Technically, a virus is malware. While it has a more specific meaning and thus it's akin to the standard comparison of a square and a rectangle, I'd say in this instance you're good.
@@anon_y_mousse The problem is that this is not a virus, it is a trojan. Viruses are designed to alter or destroy data. Trojans are used to steal data.
You can only use the term virus if it is self propagating. To this day no one has ever seen a "virus" on a Mac. Spyware and malware on the other hand...
There is a possibility that Apple already patched this with the latest "Rapid Security Response" 13.3.1 (a). It was the first time Apple used this way of patching security vulnerabilities and they have not disclosed what exactly they fixed. Given the timing, it would make sense. Patch 13.3.1 (a) was released on 1st May
Probably, yeah. But, the Rapid Security Response deployed not only for macOS, but for iPadOS as well. I’ve just done the update a few hours ago actually.
To be exact, a DMG file is a disk image file which could contain anything. It is mostly used to ship applications in it with the background picture changed so it tells you what to do to install it. Because applications on a mac appear to the user like a single movable file it mostly tells you to drag and drop that application file onto a shortcut which is linked to the macs application folder. That way it appears in your dashboard etc. and is „properly installed“ (although you COULD just execute it from the dmg aswell) It seems they are taking advantage of people being used just following whatever the background of that dmg file says to make them execute their malware. Either its an application inside a dmg file OR an actual installer (.pkg file) but not the mix of both these bad actors have shipped
macOS or Windows, you just don't click on a random link, don't open attached files from an unknown sender, don't allow disk access to random apps you found online. I feel cybersecurity should be taught in school by this point.
@@itsROMPERS... it's literally being used in this video. Also, who are you to decide how people communicate? OSX is still commonly used to refer to macOS in my bubble.
@@Blitterbug I never said it wasn't used often, i said it was WRONG because Apple changed the name in 2016. You can call your MacBook a "PowerBook", because Apple did call its laptops by that name decades ago, but they don't anymore, so it's wrong. OSX is just not what it's called by its maker anymore. What is hard about this?
@@itsROMPERS... You miss my point somewhat ;) I'm saying it's pedantic to quibble. To many seasoned Unix developers like me it'll always be OSX, not the trendy MacOS.
The problem with macOS and linux for security is that if an app has your password, they can invoke any process as sudo. On windows, if an app has the password, they can't do anything, they still have to open the UAC prompt.
Yes, and once they do that, the sheep are of course going to click Yes. And you don't really need to do much to gain admin privs in Windows anyways. Linux has a much more secure design by default and privilege management is a hundred times better there.
But even being root/sudo is not enough to access certain areas of macOS. That’s why as shown in the video, even though the virus is given the user’s password, there’s still a pop up to access various folders.
Had to head to the comments to see if anyone else caught this definition reassignment. Conflating a virus with a user initiated exploit is a stretch. I don't normally engage in splitting hairs over definitions, but in this case I will. The marketshare argument is a mass adoption of a flawed opinion. Just because Mac or Linux does not have the same adoption rate that Windows does, does not mean that there is not an incentive to create "programs" of malicious intent on the others. There is now and has always been many different incentives to create programs for all three platforms, and the different motivations (financial, foss, watch the world burn) are shared as well. Windows it is pretty much the only operating system that has suffered from viruses (self-replicating malware). Sure, exploits exist across all platforms; if a bad actor, government really wants to spy on you, it will. Windows obtained this reputation not because of market share, but because of an engineering decision. Security was and always has been secondary (or non-existent) to "ease of use" in order to achieve Mass adoption. Microsoft lives by the philosophy, run now ask questions later. 😂 *nix has a super user, nothing runs accidentally. sure it can be exploited and hacked, but it is a no-mans-land for "viruses."
When I had a Mac I knew not many viruses were made for it, but I also knew there were at the same time, so IMO it's the same usage because either way, you never know when you could get something.
As a Mac user, that pop-up looks really sketchy and is completely different from any other gatekeeper pop-up macOS uses, also macOS is spelled wrong (the m is capital, small mistake but not something Apple would do) also it says System Preferences, which does not exist anymore Pretty much any savvy Mac user would instantly see this as malware but I think multiple people could easily fall for this and not notice it, I hope Apple adds a security feature to prevent users typing in their mac passwords in text fields that aren’t from gatekeeper or the terminal
If you downloaded this sht from some dodgy place on the internet you're in either of 2 groups: - you downloaded it on purpose knowing that it's dodgy, e.g. to test it - you downloaded it because you're clueless and no amount of prompts will make you think about whether you're doing the right thing.
As information for non macOS users: When opening an App that's downloaded from an non Apple source for the first time, macOS will warn that it could be dangerous. When the file itself is trusted by Apple you can just click continue on the warning and the App will run like normal. When the file isn't trusted by Apple macOS won't show the continue button (just cancel and delete buttons) when the file was opened via a double click or a Link from another App. The only way to make the continue button show up is by right clicking the file and clicking open. So that's why the tutorial was there in the installer.
One thing you can do is type an incorrect password, and if it's legit it'll say "nope thats not your password" but if it's a virus and doesn't know your passowrd or isn't going through apple's apis and stuff it'll just accept that as your password and fail stuff that requires passwords.
It's not just smaller market share , Macs aren't invulnerable, but they objectively are more secure simply because Apple writes the operating system for just 5-6 configurations of their own hardware. Windows relies on thousands of vendors to make it run on everything. There is no comparison in terms of avenues of attack
You're confusing the reasons for their better reliability and stability with resistance to infection. No IT pro would make this mistake, even though you make great points about the OS being inherently more crashproof.
