Hands-On Tech 205: Malware Prevention on Mac - All TWiT.tv Shows (Audio)

Summary

Podcast Summary: Hands-On Tech 205: Malware Prevention on Mac

Podcast Information:

Title: All TWiT.tv Shows (Audio)
Host/Author: TWiT
Episode: Hands-On Tech 205: Malware Prevention on Mac
Release Date: March 2, 2025

Introduction

In the latest episode of Hands-On Tech, hosted by Micah Sargent, the discussion centers around the necessity and effectiveness of malware protection for Mac users. Addressing a listener's query, Micah delves into the intricacies of Mac security, exploring built-in protections, user behaviors, and the role of third-party software in maintaining system integrity.

1. Evaluating the Need for Malware Protection on Macs

The episode kicks off with Micah addressing a question from Ron, who inquires about the necessity of using malware protection on his Mac Mini. Ron acknowledges that Macs are less frequently targeted compared to Windows machines and seeks clarification on whether similar skepticism regarding malware protection—as voiced by Leo Laporte on the Windows platform—applies to Macs.

Micah emphasizes:
"First and foremost, before anything else, your behavior on your machine is the chief way to keep yourself from interacting with malware." (02:15)

He highlights that safe computing practices, such as avoiding downloads from unverified sources and being cautious with email attachments, are pivotal in preventing malware infections.

2. macOS Built-in Security Features

Micah outlines the robust security architecture of macOS, which serves as a significant deterrent against malware threats. He discusses several key features:

Sandboxed Environment:
Each application operates in a restricted environment, limiting its access to other parts of the system unless explicitly permitted.
System Integrity Protection (SIP):
SIP prevents unauthorized modifications to critical system files and processes, ensuring that malicious software cannot easily compromise the operating system.
XProtect:
Apple's built-in anti-malware system that automatically detects and blocks known malware threats. Micah notes, "Apple regularly updates XProtect and recently as of February 26th had an update for it." (04:50)

He also references Scooter X's insights on XProtect, reinforcing its role in providing continuous background protection.

3. User Behavior: The First Line of Defense

Emphasizing the importance of user behavior, Micah underscores that even with advanced security features, user actions remain the most critical factor in preventing malware infections. He poses several reflective questions to listeners:

"Do you regularly download programs from random places?"
"Do you open emails with strange attachments or click on dubious links?"
"Is there more than one person using your machine, possibly with varying levels of security awareness?"

These considerations help users assess their vulnerability and determine the necessity for additional protective measures.

4. Third-Party Malware Protection: Malwarebytes

Addressing scenarios where users seek added peace of mind, Micah introduces Malwarebytes as a recommended third-party malware protection tool. He shares insights from Rene Richie, a former panelist, who advocates for periodic use of Malwarebytes rather than continuous background operation:

"There's one thing about Malwarebytes which is that it is a resource-hungry program. It runs in the background... But because of that kind of slows things down. So what Renee says that he does is for most of the time he does not have Malwarebytes installed on his machine. And about once a month, once every two months... he will download the license, run a scan, and then uninstall it again." (06:30)

Micah has adopted this intermittent approach, leveraging his EERO subscription to access Malwarebytes without incurring additional costs. He finds comfort in periodic scans to ensure system integrity without the performance drawbacks of constant background monitoring.

5. Alternative Tools: Knock Knock

For users seeking more granular control over their system's security, Micah mentions Knock Knock by Objective C as an alternative tool. This open-source utility scrutinizes login items, scripts, and persistent installations, allowing users to manage and disable unauthorized processes.

However, Micah cautions:

"It's a little bit more information... a power user tool and it can quickly become a little bit overwhelming for folks who maybe take those prompts and those alerts as saying, oh my goodness, there's something absolutely wrong with this device." (07:45)

He advises that Knock Knock is best suited for users with a deeper understanding of system processes, as misinterpretation of alerts can lead to unnecessary anxiety or inadvertent system disruptions.

6. Community Insights and Real-World Use Cases

The episode incorporates valuable community feedback. At 08:20, Scooter X shares an experience highlighting the effectiveness of Malwarebytes:

"Malwarebytes has found and removed some terrible things on some of my customers' Macs. These customers seem to click on every ad and visit some very sketchy websites based on their browser history." (08:20)

Micah adds that such insights validate the necessity of having malware protection, especially for users who might engage in riskier online behaviors. He reiterates, "if you are, you know, following those behaviors, that's where this might come into play." (09:17)

Additionally, Micah touches upon user Glenn's follow-up regarding disabling Siri across Apple devices, illustrating the show's commitment to addressing a broad spectrum of technical concerns.

7. Conclusion

Summarizing the episode, Micah conveys that while macOS offers substantial built-in security, user vigilance remains paramount. For those desiring extra assurance, tools like Malwarebytes and Knock Knock present viable options, tailored to varying levels of user expertise and system interaction.

Micah concludes:
"Ultimately I think that it is true, and I fully hold that is true, that your behavior is the most important aspect of your protection online and I guess offline as well. And that applies to not just the Mac, but also on Windows." (14:45)

He encourages listeners to assess their own usage patterns and security needs, ensuring that their Macs remain secure through informed and conscientious actions.

