Does Etrecheck have the blessing/approval of Apple itself?

P.S. Regarding Apple verifying the app/program, no they have not. If they had, you would see an official article that would specifically notate it as one optional app a user may consider installing based on the issue or reasoning, or an Apple advisor could directly advise you to download it as part of the troubleshooting process. The only one I'm aware of that tech support can recommend per Apple is Malwarebytes

HunterBD wrote:

My understanding is that simply by visiting a URL a computer can be infected with malware and the user remain completely unaware of this fact.

I believe I've addressed this possibility with you before, but allow me to expand.

The last time something like this was known to have happened to a Mac user was due to a Java vulnerability in the Spring of 2012 when a Flashback variant was reportedly able to infect ~100,000 Mac users. The vulnerability was quickly patched by Oracle, users have been strongly urged to avoid using the Java Internet Plug-In, and macOS has been fortified to sandbox it's use for those who insist on needing it.

It's clearly possible that this could happen again due to some other vulnerability that nobody is yet aware of and Windows users continue to discover such things, but as far as anybody knows, there is no such threat out there today to Mac users.

If the Etrecheck facility has been checked - by Apple itself - to ensure that it is completely safe for Apple customers to use, I'd really welcome that confirmation.

Apple does not routinely check any 3rd Party software that is not submitted to the App Store, and even those applications are primarily checked to ensure they abide by published rules for App Store apps. As you probably know, there have been occasions where such apps met the rules but still manage to either misuse data they are given access to or slip in other features that cause unwelcome behavior.

And of course, any time Apple is made aware of software that acts maliciously, they take action using XProtect, Gatekeeper and/or MRT to prevent their use. But they relay heavily on reports from users in knowing what they need to check.

If you have reason to suspect any 3rd Party software is behaving maliciously, report it to product-security where Apple may have time to look into it. I have done this with mixed results.

My understanding is that simply by visiting a URL a computer can be infected with malware and the user remain completely unaware of this fact.

Your understanding is poor, at best.

While it still may be possible to get something to download and you miss the animation and download button popping up, you would still have to run the malware in order to infect yourself.

Apple does not check any software "to ensure that it is completely safe," even on the App Store. App store apps are only checked to confirm they comply with App Store rules, which may or may not make them "safe."

HunterBD wrote:

Are you aware of the names of such "third-party anti-malware products" approved for use by Apple?

No, Apple has never to my knowledge, recommended a third-party product of any kind.

They have always include Cisco's ClamAV scanner with Apple Server, but that would seem to be a second-party product.

HunterBD wrote:

Are you aware of the names of such "third-party anti-malware products" approved for use by Apple?

There are no third-party products that are approved for use by Apple. None.

HunterBD wrote:

Sadly, that link didn't 'work' for me. Has it been 'doctored' in some way? No matter where one goes on the Internet, one can never be certain that it's safe to click on a link!

The link posted by LACAllen hasn't been "doctored" in any way. The link I provided goes to the same exact place. I omitted the "/web/" part because that is the final landing page after logging into the bug reporter.

The similar link posted by 'etresoft' DID work, though .... but with this result:-

As he is a Developer, I'm rather surprised that 'etresoft' was unaware of this restriction.

I was not unaware of this restriction. All bug reporting systems require you to create an account. How else would the developers be able to reach out to you to potentially ask more information, a clarification, or to ask you to confirm a fix? If you don't want to create an account, you can use the feedback link that I posted above. That is more of a "black hole" system where there is no possibility of ever getting a response.

To file a bug report in the Apple bug reporter, you have to create a free developer account. This is not the same type of account that would allow you to create apps. And, to be clear, even if you spent $100 or $500 for a real developer account, Apple would never give you any kind of approval. It simply doesn't work that way.

It has not been "blessed" by apple, any more than MS Office has been "blessed".

I would very much like Apple itself to verify that the product is safe to use.

As most of your questions cannot be answered here, why don't you actually contact Apple rather than asking other users who do not have the capability to do what you want. Call Apple support and/or use the feedback options.

I, for one, prefer to use my time here to actually help people rather than waste it.

HunterBD wrote:

In this thread from 2014 https://discussions.apple.com/thread/6704451

Referring to EtreCheck, 'Linc Davis' said to me .....

"I haven't tested that program and I don't recommend it. In reports on this site, the "failed" warnings appear often. No one, including the developer, seems to know what they mean. I've seen no evidence that they mean anything at all. To do anything at all merely because of those warnings, in the absence of a functional problem, would be a waste of time. As I wrote, the results of posting "etrecheck" output can be very poor."

And ...... "I have no use for "etrecheck" output."

If you want any clarification regarding something that Linc Davis said in 2014, you are going to have to ask him. But he hasn't been active on these forums for about 2 years.

How can I be sure that connecting to the EtreCheck server and downloading the software will not, in and of itself, cause 'damage' to my computer or compromise my security?

...

I would very much like Apple itself to verify that the product is safe to use.

