Technically, a virus is malware. While it has a more specific meaning and thus it's akin to the standard comparison of a square and a rectangle, I'd say in this instance you're good.
@@anon_y_mousse The problem is that this is not a virus, it is a trojan. Viruses are designed to alter or destroy data. Trojans are used to steal data.
You can only use the term virus if it is self propagating. To this day no one has ever seen a "virus" on a Mac. Spyware and malware on the other hand...
Yep, "security by obscurity" is how smaller OS use bases stay "virus free", but it's just because no one has taken the time to find exploits unless it's a state sponsored attack on a niche system or individual.
Not unless you create your own system not compatible with any popular files and you lock it in your basement on an old computer so nobody knows about it and it can't connect to the internet
There is a possibility that Apple already patched this with the latest "Rapid Security Response" 13.3.1 (a). It was the first time Apple used this way of patching security vulnerabilities and they have not disclosed what exactly they fixed. Given the timing, it would make sense. Patch 13.3.1 (a) was released on 1st May
Probably, yeah. But, the Rapid Security Response deployed not only for macOS, but for iPadOS as well. I’ve just done the update a few hours ago actually.
To be exact, a DMG file is a disk image file which could contain anything. It is mostly used to ship applications in it with the background picture changed so it tells you what to do to install it. Because applications on a mac appear to the user like a single movable file it mostly tells you to drag and drop that application file onto a shortcut which is linked to the macs application folder. That way it appears in your dashboard etc. and is „properly installed“ (although you COULD just execute it from the dmg aswell) It seems they are taking advantage of people being used just following whatever the background of that dmg file says to make them execute their malware. Either its an application inside a dmg file OR an actual installer (.pkg file) but not the mix of both these bad actors have shipped
@@itsROMPERS... it's literally being used in this video. Also, who are you to decide how people communicate? OSX is still commonly used to refer to macOS in my bubble.
@@Blitterbug I never said it wasn't used often, i said it was WRONG because Apple changed the name in 2016. You can call your MacBook a "PowerBook", because Apple did call its laptops by that name decades ago, but they don't anymore, so it's wrong. OSX is just not what it's called by its maker anymore. What is hard about this?
@@itsROMPERS... You miss my point somewhat ;) I'm saying it's pedantic to quibble. To many seasoned Unix developers like me it'll always be OSX, not the trendy MacOS.
The problem with macOS and linux for security is that if an app has your password, they can invoke any process as sudo. On windows, if an app has the password, they can't do anything, they still have to open the UAC prompt.
Yes, and once they do that, the sheep are of course going to click Yes. And you don't really need to do much to gain admin privs in Windows anyways. Linux has a much more secure design by default and privilege management is a hundred times better there.
But even being root/sudo is not enough to access certain areas of macOS. That’s why as shown in the video, even though the virus is given the user’s password, there’s still a pop up to access various folders.
When I had a Mac I knew not many viruses were made for it, but I also knew there were at the same time, so IMO it's the same usage because either way, you never know when you could get something.
Had to head to the comments to see if anyone else caught this definition reassignment. Conflating a virus with a user initiated exploit is a stretch. I don't normally engage in splitting hairs over definitions, but in this case I will. The marketshare argument is a mass adoption of a flawed opinion. Just because Mac or Linux does not have the same adoption rate that Windows does, does not mean that there is not an incentive to create "programs" of malicious intent on the others. There is now and has always been many different incentives to create programs for all three platforms, and the different motivations (financial, foss, watch the world burn) are shared as well. Windows it is pretty much the only operating system that has suffered from viruses (self-replicating malware). Sure, exploits exist across all platforms; if a bad actor, government really wants to spy on you, it will. Windows obtained this reputation not because of market share, but because of an engineering decision. Security was and always has been secondary (or non-existent) to "ease of use" in order to achieve Mass adoption. Microsoft lives by the philosophy, run now ask questions later. 😂 *nix has a super user, nothing runs accidentally. sure it can be exploited and hacked, but it is a no-mans-land for "viruses."
macOS or Windows, you just don't click on a random link, don't open attached files from an unknown sender, don't allow disk access to random apps you found online. I feel cybersecurity should be taught in school by this point.
One thing you can do is type an incorrect password, and if it's legit it'll say "nope thats not your password" but if it's a virus and doesn't know your passowrd or isn't going through apple's apis and stuff it'll just accept that as your password and fail stuff that requires passwords.
So the Mac is more secure than Windows - it has to trick you into voluntarily installing it. This is very different from the Windows world, where the software can install itself without any user intervention. As a Linux user, i have to authenticate as a user in the administrator group before any software can install itself into the system. Of course, in all Unix type operating systems, any user can install software locally in his own directory, but that won't impact any other user or the system as a whole.
this actually, the program literally have to prompt the user to enter password and allow access to docs and desktop, this is similar to WiLL yOu KiNdLy GiVe YoUr BaNk PaSSwOrD ? totally different from windows case
Exactly. In Unix or in a Unix variant such as macOS or Linux, you have to first actively not only start the software installation but secondly, give your local Admin password.
@@toms5996 Why would the virus need superuser access when it's after your user data - running as you the user? All it needs is +x and to run with user priviledge to get everything, right? You're not putting in your password to run a browser and it's not after taking over the machine, just your chromium/firefox database. Or does something like SELinux effectively prevent this?
Given your linux installation has all the up to date security patches against exploits. And that you don't open an archive and click on a document that's actually an executable
Mac user here, never believed mac had no virus, so never lower my guard down. giving this is happening all the time, What your take on EU force apple to allow side loading apps.
