Hands-On Tech 205: Malware Prevention on Mac - All TWiT.tv Shows (Audio)

Summary5 min read

Podcast Summary: Hands-On Tech 205: Malware Prevention on Mac

Podcast Information:

Title: All TWiT.tv Shows (Audio)
Host/Author: TWiT
Episode: Hands-On Tech 205: Malware Prevention on Mac
Release Date: March 2, 2025

Introduction

In the latest episode of Hands-On Tech, hosted by Micah Sargent, the discussion centers around the necessity and effectiveness of malware protection for Mac users. Addressing a listener's query, Micah delves into the intricacies of Mac security, exploring built-in protections, user behaviors, and the role of third-party software in maintaining system integrity.

1. Evaluating the Need for Malware Protection on Macs

The episode kicks off with Micah addressing a question from Ron, who inquires about the necessity of using malware protection on his Mac Mini. Ron acknowledges that Macs are less frequently targeted compared to Windows machines and seeks clarification on whether similar skepticism regarding malware protection—as voiced by Leo Laporte on the Windows platform—applies to Macs.

Micah emphasizes:
"First and foremost, before anything else, your behavior on your machine is the chief way to keep yourself from interacting with malware." (02:15)

He highlights that safe computing practices, such as avoiding downloads from unverified sources and being cautious with email attachments, are pivotal in preventing malware infections.

2. macOS Built-in Security Features

Micah outlines the robust security architecture of macOS, which serves as a significant deterrent against malware threats. He discusses several key features:

Sandboxed Environment:
Each application operates in a restricted environment, limiting its access to other parts of the system unless explicitly permitted.
System Integrity Protection (SIP):
SIP prevents unauthorized modifications to critical system files and processes, ensuring that malicious software cannot easily compromise the operating system.
XProtect:
Apple's built-in anti-malware system that automatically detects and blocks known malware threats. Micah notes, "Apple regularly updates XProtect and recently as of February 26th had an update for it." (04:50)

He also references Scooter X's insights on XProtect, reinforcing its role in providing continuous background protection.

3. User Behavior: The First Line of Defense

Emphasizing the importance of user behavior, Micah underscores that even with advanced security features, user actions remain the most critical factor in preventing malware infections. He poses several reflective questions to listeners:

"Do you regularly download programs from random places?"
"Do you open emails with strange attachments or click on dubious links?"
"Is there more than one person using your machine, possibly with varying levels of security awareness?"

These considerations help users assess their vulnerability and determine the necessity for additional protective measures.

4. Third-Party Malware Protection: Malwarebytes

Addressing scenarios where users seek added peace of mind, Micah introduces Malwarebytes as a recommended third-party malware protection tool. He shares insights from Rene Richie, a former panelist, who advocates for periodic use of Malwarebytes rather than continuous background operation:

"There's one thing about Malwarebytes which is that it is a resource-hungry program. It runs in the background... But because of that kind of slows things down. So what Renee says that he does is for most of the time he does not have Malwarebytes installed on his machine. And about once a month, once every two months... he will download the license, run a scan, and then uninstall it again." (06:30)

Micah has adopted this intermittent approach, leveraging his EERO subscription to access Malwarebytes without incurring additional costs. He finds comfort in periodic scans to ensure system integrity without the performance drawbacks of constant background monitoring.

5. Alternative Tools: Knock Knock

For users seeking more granular control over their system's security, Micah mentions Knock Knock by Objective C as an alternative tool. This open-source utility scrutinizes login items, scripts, and persistent installations, allowing users to manage and disable unauthorized processes.

However, Micah cautions:

"It's a little bit more information... a power user tool and it can quickly become a little bit overwhelming for folks who maybe take those prompts and those alerts as saying, oh my goodness, there's something absolutely wrong with this device." (07:45)

He advises that Knock Knock is best suited for users with a deeper understanding of system processes, as misinterpretation of alerts can lead to unnecessary anxiety or inadvertent system disruptions.

