MacKeeper 2.1.2 finds malware ClamXav, VirusBarrier Express didn't

See below.

https://discussions.apple.com/docs/DOC-3036

Stedman

What supposed "threats" did it find? Cookies?

Presumably the "91 threats" are in fact all MacKeeper malware threats.

Nice of them to be up front about it, at least.

Oh! Just noticed they were all in the mailbox. So MacKeeper thinks it found 91 (likely attachments) that it thinks were threats. So what were they? All Windows malware that came in as attachments? Benign .jpg images it flagged as threats?

MacKeeper, like nearly all similar magic potions, might work just fine right up to the point it trashes your system.

Don't be surprised if the Flashback trojan was created by the same company, its partners, or associates.

If the cure isn't selling, spread the disease - an idea as old as civilisation itself.

The one you do mention is indeed a Windows Trojan. It must also be a very recent threat. You can find quite a few new pages in Google on it, asking how to remove. But neither Symantec, Panda AV or Kaspersky even recognize it in a search. So I guess you have to give credit to MacKeeper to recognizing malware the others don't even seem to have heard of yet.

Which, for at least TR/Crypt.XPACK.Gen3, would explain why ClamXAV didn't see it, either. All in all, I still wouldn't touch MacKeeper with a mile long pole. And if I did, I'd have to burn the pole.

All of these "threats" are just Windows malware, as you suspect. I don't use any antivirus myself. I haven't seen any need for it in 12 years and I'm not going to let some fearmongering change my mind now. Once people start repeating a story, other people start believing in it without checking for themselves.

The same thing seems to have occured with MacKeeper. It has a very bad reputation here in Apple Support Communities. This morning someone even claimed it is blocking a well-known anti-MacKeeper site. That sparked my curiosity so I installed MacKeeper to see for myself. Not only was MacKeeper not blocking that website, it was very easy to uninstall. The anti-MacKeeper web site that was supposedly being blocked, was actually more malicious and fearmongering than MacKeeper itself.

I still don't recommend MacKeeper or any antivirus software. The Mac isn't windows. The security architecture is different. The kinds of threats that Windows users have to worry about simply don't exist on the Mac and they can't exist. The Flashback trojan clearly demonstrated that because it could not infect any system files without asking for a password, which a few people unfortunately provided.

There is no easy answer. If you truly believe the fearmongering, then the only truly 100% safe answer is to install all three anti-virus products. After all, if one can't catch all the threats, then you must install them all. Don't forget Norton. You didn't try it. It also has a very bad reputation here in Apple Support Communities. Maybe it is worth investigating. Confused yet?

Perhaps the Mac malware will get so bad one day that Apple has to display big red warning notices like Microsoft does if you aren't running antivirus. Until that happens, I'm not going to worry about it.

Roger Lier1 wrote:

Can anyone tell me why ClamXav and VirusBarrier Express, both free and highly rated in the Mac App store, did not find the 91 threats MacKeeper found?

We hear this same load of baloney on Windows between anti-virus companies, "we found this and they didn't find that"

The fact is nobody finds everything all the time, next week ClamXav will find something and the others won't.

The fact remains, WE DON'T LIKE MACKEEPER, we don't like or trust the source, we don't like the MacKeeper lies they say about themselves to promote their products to unsuspecting users,

We do like and trust the source of ClamXav, and we will do everything in our power to astroturf MacKeeper until it's gone.

If your happy with MacKrapper, fine, but they have blown it in the minds of seasoned users who see right through their shady tactics and worthless offerings.

The best thing Zeobit (what the heck is that?) can do is wrap the whole show up, learn from their mistakes and go pander to Windows users who do need crapware to keep their machines running.

Mac's don't need MacKeeper. MacKeeper didn't stop MacDefender or Flashback.

Mac's don't even need ClamXav, because there are no viruses for Mac's, we just run that to clean Windows files. 😁

What likely happended is YOU didn't operate the program correctly, I have ClamXav scanning my whole drive no problem.

If you have a advisement to make ClamXav work better, send them a polite email.

But don't come here dragging their good name into the dirt with johnny come later MacKeeper.

Roger Lier1 wrote:

I am running Mac OS 10.7.3 on a MBP 13" with i7 processor.

Can anyone tell me why the creators of ClamXav and VirusBarrier Express would not want to do an initial scan of the folders that contain email attachments?

Two days ago I ran the free ClamXav antivirus program I downloaded through the Apple's Mac App Store and it found between 400 and 500 threats. I did not see the flashback trojan and I assumed the other threats were Windows viruses. I deleted all the threats it found. The interface for this free app was not really user friendly. I assumed that I was scanning my whole drive when I started the scan, but it did not scan all my files. I believe it scanned less than half, but can't be sure.

The developer of ClamXav has purposely configured his application to do nothing without user approval, so many of the preferences default to being off. That includes checking e-mail content (as opposed to attachments) for malware and phishing. That's partly because there is no known malware that impacts OS X in e-mail content (although there could be in the future) and also because using ClamXav to delete or quarantine an e-mail file will corrupt the mailbox index which could cause other problems.

Another important thing to note is that ClamXav is an individual user application and will not violate other users privacy by scanning files they own. The developer is sensitive to privacy issues and this has been a long standing policy, so ClamXav will only scan files the current user has read access to. I believe that may explain why at least some of those files were skipped. There are other limitations as to file size and type that are imposed by the folks that provide the clamav scanning engine (used by also by Mac OS X server, Windows and Unix platforms) that are beyond the developers control and too technical for this discussion which can also cause some files to be skipped.

Should you ever decide to try ClamXav again, I encourage you to visit the ClamXav site for documentation and the ClamXav Forum for advise and assistance from other users.

FD: I do uncompensated Tech Support for the ClamXav Forum.