Q: So Windows malware really is harmless in Mac?

The article is right. In order work the malware has to run on the computer.It the malware is Widnows only it can't run in OSX. However, it can infect Boot Camp Windows and virtual machine windows installations.

Windows executables can't run on Mac (or iOS) systems, so the article is correct. I'm not sure what "exceptional cases" they are implying exist. It's simply not possible, any more than being able to run a Windows app on a Mac is.

Perhaps they're hedging in case a single package includes code for both operating system, but then it's not really Windows.

Hello Edward,

I have good news and bad news.

The good news is that everything you have read in this thread so far is true. Unless you make your Mac data available to Windows via a VM or something similar, then you are immune to Windows malware. Should you choose to go ahead and install virtually any Mac anti-malware package, there is a greater risk of corrupting some internal database than there is of stopping any malware infection.

Alas, there is some bad news too. There is currently an epidemic of Mac malware. Those Mac anti-malware programs that work so hard to save you from Windows malware will do absolutely nothing to protect you from Mac malware. Yes - you heard that right. They protect you only from Windows malware. They will make your Mac run more slowly, corrupt databases, give you other reliability problems, and give you Zero (0) protection from the current avalanche of Mac-specific malware.

I know of only two programs that have a proven track record of cleaning up Mac malware infections. They won't prevent the infection, they just remove it after the fact. They are MalwareBytes for Mac (https://www.malwarebytes.com/antimalware/mac/) and my own EtreCheck (http://etrecheck.com). There are a handful of other ones that aren't traditional Windows anti-malware products, but don't have a proven track records, make invalid claims, or have some other issues that make me suspicious.

Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.

Alas, there is some bad news too. There is currently an epidemic of Mac malware. Those Mac anti-malware programs that work so hard to save you from Windows malware will do absolutely nothing to protect you from Mac malware. Yes - you heard that right. They protect you only from Windows malware. They will make your Mac run more slowly, corrupt databases, give you other reliability problems, and give you Zero (0) protection from the current avalanche of Mac-specific malware.

What "epidemic" of Mac malware are you referring to? I haven't heard of any current epidemic of Mac malware. There is an epidemic of adware--not to be confused with malware. Mac adware may get awfully close to the definition of malware, but at least strictly speaking, it is not that. And I think the two need to retain their separate definitions, the line between which you appear to be blurring.

As for your other assertion, that no program can give you any protection against Mac malware, I beg to differ. There are a number of programs that can scan for and remove Mac malware--I won't give any names at the moment, since I don't want to be seen as endorsing anything. One of them, however, which I have run for a number of years, has never given me any problems, including corruption of data or slowdowns of any significance.

That said, as far as I know, true Mac malware, as opposed to adware, is quite rare these days.

Or if you want to consider adware a variant of malware, which in most cases it probably is, why don't you at least refer to it that way? Otherwise, saying that there is an epidemic of Mac malware, when you are really referring to adware, is confusing and misleading.

Hello WZZZ,

I'm not the one who blurred that line. Most people don't make a distinction between adware, malware, trojans, viruses, "potentially unwanted programs", etc. It is software they didn't want, running without their consent, using their hardware, data, and bandwidth for its own profit, and actively resisting attempts to remove it. If you want to say there is some other subtle differentiator between adware and "true" malware then I'm to have to disagree.

I never said that "no program can give you any protection against Mac malware". I don't think that any current Mac anti-malware software does give any protection. I don't even bat an eye anymore when I see EtreCheck reports listing both malware and anti-malware software installed and running. But it is certainly possible to do that. I almost included a 3rd program in my list above but decided against it because the developer claims it is the "only troubleshooting app that runs on every version of OS X from 2011 to present". I'm quite certain that is a false claim , so I don't know how true its other claims are.

I listed both MalwareByte and EtreCheck as effective means to remove malware, but neither gives protection. They just remove after the fact. I plan to add logic to EtreCheck that will actively detect malware and alert the user when it has been installed. But due to my architecture, I couldn't say that it would ever provide "protection". It would just provide "notification" about a possible infections.

If you know of an effective and reliable anti-malware program for the Mac, don't hold your tongue. Endorse away! I think it is very important for Mac users to try anti-malware software and help each other out by reporting which are effective and which are worse than the disease.

etresoft wrote:

 

If you want to say there is some other subtle differentiator between adware and "true" malware then I'm to have to disagree.

There definitely is a differentiator between adware and malware: intent. In the case of adware, the victim really isn't the user, it's the advertisers. The user is simply treated as a machine for generating "affiliate" fees - money that is paid to the hackers for helping to drive traffic to ads or search engines. Adware does not directly harm the user, beyond being an annoyance and potentially destabilizing the browser or system.