6. Community Insights and Real-World Use Cases

The episode incorporates valuable community feedback. At 08:20, Scooter X shares an experience highlighting the effectiveness of Malwarebytes:

"Malwarebytes has found and removed some terrible things on some of my customers' Macs. These customers seem to click on every ad and visit some very sketchy websites based on their browser history." (08:20)

Micah adds that such insights validate the necessity of having malware protection, especially for users who might engage in riskier online behaviors. He reiterates, "if you are, you know, following those behaviors, that's where this might come into play." (09:17)

Additionally, Micah touches upon user Glenn's follow-up regarding disabling Siri across Apple devices, illustrating the show's commitment to addressing a broad spectrum of technical concerns.

7. Conclusion

Summarizing the episode, Micah conveys that while macOS offers substantial built-in security, user vigilance remains paramount. For those desiring extra assurance, tools like Malwarebytes and Knock Knock present viable options, tailored to varying levels of user expertise and system interaction.

Micah concludes:
"Ultimately I think that it is true, and I fully hold that is true, that your behavior is the most important aspect of your protection online and I guess offline as well. And that applies to not just the Mac, but also on Windows." (14:45)

He encourages listeners to assess their own usage patterns and security needs, ensuring that their Macs remain secure through informed and conscientious actions.

Notable Quotes

Micah Sargent:
"Your behavior on your machine is the chief way to keep yourself from interacting with malware." (02:15)
Micah Sargent:
"Malwarebytes... runs in the background to kind of keep an eye on the system... but that kind of slows things down." (06:30)
Scooter X:
"Malwarebytes has found and removed some terrible things on some of my customers' Macs." (08:20)
Micah Sargent:
"Your behavior is the most important aspect of your protection online and I guess offline as well." (14:45)

Final Thoughts

Hands-On Tech 205: Malware Prevention on Mac offers a comprehensive exploration of Mac security, balancing built-in protections with user-centric strategies. By leveraging community insights and expert recommendations, Micah Sargent equips listeners with the knowledge to safeguard their Mac environments effectively. Whether you're a casual user or a power user, the episode provides actionable advice to enhance your cybersecurity posture.