The HOLY RULE of computer security is to be extremely cautious about using promoting root/admin privilegies to ANYTHING. If you are going to permit the admin access, remember, you're handling all the keys to your computer to the requesting programm. Permit the admin access to an app only if you are ABSOLUTELY sure it's safe. The app with admin rights can do absolutely everything on your computer - it can take anything it wants and it can ruin your OS so you'll end up reinstalling the whole computer. The best practice I came to after years of computer fixing is to not to give admin password to the owner of the computer. If the owner needs to install something - owner just calls the specialist and he installs everything. You may end up newer give up the password to the computer owner if doesn't need it at all and he'll be using that computer for many years without a single issue. If the owner needs the admin privs from time to time for some reason, you can give it to him after making sure he understands importance of the admin privileges and knows that he shouldn't ever use it if he's not sure about safety. This way he'll make couple of mistakes in the process and will become a great computer user that knows what he's doing and has no computer problems. Sure you have to explain the other good practices to the user as well, but this topic is the far most important one.
Год назад+4
Doing tech support for my friends, it is kind of insane how much maleware there is on apple devices lately. Never had problems until about a year ago. Now, I have dealt with 4 devices that got maleware. Their "defender" software doesen't seem to be the best honestly. Ironically, it was a long time ago where I had to remove maleware from windows. But my windows user friends are also a bit more tech savy because their hobbies are gaming.
Mac user here, never believed mac had no virus, so never lower my guard down. giving this is happening all the time, What your take on EU force apple to allow side loading apps.
So the Mac is more secure than Windows - it has to trick you into voluntarily installing it. This is very different from the Windows world, where the software can install itself without any user intervention. As a Linux user, i have to authenticate as a user in the administrator group before any software can install itself into the system. Of course, in all Unix type operating systems, any user can install software locally in his own directory, but that won't impact any other user or the system as a whole.
this actually, the program literally have to prompt the user to enter password and allow access to docs and desktop, this is similar to WiLL yOu KiNdLy GiVe YoUr BaNk PaSSwOrD ? totally different from windows case
Exactly. In Unix or in a Unix variant such as macOS or Linux, you have to first actively not only start the software installation but secondly, give your local Admin password.
@@toms5996 Why would the virus need superuser access when it's after your user data - running as you the user? All it needs is +x and to run with user priviledge to get everything, right? You're not putting in your password to run a browser and it's not after taking over the machine, just your chromium/firefox database. Or does something like SELinux effectively prevent this?
Given your linux installation has all the up to date security patches against exploits. And that you don't open an archive and click on a document that's actually an executable
Thanks for keeping us in the loop. This video actually gave me some reassurance that my security is fine. Just don’t install random crap and don’t always press allow and accept. Seems kind of obvious to me. But I can see how other people can fall for this.
I love how the title makes it sound like a new game or something just came out. I'm just imagining Thio saying "Eyo guys, Macs just dropped a new virus, only 50 have been made, so go buy them asap."
Especially in a place that is only protected with something as weak as the system password (Most people type that in constantly so they generally use weak ones). Password manager should use a separate password, which is why people should use Keypass over the OS or built in Browser one.
Appreciate the update. It's basically always been true that Macs aren't invulnerable to viruses, there are just fewer viruses that target them. We could all use a reminder once in a while to be vigilant. But no, I've always been too terrified to download anything I'm not 100% sure is from a reliable site.
Personally, I avoid password managers and instead I base my passwords on some phrase relevant to the site I'm logging into and then alphabet shift it. So they're easy to remember but impossible to guess.
I seem to remember someone in one of my elementary schools (primary school) arguing that Macs don't get viruses... I think it might've been the teacher of the computer lab. I was smart enough to know that couldn't possibly be true.
I knew I was not going mad. A few weeks ago i thought I was hacked but this makes so much more sense. I literally reset everything and have been increasing my security processes to this day 💀. I had the felling it was something related with keychain and I did have motion before so I wouldn’t be surprised if this were it.anyone knows if it also was designed to affect iOS too?
@@Warp2090 oh I definitely. While much more secure it is absolutely not airtight. No system is really. I don’t know what I got but it certainly affected my Mac, iPhone and iPad. Idk what it was but it sure made me a bit paranoid for a while. 💀
Technically, it's not a virus but trojan. By neglecting basic data hygiene you can get malware on anything and if user is stupid, no antivirus will help. Second, unix based systems are inherently more secure, although windows has catched up quite a bit during last decade or so. Anyway, thanks for the useful information!
Had to head to the comments to see if anyone else caught this definition reassignment. Conflating a virus with a user initiated exploit is a stretch. I don't normally engage in splitting hairs over definitions, but in this case I will. The marketshare argument is a mass adoption of a flawed opinion. Just because Mac or Linux does not have the same adoption rate that Windows does, does not mean that there is not an incentive to create "programs" of malicious intent on the others. There is now and has always been many different incentives to create programs for all three platforms, and the different motivations (financial, foss, watch the world burn) are shared as well. Windows it is pretty much the only operating system that has suffered from viruses (self-replicating malware). Sure, exploits exist across all platforms, but if a bad actor, government really wants to spy on you, it will. Windows obtained this reputation not because of market share, but because of an engineering decision. Security was and always has been secondary (or non-existent) to "ease of use" in order to achieve Mass adoption. Microsoft lives by the philosophy, run now ask questions later. 😂 *nix has a super user, nothing runs accidentally. sure it can be exploited and hacked, but it is a no-mans-land for "viruses."
