Posts: 8,453
Threads: 761
Joined: Feb 2020
Reputation:
0
So, what can one do to prevent "infection?" Is there a defense?
Please forgive my naivety, but even after something like twenty years of Mac usage, I am not savvy enough to know what to do here.
Even more disturbing for me, is that after reading comments about Intego's Virus software being a memory hog, I became aware of how it was causing my Mac Pro with 12 GB of ram, to basically freeze while it ran it's scheduled scan. At that point I disabled it and now need to replace this long used software.
Suggestions???
Posts: 21,452
Threads: 243
Joined: Sep 2016
Reputation:
0
GeneL wrote:
So, what can one do to prevent "infection?" Is there a defense?
Please forgive my naivety, but even after something like twenty years of Mac usage, I am not savvy enough to know what to do here.
Even more disturbing for me, is that after reading comments about Intego's Virus software being a memory hog, I became aware of how it was causing my Mac Pro with 12 GB of ram, to basically freeze while it ran it's scheduled scan. At that point I disabled it and now need to replace this long used software.
Suggestions???
Don't open strange email, don't download "free" software from dubious source, make sure your web browser is configured to make attacks harder. That should be enough.
Posts: 8,453
Threads: 761
Joined: Feb 2020
Reputation:
0
silvarios wrote:
[quote=GeneL]
So, what can one do to prevent "infection?" Is there a defense?
Please forgive my naivety, but even after something like twenty years of Mac usage, I am not savvy enough to know what to do here.
Even more disturbing for me, is that after reading comments about Intego's Virus software being a memory hog, I became aware of how it was causing my Mac Pro with 12 GB of ram, to basically freeze while it ran it's scheduled scan. At that point I disabled it and now need to replace this long used software.
Suggestions???
don't open strange email, don't download "free" software from dubious source, make sure your web browser is configured to make attacks harder. That should be enough.
"make sure your Web browser is configured to make attacks harder."
Please explain this, because I don't know what it means.
Also, is there a way to check email's content without exposure to risk? Sometimes, I get emails from unknown (to me) senders that are actually important for me to read.
Thanks for sharing your expertise.
Posts: 21,452
Threads: 243
Joined: Sep 2016
Reputation:
0
I use Firefox as my browser, so the exact details may differ, but I like to block ads (uBlock Origins), block trackers (Ghostery), sometimes block JavaScript on unknown sites (NoScript) and there are a couple more extensions people have suggested as well, but I would need to double check my notes because they are not installed right now.
As far as email. Disabling images goes a decent way to securing email. Also, don't click on any attachments you weren't expecting. Even from known associates. I'm sure there are other settings as well, but it might depend on the email client.
Posts: 68,387
Threads: 17,236
Joined: May 2025
Reputation:
6
....so does this mean that it is....MAL...eficent.....???
_____________________________________
I reject your reality and substitute my own!
Posts: 8,609
Threads: 63
Joined: May 2025
Reputation:
0
requires physical access for the initial infection.
only can spread via "smart" peripherals with option ROM - which wouldn't include "dumb" USB common peripherals (e.g., printers, hard drives).
silvarios wrote:
[quote=jdc]
[quote=Bill in NC]
So the vast majority of Mac owners who use nothing more than USB for peripherals will never have to worry about this exploit?
Yup.
No. It's an EFI hack that can be remotely executed, as the articles describe things anyway, clearly I'm not a member of the research team.
Posts: 8,453
Threads: 761
Joined: Feb 2020
Reputation:
0
Bill in NC wrote:
requires physical access for the initial infection.
only can spread via "smart" peripherals with option ROM - which wouldn't include "dumb" USB common peripherals (e.g., printers, hard drives).
[quote=silvarios]
[quote=jdc]
[quote=Bill in NC]
So the vast majority of Mac owners who use nothing more than USB for peripherals will never have to worry about this exploit?
Yup.
No. It's an EFI hack that can be remotely executed, as the articles describe things anyway, clearly I'm not a member of the research team.
This is more confusing. Previous advice was not to open "strange" emails or attachments. Additionally, the advice related to configuring my browser, so...
...from what Bill is saying here, then none of the other advice is pertinent. If this true, I would appreciate a description of how to identify what comprises "smart peripherals with optional ROM."
My head is about to explode!
Posts: 21,452
Threads: 243
Joined: Sep 2016
Reputation:
0
Bill in NC wrote:
requires physical access for the initial infection.
only can spread via "smart" peripherals with option ROM - which wouldn't include "dumb" USB common peripherals (e.g., printers, hard drives).
That's not what either article states. It specifically mentions an email vector. Are the researchers mistaken?
"An attacker could first remotely compromise the boot flash firmware on a MacBook by delivering the attack code via a phishing email and malicious web site. That malware would then be on the lookout for any peripherals connected to the computer that contain option ROM, such as an Apple Thunderbolt Ethernet adapter, and infect the firmware on those. The worm would then spread to any other computer to which the adapter gets connected."
From the Wired article. That's three articles all saying the same thing. http://www.wired.com/2015/08/researchers...acks-macs/
Here's the description from the Black Hat page:
"This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of."
https://www.blackhat.com/us-15/briefings...ith-strike
Posts: 7,497
Threads: 326
Joined: Apr 2022
Bill in NC wrote:
requires physical access for the initial infection.
only can spread via "smart" peripherals with option ROM - which wouldn't include "dumb" USB common peripherals (e.g., printers, hard drives).
Err... Not printers, sure.
But USB drives do have option ROMs for BIOS/EFI updates.
Posts: 21,452
Threads: 243
Joined: Sep 2016
Reputation:
0
Bill in NC wrote:
only can spread via "smart" peripherals with option ROM - which wouldn't include "dumb" USB common peripherals (e.g., printers, hard drives).
To expound, USB devices have been vulnerable in the past as well.
http://semiaccurate.com/2009/07/31/apple...onstrated/
http://www.it.slashdot.org/story/09/08/0...monstrated
|
