The best spyware/malware detection and removal solution in 2014?

There is no software that can remove all spyware. If you suspect that someone has had physical access to your machine, they may have installed any number of legit things that would help them spy on you, and wouldn't be detected by any security software. They could even have used built-in functionality provided by your system to do that.

If you suspect your machine has been hacked by someone with physical access, there is only one possible response: nuke and pave. (Or, in other words, erase the hard drive and install a fresh system.) See:

How to reinstall Mac OS X from scratch

To secure your computer from such attacks in the future, you should turn on FileVault, use a firmware password and make sure your user account password is extremely secure. Even this would not protect you against modification of your hardware, although that's not something that is going to happen realistically speaking.

Regarding protection against malware, that's not too difficult. See my Mac Malware Guide.

Finally, note that the symptoms you have described would seem to me to be more indicative of a hardware issue than with malware. Nothing you have described is at all suspicious as a symptom of malware.

Considering the worst case scenario, if someone broke into your home and had access to your computer, not only might they have installed undectable spyware, but they may have easily made a clone of your entire hard drive (somewhat time consuming), or just quickly moved what they wanted onto a flash drive and walked out of your house with it, in order to rummage through your files and sensitive data at their leisure. Once you allow for the possibility of physical intrusion almost anything is possible, including bugging your home. Do you really want to go that far? For the "blips", as I and others have already mentioned, I would suggest first looking into a hardware fault, rather than the symptom of some kind of spyware.

Once you do what Thomas suggested, if not before, make sure everything in Sharing is turned off and if you are using a wireless router, be certain that WPA2/AES encryption is enabled, along with a good, long, all over the keyboard password. Mine is 40+ characters. If you have already set such a password, change it now to a new one. In addition to that, turn off all port forwarding in the router and be certain the router's firewall is completely turned on. If you are behind a router, then the Mac's firewall becomes superfluous.

If you are using a router provided by your ISP, then they may have deliberately left a backdoor open by which to perform routine administrative tasks, such as automatic firmware updating. But that still leaves open the possibility of unauthorized intrusion. If that is the case, get rid of that router and get your own third party router.

You can check here for the most common open ports, but even if you get a clean bill of health, this does not rule out the possibility of a not commonly used port being open. Completely safe to use this.

https://www.grc.com/x/ne.dll?bh0bkyd2

First please understand that slathering your Mac with layer upon layer of so - called "anti-virus" utilities is not going to protect it from the intrusions you fear, and will only result in degraded performance, system instability, data loss, or manifestations of the odd behaviour you describe. For example, I noticed the exact same display anomalies and system instability you described after installing Intego, another completely worthless product.

Next, please understand "spyware" is a very broad term encompassing everything from innocuous tracking cookies necessary for website navigation to targeted advertisements to keyloggers. None of those examples are considered malicious software. All of them can certainly be used for malicious purposes, but since they are not malicious in themselves, your search for a third party product to search for and eradicate them will be fruitless.

The term "spyware" is generally applied to the above when they are installed without your consent, but when confronted with a dialog box requesting your consent to install something, or a checkbox indicating acceptance of terms and conditions prior to installing it, approximately 100% of Mac users will gleefully agree and install whatever it is without lifting a finger to read or comprehend the consequences of their actions.

You asked about keyloggers. While I know of no "anti-virus" utilities that seek to hide their presence on a Mac, keyloggers are another story. There are ways of checking for the presence of specific keyloggers, but there is no method short of an exhaustive, hands-on inspection of your Mac to be absolutely assured that one does not exist on it.

When someone asks about the possibility of a keylogger having been installed on their Mac, their reasons for concern become critical information. For example, it is not uncommon for keyloggers to be installed by a future former spouse for purposes of entrapment in divorce proceedings.

Physical access to one's Mac makes literally anything possible, including hardware modifications that cannot possibly be determined by anyone using this site. The only way of providing absolute assurance that a software keylogger does not exist is to completely erase your Mac and configure it from the ground up.

Bear in mind that physical access to your Mac implies physical access to your surroundings, in which case implanted wireless bugs or cameras can be installed far more easily than modifying your Mac.

judahman wrote:

And this brings me back to my core question: What is the BEST mac security app available (free or affrdable, that is, for Barracuda is well beyond my fiscal reach).

Using a computer or mobile device always involves an element of risk. Threats to your personal information security are the consequences of using those devices to accomplish your daily work. There is no way to eliminate those threats, but there are ways to mitigate them and reduce the risk to an acceptable level.

Delegating risk management to one single all-purpose Mac "security app" to accomplish that goal will be ineffective, and is frankly irresponsible from the perspective of information security. OS X was designed from the ground up to be a secure operating system specifically intended to protect one user's activity from another. Its security features have improved with every succeeding version, and it protects itself very well on its own. How you use your Mac, and how much personal information you agree to share with others, is up to you.

