Why are we continuing to insist that incredibly complicated and unrestricted computing devices which served well a few million highly technical folk a few decades ago can equally smoothly well serve ~8 billion people of varied capacities and hues?
At this point we need to accept that severely locked down and curated devices are the easiest and least painful road ahead for the majority of the world's citizens to participate in digital transactions, while unrestricted computing devices can used by those who are learning or specifically involved in technical tasks or are simply those who agree that they know what they're doing and the tradeoffs involved.
Am not saying unrestricted devices should be banned. It's just that they should come with warnings on the box and an advisory to use locked devices if the intent is to simply buy it and mindlessly use it.
while unrestricted computing devices can used by those who are learning
You can have a machine where you are actually more free to experiment than simply being unrestricted. If you have a machine where you can roll back changes to a saved point, you are more free to experiment, even with dangerous and esoteric mechanisms. This is what we had in Smalltalk. Smalltalk used to be an OS. (There are 4 hooks in the old Smalltalk-80 image for lifting the drive head, putting it down, and moving it in and out.) When I used it, it was no longer an OS, but this is how I know that doing
Semaphore allInstances do: [ :each | each release ]
Locks up your image so hard, there's often lag when you try to kill the VM process. I can do that with un-checked in code in the image, then restart from a saved image, replay all of my actions from the change log except for the last one, and I'm back in seconds, all of my code nice and safe.
This degree of rollback ability would also be great for simplifying parental IT. You'd need to add some sort of cloud storage for storage of authentication secrets and the most important data, but then it would be almost bulletproof.
Controversially, at least for these circles, I also advocate Trusted Execution as a tool for personal security and the protection of personal information.
In the hands of corporations and governments, imposed on individuals, this becomes DRM and is clearly horrible. It's so horrible, there should be laws heavily regulating it's use by organizations against individuals. However, the same asymmetries that make the issues of disclosure and privacy different between corporations and individuals also make trusted execution different between corporations and individuals.
It's bad for society and individuals when individuals have their information disseminated against their will. However it's very good for society when corporations, governments, and other organizations are required to be open and disclose information. This is why Trusted Execution should be used by individuals against organizations. Aimed in that direction, it compensates for the power differential. Used as DRM, it exacerbates it.
Trusted Execution combined with sandboxing can provide individuals with very good protection against things like malware and the Sony rootkit. My ideal PC would have an inviolate hypervisor kernel supervising an open "dev" VM which can be rolled back, along with various "appliance" VMs where sandboxes with Trusted Execution can protect the individual from the execution of other people's code.
Is the Chromebook's rollback as absolute as, say, that of a device running a Smalltalk based OS in a 'kiosk' mode with a hypervisor overseeing the VM and recovery mode?
That's the whole point of having certain things in the cloud!
nor should the billions of people not have privacy
You can have a relatively open machine that implements rollback mechanisms using local storage and have privacy just fine. Did you just have a reading comprehension failure?
I agree that the idea is really nice. The execution, however, still leaves a lot to be desired.
The boot screen coming up each time if I put my machine into dev mode is something that really icks me. At least, I should be able to switch it off (without resorting to EFI hacks). Also, it's really easy to wipe your device on that screen if you accidentally press the space bar.
If that one screen was a bit more configurable and the driver situation was a little bit better (less blobs/hacks), my ARM-based chromebook would be my daily driver by now.
The restrictions just make spyware easier to hide. Malicious users will still be able to bust into devices but removing or detecting them will be harder as you will not be in control of the device.
What about what that curation entails. Should I be forced to watch ads the manufacturer sends me before I can do anything? Should I be forced to pay a rental fee or lose all access to my data? Should all financial transactions be controlled by the manufacturer's prefered system?
The problem with walled gardens is lockin and shareholders would be irrational not to encourage the manufacturer to maximize the profit they can extract from each device. I don't want a device where my every interaction is controlled and monetised to maximize my consumption.
The transition seems well underway, for Apple at least. How long does it take though, a decade?
It doesn’t seem unreasonable to think iOS devices will replace 95% of all Macs, with exception to professional users who need massive workstation resources, unfettered system access, etc.
I don’t recommend Macs to family or friends anymore, they’re completely unnecessary. The new iPads with the keyboard are enough for normal people. That trend seems to be solving the problem, gradually, leaving the technical system for technical people.