I never encountered a virus that bad, but once I did encounter a browser that hijacked my favourite browser safari and all I could use was yahoo as a search engine and luckily, after a while, I was able to get rid of it and it's been a long time and I was wiped at Mac a couple times after
It also follows that the support and developer culture at Apple does not serve as a good model for application or system security foundations. For example, many people assume the eco-system cannot be gamed, but this has happened multiple times. Assuming the Apple Store or the Google store are beacons of integrity and reliability have to be measured relativistically. Technicians are also sadly biased by their perceived success. When all the targets are WIN boxes and not Apple, it gives the appearance of immunity from poorly designed systems and information management platforms. Any box that allows a person to answer the prompt "Go ahead and modify the system in a way that is not transparent or obvious to you? You're going to have to anyway. That last part is the kicker, it is literally the Apple OS and Dev support answers to questions that are outside the scope of any basic technical issue.
It's not a dshonest app, it backs up all your passwords and other stuff... that feature is just unlisted. Like how photoshop can remember your settings.
Not really. 2FA is an added layer of security, that's still effective if it's stored in the password manager. It's so a malicious actor cannot brute force your password, or take advantage of a recent company hack. If you can't trust your 2FA codes to your password manager, you shouldn't trust your password manager. Never use password managers built into an OS or browser, but on a dedicated manager like Bitwarden or 1Password, it should be fine.
@@madness1931 Your extra layer of security should be stored in a different place/way/device/system. While it's true that they can't brute force their way in, you still have a single point of contact if your system gets compromised. It's not about whether you trust your password manager or not, it's not good practice to have everything in one place.
We use to joke that you didn't see that many virus on MAC because the people who wrote the virus used MAC and they didn't want to get attacked by themselves.
I'm a MacUser, and that concerns me a little bit since I used the keychain as mention also for 2fa, so onetime-passwords + username + password are all in the same place. (Maybe not the best idea to begin with). Usually I try to get my software from the App Store but yeah, I'll be definitely a little bit more alerted now. :P I lately "secured" my Apple ID with Security Keys, but if you have the password on a logged in device, you can simply remove then, so this wouldn't protect anything either...
Great video, however when you mentioned how Macs aren't inherently more secure than their windows counterparts, but rather they are rarely targeted by hackers since they are fewer out there, then you would have to conclude that using a Mac, one would be 'safer' or 'less likely to be a victim' of hackers, viruses and maleware since they have so much less of a threat vector. Cheers
@@anon_y_mousse I am not sure if that is what ThioJoe meant when he said Macs weren't hacked as much as Windows, it could be for the reason you suggest, I am just saying, if you say Macs arent infected nearly as much as Windows, then you are inherently admitting that the odds are in your favor in youre on a Mac.
@@RomanBartocci I wasn't speaking as to what he meant, only that depending on security through obscurity is a giant risk. Windows is closed source and the key parts of MacOS here are, so no one can audit the code who's an outside observer.
I am a Mac user; I was introduced to them through work. I have had virus protection about twenty five years, originally through work but later through my own efforts. To date I have not suffered a virus, Trojan horse, etc. but I have stayed away from unfamiliar sites. Am I invulnerable? Certainly not.
The last and only time I got a virus on a Mac was about thirty years ago. I used to buy and use virus software but it seemed so useless I stopped using it. Hopefully I don’t come to regret that. After thirty years of no viruses it’s difficult to start using them.
Never gotten a virus that needs user interaction. The viruses I'm scared of are those you never see, and never need you to make a mistake. But i don't know how many of those that exists.
At issue is this; one's system is only as secure as the user allows it to be. Typically it's PEBCAK - Problem Exists Between Chair And Keyboard. If someone gives Administrator access (root access) of course everything on the system is harvest-able. Been a Mac user for over 15 years and I've never had a virus or malware of any kind on any of my numerous Mac systems & OSes in all that time. I can't say that about the Windows based PCs I've owned & used however. Bottom line is, no software can protect users totally from themselves, they mustn't be careless or reckless when downloading or going on to unknown or dark sites. A little common sense goes a long, long way.
Also, Mac should be a high-value target because Apple users are obviously richer than Windows users on average because of the "Apple tax"; people who can afford luxury-product prices are better targets. (Yes, obviously that's not 100% true and there are plenty of exceptions on both sides, but again, _generally._ )
Macs* Also no, mac users are not richer than windows users, in fact they are probably more poor than windows users because Apple products are overpriced. Windows is luxury. Its also good. What you said is very false.
@@Warp2090 Macs are expensive and can only be owned by people with money, and because of the way the system is set up, many people keep their passwords and credit cards on their computers. In Windows you can have a computer from €200 to one from €4000 or more, although users usually do not keep all that relevant information on their computer.
@@noahtorocalzado Yeah because the average windows user has a iq above 70. They use a usb key thingy to store passwords and such. (its some special key thing that is 100% virus and hack proof) (not kidding) Even if someone stole your key, they would need a ton of info if they put it in a unknown device.
At least macOS has a good API which requires software to request permission before accessing the file system or many other functions, the windows version of this is literally just a pop up window asking if the user wants to allow the program to "make changes to their computer", which could literally mean anything and everything; making it basically a useless popup because every program requires it. It's not to say that macs are 100% safe, but the robust security functions make it way more secure than windows.
would be cool to see you do a video on objectivesee’s software, they make anti-malware tools, dunno if you have a mac to throw malware at the software but yea
I install a few web downloaded applications on my MacBook Air, but the instant any application asks me to enter my password, I cancel and delete. Not worth the risk if I'm also taking a risk by installing outside of Apple's ecosystem. I hope github stuff remains relatively safe as I do use that a lot, but it's only with very high user count things such as ytdlp, and some retro decompilation items.
To be fair, you have to work for it on the Mac to make a virus run as a user. You have to allow it to run, which in most cases requires admin privileges. Which in a normal user account would pop up an additional warning. Never download an app from anywhere but the official website. Big download sites like what CNET had, or stuff like Softonic which hosts their own copies of ads. Anything that's not run by the developer of the app is not trustworthy.
I have a Chromebook and I have anti-virus and internet security software as well as a VPN so am I safe if I have a MacBook on it too. (I don't have a Mac Book yet but I'm getting one soon). But I don't usually go on unusual sites or open weird e-mails.
Macs are at the same security level as windows just that there are not much viruses made for mac as compared to windows. Its like I can say Linux is most secure as no one targets it.
The thing is, is that windows has a ton of good anti viruses while apple has little good ones and they are all pretty bad, and most mac users dont have anti viruses. Most windows users have a great anti virus, so really windows users are getting no viruses because of there anti virus while apple users are getting some viruses
0:01: There is something better than good protection against malware. It's that the User is not targeted by them. For example "Linux Desktop". No one codes malware for it, because only a few percentage of users are using it.
Many have pointed out I should not have used the terms "virus" and "malware" interchangeably, so I will try to be more accurate in the future.
Technically, a virus is malware. While it has a more specific meaning and thus it's akin to the standard comparison of a square and a rectangle, I'd say in this instance you're good.
I wish MacOS should have official antivirus.
@@anon_y_mousse The problem is that this is not a virus, it is a trojan. Viruses are designed to alter or destroy data. Trojans are used to steal data.
So what is it then
You can only use the term virus if it is self propagating. To this day no one has ever seen a "virus" on a Mac. Spyware and malware on the other hand...
Bruh, Malware just became a monthly membership 💀
😂
I swear, even when I get hacked, I still have to pay a monthly subscription!
Yeah, I want my malware as a perpetual license again! Hahah!
@@TheDenOfTimbsStudios Imagine ransomware where you have to pay $5/month or else your entire PC gets nuked.
yeah many people are mad at adobe for thier stupid memberships, and now even hackers are mad at each other for the same reason
There is a possibility that Apple already patched this with the latest "Rapid Security Response" 13.3.1 (a). It was the first time Apple used this way of patching security vulnerabilities and they have not disclosed what exactly they fixed. Given the timing, it would make sense. Patch 13.3.1 (a) was released on 1st May
Possibly, but I’m not sure there’s anything to really patch unless it uses an exploit
@@ThioJoe, they mentioned a WebKit exploit that they found, but we have no clue what that exploit is exactly.
Apple never disclosed what they patched.
Probably, yeah. But, the Rapid Security Response deployed not only for macOS, but for iPadOS as well. I’ve just done the update a few hours ago actually.
@@DidanSetia iOS too
Since it has been pushed to everything it’s safe to assume it has something to do with WebKit
This virus also has a streaming service for watching victims for just $39.99/month
Payable in stolen crypto
Hehe
You're a victim yourself if you pay those 40 dollars
bruh
Not with my old ASUS with blu tack over the camera!
To be exact, a DMG file is a disk image file which could contain anything. It is mostly used to ship applications in it with the background picture changed so it tells you what to do to install it. Because applications on a mac appear to the user like a single movable file it mostly tells you to drag and drop that application file onto a shortcut which is linked to the macs application folder. That way it appears in your dashboard etc. and is „properly installed“ (although you COULD just execute it from the dmg aswell)
It seems they are taking advantage of people being used just following whatever the background of that dmg file says to make them execute their malware.
Either its an application inside a dmg file OR an actual installer (.pkg file) but not the mix of both these bad actors have shipped
1:15 Vietnamese people here. Great job on pronuncing it correct as most Americans may mispronounced into f word. Great job Thio Joe
Reminds me of that time someone had to provide proof that their name was "phuc datbich" before facebook allowed them to use it
My Big-Mac got a virus?!!!!?! I'm suing McDonalds now!
Oh really? 🤣
stroke! stroke! stroke! - stop mocking me!
Hahah😂
guess that explains the rapid response update yesterday …
thank YOU … you just saved me trying to find out what it was all about
Thio is a gigachad
literally just explains what's going on in a clear way then disappears until he uploads something, huge respect
this is ALL a lie
macOS or Windows, you just don't click on a random link, don't open attached files from an unknown sender, don't allow disk access to random apps you found online. I feel cybersecurity should be taught in school by this point.
well to be fair it would be weird if a random ass app from telegram started asking for root privledges and file access.
get out of here this is a windows channel
Great content! You literally just saved me two users of MACs with this detection alert. Thank you!!!
OSX viruses are rare but when they come out they hit hard
"OSX"? That term hasn't been used in years on Mac.
@@itsROMPERS... it's literally being used in this video. Also, who are you to decide how people communicate? OSX is still commonly used to refer to macOS in my bubble.
@@itsROMPERS... It's used more often than 'pedant'
@@Blitterbug I never said it wasn't used often, i said it was WRONG because Apple changed the name in 2016.
You can call your MacBook a "PowerBook", because Apple did call its laptops by that name decades ago, but they don't anymore, so it's wrong.
OSX is just not what it's called by its maker anymore.
What is hard about this?
@@itsROMPERS... You miss my point somewhat ;) I'm saying it's pedantic to quibble. To many seasoned Unix developers like me it'll always be OSX, not the trendy MacOS.