Loading summary

Transcript8 lines

[00:00]
Micah Sargent
Coming up on Hands On Tech. Let's take a look at the age old at this time question about whether we need to be using malware protection on our Macs. Stay tuned.
[00:12]
Leo Laporte
This is Twit.
[00:21]
Micah Sargent
Hello and welcome to Hands On Tech. I am Micah Sargent and today we've got a question from, from Ron, who writes in to say this. You gave me some great advice a few weeks ago regarding my about to be purchased Mac Mini. I now have that Mac Mini and I'm happily using it. Thanks in no small part to you, Ron. Very glad to hear that. I hope you're still loving it even now after you know, you sent in this question. You say a question just came up. Should I get a malware protection program? I know that Macs are not targeted as much as Windows computers. I also know that Leo is skeptical about these on the Windows platform. He points out that our use of the computer is the chief way that problems occur. Do you think the same applies to the Mac? If you think a malware program is a good idea? Which one? So for those of you who are following along at home in the notes, you'll notice that I said I've got, oh, I'll have you know, a lot to say about this. First and foremost, yes. What Leo has said in the past, what our wonderful Steve Gibson has said as well, and what I also feel is the case is that first and foremost, before anything else, your behavior on your machine is the chief way to keep yourself from interacting with malware. Do you regularly download programs from random places? Do you go and open email that has strange attachments and you're downloading PDFs that may have weird links in them that you click on. Are there, is there more than just you using the machine? You know, maybe you'll have somebody who doesn't have that same sort of security knowledge as you. All of those things play into all of those play into whether you need to kind of take more steps to protect yourself. Due to the nature of the work that I do, I have at different times needed to use some stuff on my Mac that maybe isn't, you know, direct from the Mac App Store that isn't sort of blessed by Apple, that isn't this or isn't that. And I do a lot of play in the terminal and I use different packages, open source packages that are downloaded. I mean there are all of these different reasons why you may have some concerns. One good thing to understand is that on top of just the basic functionality and the basic knowledge of the fact that the Mac is targeted less because there are fewer Macs in sort of the business environment and there are fewer kind of bits of malware written specifically for the Mac. All of that comes together to make it so that it's safe. But aside from that, it is important to understand that Apple does regularly add in protections for the system. MacOS by default is a very sandboxed environment where individual apps don't gain access to lots of other parts of the system and have to jump through lots of hoops in order to be able to do so. And if you don't disable system integrity prevention or system integrity protection then you and it's hard to do that. So chances are you have not, you have a lot of extra protections in place. And as the delightful and ever knowledgeable Scooter X has reminded us, there's also X Protect which is kind of a built in tool that helps to provide for kind of in the background checking to make sure that things are working as they as they should and that you don't have concerns there. And Apple regularly updates XProtect and recently as of February 26th had an update for it. The thing is, Windows also has tools like XProtect that you download and that keep the system kind of scanned. And the idea with those programs is typically if the company becomes aware of a kind of wide ranging or quickly spreading bit of malware, then something like those tools can help to remove those bad actors in your machine. Right. But let's talk about what we would do if you know, we feel like we're being protected, we feel like we're doing the right thing, we feel like we're being careful about what we download. But maybe one time you need to download something and you're unsure, or maybe you just want to have that sort of knowledge that peace right in the back of your mind. I take my advice from friend of the show and former MacBrick weekly panelist Renee Richie who keyed me in, clued me into the method that he uses whenever it comes to his Macs. And I say Macs as in multiple Mac PCs. So I, because I have EERO routers and because I pay for the EERO subscription service that adds some extra features to the, to the routing environment. I have a subscription that comes with that to a program that I use and recommend called malwarebytes. And malwarebytes, which will include a link to in the show notes, is a malware removal and protection program. Malwarebytes is, has been around for a long time, definitely on the Mac has been known to be a tool that can be used to help you keep track of your machine or keep, you know, your machine safe and secure. And here is what Rene Richie had to say and the this is the sort of advice that I follow. There's one thing about malwarebytes which is that it is a resource hungry program. It runs in the background to kind of keep an eye on the system to go, okay, is anything being installed or downloaded that might be an issue and then warn you about it, tell you about it if that's the case. But because of that kind of slows things down. So what Renee says that he does is for most of the time he does not have malwarebytes installed on his machine. And about once a month, once every two months, maybe once when he feels like something might have been weird that he downloaded or installed or something's going kind of strange on the machine or he's just got that tickle in the back of his head like ooh, something's kind of odd here. He will download the, you know, his, his paid for license of, of malwarebytes and will run a scan on the machine, maybe keep it for a couple of days running, see that everything's fine and then uninstall it again. And I have taken that method for myself, the Rene Ricci method of using malwarebytes. I mean I, by having an EERO subscription, have it as a subscription that I can use. And so it was. It didn't cost me extra to do that. But I have found that it does give me a little bit of peace to know that that's running in the background. There are some other means of protecting your device but I have found a lot of them to be a little bit, a little bit involved and a little bit kind of, what's the word I'm looking for. They interrupt your sort of access to your machine listeners.