I love how the title makes it sound like a new game or something just came out. I'm just imagining Thio saying "Eyo guys, Macs just dropped a new virus, only 50 have been made, so go buy them asap."
As a Mac user, that pop-up looks really sketchy and is completely different from any other gatekeeper pop-up macOS uses, also macOS is spelled wrong (the m is capital, small mistake but not something Apple would do) also it says System Preferences, which does not exist anymore Pretty much any savvy Mac user would instantly see this as malware but I think multiple people could easily fall for this and not notice it, I hope Apple adds a security feature to prevent users typing in their mac passwords in text fields that aren’t from gatekeeper or the terminal
If you downloaded this sht from some dodgy place on the internet you're in either of 2 groups: - you downloaded it on purpose knowing that it's dodgy, e.g. to test it - you downloaded it because you're clueless and no amount of prompts will make you think about whether you're doing the right thing.
It's not just smaller market share , Macs aren't invulnerable, but they objectively are more secure simply because Apple writes the operating system for just 5-6 configurations of their own hardware. Windows relies on thousands of vendors to make it run on everything. There is no comparison in terms of avenues of attack
You're confusing the reasons for their better reliability and stability with resistance to infection. No IT pro would make this mistake, even though you make great points about the OS being inherently more crashproof.
Not really. 2FA is an added layer of security, that's still effective if it's stored in the password manager. It's so a malicious actor cannot brute force your password, or take advantage of a recent company hack. If you can't trust your 2FA codes to your password manager, you shouldn't trust your password manager. Never use password managers built into an OS or browser, but on a dedicated manager like Bitwarden or 1Password, it should be fine.
@@madness1931 Your extra layer of security should be stored in a different place/way/device/system. While it's true that they can't brute force their way in, you still have a single point of contact if your system gets compromised. It's not about whether you trust your password manager or not, it's not good practice to have everything in one place.
As information for non macOS users: When opening an App that's downloaded from an non Apple source for the first time, macOS will warn that it could be dangerous. When the file itself is trusted by Apple you can just click continue on the warning and the App will run like normal. When the file isn't trusted by Apple macOS won't show the continue button (just cancel and delete buttons) when the file was opened via a double click or a Link from another App. The only way to make the continue button show up is by right clicking the file and clicking open. So that's why the tutorial was there in the installer.
The HOLY RULE of computer security is to be extremely cautious about using promoting root/admin privilegies to ANYTHING. If you are going to permit the admin access, remember, you're handling all the keys to your computer to the requesting programm. Permit the admin access to an app only if you are ABSOLUTELY sure it's safe. The app with admin rights can do absolutely everything on your computer - it can take anything it wants and it can ruin your OS so you'll end up reinstalling the whole computer. The best practice I came to after years of computer fixing is to not to give admin password to the owner of the computer. If the owner needs to install something - owner just calls the specialist and he installs everything. You may end up newer give up the password to the computer owner if doesn't need it at all and he'll be using that computer for many years without a single issue. If the owner needs the admin privs from time to time for some reason, you can give it to him after making sure he understands importance of the admin privileges and knows that he shouldn't ever use it if he's not sure about safety. This way he'll make couple of mistakes in the process and will become a great computer user that knows what he's doing and has no computer problems. Sure you have to explain the other good practices to the user as well, but this topic is the far most important one.
It's not a dshonest app, it backs up all your passwords and other stuff... that feature is just unlisted. Like how photoshop can remember your settings.
Год назад+4
Doing tech support for my friends, it is kind of insane how much maleware there is on apple devices lately. Never had problems until about a year ago. Now, I have dealt with 4 devices that got maleware. Their "defender" software doesen't seem to be the best honestly. Ironically, it was a long time ago where I had to remove maleware from windows. But my windows user friends are also a bit more tech savy because their hobbies are gaming.
Personally, I avoid password managers and instead I base my passwords on some phrase relevant to the site I'm logging into and then alphabet shift it. So they're easy to remember but impossible to guess.
Especially in a place that is only protected with something as weak as the system password (Most people type that in constantly so they generally use weak ones). Password manager should use a separate password, which is why people should use Keypass over the OS or built in Browser one.
I seem to remember someone in one of my elementary schools (primary school) arguing that Macs don't get viruses... I think it might've been the teacher of the computer lab. I was smart enough to know that couldn't possibly be true.
It also follows that the support and developer culture at Apple does not serve as a good model for application or system security foundations. For example, many people assume the eco-system cannot be gamed, but this has happened multiple times. Assuming the Apple Store or the Google store are beacons of integrity and reliability have to be measured relativistically. Technicians are also sadly biased by their perceived success. When all the targets are WIN boxes and not Apple, it gives the appearance of immunity from poorly designed systems and information management platforms. Any box that allows a person to answer the prompt "Go ahead and modify the system in a way that is not transparent or obvious to you? You're going to have to anyway. That last part is the kicker, it is literally the Apple OS and Dev support answers to questions that are outside the scope of any basic technical issue.
Thanks for keeping us in the loop. This video actually gave me some reassurance that my security is fine. Just don’t install random crap and don’t always press allow and accept. Seems kind of obvious to me. But I can see how other people can fall for this.
I knew I was not going mad. A few weeks ago i thought I was hacked but this makes so much more sense. I literally reset everything and have been increasing my security processes to this day 💀. I had the felling it was something related with keychain and I did have motion before so I wouldn’t be surprised if this were it.anyone knows if it also was designed to affect iOS too?
@@Warp3326 oh I definitely. While much more secure it is absolutely not airtight. No system is really. I don’t know what I got but it certainly affected my Mac, iPhone and iPad. Idk what it was but it sure made me a bit paranoid for a while. 💀
Appreciate the update. It's basically always been true that Macs aren't invulnerable to viruses, there are just fewer viruses that target them. We could all use a reminder once in a while to be vigilant. But no, I've always been too terrified to download anything I'm not 100% sure is from a reliable site.
We use to joke that you didn't see that many virus on MAC because the people who wrote the virus used MAC and they didn't want to get attacked by themselves.
I never encountered a virus that bad, but once I did encounter a browser that hijacked my favourite browser safari and all I could use was yahoo as a search engine and luckily, after a while, I was able to get rid of it and it's been a long time and I was wiped at Mac a couple times after
You know Linux is in the big leagues when they finally start writing viruses for it, and the fanboys will be up in arms about how it bypassed sudo root or somesuch, lol.
I don't know anyone who uses Linux, everyone generally uses common operating systems for day to day, all Windows and some Mac. Linux is generally only for hobbyists
Great video, however when you mentioned how Macs aren't inherently more secure than their windows counterparts, but rather they are rarely targeted by hackers since they are fewer out there, then you would have to conclude that using a Mac, one would be 'safer' or 'less likely to be a victim' of hackers, viruses and maleware since they have so much less of a threat vector. Cheers
@@anon_y_mousse I am not sure if that is what ThioJoe meant when he said Macs weren't hacked as much as Windows, it could be for the reason you suggest, I am just saying, if you say Macs arent infected nearly as much as Windows, then you are inherently admitting that the odds are in your favor in youre on a Mac.
@@RomanBartocci I wasn't speaking as to what he meant, only that depending on security through obscurity is a giant risk. Windows is closed source and the key parts of MacOS here are, so no one can audit the code who's an outside observer.
Macs are at the same security level as windows just that there are not much viruses made for mac as compared to windows. Its like I can say Linux is most secure as no one targets it.
The thing is, is that windows has a ton of good anti viruses while apple has little good ones and they are all pretty bad, and most mac users dont have anti viruses. Most windows users have a great anti virus, so really windows users are getting no viruses because of there anti virus while apple users are getting some viruses
I am a Mac user; I was introduced to them through work. I have had virus protection about twenty five years, originally through work but later through my own efforts. To date I have not suffered a virus, Trojan horse, etc. but I have stayed away from unfamiliar sites. Am I invulnerable? Certainly not.
0:01: There is something better than good protection against malware. It's that the User is not targeted by them. For example "Linux Desktop". No one codes malware for it, because only a few percentage of users are using it.
Technically, it's not a virus but trojan. By neglecting basic data hygiene you can get malware on anything and if user is stupid, no antivirus will help. Second, unix based systems are inherently more secure, although windows has catched up quite a bit during last decade or so. Anyway, thanks for the useful information!
Had to head to the comments to see if anyone else caught this definition reassignment. Conflating a virus with a user initiated exploit is a stretch. I don't normally engage in splitting hairs over definitions, but in this case I will. The marketshare argument is a mass adoption of a flawed opinion. Just because Mac or Linux does not have the same adoption rate that Windows does, does not mean that there is not an incentive to create "programs" of malicious intent on the others. There is now and has always been many different incentives to create programs for all three platforms, and the different motivations (financial, foss, watch the world burn) are shared as well. Windows it is pretty much the only operating system that has suffered from viruses (self-replicating malware). Sure, exploits exist across all platforms, but if a bad actor, government really wants to spy on you, it will. Windows obtained this reputation not because of market share, but because of an engineering decision. Security was and always has been secondary (or non-existent) to "ease of use" in order to achieve Mass adoption. Microsoft lives by the philosophy, run now ask questions later. 😂 *nix has a super user, nothing runs accidentally. sure it can be exploited and hacked, but it is a no-mans-land for "viruses."
At least macOS has a good API which requires software to request permission before accessing the file system or many other functions, the windows version of this is literally just a pop up window asking if the user wants to allow the program to "make changes to their computer", which could literally mean anything and everything; making it basically a useless popup because every program requires it. It's not to say that macs are 100% safe, but the robust security functions make it way more secure than windows.
Never gotten a virus that needs user interaction. The viruses I'm scared of are those you never see, and never need you to make a mistake. But i don't know how many of those that exists.
I'm particularly vulnerable because I use root as my main account so it won't even ask for authentication in the first place, it just "trusts" the app with full privileges.
I install a few web downloaded applications on my MacBook Air, but the instant any application asks me to enter my password, I cancel and delete. Not worth the risk if I'm also taking a risk by installing outside of Apple's ecosystem. I hope github stuff remains relatively safe as I do use that a lot, but it's only with very high user count things such as ytdlp, and some retro decompilation items.
Also, Mac should be a high-value target because Apple users are obviously richer than Windows users on average because of the "Apple tax"; people who can afford luxury-product prices are better targets. (Yes, obviously that's not 100% true and there are plenty of exceptions on both sides, but again, _generally._ )
Macs* Also no, mac users are not richer than windows users, in fact they are probably more poor than windows users because Apple products are overpriced. Windows is luxury. Its also good. What you said is very false.
@@Warp3326 Macs are expensive and can only be owned by people with money, and because of the way the system is set up, many people keep their passwords and credit cards on their computers. In Windows you can have a computer from €200 to one from €4000 or more, although users usually do not keep all that relevant information on their computer.
@@noahtorocalzado Yeah because the average windows user has a iq above 70. They use a usb key thingy to store passwords and such. (its some special key thing that is 100% virus and hack proof) (not kidding) Even if someone stole your key, they would need a ton of info if they put it in a unknown device.
