I’ve had several cases of adware installing illegitimate Profiles. Usually, examining the profiles will help you figure out if they belong there or not. I mostly work for private individuals and so far all of the Profiles preferencepanes have been installed by adware. Malwarebytes and DetectX, my go-to adware removers, will not fix the Profiles problem; like resetting your preferred search engine, this has to be done manually.
1 Like
None of this is new—being unable to revert your search engine, as well as finding a bunch of sketchy downloads purporting to help you fix your problem. It’s a real predator/prey relationship, an arms race, between scammers and anti-malware publishers. Each side is constantly coming up with new weapons.
As a Mac consultant, what I usually do with clients is download Malwarebytes and DetectX, both of which can be run for free (although I encourage people to pay for them as they are very useful). It’s important to use both because each one picks up stuff the other one misses. Then some manual cleanup is often required such as getting rid of spurious Profiles prefpanes and resetting your preferred search engine and homepage.
One client called me for help deciding on a new laptop to buy because his old one was “too slow”. After we ran adware removal, which found 76 evil items, his computer was as good as new and he decided he didn’t need a new computer after all.
1 Like
On a related note, does anybody have good advice on a malware checker that doesn’t require a subscription? I’m talking about a checker app I can periodically launch to check all or some of my system’s files, not something running all the time in the background. There used to be the simple lightweight ClamXav that provided a nice clean wrapper to well established and open clamav tools. Nowadays CamXav requires a subscription though. I refuse to buy software through the subscription model so if anybody knows a good alternative, I’d be happy to take my money to that shop instead.
I usually recommend the free version of Malwarebytes, which sounds exactly like what you want.
Thank you, Adam. Will definitely give it a spin.
Okay…this is likely to cause a kerfuffle.
Many folks will recommend MalwareBytes as a comprehensive anti-virus solution. And the MalwareBytes folks themselves have been advertising it as a comprehensive solution to protect your Mac from malware. MalwareBytes does a scan of (supposedly) your entire drive and it takes what? About 17 seconds? Hmmmm. You can’t even scan one folder with a good number of files in it in that amount of time. I believe that MalwareBytes is a comprehensive solution for adware, but it stretches the imagination to believe that it is scanning your entire hard drive for all malware in a handful of seconds. Legitimate anti-virus software often takes an hour or two to do a complete scan of your hard drive.
Plus, recently MalwareBytes has become very intrusive. Even the free version of MalwareBytes now installs a lot of files all over your Mac, deep in the System. If you put “malwarebytes” into EasyFind, it’s really varied for folks. Some find just a few files, some find as many as 23! I don’t know what they are all doing, but I don’t trust it and I don’t trust the company it comes from.
Instead I now recommend this very similar program, which isn’t as intrusive for dealing with adware (but not all malware):
DetectX (free)
Now, are you looking for free legitimate anti-virus software that’s both good and which hasn’t been implicated with slowing Macs to a crawl (unlike, for instance, Sophos)? Check out:
VirusBarrier Free Edition (free)
This is a full version of Intego’s anti-virus program VirusBarrier [usually $40/year] minus some [but not all] of the automated scanning features in the commercial version. For those who don’t know, Intego’s VirusBarrier is the only anti-virus [AV] program that comes from a company that only creates software for the Macintosh, and it consistently wins all the believable comparison tests [there are lots of shill sites on the Web].
Have a look at this respected review site (now moribund):
http://www.thesafemac.com/mac-anti-virus-testing-2014/#more-1308
(This comparison was done before the Webmaster of the site was hired by the Malwarebytes folks.)
Macworld:
“Intego’s Mac Internet Security X9 [includes Virus Barrier] is our pick of the bunch, making it the best antivirus.”
As anticipated by Randy, he and I have had this discussion a number of times before. Those of you using Malwarebytes are well aware that today those scans take much longer than they did initially, and what they mean by a whole disk scan is that they look everywhere on your drive where infections are known to be installing malware, but not every file on your entire drive like all legacy anti-virus software has done and for the most part continues to do. From my work with the developers of. ClamXAV, DetectX and Malwarebytes, I’m thoroughly familiar with this methodology and they all accomplish it in the same way.
ClamXAV has an additional mode where it can be scheduled or manually initiated to scan all the files that it has read access to, but those scans take hours.
All three also have some degree of Heuristics or AI capability which are capable of detecting unusual behaviors that might indicate a new, zero-day infection, some sometimes they are able to give an early warning, but not that often. AFAIK, there have never been independent tests of all three apps to determine the relative effectiveness of this specifically or any other of their mutual capabilities.
I have been using all three since before they were introduced and continue to have all three and a half dozen others installed for testing purposes. They don’t interfere with each other as long as only one is allowed to be used in the real-time/on-access mode.
Anecdotally, I’ve observed that Malwarebytes is recommended most often by the Apple Community Support Forum user (who are not Apple employees), occasionally by Apple Genius Bar and AppleCare employees (although I’m sure Apple would prefer they not make any such recommendations) and on e-mail lists such as this.
Personally, I don’t recommend any of these or other AV products as there isn’t any one-size-fits-all. Users need to utilize the free trial or free mode for awhile to decide for themselves what works best for their setup. I would be more than happy to help anybody with issues or questions about any of the three, although the developers themselves are very responsive in those areas. I monitor all their Forums and some of their trouble ticket submissions.
In addition to Randy’s good suggestions, there are these independent recent testings of a few (unfortunately not all) macOS AV software:
and
https://www.av-comparatives.org/tests/mac-security-test-review-2019/
what they mean by a whole disk scan is that they look everywhere on your drive where infections are known to be installing malware
Even then, it seems to me that a 17 second scan isn’t doing that. I also have a hard time trusting a company that scares users into buying their product by telling you that they are protecting you from threats that, for instance, don’t exist in the wild, or which have been patched in the Mac OS.
there have never been independent tests of all three apps to determine the relative effectiveness of this specifically or any other of their mutual capabilities.
When there have been such tests, done by an independent third party one can trust, and they show the efficacy of these products, I’ll be happy to admit that I am wrong, if I am. Until then, my feeling is if it seems to be too good to be true…it likely is.
Users need to utilize the free trial or free mode for awhile to decide for themselves what works best for their setup.
I’m sorry, but that’s bit non-sensical. Users have no way of knowing how good a job AV software is doing without having known good AV software to compare it to. And if you have known good AV software (such as Virus Barrier) why not just use that? And that’s assuming that all of the companies that offer AV software are trustable. I’m not sure that they are. For instance, lots of folks report that Sophos has slowed their Macintosh to a crawl, and Avast has been shown to do some very sketchy stuff:
http://www.thesafemac.com/avast-installs-adware/
http://www.thesafemac.com/avasts-man-in-the-middle/
It seems to me that users aren’t in a position to be able to judge AV software on their own.
I do want to point out that adware and malware are not at all the same thing. Malware is malicious software. Adware usually just serves up ads. It’s annoying as all get-out, but there is usually nothing malicious about it.
The Mac OS has built-in anti-malware:
XProtect/File Quarantine/Gatekeeper/Malware Removal Tool
Despite this, it’s important to point out that NEITHER the Mac OS, or the traditional anti-virus (AV) software companies look for much, in any, adware. I’m guessing that’s because of potential legal repercussions. Some products that serve up ads can conceivably contend that their product is otherwise a legitimate one. If those products were blocked by the Mac OS or an AV product, as “malware”, a potentially very nasty lawsuit could result.
So…Virus Barrier is excellent for dealing with malware. DetectX Swift is excellent at dealing with adware. The two products don’t have a lot of overlap. It’s worth having DetectX Swift because adware has become so pervasive recently. However, actual malware that one has to be concerned about in the wild for the Macintosh continues to be incredibly rare. If you are a paranoid type, or your business requires you to have AV software, download Virus Barrier. But I don’t think that most Mac users actually NEED to be using Virus Barrier.
I DO think that Mac users have to start thinking about using a Web browser that offers more innate security than Safari. It looks like Apple isn’t prepared to do things like block ads in Safari, and blocking ads and preventing drive-by downloads seems to be a better and better idea.
Perhaps it only takes 17 seconds currently for you, but with my setup it now takes 4 min, 3 sec for a scan to complete with my iMac (Retina 5K, 27-inch, 2017) with 2TB SSD internal. That’s significantly longer than it used to take. DetectX only needs 26 seconds to accomplish it’s scan and a ClamXAV QuickScan takes 1 min, 18 sec.
Not exactly sure how slowness relates to company trustworthiness, but I can certainly concur that Sophos will definitely slow anybody’s Macs and it has render my computer completely unusable a couple of times requiring a total uninstall/re-install, so I would echo your concerns about the impact of using that product. There are others that are almost that bad with regard to usability. I always recommend that users schedule or start a full disk scan by one of these classic scanners is to do so only when they don’t need to use the computer for the duration of the scan. Otherwise they will probably be frustrated by the impact. Some of the ratings include impact as a measure.
With AVAST and it’s twin APG, in addition to what you have pointed out, they have always had a much higher rate of false positive detections than any other tested. Their reputation has been built by scoring high on detection rates, which is fine if you are willing to chance it removing something critical to the operation of macOS or an application. I’ve never been willing to chance that.
You will get pushback on that. I used to think the same thing, but the community has moved to accept some of the tactics used by current adware infections to have crossed the line. Some examples are installing profiles that cannot be removed by any AV product on the market today and must be done by the user. Changing settings on browsers that no AV product can change back, forcing the user to check on a number of them. Installing Proxies that stop all Internet connectivity when the infection is removed that no AV product can change so the user has to go deep inside the Network Prefs Panel to remove them. Disabling AV software found on a Users computer. Those things strike me as being much more than simply annoying.
I’ve always used this WikiPedia definition for Malware which has been updated to include current subsets:
Malware (a portmanteau for malicious software ) is any software intentionally designed to cause damage to a computer, server, client, or computer network[1][2](by contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of types of malware exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
That is certainly no longer true. It took Apple years to pay attention to them, probably because their own ads were impacted, but I can give you several examples of adware targeted by XProtect and MRT as well as some adware Apple Developer ID’s that have been revoked due to their behavior.
And I can also give evidence of an order of magnitude more signatures being pushed out for Mac adware than any recent infections if you like. Malwarebytes has also blogged about doing so in recent times.
You argue the minutia, and not the point. The main points remain uncontradicted.
When I say that, for instance, “NEITHER the Mac OS, or the traditional anti-virus (AV) software companies look for much, in any, adware” and you point out that a couple of pieces of adware (that are, in fact, malicious) are blocked by the Mac OS, that doesn’t make my statement “no longer true.” There is a lot of adware out there and the Mac OS does nothing at all about almost all of it.
When I say that it takes more than 17 seconds to do a scan of everything on an entire hard drive, and you say that it’s now up to 2.5 minutes (compared to as much as a couple of hours for traditional AV software)…well, I think that most folks see that the original concern is still valid.
Anyway, I’ve made my points.
I never contradicted the part of that statement concerning macOS, so I’ll take the time to agreeing with you that Apple has largely ignored adware completely and even though the latest updates have all targeted adware, they don’t and probably can’t keep up in even a small measure.
As I said, I can provide detailed statistics on how much some of the AV software focuses on adware if you want me to spend time I don’t honestly have at the moment to do so, but one short quote form Thomas Reed, VP of Mac and Mobile for Malwarebytes here:
…I had never compared our Mac and Windows data, and it was not at all what I expected!
Quite shocking… but also, in a way, somewhat reassuring, as despite the volume, only about 1% of it is actual malware. The other 99% is all adware and PUPs.
In contrast, on the Windows side, malware is almost 28%.
That followed the posting of this blog:
And he talks about how malicious adware has become here:
I fully understand your point. None of those three scanning methods can be as thorough as doing a full disk scan of every single file and comparing them against every one of over a million signatures, it’s just a trade-off of time vs. results. How often can the user afford to be not using their computer and finding nothing 99%+ of the time, compared to using a few minutes to ensure that no currently known and operational adware/malware/PUP is installed on their computer. The latter is what ClamXAV QuickScan, DetectX Swift and the free version of Malwarebytes can provide. If that isn’t good enough for the user, then they should absolutely consider trying something else.
Unlike those developers, I’m not ready personally to say that every Mac users must install or subscribe to additional AV software if they are not experiencing any issues, observe safe computing practices (including multiple backups, on and off-site) and don’t routinely share files with Windows friends and relatives. If they are uncomfortable without it or see issues, then they will need to invest the time and perhaps $$ to provide additional protection or remove infections they may or may not realize they have.
Coming from ClamXav that used to take hours to go over my complete built-in SSD I have to admit I have trouble keeping complete faith in Malewarebytes’ 36 sec scan. Not that I don’t like the speedup though. In the past I’d just let it run once every so often over night. But since it was well behaved I could also just run it in the background and still get actual work done. Fans ran alright, but otherwise no problems.
I just want to thank you all for an extremely informative discussion. This is why I love TidBits - you have helped once more to inform me of matters where I have many questions and little knowledge. Thank you!!!
2 Likes