Credit to Author: Jonny Evans| Date: Thu, 16 May 2019 06:03:00 -0700
Apple’s devices are far better defended against malware and viruses than other platforms, but does this mean they don’t need anti-virus software?
I’ve lost track of the number of times Mac users have told me Macs don’t need virus protection because they are inherently more robust against such attacks.
I’ve also lost count of how many security researchers have said that Apple devices are becoming more liable to being attacked as their market share grows.
Both are right. Both are wrong.
The nature of cyberattacks are changing.
One good illustration of how the nature of these threats are changing comes in the form of the recently-revealed Intel processor vulnerability, ‘ZombieLoad’.
This flaw lets hackers use design weaknesses in Intel chips (back to 2011) to steal data from machines, including Macs.
Apple very quickly shipped security patches to protect against this vulnerability and published a detailed support document that Mac users who handle particularly sensitive data should read.
Traditional computer security models have relied on perimeter protection – that’s things like firewalls, virus checkers and malware detection.
But these defences simply aren’t robust enough to tackle or spot a threat like ZombieLoad.
The important thing about ZombieLoad is that it shows how as platforms become more secure, attackers are exploring far more sophisticated ways to exploit devices.
They seek out vulnerabilities on a component level, and also engage in highly sophisticated phishing attacks that encourage people to click links that download malware to their machines.
These have interesting names – Roaming Mantis, for example, offered payloads that worked differently on different platforms – phishing for iOS and DNS-hijacking on Android. These attacks appear frequently, are fixed and then refined.
There have even been attempts to subvert device security before products leave the factory.
A hacker may have designed a one-off piece of malware, most likely in a standard programming language, that has only one function – to subvert security in a computer and download a more malware-infested package in the background – or to gather user data for a couple of weeks before sending it back to its command and control server in the middle of the night when no one is watching.
The complexity of such attacks makes it very difficult for existing anti-virus or anti-malware protections.
They may not even be aware of the code used in an attack – which means they won’t spot it.
Attackers are also finding ways to subvert things like Wi-Fi routers and poorly-secured connected home/office systems to penetrate networks.
The best defences against such attacks consist of a combination of traditional permiter defences as well as learning to use Apple’s built-in anti-phishing tools.
Existing security protections are being bypassed by highly sophisticated exploits, some of which may have been designed to be used once and never used again.
What does this mean to an Apple user?
It means complacency is no defence.
Merely because when you run a virus check application it doesn’t spot anything on your device doesn’t necessarily mean you’re safe.
There are Mac malware “kits” available for sale on the dark web for just a few dollars.
Many don’t work well, some don’t work at all, but a few work a little – though most of these rely on a user downloading and installing code, rather than traditional virus/malware attack trajectories. (‘Phishing’).
These increasingly sophisticated attacks leave little trace and are very difficult to detect using traditional permiter protections.
We’re also seeing rapid increase in attacks against component elements of the system — Check Point claims 51 percent of enterprises have seen attacks launched against their cloud backup systems, proving that if an attacker can’t hack your iPhone or Mac, they might try to subvert your cloud storage service instead.
In this case, machine intelligence.
Modern enterprises protect themselves using complex tools from the big security vendors.
These security firms share attack data and develop monitoring systems that watch internal and externally-bound network traffic in order to spot anomalies.
Is that little-used computer in the accounts department sending a zip file in the middle of the night over the weekend? Who to? Why?
AI is helping most platform, OS and security vendors develop monitoring systems to watch for such events.
I imagine we’ll see platform providers develop and augment existing platform-based protections with AI-driven protection in future.
I hope I’ve made an argument that speaks to the diverse and complex nature of the modern threat landscape, but what does this tell us about running anti-virus software on iOS or Mac?
I think its common sense to use malware and anti-virus protection as part of a package of security deterrents.
I also think it’s the digitally responsible thing to do. Checking your systems for viruses and malware isn’t just about protecting yourself, it’s also about protecting others (mostly on other platforms) you may inadvertently infect if your system carries a virus.
I’m not convinced such protections need to be ‘always-on’ when using Apple’s systems, in part because the attacks most likely to subvert those systems tend to be undefined, but also because the checkers tend to slow our systems down.
However, as the nature of cyber-attack continues to change, I think it’s important that every user does what they can to protect themselves – and others.