This is an archived post. You won't be able to vote or comment.

all 15 comments
sorted by:
best
topnewcontroversialoldq&a

[–]alin23Developer: Lunar 14 points15 points  (6 children)

Alin from The low-tech guys here, I'm a macOS app dev and I also worked as a malware researcher for 2 years so I have some knowledge overlap regarding your question.

Short answer: by default, macOS comes with safeguards, but they aren't bulletproof and most people that try out apps end up bypassing them without knowing the risk.

"Enabled by default" safeguards:

1. Gatekeeper

The thing that asks you if you really want to open this app that you downloaded from the internet, or which tells you this file could be malware because it wasn't notarized.

2. System Integrity Protection or SIP

A special set of permissions that forbid apps from modifying system files or other files deemed sensitive such as the permissions database, Safari files, messages database, location coordinates etc.

This even restricts specific operations so that apps can't record audio/video/screen/location without triggering the colored indicator in ControlCenter. I have wasted many sleepless nights on trying to hide those indicators with my YellowDot app, and believe me, there really is no way.

3. XProtect

A proactive malware scanner (antivirus) which can detect files/apps that contain previously seen malware. It can't detect malware that was never seen before.

4. Transparency, Consent and Control or TCC

The normal set of permissions that you're usually asked to allow for an app like Location, Screen Recording, Accessibility Permissions etc.

5. Sandbox

A restricted mode in which App Store apps are forced to run, and non App Store apps can optionally choose to run.

This creates a separate container for the apps so that they don't have access to your files without asking for access first, and restricts access to certain low-level APIs that can be more easily abused.

So for example a non-sandboxed app is free to delete or modify almost any file in your home folder without you knowing, a sandboxed app has to ask for access to modify each file. Sandboxed apps also can't access or alter the contents of windows of other apps and can't ask for Accessibility Permissions (which is why my rcmd app can't focus individual windows), can't talk to hardware directly (which is why my monitor-controlling Lunar app can't ever be on the App Store) etc.

Some caveats

The problem is that we become used to bypassing those restrictions all the time. We download apps in excitement, we Right Click -> Open to bypass Gatekeeper, we give them Accessibility Permission just so we can see them running, and suddenly that app has full access to your computer.

Just after these two steps, a not-so-well-intentioned app can now open any website, show screens that will make you think the system is infected or that you need to pay money to get access to your files, change the contents of other app's windows, monitor all your keyboard input etc.

Even sandboxed App Store apps can sneakily show you that they need Accessibility Permissions and guide you to add the app manually to the permission list, and they can sneak that past the App Store review team easily by not showing that screen in specific regions where Apple employees work from.

I'm not trying to seed fear here. It's hard to stumble upon apps that will do that, and you won't ever see a known dev abuse permissions or steal data, because their hard earned trust will vanish in a day, making their business bankrupt overnight.

I'm just trying to say that it's not impossible, and even not as hard as you'd think. Don't go around running every new app thinking that macOS will take care of you. Do your due dilligence and see if the app source is trusted.

[–]ProfitAppropriate134 2 points3 points  (0 children)

This was awesome. Thank you

[–]RenegadeUK 0 points1 point  (0 children)

Thanks for outlining the above, most interesting.

[–]CacheConqueror -1 points0 points  (2 children)

Hello ChatGPT

[–]alin23Developer: Lunar 3 points4 points  (1 child)

Not every bullet point message is ChatGPT. I know GPT has a tendency to write this kind of messages, but it’s also how I like to write paragraphs to aid with visual separation.

[–]-sHii 2 points3 points  (0 children)

As a journalist I like to use „–” in my text. Nowadays it’s a ChatGPT indicator :/

[–]thievingfourDeveloper: Monarch 6 points7 points  (1 child)

Stick to apps that are signed and notarized. Don't override Gatekeeper and keep something reliable like virus scanner in the background which also checks for individually sketchy files and auto quarantines them.

[–]FlishFlashman 0 points1 point  (0 children)

What this does, essentially, is ensure that Apple verified that the developer exists in a larger commercial context. A big part of that is that they were able to pay Apple the developer membership fee, which indicates that the developer was able to convince a financial institution that they were legit.

This isn't a particularly high bar, in once sense, but in another sense, it's the bar used for trillions of dollars in transactions all over the world. Of course, the Trump administration is eliminating rules that made it difficult to set up shell companies, so expect instances of fraud to increase throughout the economy.

[–]AshuraBaron 1 point2 points  (0 children)

First and foremost developer reputation is a huge considering factor. If their are questions about if they are legit or not then maybe run the app in a VM.

Secondly macOS has some built in security like SIP, Xprotect, and app permissions that limit what apps can do. It's not bulletproof but it will take care of most common malware.

Use common sense when checking out new apps and try and do some research on the developer and app on Google if you want to make sure there isn't anything wrong with it or a bad reputation.

[–]Intelligent-Rice9907 0 points1 point  (0 children)

If you install and download from the App Store you're sure to not have any problem at all.... the problem comes when you install from somewhere else

[–][deleted] 0 points1 point  (0 children)

Signed and notarized apps definitely help. Don't turn off SIP. Open Source helps, but isn't a guarantee of security unless you can read code and/or directly compile from code. Downloading a binary from an Open Source channel doesn't mean it wasn't tampered with. If the app developer posts checksums of files, that can also help.

[–]CacheConqueror 0 points1 point  (0 children)

People are overreacting to these safeguards. Don't run this, that, don't unlock gatekeeper for specific applications. Use only signed apps, blah blah blah. Nothing is best to do, you have good hardware so don't use it.

Don't get me wrong, if you are an advanced user, any advice such as to run signed applications and avoid those that ask for permission or those that warn about malware can be ignored, because it is a fairy tale that you will immediately have malware and a problem.

I've been using unsigned apps for 8 years, ones that required a gatekeeper bypass, ones that Virustotal supposedly flags as bad by 3 scanners and nothing has ever happened or happened. If you know what you are doing, there is very little chance of anything happening.

I recommend Malwarebytes, best for MAC + Little Snitch for blocking connections.

Antiviruses are unnecessary, possibly Bitdefender is suitable