The last and only time I got a virus on a Mac was about thirty years ago. I used to buy and use virus software but it seemed so useless I stopped using it. Hopefully I don’t come to regret that. After thirty years of no viruses it’s difficult to start using them.
I'm a MacUser, and that concerns me a little bit since I used the keychain as mention also for 2fa, so onetime-passwords + username + password are all in the same place. (Maybe not the best idea to begin with). Usually I try to get my software from the App Store but yeah, I'll be definitely a little bit more alerted now. :P I lately "secured" my Apple ID with Security Keys, but if you have the password on a logged in device, you can simply remove then, so this wouldn't protect anything either...
This is so stupid of Apple to create that password dialog that not only grants the program unlimited access to the system with absolutely no oversight but also very easy to fake and get the password itself! What makes it even dumber is that mac use this dialog even if you have fingerprint authentication on 🤦🏻♂️
A virus is a self replicating malware. A virus is unable to replicate in a Unix environment. MacOS is Unix based and therefore a virus cannot replicate in that environment. It doesn't make MacOS immune to malware, only the replicating nature of viruses. However... when user input or action allows a malware payload to be delivered, replication is not required to cause damage. e.g., any computer not used solely in a closed environment needs malware protection and safe practices.
Many have pointed out I should not have used the terms "virus" and "malware" interchangeably, so I will try to be more accurate in the future.
Technically, a virus is malware. While it has a more specific meaning and thus it's akin to the standard comparison of a square and a rectangle, I'd say in this instance you're good.
I wish MacOS should have official antivirus.
@@anon_y_mousse The problem is that this is not a virus, it is a trojan. Viruses are designed to alter or destroy data. Trojans are used to steal data.
So what is it then
You can only use the term virus if it is self propagating. To this day no one has ever seen a "virus" on a Mac. Spyware and malware on the other hand...
Bruh, Malware just became a monthly membership 💀
😂
I swear, even when I get hacked, I still have to pay a monthly subscription!
Yeah, I want my malware as a perpetual license again! Hahah!
@@DenOfTimbsllc Imagine ransomware where you have to pay $5/month or else your entire PC gets nuked.
yeah many people are mad at adobe for thier stupid memberships, and now even hackers are mad at each other for the same reason
One true thing in tech/IT is that there is no such system is safe and invulnerable against threats.
Yep, "security by obscurity" is how smaller OS use bases stay "virus free", but it's just because no one has taken the time to find exploits unless it's a state sponsored attack on a niche system or individual.
as the saying goes, the only secure system is one that no one is allowed to login to.
Even airgaped systems can be vulnerable although that is significantly harder to achieve.
Not unless you create your own system not compatible with any popular files and you lock it in your basement on an old computer so nobody knows about it and it can't connect to the internet
@@jamieever4046 Someone takes your electricity :P
This virus also has a streaming service for watching victims for just $39.99/month
Payable in stolen crypto
Hehe
You're a victim yourself if you pay those 40 dollars
bruh
Not with my old ASUS with blu tack over the camera!
There is a possibility that Apple already patched this with the latest "Rapid Security Response" 13.3.1 (a). It was the first time Apple used this way of patching security vulnerabilities and they have not disclosed what exactly they fixed. Given the timing, it would make sense. Patch 13.3.1 (a) was released on 1st May
Possibly, but I’m not sure there’s anything to really patch unless it uses an exploit
@@ThioJoe, they mentioned a WebKit exploit that they found, but we have no clue what that exploit is exactly.
Apple never disclosed what they patched.
Probably, yeah. But, the Rapid Security Response deployed not only for macOS, but for iPadOS as well. I’ve just done the update a few hours ago actually.
@@DidanSetia iOS too
Since it has been pushed to everything it’s safe to assume it has something to do with WebKit
1:15 Vietnamese people here. Great job on pronuncing it correct as most Americans may mispronounced into f word. Great job Thio Joe
Reminds me of that time someone had to provide proof that their name was "phuc datbich" before facebook allowed them to use it
To be exact, a DMG file is a disk image file which could contain anything. It is mostly used to ship applications in it with the background picture changed so it tells you what to do to install it. Because applications on a mac appear to the user like a single movable file it mostly tells you to drag and drop that application file onto a shortcut which is linked to the macs application folder. That way it appears in your dashboard etc. and is „properly installed“ (although you COULD just execute it from the dmg aswell)
It seems they are taking advantage of people being used just following whatever the background of that dmg file says to make them execute their malware.
Either its an application inside a dmg file OR an actual installer (.pkg file) but not the mix of both these bad actors have shipped
My Big-Mac got a virus?!!!!?! I'm suing McDonalds now!
Oh really? 🤣
stroke! stroke! stroke! - stop mocking me!
Hahah😂
Thio is a gigachad
literally just explains what's going on in a clear way then disappears until he uploads something, huge respect
this is ALL a lie
well to be fair it would be weird if a random ass app from telegram started asking for root privledges and file access.
get out of here this is a windows channel
OSX viruses are rare but when they come out they hit hard
"OSX"? That term hasn't been used in years on Mac.
@@itsROMPERS... it's literally being used in this video. Also, who are you to decide how people communicate? OSX is still commonly used to refer to macOS in my bubble.
@@itsROMPERS... It's used more often than 'pedant'
@@Blitterbug I never said it wasn't used often, i said it was WRONG because Apple changed the name in 2016.
You can call your MacBook a "PowerBook", because Apple did call its laptops by that name decades ago, but they don't anymore, so it's wrong.
OSX is just not what it's called by its maker anymore.
What is hard about this?
