How to check Mac for malware/virus, etc

theMacincheese wrote:

So, if there was some malicious program or something that shouldn't be, malwarebytes would just remove it?

You seem to believe that junk apps somehow materialize on your Mac.

Apps don’t materialize.

You—the user—acquires and downloads and installs the app.

Again: You install the app. Potentially, you get hacked.

So here, you are asking for a tool which either asks you “do you really want to install this?” (and Gatekeeper already asks that), or that somehow discerns whether an intentionally-installed app is sketchy or not—and various of free apps will incorporate telemetry and tracking, and some well-known add-on anti-malware packages have uploaded user browser history and purchase history—details around actions and intents which is effectively impossible for an app to differentiate.

How can an add-on app differentiate the intent of other add-on apps?

This also gets into a false-negative-false-positive mess.

And as was mentioned, it’s common to see folks with two or three add-on anti-malware packages, installed, sometimes warring, and all of those still missing add-on malware. And some lack any backups. And they’ve re-used their passwords, or exposed their credentials.

And various of the add-on dreck that does get installed does change its names and characteristics with each campaign, and quite possibly with each install, making it that much harder to identify.

There’s no magical answer here.

There’s set-up work. On-going maintenance. And skepticism.

What does that mean? Backups. Two-factor authentication. Don’t install junk. Don’t install stuff you didn’t go looking for. Don’t install cracked apps or torrented apps. Use unique passwords. Did I mention having backups? Stick to the Mac App Store, where you can. Otherwise, the vendor’s own site. Avoid app aggregators, other than Apple.

Few of these security considerations and factors are even in the purview of add-on anti-malware add-on apps.

Again:

Effective defenses against malware and other threats - Apple Community

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

Yes, it’s work. Not magic. But you’re going to want to (have to) do this work, even if you install add-on anti-malware.

Currently, there are no known viruses in the wild that affect Macs. While it's not impossible to get other sorts of malware (e.g. adware) on your Mac, it's not likely if you pay just a bit of attention.

Start by reading this article:

Effective defenses against malware and ot… - Apple Community

theMacincheese wrote:

Thanks for the information. So is there any way using the Disc Utility App to check if I have a virus?

Anti-malware is a dumpster fire of scams and false positives and false negatives and data corruptions and hangs and variously even the collection and sale of your entire web browsing and web purchase history, so... using an utterly unrelated and benign tool like Disk Utility is likely to have fewer repercussions than most.

Disk Utility was being referenced in the context of viewing the write-protect mechanisms present in macOS Catalina. These mechanisms make it far more difficult for malware to write to the critical parts of the operating system installation.

Disk Utility does not scan for malware. Disk Utility is not appropriate here. Gatekeeper and XProtect are the Apple tools. Those run automatically.

As was previously suggested, please skim:

Effective defenses against malware and other threats - Apple Community

Lately, I’d expect more folks get hacked than their computers get hacked. Hacking people is much easier than hacking computers.

What indications of compromise or malware do you have? What’s not working? What’s being reported?

Do you have current backups of your data? Backups are a key part of your security. And recovering from various problems and corruptions and security breaches can involve restoring from backups/

theMacincheese wrote:

Well, I have been normally using the web as a normal person. I then suddenly started thinking maybe clicking on links are giving me malware or something? I'm just trying to be on the safe side.

If you’re current on macOS, actual malware issues are unlikely.

You’re nearly certain to encounter folks try to hack you, and not your Mac:

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

The scammers will try to get you to install protective tools, security tools, scanners, coupon tools, that sort of thing. Which... is the malware. They’ll use fear, lies, greed, anger, curiosity; pretty much any lever they can apply to convince you to load the dreck.

Don’t install something you didn’t go looking for, be very skeptical about ads and pop-ups (websites cannot scan your Mac for malware), enable two-factor authentication (losing control of your Apple ID is a huge issue), keep macOS and apps patched to current, keep at least one set of backups and preferably more, and, again, please read through:

Effective defenses against malware and other threads - Apple Community

Anti-malware is not a panacea. In many cases, what’s called “anti-malware” can itself be malware, or it might upload your web activities for resale, or other surprises. There’s no simple answer here, no simple solution, and the folks selling you the simple answers... can themselves be suspect.

theMacincheese wrote:

What do you mean by "Apple Anti-Malware"?

That would be the anti-malware and related security provided by Apple, integrated with macOS, and enabled by default.

Related reading:

macOS - Security - Apple

Safely open apps on your Mac - Apple Support

Apple Platform Security - Apple Support

And as another detail to ponder, add-on anti-malware has variously added vulnerabilities, as there have been exploits specifically targeting the add-on anti-malware apps.

Some of the add-on anti-malware has been spectacularly poorly written.

That which is well-written itself still operates with full system access.

As an example of an exploit aimed at add-on anti-malware, here is a case from a few weeks ago:

https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/

Links to more there, too.

Again, there is no magic answer.

A minor note to Ronasara's response. A virus is malware. Malware is a generic term and is short for malicious software. It refers to anything you don't want on your computer. All of these are malware.

Virus

Trojan

Worm

Virtually everything that afflicts a Mac is a Trojan, which is any malware the user must download, install and run. It cannot get there by itself. Adware is also a Trojan because it gets on your Mac the same way. YOU put it there.

