Interesting article considering Congress is trying to force side-loading. Here’s the ringer—
“Because of that, it's recommended that you only get apps directly from trusted developers and services like the Mac App Store. Avoid clicking on links in advertisements and don't download anything from a pop-up on a website.”
This is why many of us don’t want side-loading. Why is Congress trying to open up iOS instead of allowing Apple to try to make it as secure as possible?
It is authoritarian to force your preferences on other people. There are many legitimate reasons to avoid App Store only apps. Besides, just turn up the security on your Mac if you truly want no "side loading", aka installing software for the last 30+ years. Side loading is a term deliberately designed to poison the well to favor the authoritarians amongst us. In any case, for App Store only Macs goto Apple > System Preferences > Security & Privacy > 'Allow apps downloaded from:' > 'App Store'. The default is "App Store and identified developers" which by the way means Apple has scanned non-App Store apps for malware before you download it from whatever website. It is part of their Notarization process. You cannot download and run an app by default on a Mac that hasn't been scanned by Apple for malware previously with the attached signatures ensuring that it is the same bits that Apple scanned. A user can of course bypass Gatekeeper for a download, but not inadvertently. They must do so deliberately. Turn on the App Store only feature I noted and even the bypass doesn't work. There is simply no need for your desired authoritarianism. Apple's existing solution caters to authoritarians and libertarians. It is just a shame it doesn't exist on iOS.
I personally only use the App Store... but if it should happen to someone... would Malwarebytes Anti-Malware software be able to fix the problem?
The paid version of MalwareBytes would be unlikely to let it install at all.
The best the free version could do is isolate it once you detected a problem and ran the program, but damage could already have been done.
MalwareBytes is frequently updated for threats like this, so I encourage folks to purchase the paid version. It’s cheaper and better than the other big brands.
Interesting article considering Congress is trying to force side-loading. Here’s the ringer—
“Because of that, it's recommended that you only get apps directly from trusted developers and services like the Mac App Store. Avoid clicking on links in advertisements and don't download anything from a pop-up on a website.”
This is why many of us don’t want side-loading. Why is Congress trying to open up iOS instead of allowing Apple to try to make it as secure as possible?
Stop it. This has NOTHING to do with loading software onto your iPhone from any source of your own choosing.
It has everything to do with it. Side loading opens the door for these types of exploits to work on iOS. Why? Because trusting Apple users can be switched to an unverified App Store that may even mimic the real store and infect the device and all the devices connected to that Apple account. Remember up to 5 users I believe can get automated access to shared apps and purchases.
This is a disaster waiting to happen. Apple’s only solution to mitigate this would be to sand box the apps and prevent full access to the system.
Magic word is ‘trojan”. Stupid people click on this shit and then march over to the Apple Discussion Forums demanding Apple fix it... RIGHT NOW!
I still get the “You need to update to the latest version fo Flash Player to view this content" once in a while. And the dumb asses of the world go right ahead and click.
Before you get too high-and-mighty, consider this scenario: You type "amazon" in the search bar, and the first Google result is a sponsored ad as a link to Amazon. Mousing over the link even displays "https://www.amazon.com/". You click on it, and it takes you to a malicious website that attempts to download ransomware.
This is something that actually happened to one of my users, who thankfully called me over in time for me to examine the situation and determine that they had done literally nothing wrong and still NEARLY got bitten. Fortunately, her system was fully patched, and the attack didn't employ any zero-days, but if you think you're too clever to never click on something that will attack you, you're wrong. Other layers of security are important too.
Comments
The best the free version could do is isolate it once you detected a problem and ran the program, but damage could already have been done.
MalwareBytes is frequently updated for threats like this, so I encourage folks to purchase the paid version. It’s cheaper and better than the other big brands.