Anti-malware on macOS 🙄

Nycturne

Nycturne

Elite Member
Posts
1,140
Reaction score
1,490
Andropov said:
Yes, but since Apple allows running iOS apps on the Mac unmodified, that can of worms is already open. Apps that run using the "Designed for iPad" destination will run on the Mac, with MSAL, using the iOS-style keychain.
Click to expand...
As I said, I'm not close enough to this stuff to really get into details. It's very possible that this part of the conversation has become two people debating a straw man and we'd have no real way of knowing. So at this point, I think I'll back down, as all I have is idle speculation.

But with my time at a particular, large, bureaucratic software developer, I've learned to cut the engineers at least some slack that they know what they are doing. Direction/priorities are one thing, but generally the engineers in a situation like this aren't doing this because they want to. I've also been on the receiving end of the "why can't you just support X?" stick fairly recently for things that I have tried and failed to influence, so I have sympathy for teams where the same could very well be true.

The fact that MAUI would also benefit from supporting this suggests there is definitely more than meets the eye.
 
T

theorist9

Site Champ
Posts
613
Reaction score
563
My university requires that Trellix Endpoint Security (formerly FireEye HX) be installed on devices that access its systems. I have it on my Mac, and it doesn't seem to cause issues. But I've never had malware on any Mac I've owned (at least none I was aware of!), so I suspect it adds no value for my use case. Having said that, I do also have Malwarebytes installed, because it was recommended to me by Apple Support, and because it scans my computer just once/day and is thus pretty non-invasive.

FWIW, here's a 2021 quote from Federighi acknowledging there is an unacceptable (by Apple's standards) level of malware on Macs ( https://www.macworld.com/article/670537/do-macs-need-antivirus.html ). However, that doesn't address your question, which is whether there's ever been a documented case in which a 3rd-party anti-malware program has prevented or detected the installation of malware that MacOS did not, i.e., whether these provide any benefit to Macs.
 
Andropov

Andropov

Site Champ
Posts
620
Reaction score
780
Location
Spain
Nycturne said:
But with my time at a particular, large, bureaucratic software developer, I've learned to cut the engineers at least some slack that they know what they are doing. Direction/priorities are one thing, but generally the engineers in a situation like this aren't doing this because they want to. I've also been on the receiving end of the "why can't you just support X?" stick fairly recently for things that I have tried and failed to influence, so I have sympathy for teams where the same could very well be true.

The fact that MAUI would also benefit from supporting this suggests there is definitely more than meets the eye.
Click to expand...
Ah, absolutely. I don't think it's because of engineers not wanting to implement this either. My guess (but as you say, pure speculation) is that the macOS-style keychain API allows something the iOS keychain doesn't, and they have chosen not to ship an "inferior" (or maybe less secure?) product than their existing (macOS) solution. Which is a decision that would be taken by higher-ups.

theorist9 said:
My university requires that Trellix Endpoint Security (formerly FireEye HX) be installed on devices that access its systems. I have it on my Mac, and it doesn't seem to cause issues. But I've never had malware on any Mac I've owned (at least none I was aware of!), so I suspect it adds no value for my use case.
Click to expand...
The problem with this topic is that if an event is uncommon enough, personal experience is mostly meaningless. Like you, I've never had malware on any Mac, but I also haven't ever needed to call the fire department either. Doesn't mean there's no need for one. But it's hard to know if it's actually effective without seeing it in action.

That said, it's relieving to see that your Endpoint Security solution doesn't cause any issues / annoyances.

theorist9 said:
FWIW, here's a 2021 quote from Federighi acknowledging there is an unacceptable (by Apple's standards) level of malware on Macs ( https://www.macworld.com/article/670537/do-macs-need-antivirus.html ). However, that doesn't address your question, which is whether there's ever been a documented case in which a 3rd-party anti-malware program has prevented or detected the installation of malware that MacOS did not, i.e., whether these provide any benefit to Macs.
Click to expand...
Yeah the malware situation has worsened as the Mac has gained popularity. But I think Apple is doing a good job at stopping new malware threats still.
 
R

Roller

Elite Member
Posts
1,444
Reaction score
2,813
theorist9 said:
My university requires that Trellix Endpoint Security (formerly FireEye HX) be installed on devices that access its systems. I have it on my Mac, and it doesn't seem to cause issues. But I've never had malware on any Mac I've owned (at least none I was aware of!), so I suspect it adds no value for my use case. Having said that, I do also have Malwarebytes installed, because it was recommended to me by Apple Support, and because it scans my computer just once/day and is thus pretty non-invasive.

FWIW, here's a 2021 quote from Federighi acknowledging there is an unacceptable (by Apple's standards) level of malware on Macs ( https://www.macworld.com/article/670537/do-macs-need-antivirus.html ). However, that doesn't address your question, which is whether there's ever been a documented case in which a 3rd-party anti-malware program has prevented or detected the installation of malware that MacOS did not, i.e., whether these provide any benefit to Macs.
Click to expand...
Does your university only require the endpoint security solution on devices that connect directly to its network onsite, or does the requirement also apply to personally-owed computers that access its systems remotely?
 
T

theorist9

Site Champ
Posts
613
Reaction score
563
Roller said:
Does your university only require the endpoint security solution on devices that connect directly to its network onsite, or does the requirement also apply to personally-owed computers that access its systems remotely?
Click to expand...
It's the latter.
 
Last edited:
Nycturne

Nycturne

Elite Member
Posts
1,140
Reaction score
1,490
Roller said:
Does your university only require the endpoint security solution on devices that connect directly to its network onsite, or does the requirement also apply to personally-owed computers that access its systems remotely?
Click to expand...

I‘ll just add that the latter is true for the organization I work for as well. But generally the push is that laptops/desktops will be provided by the company, while smartphones are generally more BYOD unless you are in sales or the like.

EDIT: The end result is that folks don’t connect to company resources except from a limited set of devices, which I think is actually one of the goals. Make the end user think if it’s worth attaching every iPhone and iPad to corporate resources or not.
 
Andropov

Andropov

Site Champ
Posts
620
Reaction score
780
Location
Spain
Unfortunately it looks like there are some anti-malware solutions out there that use significant CPU power. And by significant I mean rivaling in CPU usage with the kernel (ie +700% CPU usage while using the computer for other tasks) 😂

This can be fine-tuned, but I still think it's hilarious that this can be deemed a reasonable out-of-the-box experience for a software vendor.
 

Similar threads

J
macOS Sonoma 14.4 crashes Java
Replies
15
Views
521
throAU
T
Jimmyjames
Exclaves, XNU and the future.
Replies
4
Views
282
Yoused
Yoused
Colstan
  • Poll
End of days: Intel Macs - for whom the bell tolls.
2
Replies
27
Views
1K
Yoused
Yoused
T
Benchmarking monolith vs heterogenous SoC
Replies
1
Views
249
leman
L
Colstan
Any thoughts on macOS 13 Ventura?
2 3
Replies
52
Views
3K
dysamoria
dysamoria
Top Bottom
1 2