The problem with macOS and linux for security is that if an app has your password, they can invoke any process as sudo.
On windows, if an app has the password, they can't do anything, they still have to open the UAC prompt.
Yes, and once they do that, the sheep are of course going to click Yes. And you don't really need to do much to gain admin privs in Windows anyways. Linux has a much more secure design by default and privilege management is a hundred times better there.
Also not every user has sudo active for them ( doesn't mean the point isn't valid )
But even being root/sudo is not enough to access certain areas of macOS. That’s why as shown in the video, even though the virus is given the user’s password, there’s still a pop up to access various folders.
Apple: It’s impossible!
Lol
Microsoft: "let me do it for you"
@@olivesouch6423 kermy
Linux: **grabs popcorn and sits back**
@DarkDev they sure do, that’s why there is clamav 🙂
Had to head to the comments to see if anyone else caught this definition reassignment. Conflating a virus with a user initiated exploit is a stretch. I don't normally engage in splitting hairs over definitions, but in this case I will.
The marketshare argument is a mass adoption of a flawed opinion. Just because Mac or Linux does not have the same adoption rate that Windows does, does not mean that there is not an incentive to create "programs" of malicious intent on the others. There is now and has always been many different incentives to create programs for all three platforms, and the different motivations (financial, foss, watch the world burn) are shared as well.
Windows it is pretty much the only operating system that has suffered from viruses (self-replicating malware). Sure, exploits exist across all platforms; if a bad actor, government really wants to spy on you, it will. Windows obtained this reputation not because of market share, but because of an engineering decision. Security was and always has been secondary (or non-existent) to "ease of use" in order to achieve Mass adoption. Microsoft lives by the philosophy, run now ask questions later. 😂
*nix has a super user, nothing runs accidentally. sure it can be exploited and hacked, but it is a no-mans-land for "viruses."
Thanks for the info!!
When I had a Mac I knew not many viruses were made for it, but I also knew there were at the same time, so IMO it's the same usage because either way, you never know when you could get something.
OK Joe - You left out the most important part: How do you know if your Mac is infected, and how to remove the virus!
As a Mac user, that pop-up looks really sketchy and is completely different from any other gatekeeper pop-up macOS uses, also macOS is spelled wrong (the m is capital, small mistake but not something Apple would do) also it says System Preferences, which does not exist anymore
Pretty much any savvy Mac user would instantly see this as malware but I think multiple people could easily fall for this and not notice it, I hope Apple adds a security feature to prevent users typing in their mac passwords in text fields that aren’t from gatekeeper or the terminal
Most of the people I know who use Macs are those who are absolutely not tech-savvy. :( They'd easily fall for it.
Sometimes people would just zoom past all popups specially when they are in a hurry or not attentive enough.
If you downloaded this sht from some dodgy place on the internet you're in either of 2 groups:
- you downloaded it on purpose knowing that it's dodgy, e.g. to test it
- you downloaded it because you're clueless and no amount of prompts will make you think about whether you're doing the right thing.
1. Don't get a Imac.
@@Warp2090 iMac …
1:12 lol @ the side note
As information for non macOS users: When opening an App that's downloaded from an non Apple source for the first time, macOS will warn that it could be dangerous. When the file itself is trusted by Apple you can just click continue on the warning and the App will run like normal. When the file isn't trusted by Apple macOS won't show the continue button (just cancel and delete buttons) when the file was opened via a double click or a Link from another App. The only way to make the continue button show up is by right clicking the file and clicking open. So that's why the tutorial was there in the installer.
One thing you can do is type an incorrect password, and if it's legit it'll say "nope thats not your password" but if it's a virus and doesn't know your passowrd or isn't going through apple's apis and stuff it'll just accept that as your password and fail stuff that requires passwords.
malware creators be like: ok let’s do it so it only accepts the password on the second attempt
:D
@@prayhe Or just check the password.
fr
It's not just smaller market share , Macs aren't invulnerable, but they objectively are more secure simply because Apple writes the operating system for just 5-6 configurations of their own hardware. Windows relies on thousands of vendors to make it run on everything. There is no comparison in terms of avenues of attack
You're confusing the reasons for their better reliability and stability with resistance to infection. No IT pro would make this mistake, even though you make great points about the OS being inherently more crashproof.
I love learning about viruses for an OS I don't and probably will never use! jkjk I love these kinds of videos, keep it up!
Awesome video ThioJoe! Very informative! You mentioned considering buying a biometric authenticator. What are some of the better ones?
Apple’s own Magic Keyboard with TouchID? That’s the safest one, at least…
I have never seen a Mac installer that has you right click and select open. Usually they have you drag something to a folder.
The HOLY RULE of computer security is to be extremely cautious about using promoting root/admin privilegies to ANYTHING. If you are going to permit the admin access, remember, you're handling all the keys to your computer to the requesting programm. Permit the admin access to an app only if you are ABSOLUTELY sure it's safe. The app with admin rights can do absolutely everything on your computer - it can take anything it wants and it can ruin your OS so you'll end up reinstalling the whole computer.
The best practice I came to after years of computer fixing is to not to give admin password to the owner of the computer. If the owner needs to install something - owner just calls the specialist and he installs everything.
You may end up newer give up the password to the computer owner if doesn't need it at all and he'll be using that computer for many years without a single issue.
If the owner needs the admin privs from time to time for some reason, you can give it to him after making sure he understands importance of the admin privileges and knows that he shouldn't ever use it if he's not sure about safety. This way he'll make couple of mistakes in the process and will become a great computer user that knows what he's doing and has no computer problems.