Notable Quotes

Micah Sargent:
"Your behavior on your machine is the chief way to keep yourself from interacting with malware." (02:15)
Micah Sargent:
"Malwarebytes... runs in the background to kind of keep an eye on the system... but that kind of slows things down." (06:30)
Scooter X:
"Malwarebytes has found and removed some terrible things on some of my customers' Macs." (08:20)
Micah Sargent:
"Your behavior is the most important aspect of your protection online and I guess offline as well." (14:45)

Final Thoughts

Hands-On Tech 205: Malware Prevention on Mac offers a comprehensive exploration of Mac security, balancing built-in protections with user-centric strategies. By leveraging community insights and expert recommendations, Micah Sargent equips listeners with the knowledge to safeguard their Mac environments effectively. Whether you're a casual user or a power user, the episode provides actionable advice to enhance your cybersecurity posture.

Transcript

Micah Sargent (0:00)

Coming up on Hands On Tech. Let's take a look at the age old at this time question about whether we need to be using malware protection on our Macs. Stay tuned.

Leo Laporte (0:12)

This is Twit.

Micah Sargent (0:21)

Hello and welcome to Hands On Tech. I am Micah Sargent and today we've got a question from, from Ron, who writes in to say this. You gave me some great advice a few weeks ago regarding my about to be purchased Mac Mini. I now have that Mac Mini and I'm happily using it. Thanks in no small part to you, Ron. Very glad to hear that. I hope you're still loving it even now after you know, you sent in this question. You say a question just came up. Should I get a malware protection program? I know that Macs are not targeted as much as Windows computers. I also know that Leo is skeptical about these on the Windows platform. He points out that our use of the computer is the chief way that problems occur. Do you think the same applies to the Mac? If you think a malware program is a good idea? Which one? So for those of you who are following along at home in the notes, you'll notice that I said I've got, oh, I'll have you know, a lot to say about this. First and foremost, yes. What Leo has said in the past, what our wonderful Steve Gibson has said as well, and what I also feel is the case is that first and foremost, before anything else, your behavior on your machine is the chief way to keep yourself from interacting with malware. Do you regularly download programs from random places? Do you go and open email that has strange attachments and you're downloading PDFs that may have weird links in them that you click on. Are there, is there more than just you using the machine? You know, maybe you'll have somebody who doesn't have that same sort of security knowledge as you. All of those things play into all of those play into whether you need to kind of take more steps to protect yourself. Due to the nature of the work that I do, I have at different times needed to use some stuff on my Mac that maybe isn't, you know, direct from the Mac App Store that isn't sort of blessed by Apple, that isn't this or isn't that. And I do a lot of play in the terminal and I use different packages, open source packages that are downloaded. I mean there are all of these different reasons why you may have some concerns. One good thing to understand is that on top of just the basic functionality and the basic knowledge of the fact that the Mac is targeted less because there are fewer Macs in sort of the business environment and there are fewer kind of bits of malware written specifically for the Mac. All of that comes together to make it so that it's safe. But aside from that, it is important to understand that Apple does regularly add in protections for the system. MacOS by default is a very sandboxed environment where individual apps don't gain access to lots of other parts of the system and have to jump through lots of hoops in order to be able to do so. And if you don't disable system integrity prevention or system integrity protection then you and it's hard to do that. So chances are you have not, you have a lot of extra protections in place. And as the delightful and ever knowledgeable Scooter X has reminded us, there's also X Protect which is kind of a built in tool that helps to provide for kind of in the background checking to make sure that things are working as they as they should and that you don't have concerns there. And Apple regularly updates XProtect and recently as of February 26th had an update for it. The thing is, Windows also has tools like XProtect that you download and that keep the system kind of scanned. And the idea with those programs is typically if the company becomes aware of a kind of wide ranging or quickly spreading bit of malware, then something like those tools can help to remove those bad actors in your machine. Right. But let's talk about what we would do if you know, we feel like we're being protected, we feel like we're doing the right thing, we feel like we're being careful about what we download. But maybe one time you need to download something and you're unsure, or maybe you just want to have that sort of knowledge that peace right in the back of your mind. I take my advice from friend of the show and former MacBrick weekly panelist Renee Richie who keyed me in, clued me into the method that he uses whenever it comes to his Macs. And I say Macs as in multiple Mac PCs. So I, because I have EERO routers and because I pay for the EERO subscription service that adds some extra features to the, to the routing environment. I have a subscription that comes with that to a program that I use and recommend called malwarebytes. And malwarebytes, which will include a link to in the show notes, is a malware removal and protection program. Malwarebytes is, has been around for a long time, definitely on the Mac has been known to be a tool that can be used to help you keep track of your machine or keep, you know, your machine safe and secure. And here is what Rene Richie had to say and the this is the sort of advice that I follow. There's one thing about malwarebytes which is that it is a resource hungry program. It runs in the background to kind of keep an eye on the system to go, okay, is anything being installed or downloaded that might be an issue and then warn you about it, tell you about it if that's the case. But because of that kind of slows things down. So what Renee says that he does is for most of the time he does not have malwarebytes installed on his machine. And about once a month, once every two months, maybe once when he feels like something might have been weird that he downloaded or installed or something's going kind of strange on the machine or he's just got that tickle in the back of his head like ooh, something's kind of odd here. He will download the, you know, his, his paid for license of, of malwarebytes and will run a scan on the machine, maybe keep it for a couple of days running, see that everything's fine and then uninstall it again. And I have taken that method for myself, the Rene Ricci method of using malwarebytes. I mean I, by having an EERO subscription, have it as a subscription that I can use. And so it was. It didn't cost me extra to do that. But I have found that it does give me a little bit of peace to know that that's running in the background. There are some other means of protecting your device but I have found a lot of them to be a little bit, a little bit involved and a little bit kind of, what's the word I'm looking for. They interrupt your sort of access to your machine listeners.