So what is going to be the unrestricted device? Looks like it won't running on Windows or MacOS which are going very quickly the locked down route. I would be happy if there was a good alternative.
There are lots of flavors of *NIX that can serve this need.
The big fear shouldn't be that you won't have anything to run so much as the idea that popular general Operating Systems in the future will integrate too many advanced features and introduce hurdles to general interoperability that makes it harder for open source alternatives to be useful.
So far it hasn't been too big of a problem, but if operating systems start being augmented by substantial amounts of AI or machine learning derived efficiency improvements upstarts might have trouble keeping up, but I wouldn't count out the creativity of the Open Source community to address these issues.
You don't need to lock down whole devices. You just need to lock down applications what they can do.
The problem is that the basic unix (and windows) APIs are designed with malicious users, but not malicious programs in mind. What iOS and Android tries is bolting on a permission system on those old APIs, leading to overcomplicated brittle systems that fall behind what can be achieved.
> ... basic unix (and windows) APIs are designed with malicious users, but not malicious programs in mind
I beg to disagree. Ubuntu for example has apparmor enabled by default [1] and snaps running in containers [2]. And compartmentalization is a huge part of the linux kernel [3].
AppArmor is completely useless for the scenario of malicious programs rather than exploitable programs, as you still need to write profiles for programs.
Ubuntu snaps are not sandboxed yet [1]
Containers just offer just the same environment as a normal unix. Kernel apis like e.g. Video4Linux or even more basic stuff like the filesystem are not designed for this.
How does an app ask the user for permission to use the camera? How does an app ask to open a file outside of its sandbox? Basic things like that are just handwaved away or implemented with extremely complex systems that regularly have security holes.
That's quite a blanket statement: of course they are. Snaps are sandboxed by a set of interfaces requested by the snap in question. If the snap requests networking, it gets networking. If it wants to access the sound card, it gets the sound card. Some of these interfaces are more powerful/dangerous than others. If the snap requests X, it gets X. That makes that particular snap certainly less safe, but it says nothing about snaps that don't use the X interface at all. The user can also disallow access to X (though that probably makes the application less useful) by disconnecting that interface: snap disconnect <snapname>:x11
I use a Mac for work and personal, and I feel like I take the reasonable precautions to avoid malware/ransomware/spyware/*ware (ex. prefer the App Store when possible, only download stuff from trusted sources, etc.) What more can I do to be safe? In 2017, is it recommended to use some kind of antivirus on a Mac? I've always been told it's unnecessary, but it seems like nefarious software is becoming more commonplace on the Mac.
Use a cloud-based backup service like BackBlaze or CrashPlan that saves old versions of your files. Since these backups are not connected like regular read-write hard drives, there should be no way for the ransomware to encrypt or delete the old versions.
Turn off iCloud storage though. Holy crap it messed with my Back Blaze stuff when the documents folder all went to the cloud and got deleted off the local drive. As easy as that sounds to fix, it isn't. What a terrible default option for an OS update.
If you seek a heuristic way to prevent ransomware on Mac, RansomWhere[1] by Objective-See is awesome and free of charge. It constantly monitors the file system, and if it sees a sudden burst of encryption, will freeze the concerning process. Yes, you'll 'lose' at least a few files, but major loss is prevented. Obviously, you'll need to turn it temporarily off if you want to do any legit encryption.
[1] https://objective-see.com/products/ransomwhere.html
• Review the settings in System Preferences » Security & Privacy and pick a reasonable ground between convenience and security.
• At the very least, "Require an administrator password to access system-wide preferences" (found under the "Advanced..." button.)
• Be wary of any third-party app that asks for an administrator password, and try to see if it runs after denying the prompt. Dropbox, for example, seems to work fine even if I cancel its second (after installation) admin prompt. (There were news about it faking the prompt and storing your macOS password [2] for automatic updates...)
• You may want to tighten the firewall settings, and/or consider Little Snitch [3].
• If you have to install something from a .pkg file, which can autorun scripts, try to review the .pkg and its scripts with Pacifist [0] first. It may be possible to just extract the payload with Pacifist and run the app just fine without "installing" the .pkg.
• Make regular backups. Automatic (e.g. Time Machine) AND manual (of your most important stuff at least.)
• Don’t use the same passwords for different things.
• Enable multi-factor authentication on as many services as you can.
• Visit dodgy websites in private browsing mode, or a secondary, locked-down browser like Tor [1].
• If you can't help downloading pirated/"cracked" apps or games, try to run them from a different user account.
• If concerned about outright theft of your Mac, enable FileVault full disk encryption, and set a firmware password. [4]
• Whenever you're bored or something is acting janky, check the usual places where third-party processes can install themselves and hook into your system:
• Oh and before you paste any command/script (like the above) from the internet into your terminal, see the man page for each command and its arguments first. :)
----
I've used Macs without an antivirus since 2012 and I haven't been hit by malware yet... I think. :)
"note the ‘Type your password…’ sentence is both misaligned and is spaced into a separate paragraph, unlike genuine authentication requests from OS X. The phrasing of the first sentence “your computer password” is also very “un-OS X”."
Just a little nit-pick: checking for kernel extensions that don't have Apple in their name is definitely not the same as checking for 3rd-party extensions... :P
Because it's annoying and it doesn't help — most people don't care for managing a firewall, nor should they. If an attacker has run an executable on your laptop, whether you block it from phoning home or not is hardly your main concern.
You don't run a firewall to prevent a compromised system from dialing out, you run it to prevent other compromised systems on the network from dialing in. Everyone on the same wifi network is an attack vector.
Good point. Most importantly, that's the far less annoying use-case: one can imagine a simple UX with a list of applications bound to LISTEN on an external interface for you to whitelist for an hour, a day, or indefinitely. I think browser exploits are still a slightly more common attack vector, but that's certainly an option.
I'm not sure, but maybe simply turning the firewall on in macOS doesn't provide any benefit if everything else is fine, and you have to lock it down and disallow all requests by default to actually get added security through it.
Edited the recommendation after reading the sibling comments.
Because a hardware firewall is infinitely more effective. If your router has a firewall, that should be turned on first. If it doesn't, that's when you should look at turning on the Mac firewall.
Regular backups with the drive disconnected from your machine when you're not backing up or restoring and a second (or more if you're paranoid) drive somewhere else entirely in case your house burns down. The best free options here are jwz's method[1] and Time Machine. Ransomware can't encrypt files that it can't access because the drive is disconnected, and by having a spare somewhere else (updated once a month or so) you prevent yourself from losing everything if you don't notice the malware and it eats your local backup drive.
I use Little Snitch configured in Silent mode to Deny All and then I allow only the things I want to go outbound out of my machine (though I do let my machine talk to my home network freely). You might want to consider that.
I also use Avast's free antivirus for the Mac, but with the Email and Web shields off. I find that overkill when I have the File shield (real-time protection on file access) already enabled.
Sorry, I was not aware that happened. I'd like to say that it was completely unexpected, but I guess I can understand that that as a result of jwz's accounts of working at Netscape being flogged by VCs as way of duping young and naive engineers into sacrificing their youth and hard work on the altar of uncertain reward.
Extraordinary. I have two kids who each have their own accounts on a couple of Macs and over the space of 5 years I have never had to clean Malware off.
1. Set them up with managed accounts
2. Use parental controls to stop them from installing things
3. Set the default browser to Safari which works better with Parental Controls
4. Try using the Parental Controls automated web filter. It's pretty good and not too stringent.
5. TALK to your kids about the importance of NOT simply clicking indiscriminately on random stuff.
it's not random stuff - it's more often than not the game sites that are ranking which ask to mod the Chrome config - not ads
the OSX parental controls break Chrome - or did when they were on - and were overly intrusive - if you're typing in the password every 10 mins you might as well not have one - the parental controls on router don't work with HTTPS
what I need is Google Account / Chrome setup that is age aware and:
1. filters search results on age of user
2. downranks sites that prompt to alter configs or force email address to run a game
3. enforces strict content (not just on results, but also on what Chrome will render)
4. locks down Chrome config
5. filters gmail more aggressively than it would for an adult
6. notifies adult user on suspicious activity (not reports sites visited etc. but reports if something serious happens)
5. Use Mail.app rather than the Gmail web interface. Parental controls then let you whitelist addresses that the kids can use e-mail with you can set it up so that if they ask t e-mail someone new, they can request it and you'll get an 'allow/deny pop up.
6. Set up a free OpenDNS account for use on your kids machines and set up a profile for use with them (you can adjust strictness and alerts you want to receive).
7. Once again - talk to your kids. Explain that if they click on something that requests this kind of thing, they are not to run it. Running it will result in reduced computer time and privileges. Ultimately technology can only help you parent, it cannot do it for you.
Out of curiosity, do you ever browse with your kids and keep teaching them what to click, what not and why? I assume that it can't make them completely safe, but it should eventually bring them near to it. If you're doing it, what's your experience with that and where do you think the malware is still coming from?
it comes, mostly, from the online game sites and other shiny honeypots for kids - google "X game" click top link - the game sites themselves override Chrome search bar and home page etc. - they click yes and put an email in to every single prompt to get to the game
Funny, that. I've got several machines around the house which are used by my daughters (~6 and 12 yo) and wife. The machines run Debian, apart from one on which I installed Mint. I have several Android devices for the same purpose. Those Android devices range from a 2011 Ainol Novo 8 Advanced running Gingerbread to a Teclast X80 running Lollipop. I use Debian myself, on client and server hardware. We use Firefox, Seamonkey and Chromium (not Chrome).
I never had a single piece of malware on any of these machines, ever. I do see lots of SSH login attempts to the servers (in vain, naturally) and quite a bit of exploit scanning for vulnerable services but the amount of successful intrusion attempts, whether on client or server, is zero.
Maybe you should to try this solution for your children?
>In 2017, is it recommended to use some kind of antivirus on a Mac?I've always been told it's unnecessary
AV-Comparatives[1] puts out a pretty comprehensive, quantifiedm real world benchmark of antivirus comparisons that they update every month for Windows (a more dynamic threat environment) and once a year for Mac[2].
Let's take a best case scenario (which isn't likely) that there are _no_ security vulnerabilities in any software on macOS. You still have the issue of being an accessory to spread malware to Windows machines if you aren't screening for them. "Oh hey boss, include this file in the Windows deployment of our software".
A biological equivalent would be, even if you are an asymptomatic carrier[3] (macOS claim) you can still transmit the disease to someone else, therefore should limit transmission through condom use, gloves, general precautions (run an antivirus)
A final point to add is one regarding risk engineering. The decision to increase the robustness of a design is not governed by the probability of the event (Mac's hardly ever get infected!), it is governed by the magnitude of the effect of the event. Even if the probability of malware on a Mac is low[4] if the effect of the infection is catastrophic (your entire business is destroyed) you should be increase the systems robustness to threats.
[1]
https://www.av-comparatives.org/about-us/
AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing. AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions. Certification by AV-Comparatives provides an official seal of approval for software performance which is globally recognized.
Currently, AV-Comparatives' Real-World Protection Test is the most comprehensive and complex test available when it comes to evaluating the real-life protection capabilities of antivirus software. Put simply, the test framework replicates the scenario of an everyday user in an everyday online environment – the typical situation that most of us experience when using a computer with an Internet connection.
AV-Comparatives works closely with several academic institutions, especially the University of Innsbruck’s Department of Computer Science, to provide scientific testing methods.
Yeah. The TL;DR is "Two people wrote some ransomware for Mac and put it on _the dark web!_"
Well, who really cares about that? That's not an especially novel thing to do. It's basically a drop of spit in the ocean.
Someone wake me up when Mac malware goes viral because it's not entirely reliant on users making mistakes. Or if it uses some sort of vulnerability that I need to get patched.
> However, they added, any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data.
In past discussions of ransomware, the question is always asked: if you pay, how can you be sure you'll get your files back? The standard answer seems to be, of course you'll get your files back, the criminals want to keep a good reputation so you'll have the greatest incentive to pay, and they have no reason not to.
I guess this shows one potential weakness of that idea. Criminals may not want to destroy your files, but might do so by accident.
The problem with the App Store, is that the software most likely to have an issue with the sandboxing is often the software that's more critical in terms of security. Such software may not be security software but still have more stringent needs in terms of security review. For example, layout managers might have hotkey functionality that could disguise key-logging.
Your typical "parents" are not the sort to need that sort of stuff. Those are profesional tools for people with specialized needs, and they can assess the risks of installing such things.
Just because you never had a problem doesn't mean you never will. Past performance is no guarantee of future results, and in fact it would be trivial to get a malware-infected app into the app store because the review process does not look at the source code (and even if it did it's not hard to obfuscate malware).
