best malware detector for mac

WZZZ wrote:

Oh boy, now we're entering conspiracy theory territory. Often in favour of competing anti-virus products??? And the evidence for that is where? I haven't seen that one; that's a first.

I have had that discussion elsewhere and I'm not going to revisit it here.

In general, I would say that you are reading a lot into what isn't there. The anti-virus industry has saturated their Windows market. There is no growth there. The only potential market left is the Mac and we are under a really hard sell. When someone is pushing you to buy this much, the best thing to do is walk away and contemplate. Perhaps you don't need it after all.

Sophos Home and ClamX are free, so that dispenses with the hard sell argument, at least for those. They are really the only two I would consider anyway. There have been some reported KPs with the latest version of Sophos, but I'm seeing that Sophos is aware of that and will be issuing a fix, if they haven't already done so.

Sure, you're running a business and want to maximize your audience and market share and, sure, what you are doing in publicizing threats may be self-serving. No doubt about it. But it doesn't necessarily logically follow that your product is worthless and the threats and issues you are discussing in Mac security aren't real or valid. These programs and the issues they publicize should be evaluated on the merits with an open mind, succumbing neither to hysteria, hype nor knee-jerk denial. Again, this is all I have been trying to get across.

I can only take it that you're referring to my uninstall MacKeeper guide, but I don't understand why you're making such a big fuss about the logs, BOMs, receipts files etc as if that makes all criticism of MK invalid. The guide's purpose is to simply restore the system to a clean state "as-was" before MK was installed. There's no emphasis on any file over any other; just removal of everything associated with MK.

MacKeeper is far more than an AV programme, and your "little knowledge" (your own admission) regarding it is precisely why you can't see the bigger picture. I know you're very knowledeable in some areas, but in this one you really just don't know enough about what you speak.

Many problems with MK stem from its persuasion of the user to remove what MK calls "unncessary files", which invariably has the effect of trashing the users system, as many of these are in fact quite necessary. There are a variety of other problems, but I'm not going to recap my last 9 months of dealing with them for hundreds of users on my blog here.

Just do the decent thing, etresoft, and stop arguing about something which you don't really know anything about. Leave it to those that have spent some time with the program concerned, have helped large numbers of people solve problems with it, and know far more about it than yourself.

WZZZ wrote:

Sophos Home and ClamX are free

Both free programs are essentially marketing campaigns for their corporate sponsors.

Sure, you're running a business and want to maximize your audience and market share and, sure, what you are doing in publicizing threats may be self-serving. No doubt about it. But it doesn't necessarily logically follow that your product is worthless and the threats and issues you are discussing in Mac security aren't real or valid. These programs and the issues they publicize should be evaluated on the merits with an open mind, succumbing neither to hysteria, hype nor knee-jerk denial. Again, this is all I have been trying to get across.

That is a an excellent point, but there is very little of that going around. Lately, there has been so much hysteria that an open-minded, reasoned denial gets treated as "knee-jerk".

That is the point I have been trying to get across. These are all businesses trying to make a buck. There isn't anything wrong with that. What is wrong is when those anti-virus companies and their blogging fans use hyperbole, misinformation, and outright lies to further their cause. Maybe this is a knee-jerk reaction on my part - but I call that wrong.

I happen to feel that anti-virus software is unnecessary on MacOS X, even with the recent Flashback incident. One half-way successful malware in 12 years does not mean that MacOS X and Windows are now on equal footing in terms of security.

As far as MacKeeper is concerned, I have not seen any of the recent wave of anti-virus Apple-bashing coming from Zeobit. While I'm certainly no fan of anti-virus software on a Mac, that fact alone gives me reason to have a more favorable opinion of MacKeeper than any of their competition. Supposedly MacKeeper has many unhappy customers, but then so does Apple. I can't promote MacKeeper because I don't use it. But I'm not going to sit back and let people unfairly bash it when there are other people doing far more damage to the Apple community.

etresoft wrote:

But I'm not going to sit back and let people unfairly bash it when there are other people doing far more damage to the Apple community.

And who's doing that? The only people who criticize MK are those that have either

i. had problems with it; or

ii. helped others who've had problems with it.

Stop pretending there's some kind of anti-MacKeeper conspiracy. Or are you part of the Mackeeper Street team?

etresoft wrote:

Both free programs are essentially marketing campaigns for their corporate sponsors.

...

Lately, there has been so much hysteria that an open-minded, reasoned denial gets treated as "knee-jerk".

An open source antivirus solution is a marketing campaign for what corporate sponsor exactly?

And if said denial is not, in fact, reasonable nor open-minded, it should be treated as a knee-jerk, since the author has not actually bothered to investigate the facts of the case (in other words they're making a knee-jerk response). Claiming that the sky is blue when it is, in fact, overcast is neither reasoned or open-minded.

BTW, Macs have been around since 1984 and there's been more than 1 successful virus in the entirety of their existence. Flashback isn't even the first virus to afflict OS X, it's just the first botnet client.

Monk E. Boy wrote:

An open source antivirus solution is a marketing campaign for what corporate sponsor exactly?

In case of ClamAV, SourceFire bought all trademark and copyright to the project. Many open source projects have corporate sponsors or owners. Open source is big business these days and right in the middle of a number of major corporate rivalries.

