Archive for February 13, 2020

Thursday, February 13, 2020 [Tweets] [Favorites]

How Important Our Phones Are

John Gruber:

Yes, phones that cost $1,000 or more are expensive. Yes, that’s outside the budget for most people. But why in the world would anyone argue this is ”hard to justify”? Phones are, for most people, the most-used computing device in their lives.

[…]

There are way more people on the planet who’d rather have a $1,400 phone and a $400 laptop than the other way around.

Phones are too important to be limited to software approved and sold by their platform vendor.

macOS 10.15.3 Update Doesn’t Create APFS Snapshot

Mr. Macintosh:

Something happened in the latest set of Apple updates released on January 28th. The Automatic Backup Snapshots are no longer working!!! At first, I thought it only happened on the 10.15.3 Combo update. I then checked the 2020-001 Security Update on High Sierra and it’s not working either!

I found this out while I was writing another article on Catalina Logs. I built a 10.15.2 device and updated it to 10.15.3. I booted to recovery to restore the from the automatic snapshot only to find that it was missing!

[…]

I am not totally sure what’s going on here, if I had to guess this a bug. I wanted to let you know about this. The last thing you want to do is rely on that automatic backup snapshot only to find out it was never created.

Plus, the installer apparently purges any snapshots that you made manually.

Previously:

2020 State of Mac Malware

Malwarebytes Labs:

Mac threats increased exponentially in comparison to those against Windows PCs. While overall volume of Mac threats increased year-over-year by more than 400 percent, that number is somewhat impacted by a larger Malwarebytes for Mac userbase in 2019. However, when calculated in threats per endpoint, Macs still outpaced Windows by nearly 2:1.

Emphasis added. This sounds really bad at first, like the number of Mac threats is growing in proportion to the (larger) number of Windows threats. But I guess they are just using the non-technical meaning of “exponential,” so the whole thing boils down to “more than.”

The full PDF report:

Of all the threats seen this year, only one incident involved anything other than tricking the user into downloading and opening something they shouldn’t. That is the incident in which Coinbase, and several other cryptocurrency companies, were targeted with malware that infected systems through a Firefox zero-day vulnerability. Affected systems were infected with the older Wirenet and Mokes malware. This was the first time such a vulnerability had been used to infect Macs in any significant way since 2012, when Java vulnerabilities were used repeatedly to infect Macs (until Apple ripped Java out of the system, ending the threats). Beyond that what we saw was a virtual landslide of adware and PUP detections, far outpacing growth on the Windows side. While these threats are not considered as dangerous as traditional malware[…]

[…]

We define “traditional malware” as malicious software such as backdoors, Trojans, and spyware.

[…]

Among the top 10 Mac threats (for both consumers and businesses) are a mix of PUPs and adware. The PUPs are a variety of mostly “cleaning” apps that have been determined as unwanted[…]

So the words “threat” and “malware” also have unexpected definitions that include potentially unwanted apps and adware.

Sara Morrison:

The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst enemy.

“People need to understand that they’re not safe just because they’re using a Mac,” Thomas Reed, Malwarebytes’ director of Mac and mobile and contributor to the report, told Recode.

[…]

“There is a rising tide of Mac threats hitting a population that still believes that ‘Macs don’t get viruses,’” Reed said. “I still frequently encounter people who firmly believe this, and who believe that using any kind of security software is not necessary, or even harmful. This makes macOS a fertile ground for the influx of new threats, whereas it’s common knowledge that Windows PCs need security software.”

This sounds unnecessarily alarmist compared with the contents of the report, and I remain convinced that for most users Apple’s built-in security measure are sufficient. I’ve seen far more Mac problems caused by anti-virus software than actual viruses.

Ben Lovejoy:

Third, and most crucially of all, Mac malware is not a virus. These are not apps that can spread from machine to machine, installing themselves. macOS doesn’t allow unsigned apps to be installed without user permission.

Previously:

Update (2020-02-14): Apple:

Apple is committed to providing great experiences that respect customer privacy and security. When joining the Apple Developer Program and accepting the Program License Agreement, developers agree to ensure that their software is safe and secure for their users. They also agree to cooperate with Apple systems, such as the notary service, designed to help protect users from malware (e.g., viruses, trojan horses, backdoors, ransomware, spyware) or malicious, suspicious, or harmful code or components when distributing Developer ID–signed Mac software outside the Mac App Store. The examples below are provided to help clarify some of the behavior that is not permitted for Mac software distributed in this way.

Via Jason Snell:

It seems that many of the items in Malwarebytes’ report have gotten the hammer from Apple and are no longer actively circulating. The report’s long list of Mac software is an alert that the Mac is now a much more enticing target for makers of adware and other scam software. It certainly can’t be a coincidence that Apple is stepping up enforcement of its policies at the same time that the number of these sleazy apps is increasing.

[…]

It’s valid to wonder if the Mac’s reputation for being a safe harbor leads some Mac users to make bad security choices. But “Macs don’t get viruses” is a statement that is still overwhelmingly true. Even if it makes it awfully hard to sell Mac anti-malware software.

Update (2020-02-17): Nick Heer:

So the chance of experiencing malware — not adware or what Malwarebytes calls “potentially unwanted programs”, but malware — on a Mac actually fell in 2019, according to this report.

Michael Nordmeyer:

Cleanfox and Unroll.me are still being featured on the iOS app store in a “Declutter Your Digital Life” story

Thomas Reed:

“Macs don’t get viruses” is a statement that is still overwhelmingly true.

I see so many people getting infected because they believe this...

Also, keep in mind that adware and PUPs are not harmless. They engage in scams, intercept network traffic, exfiltrate sensitive user data (like browser history), and open all kinds of security holes that could be taken advantage of by more malicious software.

Jason Snell:

As I wrote, “It’s valid to wonder if the Mac’s reputation for being a safe harbor leads some Mac users to make bad security choices.”

That said, I do think you and your employer are stoking fear and that Malwarebytes benefits from that fear. I’m not surprised you take exception.

Apple has multiple methods of stopping bad actors and has stepped up its game in recent months. This third party stuff is almost worthless unless you are making some very bad decisions

BlueMail Back in Mac App Store

Joe Rossignol:

Last week, after months of making little to no progress with Apple towards having its Mac app reinstated, BlueMail co-founders Ben Volach and Dan Volach penned an open letter to the developer community that encouraged any developers who feel that Apple has kicked them out of the App Store or otherwise treated them unfairly to reach out to them and share their stories.

Just days later, the BlueMail app has returned to the Mac App Store. In a press release, BlueMail parent company Blix said it has no intention of dropping its legal case against Apple, which it believes extends beyond the removal of BlueMail on the Mac App Store to the “suppression of its iOS app and the infringement of Blix’s patented technology through ‘Sign in with Apple.’”

Joe Rossignol:

In a statement last week, shared with MacRumors, Apple said it “attempted on multiple occasions to assist them in getting their BlueMail app back on the Mac App Store,” but said “they have refused our help.” Apple added that BlueMail was “proposing to override basic data security protections which can expose users’ computers to malware that can harm their Macs and threaten their privacy.”

[…]

Specifically, Apple says its Developer Technical Support team advised the BlueMail team to make changes to how it packages its Mac app in order to resolve a security and privacy warnings issue related to the app creating a new binary with a bundle ID that changes on each launch.

Of course, it’s perfectly normal for an e-mail client to run up against section 3.3.2. So, if I understand this correctly, they made a sketchy app and refused to fix the obvious problem because they wanted to do a PR stunt?

Previously: