No, that narrative died around 2010. The existence of malware targeting Macs has driven many macOS security improvements since, many of which are taken personally by HN readers.
XProtect (Apple's built-in antimalware) is usually all you need, as long as you're at least somewhat savvy (and sometimes even if you aren't). I believe installing any additional antimalware on a Mac is a waste of resources.
Actually… I think this be solved by AI answers. I don’t look up commands on random websites, instead I ask an LLM for that kind of stuff. At the very least, check your commands with an LLMs.
Yesterday I was debugging why on Windows, my Wifi would randomly disconnect every couple hours (whereas it worked on Linux). Claude decided it was a driver issue, and proceeded to download a driver update off a completely random website and told me to execute it.
What we used to have, 15 years ago, was a really well functioning google. You could be lazy with your queries and still find what you wanted in the first two or three hits. Sometimes it was eerily accurate and figuring out what you were actually searching for. Modern google is just not there even with AI answers which is supposed to be infinitely better at natural language processing.
Don’t the LLMs get their information from these random websites? They don’t know what is good and what is malware. Most of the time when I get an AI answer with a command in it, there is a reference to a random reddit post, or something similar.
lol, is this serious? The final straw with Mac for me was when I accidentally hit “No” when asked if I wanted to give my terminal access to the file system. All of a sudden I was starting my work day without a working terminal. Obviously there was a solution, probably an easy one, but I didn’t even look for it.
This sucks because the web should be the perfect, safe platform for this kind of application, but it isn't. Technically all the features exist in the browser such that you could write a homedir cleaner, space analyzer, etc purely in a browser tab, but because of the misguided (in my opinion) way that browsers refuse to do open a homedir, it's impossible.
I'm not sure letting a webapp access your home is a good idea. You're basically YOLOing random remote code to run on your machine. Maybe we can have it access some specific folder for its own data.
And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.
The web already has these APIs, it can be granted read-only permissions to designated directories. But the browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files". Because of that policy the API is not useful for the application of a space analyzer.
A solution would be to stop shipping macs with the terminal app\s. Computers are now used by a wide variety of people, some without technical knowledge, maybe a default switch on macOS that displays warnings on rather trivial attacks would help.
GitHub too https://iboostup.com/blog/ai-fake-repositories-github
Are we still pushing the myth that anti-malware on Mac isn't necessary?
I support quite a few Mac users and never recommend it myself. Also own a couple Mac’s and don’t use it.
I do occasionally use an app to clean somebody’s Mac of an irritating browser search hijack. I’ve never seen anything else.
Why should I change my mind?
No, that narrative died around 2010. The existence of malware targeting Macs has driven many macOS security improvements since, many of which are taken personally by HN readers.
XProtect (Apple's built-in antimalware) is usually all you need, as long as you're at least somewhat savvy (and sometimes even if you aren't). I believe installing any additional antimalware on a Mac is a waste of resources.
How does antivirus software protect users who paste malicious commands they find online into the terminal?
By scanning downloaded binaries for known viruses?
A text command pasted into the terminal isn't a binary.
Convincing a Linux user to paste rm -rf / into the terminal is not malware. It's social engineering.
Scanning binaries for known malware is already built into the OS.
At least macos has file access permissions.
Comparing to DOS or what? No one runs Win10/11 on FAT now, while NTFS has access permissions and ACLs.
I remember that Win32 apps on Windows 10 and 11 can do whatever they want with the users personal files. Has that changed?
What does that even mean? NTFS file access permissions (35 years old at this point) are far more powerful than 1970s-era Unix permissions model.
He’s talking about sandboxing and permissions prompts
Actually… I think this be solved by AI answers. I don’t look up commands on random websites, instead I ask an LLM for that kind of stuff. At the very least, check your commands with an LLMs.
Yesterday I was debugging why on Windows, my Wifi would randomly disconnect every couple hours (whereas it worked on Linux). Claude decided it was a driver issue, and proceeded to download a driver update off a completely random website and told me to execute it.
My point is, this is not solved by AI answers.
What we used to have, 15 years ago, was a really well functioning google. You could be lazy with your queries and still find what you wanted in the first two or three hits. Sometimes it was eerily accurate and figuring out what you were actually searching for. Modern google is just not there even with AI answers which is supposed to be infinitely better at natural language processing.
Google was such a revelation after the misery of Alta Vista and kin. I miss the days when I liked them.
Don’t the LLMs get their information from these random websites? They don’t know what is good and what is malware. Most of the time when I get an AI answer with a command in it, there is a reference to a random reddit post, or something similar.
Thanks for reminding me to turn off Full Disk Access for Terminal. I'm not sure why I had that one turned on.
Probably because you can’t even properly `ls` system directories without it.
depends which directories…
What would you do in the terminal without it?
Because it is useless without?
lol, is this serious? The final straw with Mac for me was when I accidentally hit “No” when asked if I wanted to give my terminal access to the file system. All of a sudden I was starting my work day without a working terminal. Obviously there was a solution, probably an easy one, but I didn’t even look for it.
The solution is to enable Full Disk Access in settings.
Another reason to avoid Medium like cold grits.
This sucks because the web should be the perfect, safe platform for this kind of application, but it isn't. Technically all the features exist in the browser such that you could write a homedir cleaner, space analyzer, etc purely in a browser tab, but because of the misguided (in my opinion) way that browsers refuse to do open a homedir, it's impossible.
I'm not sure letting a webapp access your home is a good idea. You're basically YOLOing random remote code to run on your machine. Maybe we can have it access some specific folder for its own data.
And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.
Seems like a great idea for something to just run inside a chroot jail (or the modern equivalent, a container).
The web already has these APIs, it can be granted read-only permissions to designated directories. But the browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files". Because of that policy the API is not useful for the application of a space analyzer.
A solution would be to stop shipping macs with the terminal app\s. Computers are now used by a wide variety of people, some without technical knowledge, maybe a default switch on macOS that displays warnings on rather trivial attacks would help.