Security on MacBook Pro

[cwa107]

I like Microsoft's Security Essentials mostly because it's a good, non-invasive and relatively transparent AV. It doesn't nanny you and merely serves as the extra layer of DAT-based proactive scanning. I've never claimed it to be the end-all, be-all of AV. But for my needs, which are relatively scant given that I am well versed in security threats and social engineering, it does the job of preventing those rare situations where something crawls through my other defenses. It won't fit everyone's needs for sure - but it works for me. I also run BlueCoat's K9 proxy on most of my PCs, which prevents an awful lot of this stuff from slipping through, not to mention filtering out stuff I wouldn't want my kids stumbling into on their way to the various educational or entertainment sites they visit (Nickelodeon, Disney, etc).

I also put it on my customers' machines where I see no existing functional AV, but I do caution them that it's limited in its utility. I also tend to remove Flash, install Chrome as a default browser (which bundles Flash and keeps it fairly up-to-date) and pull Java. And of course, I educate - which is the best tool I can give them. Again, a hacker's worst enemy is an educated user - and no amount of AV will protect a user from themselves.

 

[cwa107]

Guys, this is getting pretty heated. I would love to have a civilized discussion here as I think there's been a number of important points mentioned - and it's always good to get differing points of view and having a reasonable debate. Let's try to bring the level of emotion down a bit, OK?

 

[cwa107]

Add Malwarebytes Pro and you have a far superior defense. It is the best $25 you will ever spend.

I like MWB, though I have only used their freeware product doing my little side jobs. If I find the need to supplement MSE, I might have to check it out.

Also, If you are running Blue Coats K9 you are rocking!!! You are basically running an enterprise based content filter by using that . Good choice!!

I'm aware. As Dennis mentioned, I've worked in IT for the past 15 years for the same large company. We actually run BlueCoat's enterprise class proxy, though I don't administer it - we also run their offline client, which enforces cached proxy rules on machines that leave the network. Their stuff is impressive and we've rarely had a malware intrusion as a result. K9 essentially uses the same filtering - and I recommend it even to my clients that don't have kids on their machines.

Educated user, yes to a point. The high use main websites are the main attack vector these days. With i-frame redirects, malvertizing and other redirecting based malware on common sites being a smart user is not what it was 6 years ago.

You know, a couple of years ago, I would have been skeptical of that comment - up until I saw one of the Mac scamware fake AV products distributed through Google's image search (Dennis - you ought to remember that - it was one the first prolific Mac malware attacks and we saw quite a bit of fallout from it here). It's amazing how crafty they're getting with these exploits - and how apparently simple it is to do.

Make sure to add ad blockers and block ads in your K9 too.

.

Yeah, we run ABP and NoScript on all the machines in our household. Very handy.

 

[chas_m]

The "security through obscurity" lie that Mainia is pushing has been debunked numerous times. It is simply incorrect to believe that Apple or Mac users operate on this principle:

The Mac Malware Myth — RoughlyDrafted Magazine

Macs are more popular now than they have EVER BEEN. Apple sells 4-5 million Macs ever quarter.

STILL no viruses, and even what TINY amount of malware exists is rare and easily avoided. Apple's own security measures + a modicum of user education and common sense *continues* to be MORE than adequate protection.

The same CANNOT be said about Windows computers. The notion that Mainia has put forth several times that there are no effective Windows viruses anymore is laughable on its face.

Hackers have dreamed for DECADES now of being the first to write an effective Mac virus. Hasn't happened, even with cash contests and rising popularity. Anyone who knows anything about UNIX and the way OS X is structured knows what I've known for years: it isn't *going* to happen either.

Good luck with the FUD, Mainia. You're not going to find a receptive audience here, and it's not because we are a) arrogant or b) not vigilant. The whole reason this community exists as is as effective as it is is because we are INCREDIBLY vigilant to any sort of threat. Just because we happen to have a way better "fort" than Windows doesn't mean we ignore potential danger.

The reason we're not buying what you're selling is that you are simply not credible -- you haven't produced ANY evidence that users are under ANY comparable threat, nor that Windows users are free from virus fears and can disable their anti-virus programs.

Keep sticking to that "security through obscurity" lie if you want to, but if you're still here next year, I reserve the right to lambast you over the continuing lack of truthfulness in your speculative and fact-free paranoia-based claims. And again the year after that, and the year after that.

In the meantime, you might investigate a career with Faux Noise, I hear they are always looking for people motivated by fear who have vivid imaginations.

 

[vansmith]

Anyone who knows anything about UNIX and the way OS X is structured knows what I've known for years: it isn't *going* to happen either.

I'm still waiting for you to take my wager that this will ostensibly "never happen." I could use a few bucks.

 

[chas_m]

Happy to take it. PM me with details. There's no chance of a virus ever successfully spreading under OS X with default settings in place.

 

[alicepattinson]

Mine is Avast and I'm happy with it Do you need a paid or fee protector (AV) ?

 

[vansmith]

Happy to take it. PM me with details. There's no chance of a virus ever successfully spreading under OS X with default settings in place.

Aside from the fact that self-replication is easily accomplished on Unix based operating systems, history teaches us that anything designed by man can be just as easily destroyed or compromised. Ask the makers of the Maginot Line who thought its imperviousness would protect France (they were wrong) or the designers of the Titanic, the world's only "unsinkable" ship.

Care to still take that?

 

[vansmith]

Bypassing authentication isn't all that difficult either. Take the sudo tool for instance. This tool is used to give unprivileged users limited access to elevated privileges. By default, Apple lets users use sudo to do anything - it's unfettered elevated fun. This itself isn't all that abnormal since many OSes (that I've used) do this. Sudo can also be configured to let users use it for a period of time without prompting once again for the password. By default, Apple sets this to five minutes. Thus, once a user requests elevated privileges once, for five minutes, these privileges can be acquired without entering a password. Now, how might a piece of malware notice this? Simple - Apple set up sudo to log to /var/log/system.log. Here's an entry for sudo:

Feb 26 10:56:29 Olympus.local sudo[24679]: vansmith : TTY=ttys000 ; PWD=/Users/vansmith ; USER=root ; COMMAND=/bin/ls

All a piece of malware has to do is monitor system.log for executions of sudo and when it finds one, it will know that it has unfettered elevated privileges for five minutes.

 

[osxx]

Unless I am misunderstanding something here I thought that any sudo command since Lion will prompt for a password even if the user has none forcing one to generate it before the command can be executed.

 

[vansmith]

Absolutely but once it has been entered once, you don't have to re-enter it for five minutes. Once this is accomplished, it's entirely plausible that a piece of software could re-configure sudo to remove any and all restrictions since it would have the privileges to do so.

 

[MacInWin]

OK, so the risk is that somehow, someone will get access to my system within five minutes of me invoking sudo (which I think I've done once in the last couple of years), and then if they do that, they can defeat or modify authentication. Is that right? And to get to my system, they have to either ssh in through both of my firewalls, or get me to install malware that initiates an outbound connection, right? Maybe I'm not paranoid enough, but the risk seems pretty low.

BTW, the first virus, the so-called Morris Worm, started on Unix, so Unix is not inherently protected from viruses, but it does have the tools to be made more resistant. I remember the scramble in the new Internet to put in place the protections. I ran a data center with 29 unix servers and my sysadmin was a former Bell Lab developer who had known about the weaknesses and put in place security, but the Dean of the university was panicking at the news and had us recheck all 29 servers, twice.

 

[vansmith]

OK, so the risk is that somehow, someone will get access to my system within five minutes of me invoking sudo (which I think I've done once in the last couple of years), and then if they do that, they can defeat or modify authentication. Is that right? And to get to my system, they have to either ssh in through both of my firewalls, or get me to install malware that initiates an outbound connection, right? Maybe I'm not paranoid enough, but the risk seems pretty low.