OS X already includes everything it needs to protect itself from viruses and malware. Keep it updated with software updates from Apple.

A much better question is "how should I protect my Mac":

• Never install any product that claims to "speed up", "clean up", "optimize", or "accelerate" your Mac. Without exception, they will do the opposite.
• Never install pirated or "cracked" software, software obtained from dubious websites, or other questionable sources. Illegally obtained software is almost certain to contain malware.
• Don’t supply your password in response to a popup window requesting it, unless you know what it is and the reason your credentials are required.
• Don’t open email attachments from email addresses that you do not recognize, or click links contained in an email:
  • Most of these are scams that direct you to fraudulent sites that attempt to convince you to disclose personal information.
  • Such "phishing" attempts are the 21st century equivalent of a social exploit that has existed since the dawn of civilization. Don’t fall for it.
  • Apple will never ask you to reveal personal information in an email. If you receive an unexpected email from Apple saying your account will be closed unless you take immediate action, just ignore it. If your iTunes or App Store account becomes disabled for valid reasons, you will know when you try to buy something or log in to this support site, and are unable to.
• Don’t install browser extensions unless you understand their purpose. Go to the Safari menu > Preferences > Extensions. If you see any extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone.
• Don’t install Java unless you are certain that you need it:
  • Java, a non-Apple product, is a potential vector for malware. If you are required to use Java, be mindful of that possibility.
  • Disable Java in Safari > Preferences > Security.
  • Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.
• Block browser popups: Safari menu > Preferences > Security > and check "Block popup windows":
  • Popup windows are useful and required for some websites, but popups have devolved to become a common means to deliver targeted advertising that you probably do not want.
  • Popups themselves cannot infect your Mac, but many contain resource-hungry code that will slow down Internet browsing.
  • If you ever see a popup indicating it detected registry errors, that your Mac is infected with some ick, or that you won some prize, it is 100% fraudulent. Ignore it.
• Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them:
  • The most serious threat to your data security is phishing. To date, most of these attempts have been pathetic and are easily recognized, but that is likely to change in the future as criminals become more clever.
  • OS X viruses do not exist, but intentionally malicious or poorly written code, created by either nefarious or inept individuals, is nothing new.
  • Never install something without first knowing what it is, what it does, how it works, and how to get rid of it when you don’t want it any more.
  • If you elect to use "anti-virus" software, familiarize yourself with its limitations and potential to cause adverse effects, and apply the principle immediately preceding this one.
  • Most such utilities will only slow down and destabilize your Mac while they look for viruses that do not exist, conveying no benefit whatsoever - other than to make you "feel good" about security, when you should actually be exercising sound judgment, derived from accurate knowledge, based on verifiable facts.
• Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.

Summary: Use common sense and caution when you use your Mac, just like you would in any social context. There is no product, utility, or magic talisman that can protect you from all the evils of mankind.

Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.

As a blanket statement, this is not true and I responded to this once already in your boilerplate (not using that term as a pejorative; most of what you have written is excellent advice.) There are exploits by way of JavaScript: malicious scripts and cross site scripting, to name several.

Of course, many sites won't function properly without JS being enabled, so what you say about needing to leave it enabled is true, but there are ways to reduce the chances of those kinds of exploits happening by using some way of selecting which scripts to alllow on a given page. The best program I know for this is NoScript, but available only as an Add-on for Firefox. It also defends against Cross-Site Scripting.

Cross-Site Scripting (XSS) vulnerabilities are usually programming errors made by web developers, which allow an attacker to inject his own malicious code from a certain site into a different site. They can be used, for instance, to steal your authentication credentials and, more in general, to impersonate you on the victim site (e.g. your online banking or your web mail).

This kind of vulnerability, often overlooked, is very widespread and becoming highly popular among hackers: someone even bothered to write a JavaScript-based bot, called Jikto, turning your browser into a zombie which relentlessly sends automated XSS attacks all around. Of course this tool has been built "for research purpose", but its code unfortunately appears to be leaked in the wild, so anybody can take advantage of it, now...

NoScript XSS notification and its menu NoScript features unique Anti-XSS counter-measures against XSS Type 0 (DOM based) and XSS Type 1 (Reflective, absolutely the most common) attacks targeted to whitelisted sites.

Whenever a certain site tries to inject JavaScript code inside a different trusted (whitelisted and JavaScript enabled) site, NoScript filters the malicious request neutralizing its dangerous load.

http://noscript.net/features#xss

And, as far as I know, much of advertising is served up by way of JS. The very recent Yahoo malvertising exploit comes to mind. We don't yet know if this affects Macs, but that's why, in general, an adblocker is so vital to preventing this kind of exploit, with or without Java disabled.

Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.

There are exploits by way of JavaScript: malicious scripts and cross site scripting, to name several.

This is a bit of a semantic argument. It's true that malware cannot infect your Mac through JavaScript as it did through Java (ie, installing as a drive-by download). That is not to say that JavaScript is completely safe, but the threats are different... it's more a question of phishing, attempts to trick you into downloading and installing malware, and other scams that are perpetrated with the use of JavaScript.

Cross-Site Scripting (or malicious scripts) don't sound to me like they rely on trickery, or social engineering.

I'm not saying it's all trickery, just that there's no danger of drive-by downloads from JavaScript, as there has been numerous times with Java. You're both right, from different perspectives.

Wasn't intending to start a meaningless argument. Just wanted to bring some attention to the often overlooked possible pitfalls of JavaScript. That's why Firefox with NoScript is so important for me. There are NoScript wannabes for other browsers, but nothing comes close to the comprehensive protection it offers.

Of course, for exploits, JavaScript is nowhere in the same league as those going by way of Java.

If I were you, based on nothing more than some paranoia, perhaps justifiable or not, and some random "blips," I would also be extremely reluctant to do a complete wipe and selective reinstall.

I must concur with WZZZ that I would also be extremely reluct to wipe on the evidance presented here.

IMHO having Avast, BitDefender (yuck) and ClamXav all on the same Mac at the same time could very likely cause way more then blips. Personally I don like to see one never mind three of them. They would be my first candidate to get axed.

Allan

judahman wrote:

For what it's worth, I recently had an Apple certified service tech Mac inspect my MacBook by for any potential hardware problems before AppleCare expired, and no issues were found. So I do not believe these "blips" are hardware related, as was suggested. I may be mistaken, though.

If you have not yet run Apple Diagnostics, that would be worth running a long test overnight.

The hardest truth you are asking me to swallow is that if spyware has been placed on my MacBook, no commercial app can detect it.

As I mentioned before, MacScan can locate the ones listed here. It's the only one I have found that will detect that many. Some of the others will identify one or two as potentially unwanted applications (PUA), but that's it. As you already know, it's useless for anything else.

A physical inspection of every file on my system is necessary.

Again, I urge you to download an run EtreCheck. Although it is primarily used to identify software that is causing performance problem, it has also been used to identify traces of spyware that almost always have to be tucked away in an automatically launched process. It was designed specifically for this forum to abide by Apple rules on what can be displayed here as well as to redact any trace of privacy information. If your privacy concerns extend to what types of software you have installed, then I can accept your reluctance to post it, but it certainly would be worth your time to look it over for yourself to see if you recognize each and every file that it lists as something you or Apple installed. BTW, just because it starts with "com.apple" doesn't necessarily mean Apple put it there.

among all of the malware detection and removal apps I have reported as installed, if having all of them active at once is detrimental (I can understand this), is there ONE security app that should be retained? Alternatively, is there a different or better app I should install instead and scrap the rest?

Did you look over the two testing lists I gave you. Security Spread is constantly updated with the latest versions of the software (and I assume he'll also be adding to his vast sample database). I have some minor issues with his testing methods, but they are still better than any of the so-called independent testing labs that accept ads, donations and fees in exchange for having their software rated. TheSafeMac is a year old now with a smaller sample size, but I still consider it to be valid for your use. I don't personally make recommendations as to what's best (primarily due to my association with ClamXav tech support), but any of the top three to five on these lists that don't cripple your mac are as good as you are going to find today.

It hasn't been mentioned here yet, but if you ever do find indications that your computer was hacked, you need to turn it off and call the authorities to have it forensically tested.

I held off commenting as the OP doesn't appreciate side discussions that don't directly relate to his problem, but I think I need to at this point.

JS can still do a bunch of things that users don't appreciate, but so far there haven't been any that will impact OS X or it's applications. Sure, it can redirect your browser to sites you don't want to see, download a file to your download folder without asking, fake a crypto-locker attack, etc. but nothing happens after that. I can't say that a malware developer will never be able to produce OSX.JS malware if they set their minds to it, just that it hasn't happened yet.

Contrast that to 1,246 JS malware signatures for Windows in the ClamAV® database.

If you have not yet run Apple Diagnostics, that would be worth running a long test overnight.

Just to point out that the user end hardware test, the AHT, is known as being abysmally poor at detecting hardware issues, especially random one like this. And even the more sophisticated ASD (Apple Service Diagnostic) which the Apple tech may or may not have used, can come up short when it's a random problem. So getting an all clear from either may not mean all that much.

EDIT: to side discussion. Are XSS and clickjacking exploits unknown in the Mac world?

WZZZ wrote:

to side discussion. Are XSS and clickjacking exploits unknown in the Mac world?

Not unknown, just not effectiven as infection vectors. As Thomas mentioned, you can be tricked into doing something foolish by JS, but you won't be directly impacted by it.

A recent example was the fake crypto-locker scare for Mac users. Some of them actually paid to have their computers unlocked when all they needed to do was hit the browser's back button or dismiss the dialog 99 times (that may not be the right number), but if you didn't know what was happening, those actions might not be your first thoughts.