
Apple Mac computers targeted by ransomware and spyware - 0xbadf00d
http://www.bbc.co.uk/news/technology-40261693
======
Santosh83
Why are we continuing to insist that incredibly complicated and unrestricted
computing devices which served well a few million highly technical folk a few
decades ago can equally smoothly well serve ~8 billion people of varied
capacities and hues?

At this point we need to accept that severely locked down and curated devices
are the easiest and least painful road ahead for the majority of the world's
citizens to participate in digital transactions, while unrestricted computing
devices can used by those who are learning or specifically involved in
technical tasks or are simply those who agree that they know what they're
doing and the tradeoffs involved.

Am not saying unrestricted devices should be banned. It's just that they
should come with warnings on the box and an advisory to use locked devices if
the intent is to simply buy it and mindlessly use it.

~~~
stcredzero
_while unrestricted computing devices can used by those who are learning_

You can have a machine where you are actually _more free_ to experiment than
simply being unrestricted. If you have a machine where you can roll back
changes to a saved point, you are more free to experiment, even with dangerous
and esoteric mechanisms. This is what we had in Smalltalk. Smalltalk used to
be an OS. (There are 4 hooks in the old Smalltalk-80 image for lifting the
drive head, putting it down, and moving it in and out.) When I used it, it was
no longer an OS, but this is how I know that doing

    
    
        Semaphore allInstances do: [ :each | each release ]
    

Locks up your image so hard, there's often lag when you try to kill the VM
process. I can do that with un-checked in code in the image, then restart from
a saved image, replay all of my actions from the change log except for the
last one, and I'm back in seconds, all of my code nice and safe.

This degree of rollback ability would also be great for simplifying parental
IT. You'd need to add some sort of cloud storage for storage of authentication
secrets and the most important data, but then it would be almost bulletproof.

~~~
blibble
a chromebook?

~~~
stcredzero
Is the Chromebook's rollback as absolute as, say, that of a device running a
Smalltalk based OS in a 'kiosk' mode with a hypervisor overseeing the VM and
recovery mode?

~~~
swdunlop
No, but it comes with a popular browser?

------
caseyohara
I use a Mac for work and personal, and I feel like I take the reasonable
precautions to avoid malware/ransomware/spyware/*ware (ex. prefer the App
Store when possible, only download stuff from trusted sources, etc.) What more
can I do to be safe? In 2017, is it recommended to use some kind of antivirus
on a Mac? I've always been told it's unnecessary, but it seems like nefarious
software is becoming more commonplace on the Mac.

~~~
mtkd
we've an air gapped one for the kids

every month I have to go in and clean it up - Malwarebytes gets rid of most of
the browser trub - to the point Chrome is usable again

they are casual browsers - something is very wrong when kids can render a
Chrome install unusable after an hour or so of clicking flashy things

~~~
cuckcuckspruce
How is a machine with a network connection 'airgapped'?

~~~
jakeva
Not op but my reading was that it is airgapped from the other machines in the
household, possibly on a secondary network interface. ¯\\_(ツ)_/¯

~~~
bronson
But... that's not an airgap.

Has the original meaning of the word been lost?

~~~
mtkd
bad phrase - it's on another segment

------
waynecochran
There is practically zero information in this article.

~~~
thehardsphere
Yeah. The TL;DR is "Two people wrote some ransomware for Mac and put it on
_the dark web!_"

Well, who really cares about that? That's not an especially novel thing to do.
It's basically a drop of spit in the ocean.

Someone wake me up when Mac malware goes viral because it's not entirely
reliant on users making mistakes. Or if it uses some sort of vulnerability
that I need to get patched.

------
mikeash
This is an interesting tidbit:

> However, they added, any files scrambled with the ransomware would be
> completely lost because it did a very poor job of handling the decryption
> keys needed to restore data.

In past discussions of ransomware, the question is always asked: if you pay,
how can you be sure you'll get your files back? The standard answer seems to
be, of course you'll get your files back, the criminals want to keep a good
reputation so you'll have the greatest incentive to pay, and they have no
reason not to.

I guess this shows one potential weakness of that idea. Criminals may not
_want_ to destroy your files, but might do so by accident.

------
xutopia
This is an argument for only installing things from the App Store. I told my
parents only to install from there and we never had a problem.

~~~
stcredzero
The problem with the App Store, is that the software most likely to have an
issue with the sandboxing is often the software that's more critical in terms
of security. Such software may not be security software but still have more
stringent needs in terms of security review. For example, layout managers
might have hotkey functionality that could disguise key-logging.

~~~
astrodust
Your typical "parents" are not the sort to need that sort of stuff. Those are
profesional tools for people with specialized needs, and they can assess the
risks of installing such things.

~~~
bobsam
You would be surprised how many "normal" apps are not in the store...

( it's even worse in win10s )

~~~
astrodust
Honestly nothing is in the Windows app store, they've got a long, long way to
go to get that ecosystem in order.

------
admn2
What is the best virus scanner for Mac?

~~~
archvile
Common Sense 2017.

Snarkiness aside, you don't need an antivirus on your Mac. As long as you run
as a non-admin user, enable a firmware password, and stay away from Adobe
Flash, you are golden.

~~~
renaudg
Wait.. an "admin user" on a Mac is basically just a sudoer that still needs to
enter its password each time for elevated privileges, right ?

Since you do need to install stuff sometimes, I'm not sure what a power user
who's careful about password prompts would gain from routinely running as a
non-admin.

------
metalliqaz
That anyone bothered to orchestrate an attack like this on Apple products
seems to say good things for Apple's business. Although at that same time it
seems to cast doubt on Apple's perceived superiority on the security front.

Oh well, I'll keep going with my preferred platform: Windows as a host for my
browser and SSH to FreeBSD and Ubuntu servers.

~~~
baldfat
> Apple's perceived superiority on the security front

Still one of the biggest lies that Apple ever told.

The very first I'm Mac I'm PC was 100% about how they are virus free OS.

[https://www.youtube.com/watch?v=qfv6Ah_MVJU](https://www.youtube.com/watch?v=qfv6Ah_MVJU)

~~~
digi_owl
Funny thing is that it may have been more true back before OSX than
afterwards.

According to Woz the early Mac's held so much of the OS in ROM that a malware
could not get a solid foothold.

That said, i have found Apple to be more of a marketing company dabbling in
consumer electronics, than a computer company.

~~~
astrodust
Are you kidding? Classic MacOS was riddled with viruses and it was made worse
by the fact that they were used by designers who, as a matter of habit and
necessity, would exchange disks with random people and use them in random
computers.

In the 1990s visiting a copy shop with Macs was like going to a sketchy by
Thai standards brothel. You were almost guaranteed to come back with some new
infection. You'd reasonably quarantine anything that came back from your print
shop until you could scan it. The temptation to hold your Syquest disk with
rubber tongs was there.

Switching the processor PowerPC made many of the viruses incompatible, but
they weren't fully eliminated until the switch to OS X was complete.

~~~
savoytruffle
Switching from 68k to PPC, the emulator was good enough to emulate mixed
sections of the actual operating system. Viruses weren't foiled that way.

~~~
astrodust
Not many, but some that were from the early days of the 68K line were finally
put out of their misery.

