best malware detector for mac

You will find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:

https://discussions.apple.com/docs/DOC-2435

The User Tip (which you are welcome to print out and retain for future reference) seeks to offer guidance on the main security threats and how to avoid them, including how to prevent, detect and/or remove the Flashback Trojan.

Curious_Mac wrote:

I'm interested in providing additional protection for my iMac by installing an application that will detect various forms of Malware aimed at the Mac OS X system.

As far as I know, the only software that checks for that, and only that, is MacOS X itself. All of the anti-virus tools spend 99.9% of their time checking for Windows malware so you don't accidentally e-mail it to a poor, hapless Windows user.

Since Mac's are beginning to raise the interest of the hacker community

Nah. Theyve been trying to hack the Mac for decades. It is just that anything with the word "Apple" in the headline gets viewers and, consequently, advertisers. Contrary to what the anti-virus or Apple-basher crowds tell you, Mac's have never been, nor have their users ever claimed them to be, invulnerable. Macs are just practically invulnerable. The more 3rd party software you install, like Java, Adobe, especially any Peer-to-peer software, will increase the vulnerability.

I keep my system up to date with the latest updates/patches and I am very careful of the web-sites that I visit. But, one can never be too careful.

Are there any suggestions from the community?

You really don't need to do anything. Almost everyone impacted by the recent Flashback incident had never updated their systems.

You can run additional anti-virus software if you want. I'm sure people will chime in with their own favorites. Which would you rather do? Scan your system 24x7 for 99.9% Windows viruses for the next ten years? Or take a less-than-1% chance of getting some weak trojan in the next ten years? Even if you do get that trojan, an Apple software update will get rid of it within a few days. If past events are any guide, this should all happen circa 2026, of course.

You don't need any. If you do, use ClamXav - not anything else. But you really don't need any.

etresoft wrote: You really don't need to do anything. Almost everyone impacted by the recent Flashback incident had never updated their systems.

1. How do you know that? 2. And it wouldn't have made any difference if you were fully updated or not if you had Java enabled. You know as well as I that Apple was 7 weeks late with the Java patch for the vulnerability that was exploited. This provided plenty of opportunity for infection. Apple only got its act together and provided a patch after this thing was running rampant and they were getting kicked in the behind because of very bad PR. Who knows how many other vulnerabilities Apple is typically being lackadaisical about patching.

If past events are any guide, this should all happen circa 2026, of course.

I wouldn't place a strong bet on past events being any guide any longer. I suppose you're going to resort to your usual "you've been suckered by the media hype." I say your complacence (and compliance to the "Apple faith") is astonishing.

A-V of some kind, given all its limitations, may prove to be one useful, if imperfect, tool.

WZZZ wrote:

1. How do you know that?

Based on published reports. I don't happen to believe them at all, but many people do.

2. And it wouldn't have made any difference if you were fully updated or not if you had Java enabled.

Sure it would have. If you didn't have Java enabled, or were a Lion user who had not installed Java, then you were always completely invulnerable.

You know as well as I that Apple was 7 weeks late with the Java patch for the vulnerability that was exploited.

Yes. Apple was 7 weeks late patching a 17 year-old exploit in someone else's code.

Apple only got its act together and provided a patch after this thing was running rampant and they were getting kicked in the behind because of very bad PR.

Yep. Bad PR was the whole point.

Who knows how many other vulnerabilities Apple is typically being lackadaisical about patching.

Apple has never been lackadaisical about security. All of the security bug reports I have filed, going back years, get immediate attention from Apple's dedicated security group. Even with the Flashback incident, Apple's performance on security has been #1 in the industry.

Did I mention how Java was a 17 year-old mess of spaghetti code? There was a reason Apple stopped including Java in the operating system.

I wouldn't place a strong bet on past events being any guide any longer.

That's true. Mountain Lion will have much stronger safeguards.

I won't bother to reply to all but the most nonsensical and unsupported of your points.

2. And it wouldn't have made any difference if you were fully updated or not if you had Java enabled.

Sure it would have. If you didn't have Java enabled, or were a Lion user who had not installed Java, then you were always completely invulnerable.

You were the one who first said, "You really don't need to do anything. Almost everyone impacted by the recent Flashback incident had never updated their systems," effectively blaming the outbreak of infections on those who hadn't fully updated and suggesting that if you had been fully updated you would not have been at risk. I pointed out that this made no sense because being fully updated had made no difference to whether one was infected or not, since Apple had neglected for almost two months to patch a known vulnerability and this was what had created the opportunity for this malware to run rampant. You then take a completely illogical detour, changing the terms of your own premise about users becoming infected from not being fully updated to those who were protected because they had Java disabled. So which is it? Being fully updated or happening to know, as some of us who were more fortunate did, that Java was a known attack vector and consequently kept Java disabled? Lion users weren't protected because they were fully updated. Many who were fully updated were infected, or they were just lucky if they didn't click on the first Applet they came across that asked them to enable Java. This is breathtakingly specious logic.

Java was removed from Lion. So was Flash. Apple was being proactive by removing, in advance, the two biggest security risks on MacOS X. Lion users who had not installed Java were always, from day one, immune.

As for the two month delay - Java is an incredibly complex, 17 year-old language written by Sun Microsystems before it was purchased by Oracle. You can't just snap your fingers and update something like that. To suggest that Apple was lacadaisical or neglectful is just showing your ignorance. Apple takes security issues very seriously and has for many years. When submitting a bug report, the top item on the list is "Security", above everything else.

