Category Archives: Apple

Meltdown/Spectre resources

[Content now transferred to the resource page here, which I intend to expand and maintain as time allows.]

Official commentary from Apple: About speculative execution vulnerabilities in ARM-based and Intel CPUs and from Google: Today’s CPU vulnerability: what you need to know

Related Resources:

David Harley

New Mac Malware Resource

Well, actually, it’s an old one. It’s at the Mac Virus site I kicked back into life a few months ago, primarily as a blog site.

However, I’ve been under some pressure to restore some of the features of the old Mac Virus site. While I’ll be restoring some (more) of the pre-OSX stuff for its historical interest, I don’t see that as a big priority right now. But as I’ve been talking quite a lot about Mac threats in the past month or two (see for example), there’s been curiosity about what we’ve been seeing in the way of OS X malware.

Enter (stage left, with a fanfare of trumpets) the Mac Virus “Apple Malware Descriptions” Page at Right now it consists of two descriptions of Mac scareware from 2008, so it’s at a very early stage of development. (It just happens to be those two descriptions because someone asked me about them yesterday.)

Isn’t this stuff available elsewhere, I hear you ask? Of course it is. The point about these descriptions is that unlike most vendor descriptions, they point to various other sources of (reasonably dependable) information, as well as including a little personal commentary. It’s a first cut at attempting to answer the question “if there’s so much Mac malware around, where is it?”

More later…

AVIEN Chief Operations Officer
Mac Virus Administrator
ESET Research Fellow and Director of Malware Intelligence

Also blogging at:

SRI iBotnet analysis

I’m not a huge fan of SRI, mainly because of its misconceived and inept use of VirusTotal as a measure of a measure of anti-malware effectiveness. (Unfortunately, SRI is not the only organization to misuse what is actually a useful and well-designed service by Hispasec as a sort of poor man’s comparative testing, even though  Hispasec/VirusTotal themselves have been at pains to disassociate themselves from this inappropriate use of the facility: see

So it pains me slightly to report that they have actually produced a reasonable analysis of the botnet associated with the iPhone malware sometimes known as Ikee.B or Duh (sigh…) But they have, and it’s at

I wish I could say that some of their other web content is of the same standard. Disclaimer: the company for which I currently work does indeed consistently appear at a very low position in SRI rankings, so you’d expect me to dislike the way they get their results. I do… But I dislike even more the way that they’ve ignored all my attempts to engage them on the topic. OK, rant over. The ikee analysis is still well worth a look.

Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:

Mac Whacks Back

It sometimes seems like I’ve spent the last twenty years trying to persuade Mac users that using a system named after a fruit doesn’t mean that there are no snakes in Eden or that angels will protect you from all harm.

Not, perhaps, completely in vain, but apparently many of the old Mac evangelist mindsets continue to prevail, irrespective of the true nature of the threatscape. (Macs don’t get viruses, Trojans don’t matter, there are no Mac vulnerabilities and if there were they’d be fixed immediately, social engineering is irrelevant, Microsoft Bad/Apple Good, blah….) There is a polite but nonetheless naive article that more than hints at this mindset here:

Thanks, however, to Kurt Wismer for reassuring me that Mac security is not just my own personal crusade:

I have a feeling I’m not done with this issue. And just to be clear: for most of those 20 years I was working for customers, not for vendors…

Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at: