Smashing Security podcast: Macs and malware

Three security industry veterans, chatting about computer security and online privacy.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Smashing Security podcast: Macs and malware

Check out the latest special “splinter” episode of the “Smashing Security” podcast – where Vanja Svajcer, Carole Theriault and I discuss Mac malware.

Do you run an anti-virus on your Mac or MacBook? Should you?

Smashing Security: 'Macs and malware'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Show notes:

Hope you enjoy the show, and tell us what you think. You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Remember: Subscribe on iTunes to catch all of the episodes as they go live and thanks for listening!


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Smashing Security podcast: Macs and malware”

  1. Bob

    Regarding this story there's some interesting research which has been published and it also touches upon your previous article [No, disabling your anti-virus software does not make security sense] and this podcast:

    "The Security Impact of HTTPS Interception" *. In fact only one AV vendor did it correctly (Avast AV 11 on Windows) – the others failed.

    *https://jhalderm.com/pub/papers/interception-ndss17.pdf

    Another good blog post, Decoding Chrome’s HTTPS UX, can be found at:

    https://noncombatant.org/2017/02/15/decoding-chromes-https-ux/

    Whilst we're on the topic of browser security there's some research that shows how easily Firefox can be fingerprinted – concerning, considering that it's the browser of choice for TOR:

    https://threatpost.com/intermediate-ca-caching-could-be-used-to-fingerprint-firefox-users/123834/

    Do I think Mac users need AV? Yes.

    The podcast made no mention of this excellent utility, written by well-known forensic scientist Jonathan Zdziarski – he specialises in all things Apple.

    "Little Flocker – Privacy, Enforced"

    https://www.littleflocker.com/

    For $19.99 you get protection for 5 computers and this sits alongside your existing security software. It provides a very high level of protection and it'd be good to hear you talk about complementary software like this Graham as it provides different (and somewhat better) protection than conventional AV alone.

    https://www.littleflocker.com/downloads/Little%20Flocker%20User%20Guide.pdf

    1. Graham CluleyGraham Cluley · in reply to Bob

      Thanks Bob, as always, for your thoughtful comments.

      I agree that anti-virus vendors have often screwed up and fallen short of the standards we would wish for. However, I think in the main anti-virus is a positive not a negative. Would be great to see the security vendors and browser developers working more closely together to make screw-ups happen less frequently.

      And yes, Jonathan Zdziarski's Little Flocker is probably well worth a look at – especially for more technically-minded Mac users.

      However, I'm not sure that it would be a good fit for everyone as some users might find it difficult to determine whether they should allow an app to perform a particular behaviour or not.

      Tools like Little Flocker can in theory warn of malicious behaviour that your anti-virus may miss, but it does need an operator who knows what they're doing.

      1. Bob · in reply to Graham Cluley

        I'm definitely a fan of AV, even as a technically inclined user because of the ancillary benefits.

        I use a Sophos UTM appliance at home for my firewall and VPN router and have AV software on all endpoints (Kaspersky on Windows, Bitdefender on my Mac and Sophos Anti-Virus on my Linux system). I don't use AV on my BSD system.

        Little Flocker is an exceptionally good piece of software which works similarly (but a little differently) to Windows EMET. There is an 'advanced' interface but I think the 'basic' mode is good enough for most people. In 'basic' it learns on what 'normal' activities are for you and it doesn't require a technically savvy operator.

        Incidentally Google have found their first SHA1 collision.

        https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

        Their official site is below. They have 2 PDFs, both identical SHA1 hashes but different content. It has now been broken in practice as well as theory.

        https://shattered.it/

        Obviously this is really big news considering how many organisations still use SHA1*.

        "Consistent with Google's security disclosure policy, the source code for performing the collision attack will be published in 90 days."

        https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/

        "Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has this feature planned for early 2017."

        "Who is capable of mounting this attack?"

        "This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations."

        *Digital Certificate signatures
        Email PGP/GPG signatures
        Software vendor signatures
        Software updates
        ISO checksums
        Backup systems
        Deduplication systems
        GIT

  2. neoswf

    Hi Graham. Which are there AV that you recommend for Mac? Thank you!

    1. Bob · in reply to neoswf

      Have a look at the results from the independent tests. Below are the top four products, in no particular order:

      AVG (100%)
      Bitdefender (100%)
      SentinelOne (100%)
      Sophos Home (100%)

      Visit the website below and click on the horizontal bar chart entitled "12 MacOS Sierra products in the detection test".

      https://www.av-test.org/en/news/news-single-view/strong-protection-for-macos-sierra-12-packages-put-to-the-test/

Leave a Reply to Bob Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.