AppStore applications are more sandboxed than regular side loaded applications. You need to request quite a lot of permissions up front before it can actually do some harm and requesting those permissions will lead to more scrutiny on the side of the reviewer.
That said it's still easier to get something in the AppStore that really wreaks havoc on your machine compared to the iOS AppStore where developers being used to a completely free reign over the machine never was a thing to begin with.
AV-Comparatives[1] puts out a pretty comprehensive, quantified real world benchmark of antivirus comparisons that they update every month for Windows (a more dynamic threat environment) and once a year for Mac[2].
[1]
https://www.av-comparatives.org/about-us/
AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing. AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions. Certification by AV-Comparatives provides an official seal of approval for software performance which is globally recognized.
Currently, AV-Comparatives' Real-World Protection Test is the most comprehensive and complex test available when it comes to evaluating the real-life protection capabilities of antivirus software. Put simply, the test framework replicates the scenario of an everyday user in an everyday online environment – the typical situation that most of us experience when using a computer with an Internet connection.
AV-Comparatives works closely with several academic institutions, especially the University of Innsbruck’s Department of Computer Science, to provide scientific testing methods.
Snarkiness aside, you don't need an antivirus on your Mac. As long as you run as a non-admin user, enable a firmware password, and stay away from Adobe Flash, you are golden.
Wait.. an "admin user" on a Mac is basically just a sudoer that still needs to enter its password each time for elevated privileges, right ?
Since you do need to install stuff sometimes, I'm not sure what a power user who's careful about password prompts would gain from routinely running as a non-admin.
As someone who has used Macs since the 90s fairly carelessly I was quite impressed when a relative got a virus 3 weeks into his first Mac. All three of the above points were not followed.
Disable/Don't install Flash and Java, disable auto-loading imagines in Mail, and install Safari extensions to block ads, trackers, and unwanted JS.
And keep your system up to date of course (done by default, or at least the notifications to that effect). And don't use the admin user on a day to day basis (done by default).
That anyone bothered to orchestrate an attack like this on Apple products seems to say good things for Apple's business. Although at that same time it seems to cast doubt on Apple's perceived superiority on the security front.
Oh well, I'll keep going with my preferred platform: Windows as a host for my browser and SSH to FreeBSD and Ubuntu servers.
Are you kidding? Classic MacOS was riddled with viruses and it was made worse by the fact that they were used by designers who, as a matter of habit and necessity, would exchange disks with random people and use them in random computers.
In the 1990s visiting a copy shop with Macs was like going to a sketchy by Thai standards brothel. You were almost guaranteed to come back with some new infection. You'd reasonably quarantine anything that came back from your print shop until you could scan it. The temptation to hold your Syquest disk with rubber tongs was there.
Switching the processor PowerPC made many of the viruses incompatible, but they weren't fully eliminated until the switch to OS X was complete.
Absolutely not. I worked in publishing during the 90s and virtually every Mac disk that came into us from a freelancer had a Mac virus on it. Luckily an excellent free bit of Software called 'Disinfectant' spotted and sorted it. It was eventually retired by its author sadly when Office Macro Viruses started running amuck and were too difficult to track.
By the time it was retired, I seem to recall it acted on nearly 200 viruses and worms.
> According to Woz the early Mac's held so much of the OS in ROM that a malware could not get a solid foothold.
Might have been true for the really early Macintosh computers. Definitely not later on, though. Later systems stored an increasing amount of the System on the hard drive, and the NewWorld PowerPC Macs (iMac and later) moved the remnants of the ROM to the hard disk.
That's a strange claim since even with Old World ROM, any Extension in the startup chain could replace any part of the ROM without limit. System 7 and beyond were essentially cobbled together that way.
Right, I meant the really early systems like the Macintosh 128K -- well before extensions were even a thing. Some infrequently used system components, like disk formatting ("PACK 2"), were stored on the boot disk, but the vast majority of the system was in ROM.
At this point we need to accept that severely locked down and curated devices are the easiest and least painful road ahead for the majority of the world's citizens to participate in digital transactions, while unrestricted computing devices can used by those who are learning or specifically involved in technical tasks or are simply those who agree that they know what they're doing and the tradeoffs involved.
Am not saying unrestricted devices should be banned. It's just that they should come with warnings on the box and an advisory to use locked devices if the intent is to simply buy it and mindlessly use it.