Jump to content
MAXBAR1

"Under the Radar – The Future of Undetected Malware" and Malwarebytes for M

Recommended Posts

I read the document by Adam Kujawa downloadable from your blog entitled: "Under the Radar - The Future of Undetected Malware "
In particular, I focused on the paragraphs "Current Protection That's Lacking" and "Current protection that's effective".
I wanted to know about the document and in particular the paragraphs that I have quoted news related to Malwarebytes for Mac giving to acquired what Thomas wrote to me in this post.

 

Share this post


Link to post
Share on other sites

It's important to keep in mind that that report is specific to Windows malware, and the Mac threat landscape is very different. The same rules cannot be applied to both. There's some good information in that article, but Macs are probably 10 years or more behind Windows in terms of the threat landscape. Current Mac malware tends to be extremely simple.

Share this post


Link to post
Share on other sites
2 hours ago, treed said:

It's important to keep in mind that that report is specific to Windows malware, and the Mac threat landscape is very different. The same rules cannot be applied to both. There's some good information in that article, but Macs are probably 10 years or more behind Windows in terms of the threat landscape. Current Mac malware tends to be extremely simple.

Very much this ^.  For the bad guys, mobile and Mac based platforms are relatively new targets and they aren't as familiar with them as they are with Windows, having worked in the WIntel/x86/x64 world for so long, so it's going to take some catching up for things to get anywhere near as bad on those alternative platforms as they have become in the world of Windows PCs.

The overall threat landscape as a whole has also changed, with many of the bad guys no longer trying so hard to gain root level access to the software and devices they're attacking, relying much more often on social engineering like scams and scare tactics (things like tech support scams and blackmail attempts by leveraging old/outdated credentials from past data breaches etc.) because it's a matter of economics.  The time-to-live, or shelf-life if you will, of modern threats is relatively short with so many threat researchers constantly hunting for new malware samples and attacks, and with so much of the world online and with the advances in cloud computing, data sharing and AI/Machine Learning etc., it's harder than ever for them to develop a threat that will stand the test of time without frequent modifications (meaning more labor on their part for the same or less profits), so making quick, easy, cookie cutter model scams and simple threats that they can easily rewrite to evade detection for a short time are much more attractive since the main objective is profit.

On the other side where you deal with hostile governments and organizations looking to attack infrastructure, infiltrate government and business/financial targets things are different.  They do take the time to further obfuscate their threats and attacks, however they also work to craft their threats and attacks to be specialized for their intended targets (APTs and the like) rather than trying to infect as many systems as possible because they don't want threat researchers to get their hands on samples of their more specialized stealth malware or to patch the 0-day vulnerabilities they might be exploiting as parts of their attacks on their intended targets.

With that said, vulnerabilities are always a concern, and leveraging good anti-exploit technology and system hardening techniques is a must, however even that doesn't guarantee security (but it definitely helps a LOT) which is one reason I won't go online without Malwarebytes onboard.

Share this post


Link to post
Share on other sites

Hey ! 

A bit out of the blue, I jump into your interaction here but but I have a big question kinda related to the 1st comment. And nobody from Malwarebytes really answered me (even so, without any doute, you are the best support them I ever saw from such a big company)

Question is, 

I can read and read and read that, almost for every MBmember.. At the second they turn on  Malwarebytes (even for people without warning alert or slow mac/update) , they all have been able to find a big amount of compromise files or big troubleshoot log on visible on there finder etc.. 

Do misunderstand me..  Not beeing called or stress by a malware I am more than happy ! But it provoque such a contraste with what I said higher or on the other ticket that it comes weird..

I run Malwarebytes Mac since  a certain period of time  and I never received any info from my product.. Never had a warning while using the internet (safari but I also tried Chrome or FF), never had any error or "feedback" from the app you download.

I tried to relaunch the app, I also try to remove and add the app back ut still the same issue.. Now, I even have (when I remove a bit all thoses files) at least an other similar  "MBytes"app but under an other files name via Finder or even some times under classifie on a file about kitchen or weird stuff like that. and under a file on a other name ( app with the termination -user or -agent.were for MBytes)

I know, I know.. I still can use my mac, I have no trouble with my passwords but still ! I want to be proactive or who knows.. Find a new sleepy malware or so !

 

Thanks a lot for your answer already !

Share this post


Link to post
Share on other sites

I've read your reply here three times and still can't find your question. Maybe include a question mark after stating it would help us.

I must add that hijacking another users thread is rather impolite. So if you will please return to your original posting and clearly state the problem or question you still have, I (and I'm sure the staff) will do their best to help you out.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.