No, that narrative died around 2010. The existence of malware targeting Macs has driven many macOS security improvements since, many of which are taken personally by HN readers.
Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).
Gatekeeper and Xprotect are good, but there's only so much they can do.
XProtect (Apple's built-in antimalware) is usually all you need, as long as you're at least somewhat savvy (and sometimes even if you aren't). I believe installing any additional antimalware on a Mac is a waste of resources.
Actually… I think this be solved by AI answers. I don’t look up commands on random websites, instead I ask an LLM for that kind of stuff. At the very least, check your commands with an LLMs.
Yesterday I was debugging why on Windows, my Wifi would randomly disconnect every couple hours (whereas it worked on Linux). Claude decided it was a driver issue, and proceeded to download a driver update off a completely random website and told me to execute it.
What we used to have, 15 years ago, was a really well functioning google. You could be lazy with your queries and still find what you wanted in the first two or three hits. Sometimes it was eerily accurate and figuring out what you were actually searching for. Modern google is just not there even with AI answers which is supposed to be infinitely better at natural language processing.
Don’t the LLMs get their information from these random websites? They don’t know what is good and what is malware. Most of the time when I get an AI answer with a command in it, there is a reference to a random reddit post, or something similar.
lol, is this serious? The final straw with Mac for me was when I accidentally hit “No” when asked if I wanted to give my terminal access to the file system. All of a sudden I was starting my work day without a working terminal. Obviously there was a solution, probably an easy one, but I didn’t even look for it.
> Obviously there was a solution, probably an easy one, but I didn’t even look for it
It's hard to take this seriously. It's the most obvious setting possible. Settings > Privacy & Security > Full Disk Access > tick the apps you want to have it.
What's even the complaint here? That Mac has solid app permissions, but you can't be bothered to open the settings?
This sucks because the web should be the perfect, safe platform for this kind of application, but it isn't. Technically all the features exist in the browser such that you could write a homedir cleaner, space analyzer, etc purely in a browser tab, but because of the misguided (in my opinion) way that browsers refuse to do open a homedir, it's impossible.
I'm not sure letting a webapp access your home is a good idea. You're basically YOLOing random remote code to run on your machine. Maybe we can have it access some specific folder for its own data.
And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.
The web already has these APIs, it can be granted read-only permissions to designated directories. But the browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files". Because of that policy the API is not useful for the application of a space analyzer.
A solution would be to stop shipping macs with the terminal app\s. Computers are now used by a wide variety of people, some without technical knowledge, maybe a default switch on macOS that displays warnings on rather trivial attacks would help.
I do occasionally use an app to clean somebody’s Mac of an irritating browser search hijack. I’ve never seen anything else.
Why should I change my mind?
Convincing a Linux user to paste rm -rf / into the terminal is not malware. It's social engineering.
Scanning binaries for known malware is already built into the OS.
Gatekeeper and Xprotect are good, but there's only so much they can do.
In this case, the user is warned that the command wants to do something dangerous and must manually allow or deny the action.
My point is, this is not solved by AI answers.
> Obviously there was a solution, probably an easy one, but I didn’t even look for it
It's hard to take this seriously. It's the most obvious setting possible. Settings > Privacy & Security > Full Disk Access > tick the apps you want to have it.
What's even the complaint here? That Mac has solid app permissions, but you can't be bothered to open the settings?
And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.