Here's some inflamatory media hype. Obviously lying through their teeth only to increase A-V revenue.

http://malware.cbronline.com/news/apple-10-years-behind-microsoft-on-security-ka spersky-250412

http://www.cbronline.com/news/kaspersky-blames-apple-for-massive-flashfake-malwa re-breakout-11-04-12

Oh, and yes, anything less than two months to patch what was patched for Windows would have been a finger snap. And pure coincidence that it was finally patched after 600,000 + users were infected.

WZZZ wrote:

Here's some inflamatory media hype. Obviously lying through their teeth only to increase A-V revenue.

http://malware.cbronline.com/news/apple-10-years-behind-microsoft-on-security-ka spersky-250412

http://www.cbronline.com/news/kaspersky-blames-apple-for-massive-flashfake-malwa re-breakout-11-04-12

Sadly, yes. You really think MacOS X is the same as Windows circa 2002? Anyone old enough to remember Windows 2000 knows how ridiculous that statement is. Kaspersy in particular had been shown to be incompetent. Their "10 years behind Microsoft statement" has earned it only ridicule even from the Apple-bashers. Kaspersky's Flashback removal tool damaged people's computers to a far greater degree than the malware. You earn zero points for the Kaspersky link.

Oh, and yes, anything less than two months to patch what was patched for Windows would have been a finger snap. And pure coincidence that it was finally patched after 600,000 + users were infected.

Please understand. Sun refused to write Java for the Mac. They would only do it for Solaris, Linux, and then Windows. It was always Apple's responsibility to write Java for the Mac. Only when Apple gave up on Java completely did Oracle take over because MacOS X is now more important than Java is. There is no way that Apple, with only a handful of Java support engineers, can possibly update Java as fast as Oracle who employs the thousands of Java programmers who wrote Java in the first place. Apple's version of Java has always lagged behind because Apple always has to re-do the changes themselves. Software development takes time. It can't be done overnight. What you are branding malfeasance was actually Apple engineers working hard to release an updated Java faster than they had ever done before.

Kaspersky's Flashback removal tool damaged people's computers to a far greater degree than the malware. You earn zero points for the Kaspersky link.

I had anticipated you'd say that, since you appear willing to resort to any kind of logical fallacy known to man, but I was too late to add the edit and too tired to create a new post: I had written something like "and please don't tell me Kaspersky's tool made a mess of things. I know that. That's like telling the judge who issues a guilty verdict his verdict must be wrong and he's incompetent because he once got a parking ticket." This is pure noise. Either Kaspersky is right or wrong, but it doesn't hang on their badly written Flashback removal tool.

The rest of what you say is typical Apple-can-do-no-wrong true believer nonsense. (I should point out, I'm neither knee-jerk against nor for Apple.)

As far as Gatekeeper in Mountain Lion goes, we'll see how it goes, but it may not be much more than a veiled attempt by Apple, using the pretext of enhanced security, just like the App Store (we know how successful that's been in allowing in only fully vetted applications, to wit, MacKeeper, AKA MacKeeper911), to restrict software development and further assert its control, without much tangible benefit for security. Apple approved developers will get first crack at the market, so naturally many of them are happy with this development.

Further, speaking of A-V giving users a false sense of security and intimidating less sophisticated users into not allowing completely decent apps, anyone with a $99 developer account can get to sign their app with their developer ID from their code signing certificate. But so what? Will the code in that app be fully vetted by Apple? If Apple already doesn't, as you say, have the resources to quickly write new code for Java (which I doubt), how will they possibly properly vet all those apps?

Interesting take on this in Ars.

Still, developers are nervous that Gatekeeper might simply be another stepping stone toward Mac App Store-only distribution down the line. "Even that middle ground, of App Store plus Apple-certificate signed apps, is providing Apple with more control than they have now," Kafasis said. "That's something worth considering."

http://arstechnica.com/apple/news/2012/02/developers-gatekeeper-a-concern-but-st ill-gives-power-users-control.ars

WZZZ wrote:

As far as Gatekeeper in Mountain Lion goes, we'll see how it goes, but it may not be much more than a veiled attempt by Apple, using the pretext of enhanced security, just like the App Store (we know how successful that's been in allowing in only fully vetted applications, to wit, MacKeeper, AKA MacKeeper911)

Yes. This Flashback incident exposed a number of people who really didn't know what they were talking about. They had good reputations so I had no reason not to trust them. Once they exposed themselves as simply blog readers without the tecnical expertise to understand what is going on, I took another look MacKeeper. What I discovered, after trying it myself instead of relying on unsubstantiated reports, was that everything I had heard about MacKeeper being awful was completely false. Sure, it is typical over-the-top anti-virus scareware. But it uninstalls easily (and cleverly). Pretty much everything that had been written about it was false. I discovered this after looking at it myself instead of relying on blogs. You should try that sometime.

Still, developers are nervous that Gatekeeper might simply be another stepping stone toward Mac App Store-only distribution down the line. "Even that middle ground, of App Store plus Apple-certificate signed apps, is providing Apple with more control than they have now," Kafasis said. "That's something worth considering."

http://arstechnica.com/apple/news/2012/02/developers-gatekeeper-a-concern-but-st ill-gives-power-users-control.ars

So, are you a developer or a blog reader? Let me take a guess.

MacKeeper got its reputation not from blogs, but from scores of user reports. But, anyway, I'm finished here. If it wasn't already, it is now completely clear this is going nowhere; I'm sure we can talk about other things, but further discussion on this topic with you is pointless.