@@itsROMPERS... You miss my point somewhat ;) I'm saying it's pedantic to quibble. To many seasoned Unix developers like me it'll always be OSX, not the trendy MacOS.
Great content! You literally just saved me two users of MACs with this detection alert. Thank you!!!
guess that explains the rapid response update yesterday …
thank YOU … you just saved me trying to find out what it was all about
OK Joe - You left out the most important part: How do you know if your Mac is infected, and how to remove the virus!
The problem with macOS and linux for security is that if an app has your password, they can invoke any process as sudo.
On windows, if an app has the password, they can't do anything, they still have to open the UAC prompt.
Yes, and once they do that, the sheep are of course going to click Yes. And you don't really need to do much to gain admin privs in Windows anyways. Linux has a much more secure design by default and privilege management is a hundred times better there.
Also not every user has sudo active for them ( doesn't mean the point isn't valid )
But even being root/sudo is not enough to access certain areas of macOS. That’s why as shown in the video, even though the virus is given the user’s password, there’s still a pop up to access various folders.
When I had a Mac I knew not many viruses were made for it, but I also knew there were at the same time, so IMO it's the same usage because either way, you never know when you could get something.
Apple: It’s impossible!
Lol
Microsoft: "let me do it for you"
@@olivesouch6423 kermy
Linux: **grabs popcorn and sits back**
@DarkDev they sure do, that’s why there is clamav 🙂
Had to head to the comments to see if anyone else caught this definition reassignment. Conflating a virus with a user initiated exploit is a stretch. I don't normally engage in splitting hairs over definitions, but in this case I will.
The marketshare argument is a mass adoption of a flawed opinion. Just because Mac or Linux does not have the same adoption rate that Windows does, does not mean that there is not an incentive to create "programs" of malicious intent on the others. There is now and has always been many different incentives to create programs for all three platforms, and the different motivations (financial, foss, watch the world burn) are shared as well.
Windows it is pretty much the only operating system that has suffered from viruses (self-replicating malware). Sure, exploits exist across all platforms; if a bad actor, government really wants to spy on you, it will. Windows obtained this reputation not because of market share, but because of an engineering decision. Security was and always has been secondary (or non-existent) to "ease of use" in order to achieve Mass adoption. Microsoft lives by the philosophy, run now ask questions later. 😂
*nix has a super user, nothing runs accidentally. sure it can be exploited and hacked, but it is a no-mans-land for "viruses."
macOS or Windows, you just don't click on a random link, don't open attached files from an unknown sender, don't allow disk access to random apps you found online. I feel cybersecurity should be taught in school by this point.
One thing you can do is type an incorrect password, and if it's legit it'll say "nope thats not your password" but if it's a virus and doesn't know your passowrd or isn't going through apple's apis and stuff it'll just accept that as your password and fail stuff that requires passwords.
malware creators be like: ok let’s do it so it only accepts the password on the second attempt
:D
@@prayhe Or just check the password.
fr
Thanks for the info!!
Hallo your combooter has virus.
So the Mac is more secure than Windows - it has to trick you into voluntarily installing it. This is very different from the Windows world, where the software can install itself without any user intervention.
As a Linux user, i have to authenticate as a user in the administrator group before any software can install itself into the system. Of course, in all Unix type operating systems, any user can install software locally in his own directory, but that won't impact any other user or the system as a whole.
this actually, the program literally have to prompt the user to enter password and allow access to docs and desktop, this is similar to WiLL yOu KiNdLy GiVe YoUr BaNk PaSSwOrD ?
totally different from windows case
Exactly. In Unix or in a Unix variant such as macOS or Linux, you have to first actively not only start the software installation but secondly, give your local Admin password.
@@toms5996 Why would the virus need superuser access when it's after your user data - running as you the user? All it needs is +x and to run with user priviledge to get everything, right? You're not putting in your password to run a browser and it's not after taking over the machine, just your chromium/firefox database. Or does something like SELinux effectively prevent this?
@@the-niker you need admin passwd to install a browser at the first place
Given your linux installation has all the up to date security patches against exploits. And that you don't open an archive and click on a document that's actually an executable
I have never seen a Mac installer that has you right click and select open. Usually they have you drag something to a folder.
Mac user here, never believed mac had no virus, so never lower my guard down. giving this is happening all the time, What your take on EU force apple to allow side loading apps.
Get a windows PC or get out
I love how the title makes it sound like a new game or something just came out. I'm just imagining Thio saying "Eyo guys, Macs just dropped a new virus, only 50 have been made, so go buy them asap."
As a Mac user, that pop-up looks really sketchy and is completely different from any other gatekeeper pop-up macOS uses, also macOS is spelled wrong (the m is capital, small mistake but not something Apple would do) also it says System Preferences, which does not exist anymore
Pretty much any savvy Mac user would instantly see this as malware but I think multiple people could easily fall for this and not notice it, I hope Apple adds a security feature to prevent users typing in their mac passwords in text fields that aren’t from gatekeeper or the terminal
Most of the people I know who use Macs are those who are absolutely not tech-savvy. :( They'd easily fall for it.
Sometimes people would just zoom past all popups specially when they are in a hurry or not attentive enough.
If you downloaded this sht from some dodgy place on the internet you're in either of 2 groups:
- you downloaded it on purpose knowing that it's dodgy, e.g. to test it
- you downloaded it because you're clueless and no amount of prompts will make you think about whether you're doing the right thing.
