is Malwarebytes good for my mac

You can use MalwareBytes to scan your Mac if you believed you may have been infected with malware or adware, but there is no reason to keep it installed. Stay away from all other anti-virus apps, cleaning apps, and third party security software since they usually cause more problems than they solve since they interfere with the normal operation of macOS. MalwareBytes is the only exception to the rule. FYI, MalwareBytes has an "uninstall" option which can be found on one of the app's menus IIRC.

To look for possible software issues you can also run EtreCheck and post the report here using the "Additional Text" icon which looks like a piece of paper. If you give EtreCheck "Full Disk Access", then the report will include more information including a summary of recent logs which may contain clues.

See if you have the same issues while booted into Safe Mode which disables third party Startup & Login items. If Safe Mode works fine, then you likely have an issue with some third party software or a login item.

You may also want to run the Apple Diagnostics to see if any hardware issues are detected.

a brody wrote:

but complementing with Avast

No, stay away from Avast! They have already been caught at least two different times selling personal information, and these forums are full of users reporting major system issues when Avast is installed. I would stay away from all anti-virus apps except for MalwareBytes since all the other anti-virus products tend to install dozens of drivers & startup items which makes them much more likely to interfere with the normal operation of macOS. I don't even recommend any third party anti-virus solution even on Windows these days for the exact same reasons (just run Microsoft's built-in Defender these days). I actually used to use Avast on Windows many years ago long before any of this came to light.

Unfortunately I cannot locate the second reference of Avast being caught selling user data, but here are a couple of articles:

https://antivirus-review.com/blog/avast-programs-spy-on-their-users

https://arstechnica.com/tech-policy/2020/01/avast-kills-off-jumpshot-the-subsidiary-that-sold-all-your-web-data/

Users just need to follow safe computing habits such as are outlined in this very well written post by a respected contributor:

Effective defenses against malware and ot… - Apple Community

Here is an article with similar findings although it mostly pertains to Microsoft Windows although Macs are also mentioned and matches my own personal observations over the years:

https://www.nytimes.com/wirecutter/blog/best-antivirus/

The free license is good for occasional manual scans. And it may not be perfect in terms of detection, but complementing with Avast, and Etrecheck and EasyFind from Devontechnologies, you can usually track down the majority of offenders.

Keep in mind backup your data religiously, and learn to recognize phishing attempts for what they are. Phishing are emails and websites that try to gather your personal information.

command-option-escape if you hit a bad website and want to force quit the web browser.

When you reopen the web browser, hold the shift key to force it to recognize that you want to try to reload it on the home page and not the last page loaded.

Clearing your caches and history in the browser preferences will avoid accidentally reloading the website in the future. So keep a good password manager separate from the website to avoid having to worry about that.

No, they're not. Apple's own article I linked to explains they are not kernel extensions. They are lower level startup items, but not kernel layer items.

The other reason Thomas Reed noted they use this (as he explained in an email conversation), is one of the first things many types of malware do is try to disable, or outright remove software that can detect them. By making it a startup item like this, they fail since the OS will not let you delete any app that's running.

Edit: I should add I agree I don't like the way MalwareBytes is going. But it's also expected. When they hired Thomas, and essentially purchased AdwareMedic in the process, it's no shock of any kind they want to make money on it. Thomas isn't working for free, and they want to generate revenue from any product with their name on it.

But still, MalwareBytes is the only app in this category I will let even touch my Mac. All the rest (Bitdefender, Avast, Norton, you name it), are useless. There are no actual viruses to detect, and all Trojans go right past them since they can't know what it is you're installing or going to run until after you do it. Which has always been they point of AdwareMedic/MalwareBytes: Try and find, then remove whatever malware you've already installed.

It installs a kernel extension to scan for malware which servers no purpose at all.

Yes, it has a purpose. While rare, it keeps a look out for the activity of ransomware. If it detects anything other than FileVault trying to encrypt data, MalwareBytes does what it can to shut down such malware as fast as possible.

Kernel extensions necessarily reduce the security of the OS.