BTW, Macs have been around since 1984 and there's been more than 1 successful virus in the entirety of their existence. Flashback isn't even the first virus to afflict OS X, it's just the first botnet client.

The Mac of 1984 bears little resemblance to the Mac of 2012. I prefer to use the term "malware" since its broader meaning more accurately encompasses what people really mean. It avoids the trojan vs. virus arguments that inevitably spring up. There have been many instances of malware for the Mac and MacOS X. All of them, including Flashback, were failures at being malware. Flashback's only real success was in media coverage, and it was very successful there.

The point is that the media is claiming that Macs and Windows are now equal - malware wise. That is completely false. Anti-virus companies, and their blogging shills, are claiming that Mac users need anti-virus software. That is completely false. Macs were never 100% immune from malware and no one ever claimed that. Macs are still every bit as secure as they ever were. If you are one of the 99% of Mac users that has gone 12 years without any kind of malware, your chances are very good of another malware-free decade - no antivirus software required.

Monk E. Boy wrote:

BTW, Macs have been around since 1984 and there's been more than 1 successful virus in the entirety of their existence. Flashback isn't even the first virus to afflict OS X, it's just the first botnet client.

Please name this "virus," which probably isn't a virus. And FYI, Flashback is a trojan.

Reply to this enduring lunacy deleted out of consideration for my own sanity.

I don't know why I think I want to join this "discussion" but...

etresoft wrote:

WZZZ wrote:

Sophos Home and ClamX are free

Both free programs are essentially marketing campaigns for their corporate sponsors.

One should not confuse clamav the scan engine with ClamXav, one of several that use it in their Mac applications. From all that I know, ClamXav is pure donationware and has no corporate sponsor.

Klaus - you're just about the best guy around here. I know that you've answered many of my questions and even those I just peek into - like this one.

Thank you for your time and effort and knowledge... and willingness to share.

Clinton

Thank you for the kind words Clinton! 🙂

etresoft wrote:

In case of ClamAV, SourceFire bought all trademark and copyright to the project. Many open source projects have corporate sponsors or owners. Open source is big business these days and right in the middle of a number of major corporate rivalries.

ClamXav isn't produced by clamav. clamav is the open source project. ClamXav is the Mac port of the project, undertaken and kept updated by a sole dedicated Mac developer. Maybe if you read more blogs you'd know this.

Trojans masquerade as a particular program and require you to execute them as that program in order to launch their payload. That description only applies to the original Flashback variant, which claimed to be Adobe Flash. Newer versions were Java applets that could be launched from websites (including the ever popular banner ads placed on ad networks, from which they're shotgun-blast distributed across huge swathes of the internet). Visiting a website and getting infected simply by viewing that site precludes the later variants from being called trojans. But having a command & control system is what makes it a botnet.

If you have no antivirus software installed, how exactly do you know you're malware-free? All the users I've personally helped remove flashback from their systems had absolutely no idea they were infected. The only reason I knew they were infected is because of firewall logs (not logs on their system, logs outside their control) that showed their systems accessed the wildcard domain names that flashback uses for C&C. I would not be surprised if, right now, your system is infected while you sit on this forum pontificating about how 99% of users have never been infected. Fate is funny like that; Dale Earnhardt openly mocked drivers who were asking for better safety equipment, only to later die due to lack of safety equipment.

End of the day the reason Macs were rarely infected before isn't because of their security model - it's because virus authors rarely targetted it. Now they are. They're not going to slink back into their little hole and go away - this was a proof of concept. It showed that not only could they infect systems, they could do so very profitably for a very long time, due to the very complacency you've exhibited in this thread. Do you want to know what the difference between Classic MacOS & OS X is? For a long time MacOS had a large enough percentage of the installed base of personal computers to make itself a tempting target for virus authors... now that OS X systems have grown in market share, it again has become a tempting target.

I've personally knocked dozens of Flashback zombies out of comission. More than 10% of the installed base I'm personally responsible for maintaining, with over a dozen more showing up at our second location. Who likely have more infections but, since they take the same lackidaisical approach to security as you do, the only time they've caught infections is when I remote in and point them out. It's very easy to claim that systems aren't infected if you don't bother looking.

BTW, may I suggest you change your forum name to Baghdad Bob?

etresoft wrote: There have been many instances of malware for the Mac and MacOS X. All of them, including Flashback, were failures at being malware. Flashback's only real success was in media coverage, and it was very successful there.

Maybe a bold or a foolish move, but I will risk my sanity by re-entering this farce. Even if it is transparently absurd to anyone who followed the Flashback episode, for anyone who hadn't and comes across this thread this cannot be left unanswered. It looks like the word "failure" is getting a complete New-Speak, up is down, down is up, make-over.

After close to 700,00 Macs infected, probably more, and enlisted in a botnet, this world class record setting statement for denial loses you all credibility. You had already come within a hair's breadth, but after this, the coup-de-grace, nothing you can say further on this topic can be taken seriously.

...this world class record setting statement for denial

Just to clarify, this is not meant to invite comparison with any of the well known distortions or denials of the facts of the historical record. Nothing was implied.