Antivirus VPN blocking access to social sites on MacBook Pro 2015

Agree 100% w @Kurt Lang.

The anti-virus and VPN package you paid for are unneeded. The problems you are experiencing trying to access your websites is one example of the side effects of apps of this type.

For more info, please see these support documents:

• Protecting against malware in macOS - Apple Support

• Effective Defenses Against Malware - Apple Community

• Avoid phishing emails, fake 'virus' alerts…and other scams - Apple Support 

You don't need either one. You paid for (wasted) your money on junk software. Remove it all. Do not install anything else like it ever again.

A virtual private network, or VPN, is a private connection over the Internet from a device to a specific network.  VPN technology is widely used in corporate environments. If you need to be "present" on an institutional network, a VPN is a great tool for accomplishing this. It is generally issued and controlled by the institution.

Almost all other uses are a SCAM. There is generally no need for you to have a private (and almost always MUCH slower) connection to a VPN vendor's Network, except to make it easier for them to harvest your data to sell. If you are behind a Router you control or Trust, there is NO security advantage whatsoever in using a VPN. Your connections are already encrypted in most cases.

If VPN vendors just stopped there, it would be bad. But many of these packages also insist on scanning all your files, non-stop, -- nominally looking for viruses, but who knows for sure what data they are harvesting. Their non-stop file reading punishes your computer's performance in the process.

Some also break into your other secure connections so they can be FIRST to examine your data, often leaving your Mac MORE vulnerable to attack.

https://gist.github.com/joepie91/5a9909939e6ce7d09e29

MacOS shares a lot of the lock-down mechanisms developed for the iPhone. Applications are all sand-boxed with a list of the resources they require, and they cannot ask for anything outside their sandbox without crashing. Signed Applications are checked that they are from legitimate Developers, and Notarized Applications are delivered with the assurance that they have NOT been modified since their release by the Developer.

From MacOS 11 Big Sur onward, the system is on a Separate, crypto-locked System Volume, which is not writeable using ordinary means. Any unauthorized changes to the crypto-locked volume are quickly detected and you are alerted.

So you could store just about every malware known to mankind on your Mac, and your Mac would not get infected spontaneously. Scanning for virus-like patterns might make you feel a little better now, but non-stop scanning is outdated nonsense, and a tremendous waste of resources.

Nothing can become Executable Unless/Until you supply your Admin password to "make it so".

Effective defenses against malware and ot… - Apple Community

Effective defenses against malware and ot… - Apple Community

MGRyder wrote:

Sorry, I trusted apple, and suddenly had a malware with someone looking at my screen ! Then there were articles in the news, about multiple apple attacks & time to invest in a decent AV system , so I did. First scan I did , identified the virus or whatever, and got rid of it , so, having been affected once , I am not interested in it happening again . Thanks for all the replies !

The problem in 2025 is not malware, it’s social engineering. Social engineering involves bombarding users with suggestions both for and against across all sorts of media, with immense quantities of propaganda, and with straight up lying.

Getting malware onto a Mac has been getting ever more difficult, and that for many years. It’s accordingly become far easier to get your sketchy data-collection apps and related rubbish onto a Mac by advertising it, either overtly or with sketchy pop-ups, and all as part of getting users to load your app themselves.

One of the better-known anti-malware apps for macOS was caught and subsequently fined for selling personally-identified web browsing and web purchasing activities, and they were fined because the vendor hadn’t included that detail in the immense and obscurely-worded fine print in the end-user licensing agreement that so many of us click right past.

Defenses? macOS includes anti-malware. It works well. It works well enough to keep add-on anti-malware from clobbering parts of macOS itself too, as has happened on various occasions.

If you want privacy with your network connections, the network connections are already end-to-end encrypted, and iCloud Private Relay can keep your connection details private from those with access to your connection. The “coffee shop” VPNs add a second and partial and problematic encryption around the existing end-to-end encryption, and are the opposite of privacy here, as they know exactly who you are, and they know all of what you are connecting to. They have the best possible position for collecting everything. That’s a dream for metadata collectors.