My concern with this wasn't simplicity but plausibility. You're right - it's not simple and the process isn't likely but it is entirely possible. Malicious software can easily ask for a user password (something not all that uncommon) and since you can pipe sudo your password, it can be utilized without any outward facing (user noticeable) signs. Again, I don't think this is likely but a reasonably well crafted piece of software can destroy any semblance of privilege security afforded by sudo.

 

[osxx]

Got another question even if command line is used to defeat Gatekeeper such as to install a non approved app a dialog box usually pops up warning you that this app does not have proper ID are you sure you want it enabled or installed or is the warning somehow bypassed (so far I have not seen this).
Also to defeat Gatekeeper it still prompts for password.
I understand if someone installs a Keylogger on my Mac all bets are off but outside of that I still feel secure.

 

[vansmith]

Gatekeeper can be easily disabled from the command line (here) so if someone can easily manipulate sudo, odds are they're in a position to execute arbitrary commands.

 

[MacInWin]

My concern with this wasn't simplicity but plausibility. You're right - it's not simple and the process isn't likely but it is entirely possible. Malicious software can easily ask for a user password (something not all that uncommon) and since you can pipe sudo your password, it can be utilized without any outward facing (user noticeable) signs. Again, I don't think this is likely but a reasonably well crafted piece of software can destroy any semblance of privilege security afforded by sudo.

But part of the security equation is probability of occurrence. I managed data centers and software development for 35 years. When we considered security we used the formula "probability of occurrence X cost of damage = risk" to determine the maximum we would expend to preclude the occurrence. ANYTHING is possible, and I can put up protections against anything, as long as I am willing to pay the price in money or performance and utility. But I think the risks as presented in this thread are pretty unlikely and at this time not worth the expense of any AV software or the performance and utility of the system. I use firewalls and ad blockers and I do daily backups but that's about it.

 

[vansmith]

We're done here. This thread has not only run its course but the conversation is no longer productive, collegial or in any way going to end politely.

 

[pigoo3]

Then I hear the song bird of the Mac Zealot singing the, ------" OSX has had years of people trying to be the one to hack OSX and carry the trophy of the first OS X major hack"-------Were is the trophy winner who pwned 800,000 Macs in 2011. HE NEVER PICKED UP HIS TROPHY!!!!!! Where is he, he is off to the next exploit or he was one in that group of malware scams that got busted in Russian. Where is his trophy?

Sorry that is not how the organized crime ball game works. No trophies given, only your money !!

--"OS X does not get viruses", --"I am safe, OS X will ALWAYS prompt me if anything want to install, no worries about malware"-- " OS X is safe and impenetrable, even in default setting mode",-- "OS X has no malware around, it is third party programs that are the problem" (don't we always have third party programs installed too). What do we do with Safari? FUD< FUD<

CanSecWest has a hacking contest yearly and if nothing faces the internet but a firewall Windows, Linux, and OSX, all live for days from the best hackers smacking code at it. The minute you throw the browsers at the internet, they all fall. What's this tell you.

The mac and Linux for that matter, has been saved from the same plight that Windows has been through because. "What ever is most popular, will get attacked the most." If you turn the #s around 90% Mac or Linux and 10% Windows. They will have the same infiltration rates give or take, with the Mac possibly having more because it's BerkleyBSD has never had it's code INTENSELY vetted by the world's hackers and of the non vetted code there is 1/3 plus more code to spill those unvetted vulnurbilities from. Talk to Dr Charlie Miller and Dino Zovi

Most of what you're saying I don't have a disagreement with.

But what you're mostly talking about are a bunch of hypothetical situations...and hypothetical situations/theories do not equal a problem!!! I don't think that anyone is saying that Macintosh computers are immune to virus's or malware of any sort.

The facts are...Macintosh computers (up to this time) have not been a successful target of virus's or malware. We are not "Mac Zealots" stating things that are not true (or what we believe to be true).

Facts are facts...at this point in time the average Macintosh user does not need to have a serious concern related to virus's or malware. 6 months from now things may change...and then we can revisit the situation.

- Nick