External Mac Antivirus scan suggestions

Paolo Alto Securities Labs in California have not found any Mac Virus in the wild. They among other securities labs have developed theoretical attacks for Mac OS X, and provide data to Apple so these flaws can be addressed in future updates. Apple does not make announcements as to what was addressed for securities reasons.
Paolo Alto labs was the first Securities Labs to discover the modified Transmission torrent app being propagated on the web. While not a virus by definition they were able to compare the code to existing samples and see that a modified program was uploaded to the developers website and nested in place of the torrent app where it could be downloaded.

Mac OS X makes up between 9% and 12% of the total of all OS's used world wide, it does not have close to the deployment of Windows OS's out there. Windows devices tend to be less expensive, and preferred by corporations for front end deployment and back end servers, as a result their popularity make them a far larger target for hackers. A majority of virus attacks are performed by individuals who are less code developers and more script downloaders who generally download a malicious script from a unscrupulous website, then deploy it in the hopes of propagating it's payload via email, or attacking a network computer in the hopes of spreading it to other devices on the network. The vast majority if not the entire majority of these widely avaialbe scripts are Windows specific, they won't run on macs. The code would be unable to execute because OS X would see it as gibberish.

While no one is going to tell you "macs don't get virus'" or "macs can't get virus" what is understood at this time is there have been no in-the-wild virus attacks on mac OS X, however that could change tomorrow. What is known is that most if not all commercial Anti-Virus for mac is problematic, and these forums will attest to poor performance, interoperability issues, instability, BSOD's, CTD's and Kernel Panics for a securities application that has yet to be put to the test to protect a Mac against a legitimate virus attack. Mac AV has had far less time to mature than it's windows counterparts, far less developers optimizing the applications and no assistance from Apple as to their development. As a result these offerings should not be considered as legitimate or flexable as the Windows solutions.

Upgrading to El Capitan:

In brief, SIP is the most extensive security feature in the history of OS X, making El Capitan even more impervious to unauthorized alteration than ever. Third party "anti-virus" products are worthless because they convey no benefit to Mac users, and will increase your threat profile than if you were to just leave your system as Apple designed it. Companies that peddle Mac "anti-virus" products are just exploiting neophyte Mac users who have been brought up to believe such things are necessary. They are capitalizing on fear; a highly effective sales tactic.

Selling computer security, as a product "in a box" so to speak, is arguably committing a fraud upon consumers, but the "anti-virus" business has become a multi-billion dollar industry dominated by major players that are not simply going to fold up their tents and go home. As the iPhone and other mobile devices grew in popularity at the expense of their traditional PC market, all of them became increasingly desperate to assert their continued relevance. They enjoy no shortage of uninformed shills advocating their use, even to this day. Most of them can be found taking up space in corporate IT departments, steeped in the established Windows way of life, becoming panic-stricken as they outgrow their usefulness.

The onset of widespread computer viruses arose from a confluence of events that Apple deftly sidestepped with the creation of OS X. It always had been a multiuser, multitasking operating system specifically designed to isolate the user from the kernel as well as from one another, whereas Microsoft's competing operating system had remained essentially unchanged for over a decade – well before reliance on the Internet became commonplace. PC users had to endure multiple revisions and patches to reliably incorporate those features. Due to their enormous user base Microsoft could not afford to simply abandon their previous operating systems – which is exactly what Apple did with Mac OS 9 and its predecessors. That, and the incorporation of the "active desktop" with MS's integrated Internet Explorer was an open invitation for anyone seeking to spread viruses onto millions of vulnerable PCs all over the world. Those manifestations were essentially a form of vandalism that usually provided no tangible benefit to the vandals. Microsoft was very slow to incorporate the system alteration protections that OS X had from the beginning. As viruses became widespread, MS had to resort to issuing multiple security updates every single day. It was literally a full time job just to keep one's Windows PCs up and running.

In summary, if Windows never existed we wouldn't be having this conversation because OS X viruses were never a significant threat to begin with. El Capitan's SIP has now made that possibility so remote it's not worth discussing at all.

As unlikely as they have become, viruses are only one threat. As the world has grown literally dependent upon a functioning Internet, vandals adapted into seeking ways to "monetize" it just like everyone else has been. They do so using a variety of schemes, one of which is to maximize clickthrough revenue. That gain can be derived a number of ways. Loading advertisement-laden webpages can do it. More money results from actually clicking on the advertisements you see. Even more money accrues to the advertiser should that result in an actual sale. The overwhelming majority of that revenue is facilitated by Google. Countless millions of people are willing – practically begging – to support that revenue stream, even to the point of deliberately modifying their Macs to make their users easier marks for Google to exploit. That is the reason for adware's prevalence. As business models go, it's a strange one since I have yet to learn of a single computer user who actually seeks to install adware. It is easily avoided and eradicated if inadvertently installed. Its popularity cannot be denied though.

Besides, if a Mac user really, truly wants to install adware, despite the many warnings of its effects, why stand in their way? It's your Mac, you ought to be able to do whatever it is you want to do with it. That includes the ability to modify Safari or other Mac browser with whatever add-ons and extensions you deem appropriate, including adware. It would be imprudent of Apple to judge whether a certain browser modification is malicious or not. That decision should be left to the user.

