my experience that Windows somehow results in greater risk due to the OS and third-party app software vulnerabilities than does macOS. Just generally, IMHO, the perceived "attack surface" of Windows is greater than macOS... as well as the "blast radius" of damage done by malware in the vast majority of cases.

    If you're talking state-sponsored attacks... yeah... no doubt those guys can get into either system. But just run-of-the-mill public Internet crap? I would say macOS wins hands-down. I do run an antivirus on my Mac, and probably 80-90% of the stuff that has triggered it is either Windows-specific (attachments on spam/phishing emails, or my Mac scanning my Windows virtual machine drives) or browser/java/flash-based.

    I think this Malwarebytes report fairly summarizes a big difference in actually seen detections. On the Mac, the vast majority of detections are for potentially unwanted applications and adware rather than traditional malware. (The link is for the 2020 report, as the link I have to the 2021 report requires registration info; however, I would be surprised if it greatly differs from the 2020 report statement.)

    2020 State of Malware Report
    https://www.malwarebytes.com/resources/files/2020/02/2020_state-of-malware-report-1.pdf
     
    Last edited by a moderator: Sep 7, 2021
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, that is actually the point. I think it's a bit too easy to dismiss these kind of articles as FUD. They simply try to remind people not to falsely believe that the macOS is immune to malware. And it's not like they are advising people to pile up on security tools, like most of us on this forum tend to do, mostly for fun.

    But what's wrong with being a bit more cautious, no matter if you're using Windows or macOS? And once again I need to remind you guys that we're not living in the age of Win XP anymore. Win 8, 10 and 11 are quite secure, with all kinds of built-in security, same as on the macOS. But it's still the user that is the weak link, and this will always be the case. So yes, people are more secure on the macOS, but not because of the OS design, but because there's less malware available for it.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, I find it interesting that even with all of this information in this topic, you somehow still have managed to miss my point. And this has got nothing to do with whether me and roger_m have actually used macOS or not.

    We all know that you're less at risk of encountering malware on the macOS. But this discussion is about if purely from a technical point of view, the macOS is safer than Windows or not. Just do a search on the web and you will see that 9 out of 10 security experts will say that the macOS is NOT safer if you purely look at OS design. It's being less attacked because of the smaller market share, it's as simple as that.

    I wonder if you guys even bothered to read the links that I posted, then you will see that all of those attacks happened in real life, so this stuff isn't only possible in theory. Via the Firefox zero day, hackers could run any type of malware like ransomware or info-stealing trojans, and built-in macOS security couldn't stop it.

    Even so called "supply chain attacks" can happen on a Mac, like what happened with the Handbrake app, hackers modified it with malicious code, and built-in macOS security couldn't spot it. A similar thing happened on Windows with a malicious version of CCleaner, I'm sure you have read about this. So that's why me personally would not blindly rely on the built-in security of the macOS. Because you never know when disaster strikes.
     
  23. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    So, what's your point? I assume you have one.

    I think it's a bit too easy to be fooled by 'techno-sophistry' and FUD.

    They simply try to disseminate FUD. Many are probably actually fooled by it. I doubt many Mac users (like myself) believe that we are immune to malware, we do recognise propaganda when we see it though.

    You mean, what's wrong with buying pointless third party security software or allowing third party security programs access to your computer to data harvest? You need to think this through more. P. T. Barnum purportedly claimed "There's a sucker born every minute". He may have been right.

    And once again I need to remind you that Windows, by its very design, is not as secure as anything Unix. It never was, regardless off all the extra security bundled into it. Which Windows wouldn't need if it was originally secure by design ipso facto. If it helps you sleep better at night to believe Windows is as secure, fine. It depends how well you can delude yourself I suppose.

    No, this is the great fallacy masquerading as a specious argument. Unix, including macOS, is safer by design. It always was.
     
  24. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    This.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, this just about says it all. I'm not even going to reply the rest of your post, because then I would just be repeating myself, just like you keep repeating yourself.

    Whether news about malware attacks on the macOS is FUD or not is a matter of opinion, but all I can say is (and now I will repeat myself one more time), do a Google search and you will see that 9 out of 10 security experts will tell you that you are WRONG about macOS being safer than Windows because of its design.

    And these are guys who know a thing or two about IT security, some of them actually prefer to use Macs themselves. I can post these quotes from them if you want to, but it's probably not going to change your opinion, so it would probably be a waste of time. On that note, it's probably best to pull the plug out of this discussion. :p
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.