Tasks for the weekend – October 23, 2021 – what should an Apple user do?

Topic

New Reply

Youtube here If you are an Apple Mac or phone user, what are some of the basic computer steps you should do? First off, just like with Microsoft platf
[See the full post at: Tasks for the weekend – October 23, 2021 – what should an Apple user do?]

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

bassmanzam, scoobydoo, Alex5723, DrBonzo

Reply | Quote

Replies

I know Apple is becoming more and more prone to attacks. I have looked into antivirus for ios, but still I’m not sure what is best. Any suggestions? I can keep my devices updated

I am still on a Windows laptop but will be transitioning to a Mac in a few months. What antivirus is best for Mac? Thanks.

Reply | Quote

I don’t think an antivirus on IOS (Iphones) or IpadOS (Ipads) is useful at all.

From my understanding, if things haven’t changed, IOS is so guarded that antiviruses don’t have the low-level access they require normally to do anything useful. Maybe they could scan your files in the files area for potential viruses, but it would generally don’t mean much because you would already have opened the file and if you got hacked, anything can happen including maybe your antivirus being rendered useless.

When you use a browser on IOS, it is always a skin on the Safari engine behind, so Apple controls everything and they issue the security patches for Safari. You could add a layer of control for scripts using Firefox focus maybe if you want to lower your risk of browsing, but when I tried it, it froze my phone, although it was when IOS 13 was just out I think so maybe it was more related to that.

The antivirus is just an app like any other app having no more access than a regular app running in the IOS sandbox, which means it is really limited in what it can access. It can read files and see if they have a virus, but it can’t protect you from being infected by hooking itself up to all parts of your OS and apps. It is just an app insulated from other apps and is limited by the permission system of IOS.

So, I don’t think having an antivirus on IOS is useful at all. If you get attacked, it might be with a zero day and then you might be infected without the antivirus preventing the attack. For example, if someone uses an iMessage vulnerability to infect you by sending you an infected message, the antivirus won’t even see it because it doesn’t have access to iMessage.

In conclusion, on IOS, you are better updating to the latest version of IOS that fixes security issues to reduce your risk of infection. That is your best protection by far. The platform is very safe by default. It is nothing like Windows giving the keys to the kingdom easily if not managed. So keep your device updated, this is your best protection.

The good thing is it seems Apple listened to my long time complaint (I love to kid myself thinking I have so much influence) and now provides a clear security updates path for an older version of IOS without requiring you to download the latest and most full of bugs version. That is amazing.

So now, when you check for updates, you can stay on 14 and keep it up to date with security patches for now or jump to 15 if you feel adventurous and like to experience bugs that are common in new yearly releases. Apple has been good and bad depending on the release with new releases. I think early versions were good and it got progressively worse as they included more features like cloud, 10 was bad, 11 was awful, they even made amend, they did a great job on 12, then 13 was back to too much bugs early which was surprising considering the amend and the fact that 12 was so much better as an update, 14 was a non event for me but I don’t know in general, then I am not on 15 yet.

As for older devices that can run 12, the cleaned up version 11 as I would call it, Apple seem to have recently in the last few years continued to patch them at least in part with security patches even if they can’t run the later IOS versions. That is great and is good for the environment. My previous gripe with them is that they never told people they were running an unpatched OS and that it can be dangerous when they stopped supporting the device, unlike Microsoft. I guess they arrogantly decided the risk was low enough to just not talk about it and be exposed to criticisms about the support life of their toys. Sometimes, they were bad with early devices like Ipad 1 that didn’t get much support life.

Now, they seem to provide some security patches, but it is not clear if it is for the most dangerous vulnerabilities, ones that can be triggered remotely without your intervention for example, or if it covers all security issues. Apple is still not disclosing enough to take an informed decision, but I suppose they weight the risk of a public outcry over a big potential security issue and the cost of patching. I think they are going in the right direction. They still have some improvements to make on the security management aspect, but their platform is so secure by default due to its architecture that it doesn’t seem to have led to massive issues like I thought might happen years ago when smartphones arrived and thought that Windows on a phone would be a disaster for security.

So at home, I wouldn’t worry too much running a patched IOS 12 device, but I might not do sensitive things on it. In business, they probably would have replaced the device a long time ago anyway. We can celebrate that Apple seems to always add more support to its older devices as these got more powerful. It is good for the environment, and it might be good for their reputation too and their ability to charge a high premium for a device that can last, being well supported.

