Another Malware/AntiVirus Inquiry: How to properly examine for possible Malware? (Sierra)

Just to add to what has already been said, there is no such thing as 100% security. If that's what you would like, buy a new Mac and never open the box.

The biggest threat to a Mac is incompatible or poorly written software. Personally I think malware's biggest impact is it causes users an inordinate amount of time and stress, thinking about it and looking for it.

I've used Macs for 30 years and have yet had one infected. Could I get one? Yes. Could I be hit by lightning? Yes. I'm not going to spend one second of my time trying to prevent lightning strikes to my personage.

I run no AV software or Little Snitch type monitoring software.

I know some people don't believe in Anti-virus' in general and I've been down that road, but rather be safe than sorry for now.

Security cannot be reduced to a trite expression. Modifying a Mac with non-Apple "anti-virus" products increases its exposure to threats due to the significant potential for vulnerabilities in those products.

But I also had to install some scripts from Github and do some tinkering that I wouldn't ordinarily do. Most of them involved Python through terminal.

It's incumbent upon you to know what you're installing, its purpose, its proper use and limitations, as well as its potential for unexpected operation. It's also incumbent upon you to know how to get rid of whatever you installed if you no longer need or want it installed. No one else knows what it is you installed, so all you could hope for is meaningless speculation based on literally no information. If you are concerned about something then the best solution would be to erase that Mac completely and reconfigure it as if it were new.

I'll have to continue using some experimental softwares made by professors, install scripts, and browse the internet from databases that require unorthodox settings for OS X to gain access to.

Next time you install something that you may not completely understand, install it on a sacrificial partition containing no personal or sensitive information. Erase that partition when it is no longer required.

The application firewall does not protect a Mac from malware.

I've ran scans but obviously that entire issue brings up the dilemma of having a signature for the malware etc etc.. So I know other than OS X being stupidly malware ridden, the scans aren't gonna be of much use.

That's correct, and is one reason that those products cannot provide the assurance you seek. To protect your Mac I suggest you read Effective defenses against malware and other threats.

If that's not enough for you, read: It might be time to stop using antivirus

Pull quote:

"The problem, from the perspective of the browser makers, is that antivirus software is incredibly invasive. Antivirus, in an attempt to catch viruses before they can infect your system, forcibly hooks itself into other pieces of software on your computer, such as your browser, word processor, or even the OS kernel.

"Furthermore, because of the aforementioned knotweed-style rhizomes of antivirus programs, the AV software itself presents a very large attack surface. As in, without AV installed, a hacker might have to find a vulnerability in the browser or operating system—but if there's AV present, the hacker can also look for a vulnerability there. This wouldn't necessarily be a problem if AV makers made secure software, but for the most part they don't."

The only suggestion would be to amend the title of that article. At least in the case of macOS and its OS X predecessors, there has never been a good time to install AV software on a Mac.

Hello alisheikhpour,

I don't think that anymore, or at least very few people, don't believe in antivirus in general. Most people here on Apple Support Communities will not recommend any antivirus software for the following reasons:

1. Apple already includes antivirus software.
2. Most Mac antivirus software programs are converted from Windows and are not optimized for the Mac.
3. Most Mac antivirus software programs focus almost entirely on Windows malware that are harmless on the Mac.
4. There is still relatively little Mac malware activity. Most Mac malware takes the form of adware that is relatively harmless and easy to remove.
5. Most Mac antivirus software does a particularly bad job on the Mac. They tend to flag legitimate files in error and ignore the adware that causes most problems.
6. In general, pound-for-point, Mac antivirus software causes more problems than Mac malware.

For your specific situation, I have the following advice:

• If you have to bypass Gatekeeper on case-by-case basis, make sure to control-click on files and choose "Open". Never completely disable Gatekeeper.
• Python scripts from GitHub are probably going to be safe, as is most "tinkering". If you ever have a question, you can always ask here on Apple Support Communities. We can tell you exactly what those scripts are going to do.
• If you have sensitive data, I strongly suggest enabling FileVault.
• Firewalls, both the incoming one built into Sierra, and the outgoing one in Little Snitch, are essentially useless. For the internal firewall, it is a far better idea to turn off all sharing services in System Preferences. By default, the firewall will not stop any connection to them. And if you did a manual configuration to stop them from working, then they wouldn't work. So why use them? Little Snitch is a bit more useful because it prevents apps from "phoning home". But it is more likely to block legitimate activity. There is no way that most end users could differentiate legitimate network activity from something malicious.

My recommendation would be to run a little diagnostic program to help show what might be running in the background. Download EtreCheck from https://www.etrecheck.com, run it, and paste the results here. EtreCheck is perfectly safe to run, does not ask for your password to install, and is signed with my Apple Developer ID.

You don't have to paste the content here, of course, if you recognize everything in the report. But if you have questions, people here can explain what is going on in more detail. I am also actively trying to make EtreCheck more end-user friendly.

Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.

What others have said and...

I'm strongly in favour of having a privileged admin account and a second account for day-to-day use. In your case, you can add additional non-admin accounts for your economics, etc. In this way you can make a diy sandbox for your data and make sure that some rogue Python script doesn't hose your personal files while trying to calculate the national debt repayments.

C.

FWIW, your professor's credibility would hold more weight if there was any effective AV program for Macs or even one example of an AV program that stopped at least one credible threat to a Mac.

You're welcome.