Which is a really problematic mental image. 
3 Likes
Fixed! Sorry about that.
3 Likes
My personal view on security software is that every person should determine their risk tolerance and need for additional layers of privacy and security protection based on how they use their computers and the types of data they store.
My own Mac security strategy is centered around risk management, not predictions of bad actors’ behavior. I prefer spending some time up front–and money if justified–to minimize the possibility of having to deal with the fallout of an attacker putting viruses or malware on my computer. I view anti-virus and anti-malware software as a form of insurance. Yes, it sucks that I need it but I feel that having it lets me sleep better than not having it.
Also, we are all human and we make mistakes, especially when we are in a rush, distracted, or tired. Relying on constant vigilance as protection requires perfection. I don’t reach that standard very often, especially with something that is constantly changing and morphing.
Finally, I always try to keep in mind that nobody on an Internet message board will be consistently available to help me if I follow bad advice or take an action that turns out it be ill-suited to my personal situation. The same goes for bloggers, websites, and social media.
This is the setup I use on my Mac:
Level 1 (foundation)
- Anti-virus (I use the anti-virus and Web Protection modules of Sophos Home)
- Anti-malware (I use Malwarebytes)
- Firefox browser with ad blocking and Javascript blocking add-ons (I use AdBlock Plus and NoScript) for general web browsing. I keep Safari relatively stock and only use it with a very small number of trusted websites.
Level 2 (good to use but have more convenience vs. security tradeoffs)
- Little Snitch (monitor outgoing Internet connections, essentially a reverse firewall)
- RansomWhere (anti-ransomware monitor)
- SilentKnight (utility for easily checking Apple’s own security measures in macOS for updates)
1 Like
I use both but don’t absolutely need either. 
First: +1 to what Adam said: CleanMyMac is very reputable. MacPaw is a great company. But MacKeeper is scum.
I use the version of Malwarebytes or the anti-viral component of CleanMyMac every now and then. Not on a schedule, just whenever I think of it or immediately after I stumble into something that seems questionable. They rarely find anything and it’s ever been consequential.
More important is to make sure your not-so-savvy loved ones are equipped and have good habits. I run Malwarebytes every time I work on their systems.
And even MORE important: Make sure everyone has backups because spit happens, no matter how careful we are. I make sure we all have live, in-house backups (Time Machine and disk cloning tool) plus an off-site backup (Backblaze).
1 Like
Thanks to all for the advice and opinions. I think I have decided to go with the apparent majority and continue to use CleanMyMac and downgrade to the free version of Malwarebytes. That will save me $45 per year. Thanks again,
Randy
Smoke and mirrors. Stop listening to rumors. CMM is fine. In fact it’s great.
While not wanting to get into this debate (i use Malwarebytes free, but not the others) i should mention that just because something comes out of Ukraine does not mean it comes from “good guys”. My router is set up to block intrusions from Russia and Ukraine, and i have blockages of attempted intrusions every day from both those countries. It is useful to remember two things: Russia occupies regions of Ukraine, and there are a fair number of pro-Russian citizens in Ukraine.
2 Likes
"just because something comes out of Ukraine does not mean it comes from “good guys”.
Nor does it mean that it comes from bad guys, either. You’ve got to investigate and do some research. I’ve only done a little, but what I’ve found is summarized in this, which I got from Bing’s Copilot:
“MacPaw is a company that was founded and primarily operated in Kyiv, Ukraine. In response to the Russian aggression against Ukraine, MacPaw has taken several steps to ensure the safety of their team members based in Ukraine and to continue their operations. They have prepared various assistance programs and launched an emergency plan.
Despite their office being located in Kyiv, they securely host all of their infrastructure and user data on Amazon Web Services, whose physical location is outside Ukraine. Their payment provider, Paddle, operates from the United Kingdom.
In terms of their stance towards Russia, MacPaw has decided to stop selling their products to users from Russia and Belarus, and the funds collected from these markets are being sent to support the Ukrainian army. They have also developed a free Mac app called SpyBuster that identifies software built by and reporting to “undesirable countries of origin” — such as Russia and Belarus.
So, while MacPaw is affected by the situation in Russia due to their location in Ukraine, they do not have any direct connection to Russia. Instead, they have taken steps to distance themselves from Russia and support Ukraine in the current conflict.”