Sure you have to explain the other good practices to the user as well, but this topic is the far most important one.
Doing tech support for my friends, it is kind of insane how much maleware there is on apple devices lately. Never had problems until about a year ago. Now, I have dealt with 4 devices that got maleware. Their "defender" software doesen't seem to be the best honestly.
Ironically, it was a long time ago where I had to remove maleware from windows. But my windows user friends are also a bit more tech savy because their hobbies are gaming.
Can you elaborate on your apple devices? Strange behaviour? Kernel panic?
Mac user here, never believed mac had no virus, so never lower my guard down. giving this is happening all the time, What your take on EU force apple to allow side loading apps.
Get a windows PC or get out
So the Mac is more secure than Windows - it has to trick you into voluntarily installing it. This is very different from the Windows world, where the software can install itself without any user intervention.
As a Linux user, i have to authenticate as a user in the administrator group before any software can install itself into the system. Of course, in all Unix type operating systems, any user can install software locally in his own directory, but that won't impact any other user or the system as a whole.
this actually, the program literally have to prompt the user to enter password and allow access to docs and desktop, this is similar to WiLL yOu KiNdLy GiVe YoUr BaNk PaSSwOrD ?
totally different from windows case
Exactly. In Unix or in a Unix variant such as macOS or Linux, you have to first actively not only start the software installation but secondly, give your local Admin password.
@@toms5996 Why would the virus need superuser access when it's after your user data - running as you the user? All it needs is +x and to run with user priviledge to get everything, right? You're not putting in your password to run a browser and it's not after taking over the machine, just your chromium/firefox database. Or does something like SELinux effectively prevent this?
@@the-niker you need admin passwd to install a browser at the first place
Given your linux installation has all the up to date security patches against exploits. And that you don't open an archive and click on a document that's actually an executable
0:25 Windows is declining and "Unknown" OS on the rise. I wonder what are those unknown ones
Smaller OS systems for basic uses
Yea I was wondering that myself
@@ThioJoe Same 😅
@@ThioJoe Look up
Ha, ya did
Thanks for keeping us in the loop. This video actually gave me some reassurance that my security is fine. Just don’t install random crap and don’t always press allow and accept. Seems kind of obvious to me. But I can see how other people can fall for this.
2:16 I just have to stop here.... AUTOMATIC filling of 2FA codes? That's defeating the whole purpose of 2FA.
We Now need 3FA (3 Factor Authentification)
@@lucaswiese6 then someone will create a 3FA auto filler, all under a single password 😂
Edit: and then they'll wonder why they got hacked.
@@volvo09 no, impossible, the 3rd factor is Face ID using the camera / Touch ID using a finger print sensor
I love how the title makes it sound like a new game or something just came out. I'm just imagining Thio saying "Eyo guys, Macs just dropped a new virus, only 50 have been made, so go buy them asap."
I'm surprised Keychain has TOTP key support. Putting passwords and TOTP in the same place is practically asking for trouble.
Especially in a place that is only protected with something as weak as the system password (Most people type that in constantly so they generally use weak ones). Password manager should use a separate password, which is why people should use Keypass over the OS or built in Browser one.
@@joshuapettus6973 or even weaker, e.g. your face or fingerprint.
Appreciate the update. It's basically always been true that Macs aren't invulnerable to viruses, there are just fewer viruses that target them. We could all use a reminder once in a while to be vigilant. But no, I've always been too terrified to download anything I'm not 100% sure is from a reliable site.
Personally, I avoid password managers and instead I base my passwords on some phrase relevant to the site I'm logging into and then alphabet shift it. So they're easy to remember but impossible to guess.
I seem to remember someone in one of my elementary schools (primary school) arguing that Macs don't get viruses... I think it might've been the teacher of the computer lab. I was smart enough to know that couldn't possibly be true.
caught this vid in 5 seconds!!
Fellow mac users gotta watch out!!
Clicked as soon as I saw it 😂
I knew I was not going mad. A few weeks ago i thought I was hacked but this makes so much more sense. I literally reset everything and have been increasing my security processes to this day 💀. I had the felling it was something related with keychain and I did have motion before so I wouldn’t be surprised if this were it.anyone knows if it also was designed to affect iOS too?
iOS doesn’t work the same way
There is a version for IOS. But IOS isn't virus proof eather
@@Warp2090 oh I definitely. While much more secure it is absolutely not airtight. No system is really. I don’t know what I got but it certainly affected my Mac, iPhone and iPad. Idk what it was but it sure made me a bit paranoid for a while. 💀
1:26 - Wait, did they forget about Safari; the default browser on MacOS?
"Macs dont have viruses"
The macs:
Technically, it's not a virus but trojan. By neglecting basic data hygiene you can get malware on anything and if user is stupid, no antivirus will help. Second, unix based systems are inherently more secure, although windows has catched up quite a bit during last decade or so. Anyway, thanks for the useful information!
*caught up, but yeah 🙂
Had to head to the comments to see if anyone else caught this definition reassignment. Conflating a virus with a user initiated exploit is a stretch. I don't normally engage in splitting hairs over definitions, but in this case I will.
The marketshare argument is a mass adoption of a flawed opinion. Just because Mac or Linux does not have the same adoption rate that Windows does, does not mean that there is not an incentive to create "programs" of malicious intent on the others. There is now and has always been many different incentives to create programs for all three platforms, and the different motivations (financial, foss, watch the world burn) are shared as well.