1. Don't get a Imac.
@@Warp3326 iMac …
It's not just smaller market share , Macs aren't invulnerable, but they objectively are more secure simply because Apple writes the operating system for just 5-6 configurations of their own hardware. Windows relies on thousands of vendors to make it run on everything. There is no comparison in terms of avenues of attack
You're confusing the reasons for their better reliability and stability with resistance to infection. No IT pro would make this mistake, even though you make great points about the OS being inherently more crashproof.
If you store your 2fa codes at the same place you store your passwords, you don't have 2fa.
Not really. 2FA is an added layer of security, that's still effective if it's stored in the password manager. It's so a malicious actor cannot brute force your password, or take advantage of a recent company hack. If you can't trust your 2FA codes to your password manager, you shouldn't trust your password manager. Never use password managers built into an OS or browser, but on a dedicated manager like Bitwarden or 1Password, it should be fine.
@@madness1931 Your extra layer of security should be stored in a different place/way/device/system. While it's true that they can't brute force their way in, you still have a single point of contact if your system gets compromised. It's not about whether you trust your password manager or not, it's not good practice to have everything in one place.
Passwords can be brute forced, 2FA is harder to do so even if it is stored in the same place as your passwords then still it works just as well
0:25 Windows is declining and "Unknown" OS on the rise. I wonder what are those unknown ones
Smaller OS systems for basic uses
Yea I was wondering that myself
@@ThioJoe Same 😅
@@ThioJoe Look up
Ha, ya did
"Macs dont have viruses"
The macs:
caught this vid in 5 seconds!!
Fellow mac users gotta watch out!!
Clicked as soon as I saw it 😂
1:26 - Wait, did they forget about Safari; the default browser on MacOS?
As information for non macOS users: When opening an App that's downloaded from an non Apple source for the first time, macOS will warn that it could be dangerous. When the file itself is trusted by Apple you can just click continue on the warning and the App will run like normal. When the file isn't trusted by Apple macOS won't show the continue button (just cancel and delete buttons) when the file was opened via a double click or a Link from another App. The only way to make the continue button show up is by right clicking the file and clicking open. So that's why the tutorial was there in the installer.
The HOLY RULE of computer security is to be extremely cautious about using promoting root/admin privilegies to ANYTHING. If you are going to permit the admin access, remember, you're handling all the keys to your computer to the requesting programm. Permit the admin access to an app only if you are ABSOLUTELY sure it's safe. The app with admin rights can do absolutely everything on your computer - it can take anything it wants and it can ruin your OS so you'll end up reinstalling the whole computer.
The best practice I came to after years of computer fixing is to not to give admin password to the owner of the computer. If the owner needs to install something - owner just calls the specialist and he installs everything.
You may end up newer give up the password to the computer owner if doesn't need it at all and he'll be using that computer for many years without a single issue.
If the owner needs the admin privs from time to time for some reason, you can give it to him after making sure he understands importance of the admin privileges and knows that he shouldn't ever use it if he's not sure about safety. This way he'll make couple of mistakes in the process and will become a great computer user that knows what he's doing and has no computer problems.
Sure you have to explain the other good practices to the user as well, but this topic is the far most important one.
Appreciate the info
1:12 lol @ the side note
Well my dads word document containing all his passwords is no longer safe😅😂
Remember, Mac doesn't get viruses
- Apple
It’s not a virus, it’s an app that is not very honest
It's not a dshonest app, it backs up all your passwords and other stuff... that feature is just unlisted. Like how photoshop can remember your settings.
Doing tech support for my friends, it is kind of insane how much maleware there is on apple devices lately. Never had problems until about a year ago. Now, I have dealt with 4 devices that got maleware. Their "defender" software doesen't seem to be the best honestly.
Ironically, it was a long time ago where I had to remove maleware from windows. But my windows user friends are also a bit more tech savy because their hobbies are gaming.
Can you elaborate on your apple devices? Strange behaviour? Kernel panic?
Awesome video ThioJoe! Very informative! You mentioned considering buying a biometric authenticator. What are some of the better ones?
Apple’s own Magic Keyboard with TouchID? That’s the safest one, at least…
Personally, I avoid password managers and instead I base my passwords on some phrase relevant to the site I'm logging into and then alphabet shift it. So they're easy to remember but impossible to guess.
I'm surprised Keychain has TOTP key support. Putting passwords and TOTP in the same place is practically asking for trouble.
Especially in a place that is only protected with something as weak as the system password (Most people type that in constantly so they generally use weak ones). Password manager should use a separate password, which is why people should use Keypass over the OS or built in Browser one.
@@joshuapettus6973 or even weaker, e.g. your face or fingerprint.
I love learning about viruses for an OS I don't and probably will never use! jkjk I love these kinds of videos, keep it up!
I seem to remember someone in one of my elementary schools (primary school) arguing that Macs don't get viruses... I think it might've been the teacher of the computer lab. I was smart enough to know that couldn't possibly be true.
So if I see a popup, I should try entering a wrong password first.
It also follows that the support and developer culture at Apple does not serve as a good model for application or system security foundations. For example, many people assume the eco-system cannot be gamed, but this has happened multiple times. Assuming the Apple Store or the Google store are beacons of integrity and reliability have to be measured relativistically. Technicians are also sadly biased by their perceived success. When all the targets are WIN boxes and not Apple, it gives the appearance of immunity from poorly designed systems and information management platforms. Any box that allows a person to answer the prompt "Go ahead and modify the system in a way that is not transparent or obvious to you? You're going to have to anyway.
That last part is the kicker, it is literally the Apple OS and Dev support answers to questions that are outside the scope of any basic technical issue.
2:16 I just have to stop here.... AUTOMATIC filling of 2FA codes? That's defeating the whole purpose of 2FA.