"Apple Anti-Malware" is the protection already built into the OS. It's meant to be invisible to the user. It can, and will automatically prevent the installation or use of quite a few types of known malware. But like any other such protection scheme, the user can easily defeat it by installing malware the system isn't aware of.

This all comes back to MrHoffman's notes. I don't bother with any type of protection. They're all pointless. If a person isn't going to take the effort to be careful where they acquire their software from, then nothing you try to use to prevent an infection is going to help. It just won't. An OS can't be so locked down that it tells you what you can and can't do, and not the other way around. A computer is supposed to be a tool you control and configure to your liking. That makes it literally impossible for any protection scheme to be 100% effective.

So as MrHoffman said, your best defense is three-fold:

1. Have known, good backups. At least two on separate drives. If you do manage to get something really bad on your Mac, like ransomware, you can restart the Mac, turn on the external drive with cloned backup and do an Option key startup to that drive. Since the malware is inert sitting on the non-startup drive, you simply replace the contents of that drive with a clean backup.
2. Be vigilant. Which is really as simple as reading. Keep on eye on the news, here, and other Mac-centric places where you can read about new possible threats.
3. Probably the most important. Never, never, ever use P2P, torrent or other means of obtaining illegally posted, pirated or cracked commercial software. This is where criminals pack the worst sort of malware in the installers of illegal copies of pricey software, such as Photoshop, Mathematica, Avid and many others. Downloading from these types of sources is like holding on to a stick of dynamite and seeing how short you can let the fuse get before you throw it. Eventually, you will lose.

Not their own program but it's how the new systems are built as Ronasara so aptly described.

Malwarebytes will identify and quarantine for removal any PUP (potentially unwanted programs) it identifies as malware or adware. You can set its preferences to remove them after 30 days or do it immediately yourself manually.

I fully agree with what you have been told here. You are unclear as to whether a Mac can be infected by a virus. Maybe I can help. When Apple released Catalina, we can now see (using the Disk Utility app) three icons if we click on the Container disk icon. One is titled Macintosh HD and the second one is titled Macintosh HD - Data. What does this mean? the first one, Macintosh HD, is where our Apple installed apps and files is contained. This is a read only disk. That means that no outside files can be written on it. Therefore, no viruses. It is protected from infection. The second Macintosh HD - Data is where our installed apps are located. This allows us to remove and install apps. This is an incredible way to ensure that the Mac OS is the most secure one in the industry. I hope this puts your mind at ease.

theMacincheese wrote:

Alright, so what do you think about Malwarebytes?

I use the Apple anti-malware, and not add-on.

Modern attacks are all about hacking you.

About convincing you to hack your own computer.

Not about hacking your computer.

To get you to expose your own credentials.

Password re-use.

Indirect schemes involving social engineering and phishing.

Anti-malware won’t help with any of that.

As long as the people who write the MalwareBytes app are aware of the malware in question, and have updated the app to recognize it, yes. Any such app is only as good as how often it's updated to recognize new malware/adware.

Most users recommend MalwareBytes because it's not typical AV software. Avast, Norton, you name any of the rest you can think of, and they are all useless. There are no Mac viruses. None. So there's nothing to detect. Any Trojan you download and install, whether you realize you're doing it or not, will go right past any and all AV software.

Some might warn you after the fact you've installed something you shouldn't have, but not very often. Yeah, that's really helpful. Tell me after the malware has already been installed. We've seen many posts here where the user had as many as five AV software packages running at the same time, and their Mac was still full of junk. That's how useless typical AV software is.

As Kurt noted here, Malwarebytes only removes malware, not viruses. It is totally safe as it only functions when we run it. It does not run in the background like the anti-virus apps do, and they therefore slow things down because they are constantly checking things. (And they also cause other problems, as well.) It is very simple and effective. However, malware isn't a serious problem for Macs, so it's something I seldom have to run.

Apple has its own built-in program which us able to do any other cleaning, so there is nothing we have to do or to worry about.

Kurt Lang wrote:

A minor note to Ronasara's response. A virus is malware. Malware is a generic term and is short for malicious software. It refers to anything you don't want on your computer. All of these are malware.

Virus

Trojan

Worm

And ...

adware

search engine redirectors

VPN clients*

etc.

*with the exception of VPNs intended to connect directly into an internal network of an organization that you are affiliated with. Add-on VPN clients intended to protect you against the first network hop are also ideally positioned to centralize and monitor and collect network activity, too. With vendors that are obscure or opaque or advertising-affilianted. And some with widely-known keys, which means breaking the VPN feasible.

Yup, mentioned adware above as being a Trojan since it's still the user who installs it. Usually, unwittingly along with something else.

Forgot about VPN clients. I wonder how those are categorized? They're not a Trojan in the normal sense. You know precisely what you're downloading/installing, and it really does (uselessly) encrypt the data only between you and the VPN's server. It's more in the creepy category of collecting all kinds of personal data about you without your knowledge. Just like all of Google's software, such as Chrome and Google Earth.

In addition to IdrisSeabright's correct answer, you could download and run the free Malwarebytes for Mac in case you got malware on your Mac