Malware is outright malicious, and has as its goal stealing from the user. That could be theft of data that can be turned into money, or could be direct theft of money itself via things like ransomware, BitCoin wallet theft, etc. In the case of malware, the user is the direct victim.

Of course, the average user does not make these differentiations, and many don't even know such differentiations exist. However, where security researchers are concerned, that's a significant thing, and as a result adware is not something that most malware-focused anti-virus software detects particularly well. However, adware is the primary threat on the Mac right now.

In addition to what Thomas has written, adware announces itself quite conspicuously, while malware, as it profits as long as possible from not being detected, needs to stay under-cover so it can steal sensitive user data without the user noticing, and usually takes pains to hide itself.

Your remarks that there is an epidemic of Mac malware, and that because most users don't see any difference between true malware and adware, therefore it makes no difference how adware is categorized, is really just sloppy reasoning. You are not "most users," you know better, and you should not be perpetuating this kind of misleading information.

And what is significant in all this is that defending against the inadvertent installation of adware requires a rather different mindset from defending against true malware, although there may be some occasional overlap--an important reason why the two should not be confused with each other.

Hello Thomas,

No, there is no differentiator. Someone has come into your home, into your computer, and setup an operation to defraud someone. They are doing it in your name because internet service providers would put a stop to these activities if they did it under their own accounts. Are you are going to rationalize that it isn't quite the same thing because they are defrauding from someone else?

No. That is a malicious, fraudulent act. Letting people like that into your computer, into your home, is not harmless. Are there worse kinds of fraud and more malicious acts? Of course.

I think the average user figures that out pretty well. They don't care about the concerns of security researchers. They aren't concerned about the intent or motivation of internet criminals. They know that if dishonest, malicious people have access to their data, computers, and internet presence they cannot rely on the good nature of those people to only defraud someone else. Eventually, the cancer will attack the host.

I don't care what definitions you use. However, if someone wants to understand why adware is poorly detected by major anti-virus brands, that person should understand how the industry looks at these things.

There's a big legal difference between ad-supported software (as most adware makers will call their stuff) and malware, and there's a big precedent for adware companies to sue people who "defame" them, and that's why Apple and many security companies are so lenient towards adware.

Of course, I don't care about such things... I eat adware for breakfast and spit out its bones.

Hello WZZZ,

I suggest you do more research on adware and malware before making claims like that. Adware goes to great lengths to be as inconspicuous as possible. It uses random file names. It uses hidden file names. It masquerades as Apple software. It sets file system locks to make it more difficult to remove. It actively tries to reinstall itself if the user attempts to remove it.

I am not going to play the "blame the victim" game. I realize that, as a software engineer, I am not like most Mac users. But that doesn't give me the right to lecture to them about what they should have done, call them sloppy, or blame them when they are taken advantage of by other, more dishonest, software engineers. Instead, I choose to help by writing software to help Mac users remove this malware.

No, I don't think it is anyone's responsibility to "understand how the industry looks at these things". It is their responsibility to stop giving the security industry money until these companies start looking at things from the user's perspective.

I am quite aware of the legal difference between adware and malware. That is really the only difference of significance between them. Adware companies work in the open and hire lawyers to help them defraud customers and defend against honest software engineers. That is why it takes a different approach to fight them.

I'll give you credit where credit is due - you do eat an awful lot of adware. But you don't spit out the bones. EtreCheck does a better job of reporting the after-effects and keeping users and ASC helpers informed about what it finds and what it does.

I suggest you do more research on adware and malware before making claims like that. Adware goes to great lengths to be as inconspicuous as possible. It uses random file names. It uses hidden file names. It masquerades as Apple software. It sets file system locks to make it more difficult to remove. It actively tries to reinstall itself if the user attempts to remove it.

 

When I said that adware doesn't hide itself, it's as conspicuous as possible, I think it was obvious (or should have been) that I wasn't referring to the way it gets installed in the user's computer, i.e., where the files go, and to what lengths adware may try to conceal its location, and/or prevent its removal. I was referring to how a user will suddenly notice ads popping up where they didn't before. I was simply saying that, as adware, the ads need, as much as possible, to be right in the user's face so they can be clicked on. And this is just the opposite of most data stealing malware, the authors of which will, for obvious reasons, go to great lengths to conceal: once the infection is known,  the user's passwords, tax, cc/banking information, etc., gets changed, and the infection will quite likely, one way or another, be removed.

I'll give you credit where credit is due - you do eat an awful lot of adware. But you don't spit out the bones. EtreCheck does a better job of reporting the after-effects and keeping users and ASC helpers informed about what it finds and what it does.

I have to say that it would be better for your reputation if you didn't so obviously disparage a program written by a fellow ASC contributor, in order to pimp your own. That last comment really doesn't serve you well or make you look good.