Windows it is pretty much the only operating system that has suffered from viruses (self-replicating malware). Sure, exploits exist across all platforms, but if a bad actor, government really wants to spy on you, it will. Windows obtained this reputation not because of market share, but because of an engineering decision. Security was and always has been secondary (or non-existent) to "ease of use" in order to achieve Mass adoption. Microsoft lives by the philosophy, run now ask questions later. 😂
*nix has a super user, nothing runs accidentally. sure it can be exploited and hacked, but it is a no-mans-land for "viruses."
Well my dads word document containing all his passwords is no longer safe😅😂
Help I’m scared,I’m not sure if it’s a scare ware or not,it says “YOU HAVE DOWNLOADED A MAC VIRUS! PRESS OK TO START REMOVAL”
Thanks for the info joe
I never encountered a virus that bad, but once I did encounter a browser that hijacked my favourite browser safari and all I could use was yahoo as a search engine and luckily, after a while, I was able to get rid of it and it's been a long time and I was wiped at Mac a couple times after
It also follows that the support and developer culture at Apple does not serve as a good model for application or system security foundations. For example, many people assume the eco-system cannot be gamed, but this has happened multiple times. Assuming the Apple Store or the Google store are beacons of integrity and reliability have to be measured relativistically. Technicians are also sadly biased by their perceived success. When all the targets are WIN boxes and not Apple, it gives the appearance of immunity from poorly designed systems and information management platforms. Any box that allows a person to answer the prompt "Go ahead and modify the system in a way that is not transparent or obvious to you? You're going to have to anyway.
That last part is the kicker, it is literally the Apple OS and Dev support answers to questions that are outside the scope of any basic technical issue.
PLEASE
an update video on mac virus in total.... check if you are infected and what to do... and so forth...
Based on my understanding this thing doesn't self propagate, so it's not a virus, just your standard malware
Remember, Mac doesn't get viruses
- Apple
It’s not a virus, it’s an app that is not very honest
It's not a dshonest app, it backs up all your passwords and other stuff... that feature is just unlisted. Like how photoshop can remember your settings.
Thanks for the heads up 👍
So if I see a popup, I should try entering a wrong password first.
If you store your 2fa codes at the same place you store your passwords, you don't have 2fa.
Not really. 2FA is an added layer of security, that's still effective if it's stored in the password manager. It's so a malicious actor cannot brute force your password, or take advantage of a recent company hack. If you can't trust your 2FA codes to your password manager, you shouldn't trust your password manager. Never use password managers built into an OS or browser, but on a dedicated manager like Bitwarden or 1Password, it should be fine.
@@madness1931 Your extra layer of security should be stored in a different place/way/device/system. While it's true that they can't brute force their way in, you still have a single point of contact if your system gets compromised. It's not about whether you trust your password manager or not, it's not good practice to have everything in one place.
Passwords can be brute forced, 2FA is harder to do so even if it is stored in the same place as your passwords then still it works just as well
We use to joke that you didn't see that many virus on MAC because the people who wrote the virus used MAC and they didn't want to get attacked by themselves.
I'm a Mac user - thanks for alerting.
Get out of here apple sucks
Those prompts would be signaling alarms in my head
I'm a MacUser, and that concerns me a little bit since I used the keychain as mention also for 2fa, so onetime-passwords + username + password are all in the same place. (Maybe not the best idea to begin with). Usually I try to get my software from the App Store but yeah, I'll be definitely a little bit more alerted now. :P I lately "secured" my Apple ID with Security Keys, but if you have the password on a logged in device, you can simply remove then, so this wouldn't protect anything either...
Great video, however when you mentioned how Macs aren't inherently more secure than their windows counterparts, but rather they are rarely targeted by hackers since they are fewer out there, then you would have to conclude that using a Mac, one would be 'safer' or 'less likely to be a victim' of hackers, viruses and maleware since they have so much less of a threat vector. Cheers
Security through obscurity is a risky gamble. Better to practice good opsec and not take the risk at all.
@@anon_y_mousse I am not sure if that is what ThioJoe meant when he said Macs weren't hacked as much as Windows, it could be for the reason you suggest, I am just saying, if you say Macs arent infected nearly as much as Windows, then you are inherently admitting that the odds are in your favor in youre on a Mac.
@@RomanBartocci I wasn't speaking as to what he meant, only that depending on security through obscurity is a giant risk. Windows is closed source and the key parts of MacOS here are, so no one can audit the code who's an outside observer.
I am a Mac user; I was introduced to them through work. I have had virus protection about twenty five years, originally through work but later through my own efforts.
To date I have not suffered a virus, Trojan horse, etc. but I have stayed away from unfamiliar sites. Am I invulnerable? Certainly not.
This thing can also affect every single operating system, every single one. We need something done about this.
When did virus become synonymous with malware? One is not the other and the terms should not be used interchangeably…
still beatz staring at windowz it's like 1996 in there! 😳
Some darknet diaries episode had this:
Hacking windows wasn't cool because it was too easy. Unix systems were way cooler
and every windows user has a anti virus llol
The last and only time I got a virus on a Mac was about thirty years ago. I used to buy and use virus software but it seemed so useless I stopped using it. Hopefully I don’t come to regret that. After thirty years of no viruses it’s difficult to start using them.
Mac user here. Definitely will be on higher alert now, thanks!
Hope you can get better. Best wishes!
@@Warp2090 lol
Never gotten a virus that needs user interaction. The viruses I'm scared of are those you never see, and never need you to make a mistake. But i don't know how many of those that exists.
