Jump to content

LEO LAPORTE EPISODE 1556


Recommended Posts

Leo Laporte specifically said there was no need to have antivirus software on any device, desktop, mobile, Windows or MacOS.  He also specifically said there was no need to have Malwarebytes.   Episode 1556 Saturday 12 January 2019.  Reason is, antivirus and malware software provide an attack vector to your operating system.  Windows 10 now runs their solution in a sandbox environment which keeps it isolated from the core operating system.

Link to post
Share on other sites

https://techguylabs.com/episodes/1556#main (Last question of hour 2). Not yet available on iTunes, as of this posting.

The attack vector discussions (mostly theoretical) have been ongoing for a couple of years now, but at least on the Mac side have recently been renewed by several macOS security bloggers. The problem with macOS is that we rely on Gatekeeper to prevent such things, but Gatekeeper only thoroughly checks apps on first launch. It's also possible to avoid Gatekeeper entirely, but that's a somewhat different issue. So if an attacker is somehow able to make changes to that app without breaking it after the first launch, it could be modified to act as malware. I don't follow things on the Windows side, but I'm not aware of any example threats on the Mac side. There have been a couple of examples of legitimate app sites that were hacked and a malicious version of the app with a different legitimate Apple DeveloperID signature being posted. The DeveloperID was quickly revoked and the original app developer removed the malicious app, but a few users were infected. There was also malware that masqueraded as "Symantec Malware Detector", but these aren't actually representative of the problem mentioned.

The obvious fix is for Apple to make Gatekeeper more robust in it's ability to detect such modifications after the fact. But that will slow down each and every launch to varying extents, so that's probably why it hasn't been done yet. 

The best near term answer is for more developers to run their own checks at launch to ensure the integrity of their app has not been compromised. A few developers have been doing that for a very long time, but it's not yet common practice.

Here's a more technical discussion of the issue that was recently posted by Howard Oakley: App signatures are always checked on launch, but serious errors may be ignored.

Link to post
Share on other sites

14 hours ago, alvarnell said:

The attack vector discussions (mostly theoretical)

Any software other than OS that is allowed to run in Kernel Space such as AV is a juicy target for bad guys.  Windows newest sandbox technology provides another layer of protection. Moving away from traditional need to run applications locally will continue due to lucrative subscription services and more advanced security threats.  The closed ecosystem Apple provides is also moving to software as a service which will further diminish need for 3rd party AV.

Link to post
Share on other sites

  • Staff

This is a common statement made by people who are totally ignorant of the threat landscape and of how the average person uses their computer. I've never heard of Leo Laporte, but he's obviously one of those.

There are a lot of experts like Mr. Laporte who fall into this category, who believe that everyone should be able to simply and easily avoid malware, and thus the risks of adding software to the system are - to them - unacceptable. These people have become so blinded by their own technical expertise that they cannot fathom how anyone could "allow" themselves to be infected.

In the real world, the average person cannot so easily avoid malware. There have even been cases of malware infecting very savvy people, such as developers. Case in point: a developer at Panic was infected with malware via a supply chain attack involving the popular Handbrake app. As a result, Panic's source code was stolen. I myself could have fallen for this as well, as I use Handbrake.

https://panic.com/blog/stolen-source-code/

These supply chain attacks have become moderately frequent in the last couple years, but are not everyday occurrences. More common are social engineering attacks, such as websites that tell you that you need to install Flash in order to view the content, then deliver a fake Flash installer. I've heard people say that only stupid people should fall for this kind of thing, but I find that idea highly offensive. Good people fall for these scams every day, and get themselves infected as a result.

Now, is it theoretically possible that a vulnerability in security software could lead to an infection? Sure. Is there a higher likelihood of that happening than of more common social engineering attacks, supply chain attacks, etc? Absolutely not, unless you're the target of a nation-state or other highly sophisticated adversary.

If you personally do not feel the need for AV software, then by all means don't use it. But please do not belittle those who do get infected by suggesting that it is somehow their fault, and do not spread the nonsense that AV software is more dangerous than not having it. I see, day in and day out, the effects of not having AV software on countless Mac users. You can see those effects just by browsing these forums for five minutes.

Link to post
Share on other sites

10 hours ago, lancem631 said:

The closed ecosystem Apple provides is also moving to software as a service which will further diminish need for 3rd party AV.

That has certainly been true of the iOS environment, but movement to that end in macOS has been glacially slow. I see nothing in the area of security to support that statement.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.