We Now need 3FA (3 Factor Authentification)
@@lucaswiese6 then someone will create a 3FA auto filler, all under a single password 😂
Edit: and then they'll wonder why they got hacked.
@@volvo09 no, impossible, the 3rd factor is Face ID using the camera / Touch ID using a finger print sensor
Help I’m scared,I’m not sure if it’s a scare ware or not,it says “YOU HAVE DOWNLOADED A MAC VIRUS! PRESS OK TO START REMOVAL”
Thanks for keeping us in the loop. This video actually gave me some reassurance that my security is fine. Just don’t install random crap and don’t always press allow and accept. Seems kind of obvious to me. But I can see how other people can fall for this.
Based on my understanding this thing doesn't self propagate, so it's not a virus, just your standard malware
I knew I was not going mad. A few weeks ago i thought I was hacked but this makes so much more sense. I literally reset everything and have been increasing my security processes to this day 💀. I had the felling it was something related with keychain and I did have motion before so I wouldn’t be surprised if this were it.anyone knows if it also was designed to affect iOS too?
iOS doesn’t work the same way
There is a version for IOS. But IOS isn't virus proof eather
@@Warp3326 oh I definitely. While much more secure it is absolutely not airtight. No system is really. I don’t know what I got but it certainly affected my Mac, iPhone and iPad. Idk what it was but it sure made me a bit paranoid for a while. 💀
I may be a linux user but I really hope that the mac users stay safe from this
the way you saying that sounded like choosing another operating system is like choosing a religion or something
Hi brother
@@lawy99 it might as well be at this point
@@memz2344 no way
PLEASE
an update video on mac virus in total.... check if you are infected and what to do... and so forth...
I love the guy in the black hoodie, in the black room, on the black computers, writing viruses…. in blackness @ 0:57
Appreciate the update. It's basically always been true that Macs aren't invulnerable to viruses, there are just fewer viruses that target them. We could all use a reminder once in a while to be vigilant. But no, I've always been too terrified to download anything I'm not 100% sure is from a reliable site.
mac are so over priced!!!!
M1 over priced🤔 find a comparable laptop to M1 Air that runs as fast….
my computer £499
What if I might have already installed such an app in my Mac in the past? Is there a way to fix it?
We use to joke that you didn't see that many virus on MAC because the people who wrote the virus used MAC and they didn't want to get attacked by themselves.
Anybody who believes this will get a rude wake up call someday
I'm a Mac user - thanks for alerting.
Get out of here apple sucks
I never encountered a virus that bad, but once I did encounter a browser that hijacked my favourite browser safari and all I could use was yahoo as a search engine and luckily, after a while, I was able to get rid of it and it's been a long time and I was wiped at Mac a couple times after
Thanks for the info joe
As a linux user, i am increadiby scrared as well as excited for raise in popularity of linux
You know Linux is in the big leagues when they finally start writing viruses for it, and the fanboys will be up in arms about how it bypassed sudo root or somesuch, lol.
I don't know anyone who uses Linux, everyone generally uses common operating systems for day to day, all Windows and some Mac. Linux is generally only for hobbyists
Me (before watching this video but reading the title): Leap.B 😂
Linux users eagerly typing "I use arch btw" rn
Great video, however when you mentioned how Macs aren't inherently more secure than their windows counterparts, but rather they are rarely targeted by hackers since they are fewer out there, then you would have to conclude that using a Mac, one would be 'safer' or 'less likely to be a victim' of hackers, viruses and maleware since they have so much less of a threat vector. Cheers
Security through obscurity is a risky gamble. Better to practice good opsec and not take the risk at all.
@@anon_y_mousse I am not sure if that is what ThioJoe meant when he said Macs weren't hacked as much as Windows, it could be for the reason you suggest, I am just saying, if you say Macs arent infected nearly as much as Windows, then you are inherently admitting that the odds are in your favor in youre on a Mac.
@@RomanBartocci I wasn't speaking as to what he meant, only that depending on security through obscurity is a giant risk. Windows is closed source and the key parts of MacOS here are, so no one can audit the code who's an outside observer.
Mac, Linux, iOS, android, no matter, if you go out in public with your pants down, your wide open for problems .. surf safely, and wear protection
Macs are at the same security level as windows just that there are not much viruses made for mac as compared to windows. Its like I can say Linux is most secure as no one targets it.
The thing is, is that windows has a ton of good anti viruses while apple has little good ones and they are all pretty bad, and most mac users dont have anti viruses. Most windows users have a great anti virus, so really windows users are getting no viruses because of there anti virus while apple users are getting some viruses
There s so many malware for mac that a book has been released.
I am a Mac user; I was introduced to them through work. I have had virus protection about twenty five years, originally through work but later through my own efforts.
To date I have not suffered a virus, Trojan horse, etc. but I have stayed away from unfamiliar sites. Am I invulnerable? Certainly not.
0:01: There is something better than good protection against malware. It's that the User is not targeted by them. For example "Linux Desktop". No one codes malware for it, because only a few percentage of users are using it.
When looking at that chart, is it really an honest surprise that windows has lost 20% market share since the release of Windows 11?
Whats the best AV for MacOS?
Technically, it's not a virus but trojan. By neglecting basic data hygiene you can get malware on anything and if user is stupid, no antivirus will help. Second, unix based systems are inherently more secure, although windows has catched up quite a bit during last decade or so. Anyway, thanks for the useful information!
*caught up, but yeah 🙂
Had to head to the comments to see if anyone else caught this definition reassignment. Conflating a virus with a user initiated exploit is a stretch. I don't normally engage in splitting hairs over definitions, but in this case I will.
