You might be legitimately annoyed by the amount of free antivirus software on Windows that don’t offer good protection, on top of being filled with ads. But I don’t agree that scanning for malicious files and preventing dangerous commands (regardless of how good the implementation is) can be labelled as snake oil.
But what are you protecting against, though? What exploit? What CVE? Where’s the privilege escalation from the desktop? What application? What “Linux Virus” are you concerned about?
As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.
You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.
I clicked through a few, and none of those are viruses, zero day exploits, privilege escalations, and every single one requires the user to install something.
That’s not the fault of macOS and no antivirus is going to be able to stop a dumb user from doing something dumb, and that’s true for any operating system.
This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).
every single one requires the user to install something
Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.
Also XCSSET Updated used a zero day in Safari.
These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.
Rarely do attacks use just one strategy, usually they bundle malware with a zero day of some sort. Since macOS has a small user base, look less at the impact and more at the capabilities. All types of malware exist for macOS, so if it gets much larger adoption, we’ll see more effort in packaging them together.
You might be legitimately annoyed by the amount of free antivirus software on Windows that don’t offer good protection, on top of being filled with ads. But I don’t agree that scanning for malicious files and preventing dangerous commands (regardless of how good the implementation is) can be labelled as snake oil.
But what are you protecting against, though? What exploit? What CVE? Where’s the privilege escalation from the desktop? What application? What “Linux Virus” are you concerned about?
As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.
People say this all the time and it’s never been true.
You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.
what mac virus is that?
Take your pick.
I clicked through a few, and none of those are viruses, zero day exploits, privilege escalations, and every single one requires the user to install something.
That’s not the fault of macOS and no antivirus is going to be able to stop a dumb user from doing something dumb, and that’s true for any operating system.
Here’s one example of a privilege escalation
https://security.berkeley.edu/news/macos-ipados-and-ios-local-privilege-escalation-vulnerability-cve-2021-30807
And here’s a little more detail about it, complete with links:
https://www.offsec.com/offsec/macos-preferences-priv-escalation/
This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).
Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.
Also XCSSET Updated used a zero day in Safari.
These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.
Rarely do attacks use just one strategy, usually they bundle malware with a zero day of some sort. Since macOS has a small user base, look less at the impact and more at the capabilities. All types of malware exist for macOS, so if it gets much larger adoption, we’ll see more effort in packaging them together.