Bitdefender and Time Machine Protection

johnmcdenver wrote:

Just one follow-up question: You said that there are no macOS viruses. So what you are saying is that there is no way for a hacker to hijack my computer, bug it with a Trojan (and record my keyboard input to get my passwords for instance), get access to sensitive information stored on my computer or spy on me using my webcam or microphone?

Nope:

John Galt wrote:

... There are no macOS viruses. The closest thing to a virus on a Mac is the "anti-virus" garbage people insist upon installing on them.

You need to understand the difference between viruses, Trojans, keyloggers, spyware, bugs, and other terms you're throwing around as though they're one and the same.

Words mean things. A Trojan is not a virus. It's something masquerading as something else like the Trojan Horse constructed by the Greeks as a false trophy, so that Greek soldiers within could enter the city of Troy unopposed. Hence the name. I hope that's not something you didn't already know. There is no product that will prevent you from installing something on a Mac. That responsibility is yours alone. If Apple prevented you from doing that, a Mac wouldn't be the general purpose computing appliance that it is.

The defense against installing a Trojan is not to install one. Of course that's an oversimplification, but it's incumbent upon a Mac user to know what he or she is installing and why. If you install something obtained from an untrustworthy source; if you download software that's known to be pirated or "cracked" in an effort to avoid paying for it, you are inviting a Trojan. There are a few examples of that, but there is no product that can prevent users from willfully doing something that extraordinarily dumb (and illegal).

A virus infects a computer by undetected transmission from one device to another. macOS is not vulnerable to viruses for many reasons, way too many to describe in a few sentences so I'll leave that to others.

A keylogger (or similarly categorized remote access utility) is software that you install. Keyloggers have legitimate purposes including the ability to monitor your surroundings with a Mac's FaceTime camera and microphones, but just like anything else that alters a Mac at the fundamental level required products that do that cannot be installed without an authorized user's willful consent. There are many easier and cheaper ways of "bugging" your surroundings that don't even involve a Mac.

More to the point of "anti-virus" software being potentially harmful: Such things need to constantly monitor your Mac's activity and the software it contains. For example, the "Bitdefender" product you installed objected to legitimate macOS activity. Its developer insisted that it identified a "virus" or evidence of "hacking" leaving you understandably upset. You wisely chose to post a question on this site, probably something 99.9% of Mac users would not have known to do. If you had not done that, you might have been tempted to take inappropriate actions, such as maybe erasing certain Time Machine backups or altering the way it works (potentially corrupting it and making all of your backups useless), or maybe curtailing your use of Time Machine altogether. That makes no sense, since if your Mac truly were to be "hacked" a Time Machine backup conveys the ability to restore it to a state preceding that intrusion.

That unjustified concern leads to plenty of other inappropriate actions, and people take them all the time. Read this for one of many such tales of misery: threat by trojan.JS.Iframe.BKD on MacBookPro.

The point is that the installation and use of non-Apple "anti-virus" software presents a far greater threat to a Mac's security than leaving it to work just as Apple designed it to work.

Now that you know there are no macOS viruses, the possibility of "hacking" remains. For that concern, there are no products that can definitively identify the total absence of malicious activity. None. Don't bother looking for one. Like any effective security strategy, securing a Mac requires a comprehensive, multifaceted approach that includes physical security of a Mac and all its network equipment and secure wireless networks and passwords including your Apple / iCloud ID if you have one. Theft of Apple IDs is commonplace, and is almost always accomplished through phishing scams. You can secure your Apple ID by using Apple's two-step verification for Apple ID. That slams the door on any attempts to use your Apple ID unless that attempt is accomplished with a trusted device—which itself can and should be kept physically secure as well as secured with a passcode... just like your Mac.