My router is set up to block intrusions from Russia and Ukraine, and i have blockages of attempted intrusions every day from both those countries.
If any of this has named MacPaw as a bad actor or even a suspect, please report. A simple generalization like that is proof of nothing specific.
It is useful to remember two things: Russia occupies regions of Ukraine, and there are a fair number of pro-Russian citizens in Ukraine.
I think by now everybody knows that. Moreover, everybody knows that bad actors can be quite subversive and successfully disguise themselves. Further, everybody knows that disinformation and misinformation abounds all over, in fact, such things are used by all countries today.
And finally my experience (YMMV): I’ve only had good experience with CMMX, and have had no reason to suspect its creators of any maliciousness. If you’ve got evidence to the contrary, please post it.
I would never use Cleanmymac even though they have worked hard to build confidence over the years (which they certainly didn’t have at first, but most because it is fairly useless and there are free better alternatives. Malwarebytes was better before ut was bought up, but it eventually got better again. After it was bought up it could not find much malware, but Clamxav that Thomas Reed thought was doubtful was the only helpful anti-malware then – both are good now, but Apple has also stepped up the game on its own and made both less meaningful. Best is to use BlockBlock now.
1 Like
Plus BlockBlock’s developer, Objective-See, is led by a well respected Mac security expert and offers many donationware security tools and utilities. I’ve used several of its products for years now.
3 Likes
From the MacPaws site: https://macpaw.com/about
Boston headquarters is where our bravest ideas meet the world. Kyiv headquarters is where our hearts beat, and our cats live. But two offices can never contain our wild souls.
At any given moment, about a third of MacPawians work from 30 other countries across the globe. We work from anywhere, but we have our ways to stay a community. Seriously, we made a whole Together App just to stay connected.
I have no dog in this fight, and I have never heard of MacPaw. I was only pointing out that there are bad actors in Ukraine and they attempt to intrude on American devices daily. You may choose to ignore that information- I do not care at all. But, I do know that Russia and Belarus are not the only sources of malware and phishing. Best of luck
bill
2 Likes
MacPaw doesn’t have a bad reputation.
No votes for DetectX Swift?
There are bad actors in every country attempting to intrude on American (and every other country’s) devices daily. If you’re not going to use software from a country where there are bad actors, I guess it’s back to an abacus.
1 Like
Why are you arguing with me? I was just trying to put a slightly finer point on a point that you had made rather well- but it seemed to me that you had implied that Ukraine was not a major source of malware, while my personal experience is different. Are you saying that I am wrong about my personal experience? If not, let it be, please. I am 100% on Ukraine’s side, but I try not to be blind either.
2 Likes
Yeah, I’m one of those. Admittedly my prejudice goes back many years, and is at least based on experience. Admittedly, some of those cleaning programs got tarred with the MacKeeper brush. It’s good to hear that CMM has acquitted itself well with some of the other commenters here.
I do recommend to clients Malwarebytes for manual scans, and DetectX Swift also, even though doing both is probably redundant. I still don’t like anything that runs continuously, again a holdover from many years ago.
Don’t worry, my dinosaur attitudes will succumb to attrition at some point :)
1 Like
I’ve used Malwarebytes since it was Thomas Reed’s shareware program. Its focus is pretty narrow, but it’s worked well for me. I’ve only rarely had any malware found on my system. Some of my clients, though…!
At least two clients had contacted me to help them pick out a new computer because their old one was so slow. I always run MB just to check; in one case it removed over 75 adware items. Upshot, both clients ended up not needing a new computer after all. I think that’s pretty worthwhile.
Even though you can run manual scans for free, I encourage people to pay for it anyway, even if they don’t turn on the full-time protection.
I’ll give DetectX Swift a vote. I use it and MalwareBytes. Probably a lot of overlap.
DetectX Swift advantage is that it’s currently free as a fully capable utility until v2.0 comes out. Although the developer last indicated that he would be providing malware signature updates, the v1 app itself will not be updated for any reason. He seems to be completely occupied by his day job. I don’t believe I know a way to confirm it’s still receiving signature updates.
I use MwB and it discovered 2 Trojans recently, both hidden in e-mails.