The best way to keep macOS free from malware is to keep Chrome free from malicious extensions
The Apple Work program is presented by Kolide, which provides endpoint security to teams that use Slack. Kolide informs your team via Slack when their devices are insecure and provides step-by-step instructions on how to fix it. End-users are the most powerful, untapped resource in IT.
Apple's Endpoint Security API was recently discussed and praised as a well-designed security solution that enabled IT to maintain a stable fleet of devices while end users enjoyed it. I wanted to highlight one of the most significant sources of "malware" on macOS this week. We'll discuss Chrome malware from extensions that create user confusion, pose security risks, and more.
The enterprise IT network that Bradley Chambers managed was in place from 2009 to 2021. As a former Apple IT manager, Bradley has deployed and managed firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads. He will discuss how Apple IT managers deploy Apple devices, build networks to support them, train users, and share stories from the trenches about how Apple can improve its products for IT departments.
Aside from being tightly integrated with macOS apps and Apple Pay, Safari has been rated among the fastest browsers. Apple has done an excellent job of enticing developers to create extensions for Safari. Despite its deep compatibility with Google Workspace and the large ecosystem of extensions, Chrome remains a favorite among many users.
The problem with Chrome malware from extensions is that they often do things the user doesn't expect. The user may be forced into a search engine or homepage they were not expected by an extension that claims to be a PDF editor. There's no question what's going on here: a free extension makes money by skimming ad clicks/views on search engine usage.
The fact that this will also happen is usually buried in the terms. I've dealt with more Chrome malware from extensions than I have with macOS malware in all my years in IT. Installing extensions through pop-up ads is effortless, so it just ends up happening
Some extensions are straight-up malware, while others hide what's going on. My worst experience was with the "searching" malware that pretends to be part of Google Workspace's Chrome Management experience. Chrome Management extends your device management. Chrome may not be installed on your devices and you may not allow it, which is perfectly reasonable.
Especially if you're using Microsoft 365, Safari on macOS should be your browser of choice if you want users to stick with it as their primary browser. You may prefer Chrome if you are using Google Workspace for Google Docs, Google Spreadsheets, and Google Slides. Here, you should ensure that Chrome instances are managed.
Chrome management is now available as part of many Apple device management solutions. In general, it's best practice to set chrome://policy via MDM, as Google supports it. To allow Chrome, either set a list of allowed extensions that can be installed via a policy or ban all extensions completely.
Kolide brings you Apple Work, endpoint security for Slack teams. Kolide notifies your team via Slack when their devices are insecure and provides step-by-step instructions on how to resolve the issue. Utilize the most powerful, untapped resource in IT: your end users.