With that and the privacy initiatives, Apple now more than ever sells peace of mind in a world of IT chaos that just gets worse, with Microsoft participating in this with its too frequent feature releases that nobody asked and the issues they bring. What’s funny is that Microsoft presents Windows 11 as an answer to that with its new skin and removal of features and menus to give you peace of mind and bring serenity to your life but in reality it makes your life harder! As long as they let marketing dictate what to do while doing technical nonsense behind, they won’t get anywhere in this respect to win back trust because too many power users will call them out. Too bad because Windows is so great in many ways.

In the meantime, Apple is betting that they can offer an alternative to privacy invading Google while offering peace of mind from Microsoft’s world. This is a pretty nice spot to be in, strategically and if anything real bad happen to one or the other, on the privacy front or with a hack, it is just good news for Apple, but they have the challenge to deliver on this promise, that is why they can’t afford to let older unsecured devices run.

Reply | Quote

Thank you for your thoughtful reply. The article from consumer reports that Susan had posted said this –

Use AV software. Macs and mobile devices need antivirus software, too. And there are a bunch of security suites out there that will cover nearly all of your gadgets, whether they run Android, iOS, MacOS, or Windows.

As mentioned before, due to Apple security restrictions, AV software can’t scan iPhones for viruses, but it can do other helpful things like block malicious websites, calls, and texts.

I am using DuckDuckGo and I know Safari (which has some protections) is in the background.  So I was thinking I’d get something just for the reasons above.  I appreciate the information you provided

 

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Thanks for bringing that point.

If indeed they can do that on IOS, it would maybe be a reason you might want one. However, it is probably doing so using a black list, so maybe not that efficient and always in a reactive mode. A lot of attacks are not known to antiviruses, but it is also true with emails and files.

Being up to date with your OS might prevent attacks better than a black list for receiving a bad text message that would target a patched vulnerability, but you might appreciate having more layers just in case.

On IOS, I am confident not wasting battery on antiviruses. I don’t receive unknown text messages and I am not sure how a call could infect me. As for visiting bad sites, it depends what you are doing on it and if they target an unpatched vulnerability again or if they ask for personal information and you give it to them. I must admit on a PC, sometimes when the antivirus flags a bad web site, I think it wasn’t a bad idea to have it on the PC as I won’t mindlessly authorize javascript on it and just move away.

IOS is less vulnerable, but if you feel it improves your security and you don’t mind the drawbacks (processing, battery, price), then I agree it might be worth it.

Reply | Quote

thanks I will take your advice and skip the AV software.  I keep my devices updated.  I can check urls on Virus Total. I try to be very careful with messages and emails – I can usually spot malicious ones and I don’t click on any links.

Reply | Quote

To my understanding, you don’t need anti-virus for iOS (or Android, for that matter), because both operating systems are designed with security in mind. All apps that you run on those systems are sandboxed by default, limiting the damage they can cause. This includes anti-virus apps—hence why anti-virus apps on iOS and Android are limited in their ability to protect you, because they too are sandboxed just like the malware they’re trying to stop.

The best way to keep your device secure is to stay on top of security patches, since most malware on these platforms exploit unpatched security holes. If malware infects your system that badly, no sandboxed anti-virus app can help you—and the answer surely isn’t to have an unsandboxed anti-virus app go after it and open up yet another security hole on your device!

For Mac, I also don’t use an anti-virus program because macOS has protections built in. macOS ships with XProtect that automatically scans apps for malware. macOS can also automatically remove malware, and the changes will be applied the next time you restart (so just restart your Mac every once in a while). I also have a Windows PC, and allowed the anti-virus license to lapse and just switched back to Windows’ built-in anti-virus offerings. Windows has certainly improved on the security of Windows since the Windows XP days (when pretty much every app could run with admin privileges). I exercise due diligence, keep my systems patched, and keep an eye out for social engineering attacks. For most people, you can save some money by skipping the third-party anti-virus solutions, because the built-in protections are sufficient for most cases.

In the past, I would recommend Bitdefender or Kaspersky to protect Windows and Mac computers. These days, though, all four of the major operating systems—Windows, macOS, Android, and iOS—have all gotten some sort of anti-malware protections built-in, so it’s possible to save some money and just use those rather than shelling out for third-party anti-virus apps (remember: free anti-virus apps aren’t free at all).

