How does one removed a 'SOLVED' annotation?

HunterBD wrote:

Just HOW does malware get to own files - when a deliberately installed, professionally manufactured, AV software cannot be used to scan all files on a hard drive or CD/DVD?

There is a reason why people don't like to comment on these malware threads. This topic rapidly gets subtle and difficult to understand. It is like a class at your local library titled "Using the Mac 101: Move the mouse" which is then followed by "Using the Mac 102: UNIX security permissions and ACLs". Class attendance tends to drop off quickly.

Some malware has the ability to create new user accounts on your machine as a way to hide. Any time you give some installer your administrator password, you give that software full control over your system and all of your data, including the ability to create new user accounts as it needs.

Most antivirus software legitimately needs administrator privileges to detect and remove this kind of malware. If you buy antivirus software from the Mac App Store, it will not have administrator privileges and cannot scan your entire machine. If any malware has gained administrator privileges, your Mac App Store antivirus will not be able to hinder it in any way.

As for Apple's 30% cut, you can read about that here: https://developer.apple.com/programs/whats-included/

It is not quite as bad as it seems. Developers bitterly complain about it, but many don't realize what a big deal that line about "Apple handles worldwide payment processing" is. Trying to do international payments on your own can cost you much, much more than that if you aren't careful.

That is why there are so many "free" apps in Apple's App Stores. It is really hard to make any money there. But it is a very inexpensive advertising tool that gets your software in front of people's eyes and hopefully entices then to give you money via other channels.

I don't know anything about MadMacs0; not everyone posts a biog and you just have to take things as they come. I don't use ClamVax - I have MalwareBytes and run it occasionally but I'm careful about what I download and so far it's not flagged anything. I looked briefly at the thread you started, but I'm afraid I'm not prepared to wade through eight pages of it 🙂.

HunterBD wrote:

How can one be sure that the individual is not, in actual fact, the 'Developer' of ClamXav, a Mr Mark Allan?

How can we be sure you aren't? Anyone can post whatever information they want whether true or not.

dialabrain my have simply not updated his/her forum tag yet. I noticed just now that mine was still set to 10.3.2 even though I installed 10.3.3 the day it appeared.

Also, even after you change your forum tag, it's not a global change. Your previous posts will still say what they did before updating the information.

It has been 'vetted' by Apple and approved for use - has it not?

No. Items in the App Store are there only because they meet the standards necessary for inclusion, and they are not in any way intentionally harmful.

Not one thing in the App Store is endorsed by Apple.

I am truly amazed by your statement .......

Why? "Endorsed" would mean Apple is making a statement about each app in the store as, "We love it, and heartily recommend you purchase this app as soon as possible. It will change your life!"

They're not. Everything in the App Store exists because Apple makes 30% of every sale on every item.

It the same as a grocery store. They don't carry Campbell's Cream of Chicken soup because they personally feel everybody should buy a can.

HunterBD wrote:

You may already be aware that Bitdefender is available from the Apple App Store.

There are a number of antivirus apps available in the Mac App Store. However, due to the limitations of the Mac App Store "sandbox", no antivirus tool could ever be fully functional. It isn't technically possible.

Just read the text in that app closely. It says it "scans all your files and directories". If you give it permission, then it will do that. However, all it can do is scan. It can't actually remove most malware due to those technical limitations. Plus, you have to read these things very carefully. It says it "scans all your files and directories". It will not scan files that are not "your" files, such as files owned and protected by the root user or any files owned by any malware running on your system. Those aren't "your" files. 🙂

BitDefender appears to be better than some of the other antivirus apps on the Mac App Store. At least they are honest enough to use it as an advertisement for their full product. I have considered doing something like that myself, just to get an adapp in front of people. Advertising is effective. And there are a number of other subtle advantages to having an app in Mac App Store. The hard part, for something like my app EtreCheck, is to figure out what useful value I could give people within the confines of that restricted Mac App Store sandbox environment.

Kurt Lang is correct. There is no endorsement by Apple for Mac App Store apps. Apple has automated checks to ensure that any apps in the Mac App Store are suitably crippled to the point they can't do any damage, at least not without the user's consent. Psychological tricks and fear mongering are perfectly acceptable. I have had apps in Apple's app stores in the past. Sometimes Apple will do several seconds of testing to ensure that an app doesn't crash immediately, but that's about it.

Finally, I really don't know what your issue with ClamXAV is all about. It was once in the Mac App Store too, but once Apple started imposing more stringent restrictions, they pulled the app because they could not longer give people worthwhile value because of those restrictions. That was a very honest and responsible action on their part. The security industry needs more people like Mark Allan.

Apple provides a certain amount of anonymity to people who participate in the forums so they can speak more freely. Just as there is nothing wrong with checking people's bios, there is nothing wrong with not putting much on a bio either. I know for certain that MadMacs0 is not ClamXAV's Mark Allan nor is he employed by Mr. Allan. If he was, he would have to include a disclaimer every time he posted a link to ClamXAV. Apple is very strict about that sort of thing. You are going down a dead end there.

Actually there is no way you could know I'm running 10.13.3 on three Macs, 10.13.4 beta 4 on two Macs, 10.11.6 and 10.10.5 on another Mac, and 10.7.5 on another. Not to mention VMs from 10.6.8 and up. Now you know.

Just HOW does malware get to own files - when a deliberately installed, professionally manufactured, AV software cannot be used to scan all files on a hard drive or CD/DVD?

I'm sure etresoft could explain this better, but a short version is; everything in the App Store is sandboxed. Apps are absolutely not allowed to work outside of your own user account. So, an app can create a preference file, and a simple Application Support folder item within your account, but that's it.

They are not allowed in any way to access the rest of the drive. Not the System folder, the root Library folder, Applications, another user account, or anywhere else. Only your user account and itself (saving data within the application package).

That makes any AV software in the App Store literally useless. What good is such software if it can only scan a limited area of the drive? That's a lot of territory malware could be in that it's not allowed to access.

As far as malware getting its own files? That's fairly simple. When the malware writes a file it uses to the drive, it can set the ownership as System, or whatever the person who wrote the software wants to set it to. Since the ownership is not set to 501 (first user account), it's not yours.