Another popular scheme is to distribute fraudulent browser messages warning of dire circumstances should you fail to call a "free technical support" phone number. Those threats may appear to hold your Mac for ransom, or attempt to persuade you into downloading and installing some magical cure-all that eventually demands more money. Those things aren't viruses either, they're just popup windows that don't go away... an inconvenience at worst. The feature is easily implemented in any browser that runs JavaScript, and it has useful purposes. It ought not to be strictly prohibited, and as you determined disabling JavaScript will just render many websites inoperative.

The user errs when concluding the blatantly fraudulent information presented by those popup windows is worthy of consideration, and subsequently acts upon it. That's bad. As long as the Internet remains open and unregulated (which I hope is forever) scam attempts and fraudulent information in all its forms will continue to be promulgated. Once again only a human being can discriminate between scams and legitimate information.

Virus or malware transferred from Time Capsule:

That is a hypothetical question which can only be answered hypothetically. You have to envision a "virus" or malware affecting your Mac to begin with. Given that premise, anything affecting your Mac will obviously be backed up along with everything else, using whatever backup strategy you used when you created that backup.

The purpose of a backup is to provide the ability to restore one's Mac to a condition preceding whatever may have affected its operation, and that's the right way to use one. An "erase and install" may be justified for cases in which the user did not create a backup preceding OS X corruption. In that event, creating a Time Machine or similar backup should be the first priority. Then, erase the source volume, install a copy of OS X known to be intact, followed by installing known intact copies of other software, followed by restoring files other documents that you require, knowing that those files might still have been altered in that hypothetical manner. In general though, files such as photos, music, or other user-generated content cannot be used to host viruses on a Mac, so restoring them from an otherwise malware-affected backup is acceptable. One exception might be Microsoft Word macro viruses, if such things still exist. I don't believe they ever affected Macs.

Downgrading to Mavericks:

Yes, provided the USB stick is bootable. There are other ways to downgrade OS X, but you have to erase the boot volume to revert to an earlier OS X version. The easiest way is to use Time Machine – the answer to your next question.

Plugin Management:

That's Apple's support document, and as far as I know it's accurate. Since I do not use any plug-ins I can't provide any more assistance than that.

Java and Flash:

Neither one is Apple software, so you have to consult their respective developers for assistance. Apple will automatically block outdated versions of both, but with all such things you must be forever vigilant for their ability to cause unexpected operation. In the past, vulnerabilities in both those products have been exploited to deliver malware, and users of them should expect similar attempts in the future.

I can find no compelling reason to use either one any more. Most websites no longer require Adobe Flash Player. It is primarily used for bandwidth-intensive advertisements you probably don't want anyway. It's outdated technology that should just die already. You can help accelerate that well-deserved fate by not using it.

Java always was a bad idea, so you can't even say its time has passed when it never had one to begin with. Despite its name JavaScript is totally different and completely unrelated to Java, and cannot be used to deliver malware. It is used to create those popup windows that refuse to go away though, and it is frequently used to redirect one website to another. That is also harmless and required, but poorly created or deliberately malicious websites make full use of that ability – generally to redirect to a fraudulent "ransomware" popup or similar such nonsense discussed earlier. It's worth noting that any website that hosts advertisements is capable of that. At the moment you are using just about the only one that doesn't.

Using a Live CD to venture out of my walled garden:

If you want to boot a Mac into something other than OS X, then by all means do so. Obviously nothing can affect an OS X volume that isn't mounted. While it's theoretically possible to maliciously alter a Mac's EFI firmware there are no known threats to it, and you can protect it with a firmware password.

BIOS does not exist on Macs.

Installing El Capitan on another hard drive:

When installing El Capitan from the Recovery Partition or OS X Internet Recovery, you will be asked where you would like it installed. All mounted devices will appear, including partitioned volumes. Just be sure to designate the correct one when you get to that step. After it is installed, use Startup Manager to choose the boot volume: How to choose a startup disk on your Mac - Apple Support

Weird/new user group in Users & Groups:

I really don't know, but your concerns are valid. I'd be concerned also. All I could do is help eradicate its effects, but I'd need to install Wireshark first. You ought to post a new question for assistance. By doing so you are almost certain to find someone who has already installed it and successfully eradicated it without the need to restore from a backup (which is what I'd do).

Daisy Disk to "clean up the hard-drive"

Utilities to organize and present files and their sizes can be very helpful to identify large files you might have forgotten about. I have used "Grand Perspective" and "WhatSize" which might be similar to "Daisy Disk". EasyFind is another utility you can use to locate files whose names are known. Just never let such things automatically erase anything, and there is never a reason to alter OS X just to visually illustrate file usage. The Finder is all you really need, and it won't let you inadvertently delete files that shouldn't be deleted.

None of those utilities are to be confused with several heavily marketed products claiming to "clean" or protect your Mac. Those things are just scams.

At this time the best software defense against Mac exploits is to keep your mac up-to-date with system upgrades and securities patches. It's also a good idea to keep a backup.

The state of Mac Anti-Virus we've seen from posts on these forums is that many commercial products out there can cause mild to serious problems when running on Mac OS X. At this time there are no mac virus by definition so they've never encountered a real threat and proven their effectiveness if virus for mac appear in the wild. If you are using a Mac AV solution as a Windows gatekeeper it's a terrible idea, windows AV has had ages to mature, the developers have worked in conjunction with windows developers and windows developers are far more numerous that mac developers. The companies making these products invest far more resources into Windows than they do Mac.