1 user thanked author for this post.

dmt_3904

Reply | Quote

Tell that to the targeted journalists that received messages through (I believe) text messages that were then using unpatched vulnerabilities in the platform to then snoop on them.  https://bgr.com/tech/how-an-nyt-reporter-was-targeted-by-an-invisible-iphone-hack/  One of the things we tend not to do it totally reboot your phone on a regular basis.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I agree with you Susan that a zero day targeting SMS or iMessage or Safari might break the defenses, but having an antivirus on top would likely not have blocked this since there is more chance than an unpatched vulnerability at Apple is not known from antiviruses either.

So unless there is something I didn’t get from your answer, keeping your Iphone up to date is the best advice before adding an antivirus, plus maybe rebooting your phone regularly like you suggest although it is not clear how much it helps because it might work only with certain type of malware that didn’t exploit a vulnerability to go very deep.

My point is I am not sure how a blacklist operated antivirus add to the protection of an already pretty safe platform when it is patched. Maybe it can help avoid a generally known bad web site where there could be a new zero day today, but I don’t know how often people go to known bad web sites and they would have the bad luck of stumbling on a zero day at the same time. If a zero day is too large scale, it will be found quickly. Targeted attacks are more successful if they are less visible. Those vulnerabilities are not on blacklists.

If we were talking about other type of proactive defenses like what EMET did on Windows to reduce the risk of a successful buffer overflow and other type of attacks at a general level, then it would be different, but no such antivirus exists on IOS since low level access is not granted so they seem to be condemned to reactive measures using blacklists, which is pretty poor as a protection for emerging threats.

1 user thanked author for this post.

Alex5723

Reply | Quote

You say:

Next you need to make sure you are aware of Apple updates when they come out. I’d recommend that you sign up for the Apple security update notification service if you own either a Mac computer or an iPhone

but when I click on the link it does not go to a signup page, only to the October update status page for all OS types. Am I misinterpreting that sentence?

Reply | Quote

I copied and pasted wrong – here’s the sign up page Security-announce Info Page (apple.com)

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Thanks, Susan!

Reply | Quote

Wow, that Apple security updates mailing list sign-up page looks like it was written in the early 1990s for text-only displays…

No matter where you go, there you are.

Reply | Quote

Yup hasn’t changed in years.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

They’re using Mailman 2.1.34, which is only one version behind the current 2.1 release (2.1.35), so they have been updating it.

(Yes, Apple does use open source software)

Reply | Quote

There are macOS Defensive Computing suggestions here

https://defensivecomputingchecklist.com/#applemac

I am not a mac user, but of all the things listed, I would start with a firewall. At the least, enable the pre-installed one. Better yet, pay for Little Snitch which is a two way firewall that all mac users seem to adore. LuLu is free and sits in-between the pre-installed firewall and Little Snitch.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

AlexEiffel

Reply | Quote

I subscribed to the mailing list Susan recommended and it is nice to see quickly there is a new security update out. Plus, you can easily see they push updates to Safari through the store, which means that there is a good chance even users of older patched IOS versions not running later ones because their hardware doesn’t allow it still get the updates they need to stay safe with the browser, running the same Safari app from the store as IOS 15 users. You can see updates of Safari addressing webkit vulnerabilities. Some unknown remains, but the more I learn, the better it looks, especially now that they clearly push security updates to older IOS versions.

Reply | Quote

MacOS Monterey:  12.0.1-12.13 GB download. YIKES!!!!

Reply | Quote

Better hope for a stable internet connection! Why does it have to be so big? I’m running Catalina and before Monterey was offered, the Big Sur download was listed as something like 11.9 – 13.1 (I don’t remember for sure).

Apple says my hardware (mid 2017 iMAC and MacBook Air) will run Monterey, but I’m wondering how well since I have the impression Apple seems to be tossing Intel hardware aside.

1 user thanked author for this post.

bassmanzam

Reply | Quote

That happened when they moved to Intel too. They’re looking at all ARM in the next 2 years, I think.
The chips are really better – no heat buildup at all from my M1 MacMini, even running a VM. And they are getting away from the built-in vulnerability in the Intel chips.

2 users thanked author for this post.

Alex5723, DrBonzo

Reply | Quote