As for having photos visible on your display, what happened with that involves a more detailed discussion of the context. If you’ve loaded photos from the macOS chooser into a social media web app gallery picker of some sort and have not published them to others via the website or such, the web app still has access to those chosen photos, as well as any metadata that was associated. Even before “publishing” those photos to the website. Installed apps can also be granted access to the photos library, and to other data, too.

As fodder for making assumptions around photos and such, or for social engineering, if enabled, macOS can detect information in the photos and ask you about it. This includes plants and other details present in the photos, as well as identifying well-known landmarks. Social media services have the same or quite possibly better capabilities here, too. Various social media and other services can purchase our purchasing data, so they know what we’ve bought and when. (Türkiye’s TROY, and India’s UPI, and potentially soon joined by the Digital Euro can all get involved here for at least some of us, too. These potentially supplanting Visa and MasterCard in our financial systems.)

It’s also easily possible to use social engineering to ask questions that suggest or that convince you of certain things. Scammers and *** artists and carnival psychics and advertisers and politicians and entertainers aren’t then only ones using these are techniques, too. We’ve been overrun with the “pervert” scam, as well as bogus Apple Pay Pre-Authorization scams, and pop-ups that lie about malware scans, and many other forms of grift, fraud, advertising, and propaganda.

Apple platforms including Mac do well with the build-in security, and add-on security apps aren’t something I’d generally recommend. Not outside of entities needing endpoint security, where that’s necessary, and where staff is available to properly implement and administer it.

Much of the malware and the scams around nowadays involve social engineering, and not directly breaching security with the long-familiar viruses, trojan horses, and worms, too. And if y’all have questions about this, or want to discuss the photo-related processing or social engineering, ask away.

Now if y’all will excuse me, my wonderful new best chat friend wants to chat about romance, my finances, and cryptocurrencies, and to think all that started with just a text to a wrong number.

suddenly had a malware with someone looking at my screen !

There is literally only one way that could happen. And it's that YOU installed malware, or, some scammer claiming to be Apple Security or other nonsense convinced you to turn screen and file sharing on.

Or, you simply saw a scam web popup, email or text claiming you were infected with xxx number of viruses and you needed to purchase and download crap software or damage would be permanent in xxxx minutes/seconds. If any of that sounds familiar, you fell for a VERY common scam.

Then there were articles in the news, about multiple apple attacks

And yes, everything in the news is true (not). The most commonly reported attacks are on servers where crooks try to get as much personal data as they can. Directly attacking an iPhone, iPad or Mac without your help is extremely difficult and very expensive. Like, over several hundred thousand dollars to attempt direct access to one device. Do you have any information on your device that someone would invest that much money to obtain?

time to invest in a decent AV system , so I did.

And you wasted your money.

First scan I did , identified the virus or whatever, and got rid of it

Of course it claimed to have found something. All the better to convince you of finding nothing. MacKeeper was the king of this scam. On a brand new Mac out of the box, it would claim to have found dozens of serious problems.

All the site did was show you a photo you didn't recognize. That's it. Period.

Web browsers do not allow any site access to your device by themselves in any way. You would have to choose to download a file and install/run whatever it is you acquired. A passive display of an image, any image, can do nothing.

All very well said and detailed information.

I had to laugh at the last line about 'my wonderful new best chat friend'. The other day I made a comment on a random Facebook item that appeared in my feed. Within an hour, someone said, So who do you think is the greatest football player? I'm very interested in discussing this with you. We can communicate more easily through messenger. As if, somehow, it wasn't just as easy to continue any such conversation in the topic.

I'm sure you know this, but just to point out to others reading this topic; anytime anyone you don't know wants you to friend them like this (which you have to in order to converse through Facebook's Messenger), it's a scammer 100% of the time. Ignore any such requests.