I am a Mac user and have been for quite sometime also do windows but I don’t think that you went over. How do you get rid of the virus if you get it
I was always skeptical about Mac antivirus software but now you convinced me to finally get one
Thanks thio
or dont get a mac lmao
@@Warp2090 get a pc? bruh, the same virus you will get there lol
I love the guy in the black hoodie, in the black room, on the black computers, writing viruses…. in blackness @ 0:57
Thanks ThioJoe
Linux users eagerly typing "I use arch btw" rn
i sometimes forget that theojoe was the original troll 10 years ago
At issue is this; one's system is only as secure as the user allows it to be. Typically it's PEBCAK - Problem Exists Between Chair And Keyboard. If someone gives Administrator access (root access) of course everything on the system is harvest-able. Been a Mac user for over 15 years and I've never had a virus or malware of any kind on any of my numerous Mac systems & OSes in all that time. I can't say that about the Windows based PCs I've owned & used however. Bottom line is, no software can protect users totally from themselves, they mustn't be careless or reckless when downloading or going on to unknown or dark sites. A little common sense goes a long, long way.
Hallo your combooter has virus.
I always say, if it connects to the internet, it can be infected
I'm both a Windows & a Mac user, my Mac used to have viruses until i got it removed.
Windows is much better.
Also, Mac should be a high-value target because Apple users are obviously richer than Windows users on average because of the "Apple tax"; people who can afford luxury-product prices are better targets. (Yes, obviously that's not 100% true and there are plenty of exceptions on both sides, but again, _generally._ )
Macs* Also no, mac users are not richer than windows users, in fact they are probably more poor than windows users because Apple products are overpriced. Windows is luxury. Its also good. What you said is very false.
@@Warp2090 Macs are expensive and can only be owned by people with money, and because of the way the system is set up, many people keep their passwords and credit cards on their computers. In Windows you can have a computer from €200 to one from €4000 or more, although users usually do not keep all that relevant information on their computer.
@@noahtorocalzado Yeah because the average windows user has a iq above 70. They use a usb key thingy to store passwords and such. (its some special key thing that is 100% virus and hack proof) (not kidding) Even if someone stole your key, they would need a ton of info if they put it in a unknown device.
@@noahtorocalzado Correction, if someone put it in a unknown device on a different internet connection, it will be denied.
Me (before watching this video but reading the title): Leap.B 😂
At least macOS has a good API which requires software to request permission before accessing the file system or many other functions, the windows version of this is literally just a pop up window asking if the user wants to allow the program to "make changes to their computer", which could literally mean anything and everything; making it basically a useless popup because every program requires it.
It's not to say that macs are 100% safe, but the robust security functions make it way more secure than windows.
Funny because someone tried to argue with me on Reddit that Macs never get a virus 2 days ago. This makes that person seem so arrogantly ignorant.
your video is great bro
All friends that my have iOS like me I’ve got a XR older iPhone but the same thing Right? Or are phones different?
Me on my 2012 Dell XPS laptop running Windows 7: "that's nice"
Good job, thanks.
Mac, Linux, iOS, android, no matter, if you go out in public with your pants down, your wide open for problems .. surf safely, and wear protection
would be cool to see you do a video on objectivesee’s software, they make anti-malware tools, dunno if you have a mac to throw malware at the software but yea
I install a few web downloaded applications on my MacBook Air, but the instant any application asks me to enter my password, I cancel and delete. Not worth the risk if I'm also taking a risk by installing outside of Apple's ecosystem.
I hope github stuff remains relatively safe as I do use that a lot, but it's only with very high user count things such as ytdlp, and some retro decompilation items.
You have a macbook? Oof. I hope you get better!
@@Warp2090 It serves a purpose. I still have my desktop PC for my primary uses.
MacUser: OH NO WE GOT A VIRUS WHAT DO WE DO
Windows user: First time
To be fair, you have to work for it on the Mac to make a virus run as a user. You have to allow it to run, which in most cases requires admin privileges. Which in a normal user account would pop up an additional warning. Never download an app from anywhere but the official website. Big download sites like what CNET had, or stuff like Softonic which hosts their own copies of ads. Anything that's not run by the developer of the app is not trustworthy.
"Big download sites like what CNET had, or stuff like Softonic which hosts their own copies of ads." What about them?
No. Its not true there are zero click attacks that dont need user intervention like pegasus.
@@Teluric2 how would they work when system access requires admin privileges?
I have a Chromebook and I have anti-virus and internet security software as well as a VPN so am I safe if I have a MacBook on it too. (I don't have a Mac Book yet but I'm getting one soon). But I don't usually go on unusual sites or open weird e-mails.
I have a Windows PC but thanks for the warning!
Macs are at the same security level as windows just that there are not much viruses made for mac as compared to windows. Its like I can say Linux is most secure as no one targets it.
The thing is, is that windows has a ton of good anti viruses while apple has little good ones and they are all pretty bad, and most mac users dont have anti viruses. Most windows users have a great anti virus, so really windows users are getting no viruses because of there anti virus while apple users are getting some viruses
There s so many malware for mac that a book has been released.
This thing is kinda like Redline but Mac edition XD
$1000 is quite affordable for something quite dangerous...
When looking at that chart, is it really an honest surprise that windows has lost 20% market share since the release of Windows 11?
Could you make a video about securing everything with a level only NERDS would do, and maybe using a USB stick to authenticate yourself?
0:01: There is something better than good protection against malware. It's that the User is not targeted by them. For example "Linux Desktop". No one codes malware for it, because only a few percentage of users are using it.
All my head in the clouds Mac friends need to watch this