Which is why it's not a kernel extension. Not any more. Third party apps are not allowed kernel extensions in Catalina or later. The closest that are allowed are those that go to your user account. Such as this one for 1Password:

/Users/your_account/Library/Safari/Extensions/1Password-2.safariextz

Yes, the name of the subfolder is Extensions, but it's not hooked to the kernel. (see the section in the link, Alternatives to kexts (macOS 10.15 or later).

Since the OS already successfully keeps all known malware at bay…

From itself (the System folder), yes. From the user account, no. The user can install all kinds of malware and adware within their own account.

I would not, however, simply leave the free version of MalwareBytes installed. And that's because it doesn't update itself as the paid version does. Install, use it, then remove it from its own menu option. If at some point in the future you want to run it again, download a fresh copy that will be up to date, and have the latest definitions.

a brody wrote:

Is Sophos or ClamAV as good at detection and less apt to sell your personal information? I'll be a monkey's uncle before I pay for something like McAfee or Symantec.

Sophos -- No.

Clam-AV is an open source anti-virus solution, but I believe it is more about removing Windows viruses to prevent people from passing them on to others.

The problem with all anti-virus solutions is that they cannot detect new unknown threats even though they try to tell people that they can do so. Plus like another contributor has already mentioned, many threats attempt to disable anti-virus software. Plus many of these anti-virus vendors are beginning to sell people's personal information and even including ads into their products.

Our organization is required to use anti-virus/security products even on our Macs. Our organization has used just about every Mac compatible anti-virus solution out there over the years and they all have problems (usually multiple problems). Unless a user's school or employer requires the use of anti-virus/security products, then macOS users should avoid installing any anti-virus apps, cleaning apps, or third party security software since they are not needed on a Mac. Users should be practicing safe computing habits which will prevent the majority of infections (nothing is 100% perfect). macOS already have really good protections built-in as long as users do their part as well by practicing safe computing habits.

Effective defenses against malware and ot… - Apple Community

If you installed Adware or think you installed Adware, you can use MalwareBytes to remove it, but since it installs other AV crapware, I would avoid it. If you installed MalwareBytes, I would uninstall it.

You can use Etrecheck Pro to remove Adware for free and it doesn't install anything but the app.

The OS checks for and prevents the installation of other malware.

What other crapware would that be. It would be good to know. Thanks

It installs a kernel extension to scan for malware which servers no purpose at all. Kernel extensions necessarily reduce the security of the OS. Since the OS already successfully keeps all known malware at bay, there is no need to introduce a possible threat vector at that low level of the OS.

It started out as an app that removed the Adware people installed. That's where it earned it's good reputation. Now it just the same old crap peddled by the AV cabal.

Ah, that's something they must have added later. The last time I install MalwareBytes (quite a while ago for no reason other than to see what had changed with it), there was no such option. And for those concerned about the extension, it's disabled after xxx amount of days as a trial period anyway. After that, you're always just using it as an on demand scanner.

I hear you. But I have seen trojan horses inject into people's /pvt/ folder and are very hard to remove, unless you boot as a separate administrator and remove it. I encountered a really sad state where someone let their machine be taken over, and they did not have a password on their administrator account. Not to mention they took out money out of her account.

A good antivirus should be able to remove nefarious applications from the /pvt/ and LaunchDaemon's folder without having t o manually navigate to each folder with EasyFind and chuck it. Not to mention with weknow.ac, people's Google policy settings get rewritten and you have to edit plists.

I hear you. But I have seen trojan horses inject into people's /pvt/ folder and are very hard to remove, unless you boot as a separate administrator and remove it.

Agreed. And that's the problem with Trojans (namely, 99.99999% of the Mac malware out there). It gets installed before any AV software knows what's happening. And even then, despite running continuously, few will let the user know anything happened.

Can Avast, Norton or software other than MalwareBytes find and attempt to remove this stuff? Sure, though just like MalwareBytes, all of them are limited to what they recognize. Still, that means all of these titles do nothing different than MalwareBytes — remove after the fact — but eat up far more resources doing it.

I have Malwarebytes installed and use it occasionally to scan manually. No issues leaving it on your Mac.

What other crapware would that be. It would be good to know. Thanks

If the auto scan was turned off would that preclude the issue?