Mac Security

SoxJox

Member
SoSH Member
Dec 22, 2003
7,082
Rock > SoxJox < Hard Place
First, I realize the issue extends beyond Mac PCs, but that is where my interest is focused.

From early on and for many for years since, one of the selling points for Mac PCs was their purported insusceptbility to hacking or malware.

More recently, however, I've read reports that suggest Mac threats have increased significantly - and have been higher than Windows on a pro-rated basis. Said another way, recent hacking and malware infiltration seem to be occurring on a greater relative scale than Windows. I don't know the veracity of these reports or the numbers, but I think it is safe to say that Macs are not invulnerable.

So, my question to the more tech savvy SoSHers, and particularly those knowledgeable of the iOS (currently Catalina 10.15.4 on my PC), just how vulnerable are these machines and what reasonable precautions or vaccines are available?
 

InstaFace

The Ultimate One
SoSH Member
Sep 27, 2016
21,756
Pittsburgh, PA
No system is invulnerable if the person with root / administrator access does something dumb. Nor could it be.

one architectural change they made in El Capitan is "System Integrity Protection", preventing root-user privileges from doing a bunch of questionable shit even if they're authorized to do so, without a lot of extra effort by the user. They also make you jump through hoops to execute code by unidentified developers.

I don't use any sort of virus scanning on my mac, perhaps naively, but I do scrutinize very carefully every unexpected request for privilege elevation from one of my apps. As a best practice, that means googling around to understand why an app is asking for it and whether it's legit. It also involves checking the md5 hashes or PGP public keys of any downloads I make, against the ones that the developer has posted, to prevent a malicious actor from gaining control of, and then inserting malware into, a common package's download deliverable.
 

nighthob

Member
SoSH Member
Jul 15, 2005
12,678
As an old *nix person I’ve always kept the user and admin accounts separate. And as my family’s default IT guy I can tell you that their user and admin accounts are always separated.
 

InstaFace

The Ultimate One
SoSH Member
Sep 27, 2016
21,756
Pittsburgh, PA
Using a PC (whether windows or mac based), you constantly have a need to elevate privileges in order to install something. That's when the vulnerabilities are. The rest of the time it doesn't really matter unless you're totally unpatched or something. So there's really no big gain by separating the accounts, because you'd end up having to switch over to get sudo access or Administrator rights or whatever for all the occasions when you were going to be dumb in the first place. It only adds annoyance, not security (imho).
 

nighthob

Member
SoSH Member
Jul 15, 2005
12,678
Depends, for years the Microsoft Visual Basic security holes haunted Windows users using Outlook. The separate accounts just insured that anytime a virus did invade the damage was localized (unless they did use the admin login/password to install infected software).

The ultimate example of this that I saw was on a customer’s computer, as there were multiple users of the machine there was an admin login and three user accounts. The morning receptionist’s account was slower than molasses because she’d downloaded browser extensions that infested her account. The other two user accounts were fine, the problems were local to the third user account.
 

Marceline

Well-Known Member
Lifetime Member
SoSH Member
Sep 9, 2002
6,441
Canton, MA
As an old *nix person I’ve always kept the user and admin accounts separate. And as my family’s default IT guy I can tell you that their user and admin accounts are always separated.
As your family's IT guy you shouldn't be surprised by the fact that outside of IT guys/gals and their families, pretty much no one has any clue about keeping user and admin accounts separate.