In any event delegating your Mac's security to a non-Apple product is ill-advised, at best. Anyone or any thing claiming specialized knowledge—some omniscient ability to foresee all present and future threats—some magically superior ability to protect an operating system developed and maintained by the most famously secretive company on Earth—ought to be treated with extreme suspicion, if not outright derision.

get rid of bit defender, you don't need it and all it is going to do is continue cause problems

https://www.bitdefender.com/support/how-to-uninstall-the-new-bitdefender-antivirus-for-mac-1687.html

Keep your mac up-to-date with OS X updates and securities patches from apple. This is far and away the best protection you can have and the best way to maintain your system without the need for 3rd party "protection" or "cleaning" software.

No Anti-Virus software or so-called “cleaning” apps are needed or recommended for Mac OS. They can conflict with Mac's own built-in security. At best they will slow your Mac by using unnecessary resources and at worst will bork your entire system.

i) Is it normal that these applications (which seem to be from Apple) attempt to access my Time Machine backups, meaning Bitdefender is blocking them unjustified?

Yes.

ii) Are the messages about "com.apple.appkit.xpc.openAndSavePanelService" in the console normal or is there anything wrong with them?

They are normal. com.apple.appkit.xpc.openAndSavePanelService.xpc is a required macOS component. Make no attempt to delete it.

Of course, I contacted Bitdefender Support and they said that no application, not even ones from Apple, should make changes to old backups. So, according to them, something is wrong and I must have some kind of virus or have been hacked, which really upsets me.

That is so over the top utterly untrue it's laughable. Time Machine has to make changes to its old backups. It has to overwrite them, delete them, and change their attributes. That's how it works. Furthermore, Apple implements changes in Time Machine with practically every macOS update. I have never known them to describe those changes in any detail whatsoever, and they only rarely even reveal a change has taken place.

Strangely, their virus scan cannot find a thing.

Strange? There are no macOS viruses. The closest thing to a virus on a Mac is the "anti-virus" garbage people insist upon installing on them.

Rule 1 of Macs is don't install junk. "Bitdefender" is a threat to your Mac's security and its backups.

So what you are saying is that there is no way for a hacker to hijack my computer, bug it with a Trojan (and record my keyboard input to get my passwords for instance), get access to sensitive information stored on my computer or spy on me using my webcam or microphone?

You realise that sentence is gibberish, right?

1. Of course a hacker can get into your computer. All he needs is your name and password. Without that, not so much. Even if one did BitDefender wouldn't help anyway.

2. A Keystroke recorder could be installed on your machine. Again, all it takes is your name and password. Without that, not so much...

See a pattern?

How might a hacker get your name and password? By you installing software from places other than the App Store or the developer's website. So, common sense - don't install pirated software - and at time of writing you really have nothing to worry about.

johnmcdenver wrote:

So what you are saying is that there is no way for a hacker to hijack my computer, bug it with a Trojan (and record my keyboard input to get my passwords for instance), get access to sensitive information stored on my computer or spy on me using my webcam or microphone?

Trojans are NOT viruses. A Trojan is a program that masquerades as something it is not in order to con you into installing it.

Don't install software from untrusted sources. Don't respond to scam emails and popups on web sites trying to get you to install something or give up your account credentials. Use common sense and you won't have a problem.

Backup your data, erase your hard drive, and restore your data.

If you believe personal information was compromised, change all of your passwords, notify your bank, and put a watch or hold on your credit.

I see but could that someone also do these things to me remotely or would they have to do them on my (physical) computer using my name and password?

Either is possible. But the key thing is having your name and password.

johnmcdenver wrote:

I get your point not to install untrustworthy software but what if I already did? I once installed an email certificate from StartCom and because it felt strange afterwards I deleted it again and installed antivirus software on my Mac (this is the very reason I did it in the first place), which actually found and removed a Trojan. Ever since I feel like I have been hacked and I feel so exposed.

So, if I really have been hacked and am currently being spied on, what can I do to stop it? I am really desperate.

Hello johnmcdenver,

There is nothing wrong with a StartCom email certificate.

It is difficult to diagnose these things after-the-fact, but I'm quite confident that you never had any trojan to begin with.

Consider dumping Bitdefender - it's not needed and it's generally considered to be crapware.

You don't have a virus. Uninstall BitDefender and then monitor your system to see if you still get the alerts.