“Any malware powerful enough to overcome the defenses that Apple built to resist incursions may also be powerful enough to hide its traces,” Glenn Fleishman writes for Macworld. “That’s not quite an axiom of security, but it’s generally true. If an attacker of any sort creates software designed to attack your system quietly, it typically tries to prevent security software and any other kind of inspection from noticing.”
“That’s very, very hard, and any exploit that’s sufficiently good at being entirely invisible is likely also good enough for a hacker to sell for a million dollars,” Fleishman writes. “Such exploits, once discovered, are fixed at high priority by operating system makers, giving them sometimes short windows of utility. The more widely used the exploit is, the less likely it will remain available to use.”
Fleishman writes, “If you want to monitor and block potential adverse actions, I recommend these four areas, some of which have a single product offering, often cheap.”
Read more in the full article – recommended – here.
MacDailyNews Take: Good advice and info in the full article for security-conscious Mac users.
We chattered about camera and mic surveillance tip-off software last week around here. I use Micro Snitch with success.
The thing about BlockBlock is that it has been in beta at version 0.9.4 for over a year now.
I’d add in the free app Malwarebytes Anti-Malware. There’s a lot of iffy crapware out on the net that can mess with your Mac. Some of it’s adware. Some of it is just plain garbage. Malwarebytes finds it and helps you dump it. It also finds active actual malware, if Apple hasn’t stifled it already via their XProtect system.
Nanny says:
• Never use the Java Internet plug-in.
• Never use the Adobe Flash Internet plug-in.
• Avoid Adobe Reader and Shockwave Internet plug-ins.
• Avoid Adobe AIR.
If you need to use them, keep the up-to-date. Example: This week Tuesday Adobe pushed out both Flash and Reader updates that patched numerous security flaws.
Oh and Nanny adds:
• Don’t turn on Macros in Microsoft Office. They’re a malware vector.
In 2016 there is no real reason for anyone to be using Adobe Flash, Reader, Shockwave or relying on Java. When users vote with their feet the companies will eventually figure it out- far better technology is out there.
If memory serves the common thread of most malware is people accessing porn sites. The next are supposedly free copies of software that carries a high price tag. If you do not jump in the lake you are not likely to get wet.
IN 2017, like 2016.
A lot of companies are still forced to use flash and java, because lazy ass enterprises refuse to get off their asses and reprogram their customer portals.
Some sites I go to have files for download. There will be a download button and (if the file is a PDF) when I click on it, they typically don’t download… they just open up another Safari tab.
The Adobe Reader extension is not installed.
Is this something Safari is doing via Preview?