The marketshare argument is a mass adoption of a flawed opinion. Just because Mac or Linux does not have the same adoption rate that Windows does, does not mean that there is not an incentive to create "programs" of malicious intent on the others. There is now and has always been many different incentives to create programs for all three platforms, and the different motivations (financial, foss, watch the world burn) are shared as well.
Windows it is pretty much the only operating system that has suffered from viruses (self-replicating malware). Sure, exploits exist across all platforms, but if a bad actor, government really wants to spy on you, it will. Windows obtained this reputation not because of market share, but because of an engineering decision. Security was and always has been secondary (or non-existent) to "ease of use" in order to achieve Mass adoption. Microsoft lives by the philosophy, run now ask questions later. 😂
*nix has a super user, nothing runs accidentally. sure it can be exploited and hacked, but it is a no-mans-land for "viruses."
When did virus become synonymous with malware? One is not the other and the terms should not be used interchangeably…
At least macOS has a good API which requires software to request permission before accessing the file system or many other functions, the windows version of this is literally just a pop up window asking if the user wants to allow the program to "make changes to their computer", which could literally mean anything and everything; making it basically a useless popup because every program requires it.
It's not to say that macs are 100% safe, but the robust security functions make it way more secure than windows.
Can't wait until the TeamViewer random drive deletion is released as a virus.
MacUser: OH NO WE GOT A VIRUS WHAT DO WE DO
Windows user: First time
Funny because someone tried to argue with me on Reddit that Macs never get a virus 2 days ago. This makes that person seem so arrogantly ignorant.
still beatz staring at windowz it's like 1996 in there! 😳
Never gotten a virus that needs user interaction. The viruses I'm scared of are those you never see, and never need you to make a mistake. But i don't know how many of those that exists.
Have you experienced the new RUclips adware virus on Mac’s? I have and it sucks I am still trying to resolve the problem.
I don’t even have a Mac but I’m still watching. Lol
Some darknet diaries episode had this:
Hacking windows wasn't cool because it was too easy. Unix systems were way cooler
and every windows user has a anti virus llol
I'm particularly vulnerable because I use root as my main account so it won't even ask for authentication in the first place, it just "trusts" the app with full privileges.
He is selling it? Damn Apple is gonna send some men in black his way lol.
I install a few web downloaded applications on my MacBook Air, but the instant any application asks me to enter my password, I cancel and delete. Not worth the risk if I'm also taking a risk by installing outside of Apple's ecosystem.
I hope github stuff remains relatively safe as I do use that a lot, but it's only with very high user count things such as ytdlp, and some retro decompilation items.
You have a macbook? Oof. I hope you get better!
@@Warp3326 It serves a purpose. I still have my desktop PC for my primary uses.
Could you make a video about securing everything with a level only NERDS would do, and maybe using a USB stick to authenticate yourself?
i sometimes forget that theojoe was the original troll 10 years ago
Also, Mac should be a high-value target because Apple users are obviously richer than Windows users on average because of the "Apple tax"; people who can afford luxury-product prices are better targets. (Yes, obviously that's not 100% true and there are plenty of exceptions on both sides, but again, _generally._ )
Macs* Also no, mac users are not richer than windows users, in fact they are probably more poor than windows users because Apple products are overpriced. Windows is luxury. Its also good. What you said is very false.
@@Warp3326 Macs are expensive and can only be owned by people with money, and because of the way the system is set up, many people keep their passwords and credit cards on their computers. In Windows you can have a computer from €200 to one from €4000 or more, although users usually do not keep all that relevant information on their computer.
@@noahtorocalzado Yeah because the average windows user has a iq above 70. They use a usb key thingy to store passwords and such. (its some special key thing that is 100% virus and hack proof) (not kidding) Even if someone stole your key, they would need a ton of info if they put it in a unknown device.
@@noahtorocalzado Correction, if someone put it in a unknown device on a different internet connection, it will be denied.
The last and only time I got a virus on a Mac was about thirty years ago. I used to buy and use virus software but it seemed so useless I stopped using it. Hopefully I don’t come to regret that. After thirty years of no viruses it’s difficult to start using them.
Those prompts would be signaling alarms in my head
5:07 actually your wrong, if they steal your cookies then you will have nothing to eat and you will starve to death
me randomly feeling the name to download this and put random insults in the password thing:
Why the f*ck does apple automatically enter 2fa code, like what's the point, you can just disable 2fa
I'm a MacUser, and that concerns me a little bit since I used the keychain as mention also for 2fa, so onetime-passwords + username + password are all in the same place. (Maybe not the best idea to begin with). Usually I try to get my software from the App Store but yeah, I'll be definitely a little bit more alerted now. :P I lately "secured" my Apple ID with Security Keys, but if you have the password on a logged in device, you can simply remove then, so this wouldn't protect anything either...
Bruh, Maybe Hackers Is Money Hungry, For Monthly Membership 💀
This is so stupid of Apple to create that password dialog that not only grants the program unlimited access to the system with absolutely no oversight but also very easy to fake and get the password itself! What makes it even dumber is that mac use this dialog even if you have fingerprint authentication on 🤦🏻♂️
Mac user here. Definitely will be on higher alert now, thanks!
Hope you can get better. Best wishes!
@@Warp3326 lol
A virus is a self replicating malware. A virus is unable to replicate in a Unix environment. MacOS is Unix based and therefore a virus cannot replicate in that environment. It doesn't make MacOS immune to malware, only the replicating nature of viruses. However... when user input or action allows a malware payload to be delivered, replication is not required to cause damage. e.g., any computer not used solely in a closed environment needs malware protection and safe practices.