[08:21]
Scooter X
Are you looking for a shortcut to better auto insurance for you? Something that takes all the research off your plate, Something that's easy, something that matches you with lower rate, something genius. That's where NerdWallet comes in. Their nerds already did the work for you. Just answer a few questions and ta da. You'll be matched with top insurance providers in your area. Find the right rate for you@nerdwallet.com after all, using NerdWallet is more than smart. It's genius. Not all applicants will qualify for the lowest monthly payments. NerdWallet Insurance Services Incorporated California resident license number OK 92033 hey prime members. Are you tired of ads interfering with your favorite podcasts? Good news. With Amazon Music, you have access to the largest catalog of ad free top podcasts included with your prime membership. To start listening, download the Amazon Music app for free or go to Amazon.com adfreepodcasts that's Amazon.com adfreepodcast to catch up on the latest episodes without the ads.
[09:18]
Micah Sargent
I want to note too, Scudrexa said something really interesting in the chat. Malwarebytes has found and removed some terrible things on some of my customers Macs. These customers seem to click on every ad and visit some very sketchy websites based on their browser history. So again, if you are, you know, following those behaviors, that's where this might come into play. Ron, if you don't follow those behaviors, you may never need to use something like this. But the thing that I was alluding to when I was talking about being a little bit more interruptive is a tool called Knock Knock from Objective C. I didn't link this in the original show notes, but I'm popping it into the discord now and that's at Objective Hyphen. And Knock Knock looks to see what stuff, what login items, what scripts, what different things are persistently installed on your machine. And then it gives you the ability to say, no, I don't want that installed, or no, I don't want that to be able to load on my machine. And so it's a little bit more information. But I found this to be a power user tool and it can quickly become a little bit overwhelming for folks who maybe take those prompts and those alerts as saying, oh my goodness, there's something absolutely wrong with this device and everything's wrong and everything's bad. So if you feel like you would have that anxiety, you don't necessarily know what each of these prompts might mean. I don't, I don't fully recommend Knock Knock as something that you would use, but it is available, it is there. And if you, Ron, are someone with a little bit more knowledge about the system and what these different prompts might mean, then maybe this is something that could give you even more peace of mind. But ultimately I think that it is true, and I fully hold that is true, that your behavior is the most important aspect of your protection online and I guess offline as well. And that applies to not just the Mac, but also on Windows. And there are plenty of people on Windows who through their behaviors are able to avoid any of these issues and then occasionally have Microsoft, you know, provide a bit of system scanning to check and make sure everything's good to go and that there's nothing on the machine that is, you know, nefarious. So a quick summary, Ron, for you. Everything's probably going to be okay, but I also understand wanting the peace of mind. That's where I recommend malwarebytes. And then if you want to get even more kind of a guard standing at the front door and regularly announcing to you when someone's walking up, then knock knock might be a tool that you can use. It's open source and available for free from Objective C. All right, let's take a little tiny moment here to mention Club Twit at Twitter TV Club Twit. That's where you can go to become a member of our club. It's $7 a month, but we've got a two week free trial so you can see if the club is for you. When you join the club, you gain access to a bunch of great stuff. You gain access to all of our shows, all of our content ad free. You gain access to the Twit plus bonus feed that has extra stuff you won't find anywhere else behind the scenes before the show. After the show, special Club Twitt events get published there and access to the members only Discord Server. A fun place to go to chat with your fellow Club Twit members and also those of us here at TWiT. So be sure to head to TWiT TV club TWiT to check it out and get that two week free trial. Would love to see you in the Discord. Love to see you hanging out and seeing what we have to offer. All right, before we go, I do want to read some follow up that came in from Glenn. Glenn had written in to ask about what he needed to do to stop Apple devices from listening for Siri because moving around in his space he was finding that the Apple Virtual assistant or digital assistant was being regularly summoned and it and Glenn found it annoying. So I provided some advice on what to do, but I wanted to bring up this follow up because I think it often provides insights into where somebody might be missing something. So Glenn says, I just listened to your response about disabling Siri. Thank you. I had the laptop disabled but not the home pods, so thanks. I used to have an Amazon device in the office. Its favorite surprise to say was huh. It now resides in another room. So Glenn, I'm glad that that worked out for you. Yes, you can disable the Apple Virtual Assistant across devices. It is not just your iPhone or your Mac, but also your home pods. You can turn off listening for the Wake word as well. With that, we have reached the end of this episode of Hands On Tech. I want to thank all of you who have taken the time to write in with your questions. Just a reminder that's Hot Whit TV to have your question answered on the show. I'll see you again next week for another episode. Thanks for being here and goodbye.
[15:12]
Leo Laporte
Geico's motorcycle expertise means I'm covered by people who know bikes like I do. I'm happy as a clam. No conclusive scientific research has shown clams can experience happiness. It just meant that I feel really good about my coverage. I mean, even if you took the clam out for the best day ever, visiting the zoo, taking a scenic ride, knowing you're insured by specialists, and sharing a strawberry ice cream cone together, the clam would not feel happy and your strawberry cone would taste sort of clammy.
[15:33]
Scooter X
Ew.
[15:33]
Leo Laporte
Geico's motorcycle specialists who know bikes like you do, assume no liability for clammy ice cream cones. GEICO expertise for your motorcycle.