Smashing Security podcast: Macs and malware

Three security industry veterans, chatting about computer security and online privacy.

Smashing Security podcast: Macs and malware

Check out the latest special "splinter" episode of the "Smashing Security" podcast - where Vanja Svajcer, Carole Theriault and I discuss Mac malware.

Do you run an anti-virus on your Mac or MacBook? Should you?

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

Show notes:

Hope you enjoy the show, and tell us what you think. You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Remember: Subscribe on iTunes to catch all of the episodes as they go live and thanks for listening!

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

5 Responses

  1. Bob

    February 23, 2017 at 12:27 pm #

    Regarding this story there's some interesting research which has been published and it also touches upon your previous article [No, disabling your anti-virus software does not make security sense] and this podcast:

    "The Security Impact of HTTPS Interception" *. In fact only one AV vendor did it correctly (Avast AV 11 on Windows) – the others failed.

    *https://jhalderm.com/pub/papers/interception-ndss17.pdf

    Another good blog post, Decoding Chrome’s HTTPS UX, can be found at:

    https://noncombatant.org/2017/02/15/decoding-chromes-https-ux/

    Whilst we're on the topic of browser security there's some research that shows how easily Firefox can be fingerprinted – concerning, considering that it's the browser of choice for TOR:

    https://threatpost.com/intermediate-ca-caching-could-be-used-to-fingerprint-firefox-users/123834/

    Do I think Mac users need AV? Yes.

    The podcast made no mention of this excellent utility, written by well-known forensic scientist Jonathan Zdziarski – he specialises in all things Apple.

    "Little Flocker – Privacy, Enforced"

    https://www.littleflocker.com/

    For $19.99 you get protection for 5 computers and this sits alongside your existing security software. It provides a very high level of protection and it'd be good to hear you talk about complementary software like this Graham as it provides different (and somewhat better) protection than conventional AV alone.

    https://www.littleflocker.com/downloads/Little%20Flocker%20User%20Guide.pdf

    • Graham Cluley in reply to Bob.

      February 23, 2017 at 5:47 pm #

      Thanks Bob, as always, for your thoughtful comments.

      I agree that anti-virus vendors have often screwed up and fallen short of the standards we would wish for. However, I think in the main anti-virus is a positive not a negative. Would be great to see the security vendors and browser developers working more closely together to make screw-ups happen less frequently.

      And yes, Jonathan Zdziarski's Little Flocker is probably well worth a look at – especially for more technically-minded Mac users.

      However, I'm not sure that it would be a good fit for everyone as some users might find it difficult to determine whether they should allow an app to perform a particular behaviour or not.

      Tools like Little Flocker can in theory warn of malicious behaviour that your anti-virus may miss, but it does need an operator who knows what they're doing.

      • Bob in reply to Graham Cluley.

        February 23, 2017 at 6:44 pm #

        I'm definitely a fan of AV, even as a technically inclined user because of the ancillary benefits.

        I use a Sophos UTM appliance at home for my firewall and VPN router and have AV software on all endpoints (Kaspersky on Windows, Bitdefender on my Mac and Sophos Anti-Virus on my Linux system). I don't use AV on my BSD system.

        Little Flocker is an exceptionally good piece of software which works similarly (but a little differently) to Windows EMET. There is an 'advanced' interface but I think the 'basic' mode is good enough for most people. In 'basic' it learns on what 'normal' activities are for you and it doesn't require a technically savvy operator.

        Incidentally Google have found their first SHA1 collision.

        https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

        Their official site is below. They have 2 PDFs, both identical SHA1 hashes but different content. It has now been broken in practice as well as theory.

        https://shattered.it/

        Obviously this is really big news considering how many organisations still use SHA1*.

        "Consistent with Google's security disclosure policy, the source code for performing the collision attack will be published in 90 days."

        https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/

        "Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has this feature planned for early 2017."

        "Who is capable of mounting this attack?"

        "This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations."

        *Digital Certificate signatures
        Email PGP/GPG signatures
        Software vendor signatures
        Software updates
        ISO checksums
        Backup systems
        Deduplication systems
        GIT

  2. neoswf

    February 24, 2017 at 1:10 pm #

    Hi Graham. Which are there AV that you recommend for Mac? Thank you!

    • Bob in reply to neoswf.

      February 24, 2017 at 8:04 pm #

      Have a look at the results from the independent tests. Below are the top four products, in no particular order:

      AVG (100%)
      Bitdefender (100%)
      SentinelOne (100%)
      Sophos Home (100%)

      Visit the website below and click on the horizontal bar chart entitled "12 MacOS Sierra products in the detection test".

      https://www.av-test.org/en/news/news-single-view/strong-protection-for-macos-sierra-12-packages-put-to-the-test/

Leave a Reply