How did an infected PDF make it onto my hard drives?

tutlek wrote:

Please see discussion below and comment by user Doug Miller re Pegasus on iPhones.

https://talk.tidbits.com/t/mac-and-the-state-of-malware/20569/6

Thanks for posting that link! It's quite informative and funny.

I'm afraid you are suffering from something much worse than malware. You are a misinformation victim. Most of the contributions in that thread are from, or about, certain social media influencers who use technology paranoia to get followers. There's even an actual antivirus vendor thrown in there for good measure. It's an echo-chamber. What do you think these people would tell you? Their social and financial lives depend on you being afraid.

I really enjoyed one recommendation to install an antivirus product from the Mac App Store. Just so you know, the technical limitations that Apple imposes on all apps in the Mac App Store make antivirus products impossible.

It's just like in the movies. You chose the blue pill. 😄

Apple mail downloads attachements automatically and I found guidance how to turn this off in Preferences for Mail. I hope I am safer now when I make an actual choice when and how to open an attachement, rather than for this to occur automatically. I remain kind of surprised that this download option did not come turned off by default.

Because there would be a never-ending stream of people asking where their attachments are. It's bad enough having to deal with the people who come here demanding that their single-page image attachments show up as icons instead of images.

For the record, that setting is in Apple Mail > Settings > Accounts > Account Information > Download Attachments = None

I actually did look for such a setting, but I didn't see it. Been using macOS for 23 years and never noticed that.

I'm afraid that by accepting misinformation as truthful, you are actually more at risk. Your Mac was in its most secure configuration the day you opened the box. Anything you add, and setting you change, is going to reduce your security, not enhance it. Not all software is equal. Antivirus software developers are noteworthy in their ignorance of Apple programming techniques. Supposedly they protect you from "zero-day" threats, yet it can be months or years before they notice changes to the operating system that Apple published with all the power of its formidable marketing engine. The same is true for self-made "internet security researchers". They want you to trust them, not Apple. It's a full-court press to make people lose confidence in Apple security. You know all those "exploits" that you keep hearing about on the internet? Did you know that Apple's largest competitors have entire divisions dedicated to hacking Apple products? It's all in the name of "user safety", of course. 😄

But in fact, it is only Apple that has a true interest in your safety and security. Apple knows which threats are real and which are purely theoretical. Apple too, has ulterior motives. Apple would rather have customers that trust Apple and rely on its own security protections. Such customers are much easier to support. Customer who hack up their systems and install all kinds of 3rd party security modifications are going to have a poor experience and be a lot of trouble to support. It would be better for Apple if these people moved to other platforms where they could be more effectively exploited. Your only option is to decide what customer you want to be.

tutlek wrote:

How did the infected PDF make it onto my hard drives?

If this was an e-mail attachment, then there is nothing you can do to stop it from being downloaded. That's how e-mail works.

What did I do wrong and how can I protect my Macs in the future?

That is a bit of a subjective question. I don't think you did anything wrong with your e-mail. Anyone's e-mail junk mailbox should be full of malicious e-mails of one sort or another. They are all harmless unless you try really hard to install the malware.

Apple's built-in security assumes that it is reasonably impossible to prevent malware from being downloaded. Therefore, it protects you from installing and/or executing malicious software. But it doesn't stop you from downloading. In most cases, you can override those protections. That's how Mac users get malware infections. They get fooled by malware into installing it to run some pirate app or view some illegal movie. Those users who repeatedly get tricked into installing malware might benefit from 3rd party antivirus.

If you don't want your e-mail client to download attachments, your only option is to use some purely web-based e-mail system like gmail. Most other major e-mail service providers like iCloud and Outlook also have a pure web-based option you can use.

I believe that Mail may download mail in the background. So, if you have the same email account on both devices, it would make sense that both would have the same (probably false positive) "infected" pdf.

I would suggest that you read this article:

Effective defenses against malware and ot… - Apple Community

https://discussions.apple.com/search?q=intego%20antivirus

False positive for non existing virsuses

tutlek wrote:

What did I do wrong and how can I protect my Macs in the future?

You installed a third party anti virus app. Uninstall the app.

I know you won't like my response so you are welcome to wait for another that better matches your belief in your third party anti virus app usefulness.

tutlek wrote:

... I still feel safer if I have something on my devices scanning the traffic to and from them, and giving me the option to modify some things, such as an additional firewall that the "unnecessary" product that I downloaded provides.

"Feeling safer" is all those products will do for you, while their only real effect is to reduce system security and increase your threat profile.

It is technologically impossible for an email message received by the Mail app to infect a Mac with anything. Just delete the message in the usual manner.

You do not need to live in fear. It's a choice, just as much as "feeling" safe. By falsely identifying an innocuous PDF document as "infected" all "Intego" did for you was to justify and exploit the fear present in you.

Like everything else, fix the problem. In your case, it's fear. Get rid of it. And "Intego". You don't need either one.

With respect, nothing there demonstrates that this was malware of any kind. It simply demonstrates you got an email with a spoofed address. 99% of all spam comes from spoofed emails.

So rather than vindicating your use of this software, it demonstrates nothing. It can still be a false positive.

Allowing that there may have been malware, then you misunderstand. A computer virus is essentially an application that runs upon download in the OS, with no user interaction. That didn't happen. If it was a virus then the OS protected you.

There are other forms of malware that can run with user interaction: but you would be warned by the OS that you are running this application for the first time. That might have been a clue. Even if you did, the malware would not have been able to access the OS partition and interfere with the running of your Mac, as - literally - nothing can write to that space.

So, you have 10 years or paying for an app of dubious utility, a pdf file that may - or may not - have been malware and a spoofed email.

"Virus" has become a generic term for any type of malware, including those embedded in PDF files. There are a few good free scanners that will detect varieties of suspect files: Malwarebytes, DetectX Swift, BitDefender Virus Scanner come to mind. The latter two apps are run manually, one and done, while the first requires an install of a background process, which I personally find undesirably intrusive and the main reason to avoid 3rd party system-wide anti-virus software altogether. I once found different positives with all three on a single Mac of a particularly sloppy user. So yes, malware is real and in the wild, but mostly for naive users. However, macOS built-in protection is progressing by leaps and bounds with innovations such as the Signed System Volume and XProtect Remediator.

The analogy with iOS doesn't quite hold. You're correct that Apple's control of the iOS devices and ecosystems are very tight, however they are equally tight on the Mac, but in a different way. The Operating System is on a volume all its own that nothing can write to. So you can't damage the mac itself, even if you download and run malware. And the solution for children is separate, controlled accounts, which you, as administrator create and manage, and set limits on. That way, even if they download and run something nefarious, any damage is limited to that one account only. Using Parental Controls you can lock down and monitor their actions to a very high degree.

On the other hand, what does your AV software provide you? These apps exist to assuage your fear, but equally, can give you a false sense of confidence. Often they work by comparing things against a known database of malware. But if the malware isn't in their database, what then? You feel secure but you actually are not. There is always a time lag between new malware appearing and AV apps being updated.

When you drive a car you should wear your seat belt at all times. But wearing the seat belt doesn't remove from you the responsibility to also drive in a careful and safe manner. Having AV software doesn't remove the necessity - and responsibility - of safe computing. AV software does not protect you from children...

I use Intego Internet Security.

Uninstall it according to its instructions. Rule 1 of Macs is don't install junk.

You are welcome. But you should observe that all the responses by high level participants in this community advised you not to use such third party apps. They advised you of this based on years of experience, providing similar assistance to thousands of users in these communities, and system knowledge.