As others have said, that is not a service that Apple provides. If you feel that this is a service that Apple could, or should, offer, then you can submit Feedback or file a Bug Report.

Lacking any such Apple service, all you can do is consult online reviews and recommendations to see if a product is safe and legitimate. I am not going to make any attempts in this thread to demonstrate that EtreCheck is safe or legitimate. It seems like EtreCheck may be replacing ClamXAV as the object of your unwanted attention. I'm sure that would be good news for Mark Allan, but I would like you to find a different hobby. I made a sincere effort to explain some of the more confusing aspects of security software and to dissuade you from your strange anti-ClamXAV crusade. And the reward for my attempts to be helpful is that you now start an anti-EtreCheck crusade?

There is an old saying that goes something like "be careful what you ask for; you might get it." No one had any idea what your anti-ClamXAV agenda was about. Your anti-EtreCheck agenda seems more transparent. In all honesty, I would prefer that you don't use EtreCheck and avoid discussing it here in the forums, either positively or negatively. Otherwise, you might set something in motion that isn't what you would have wanted.

Forum rules don't permit to speak on behalf of apple , only malware bytes anti malware is more than sufficient to clean the Mac and nothing to install apart from it .

But , malicious softwares or codes , attacking through network , capturing outgoing network packets is possible , had experienced in my Mac rom- 0 -1 , rom - 0 - 2......malcious codes were downloaded in Mac ( the firmware password was still created ) , all system files were corrupted and had to erase the hard drive reinstall the operating system , factory reset the internet service provider router and air port express , changed all the passwords for Apple ID , iCloud id , web mail password , admin password , wireless network or base station password , used stealth mode , created a password for ISP router , firewall box was set ..etc

The user never know the site on internet is malicious ( social media sites like Facebook or others are risky ) , you click on a link the code is installed .

The user must be aware and any thing can happen any time .

HunterBD wrote:

Almost all contributors to the ASC agree that Apple products do not need external protection from the likes of www.clamXav.com - a product which sounds like it's 'too good to be true'. Perhaps I'm mistaken, but you appeared to be supporting the use of the software.

I have absolutely zero interest in your anti-ClamXAV crusade. I'm not really a fan of 3rd party Mac antivirus software in general, but I have nothing in particular against ClamXAV or its developer. I can certainly empathize with an innocent and hard-working software developer who has to deal with people spreading doubt and misinformation on the internet about their product. I want to be clear about this - in terms of your dispute with ClamXAV, I support ClamXAV actions 100%.

You final sentence sounds somewhat threatening, but I shall ignore that.

The only threat here is from you.

3rd party apps like EtreCheck have a very delicate relationship with Apple, who hosts these forums. Apple has been gracious enough to allow the use of EtreCheck on the forums because it helps so many people. But I have always felt that if EtreCheck, or any other 3rd party app being promoted or used here on the forums, starts to become a distraction or causes a problem, then Apple won't hesitate to ban EtreCheck, me, and any use of the app here in the forums.

Right now, things are going pretty well. People are happy. Sometimes people use EtreCheck to help solve problems with their Macs. Nobody, except you, is complaining. If you want to rock the boat, you can do so. If you push hard enough, you can make a change. I'm sure of that. You can make a lot of people less happy. You can make it more difficult for a lot of people to solve their Mac problems. Is that what you want? Is that what will make you happy? Then by all means, continue.

I was not threatening you in any way. I was simply saying that I have plan in place for this eventuality. I have a way to continue to make EtreCheck available for people to help solve their Mac problems in the future, even if it can't be used here in the forums. And I sincerely think that this approach will be very profitable for me. You do have the ability to hurt an awful lot of people with your continued actions - just not me personally. You weren't the first to start trashing EtreCheck in the forums and you won't be the last. But now, I've got a plan and the means to implement it.

Hello ! Liv0123

See this article Product security certifications, validations, and guidance for macOS - Apple Support

You wrote - My understanding is that simply by visiting a URL a computer can be infected with malware and the user remain completely unaware of this fact.Yes everything is possible in the internet world , the user must be alert , clicking on a link or hidden codes can install malware in Mac , even virus can be installed if the site developer has created in such a way , but its very rare .

See these links Safari Security preferences on Mac - Apple Support

Manage warnings about unsafe sites - Computer - Google Chrome Help

macOS Sierra: What is malware?

How can you take such an answer as serious from a person who had never tested it? You could use that logic in millions of conversations. Such as, "I've never owned or even driven one, but Fords are terrible automobiles." This statement, by the way, was from a person who would routinely tell people that a multi-thousand character Unix command he wrote was completely safe. There are likely less than a 100 people in the entire world who could read through that and tell you what each and every command did. But, you were simply supposed to trust it.

As far as safe? There's no way to know if a single bit of software or hardware you use is completely safe. Third party software? No more or less dangerous than the software provided by Apple. You have no idea of a disgruntled Apple engineer didn't sneak some sort of destructive trigger into a seldom used function.

What about the CPU, or other hardware components purchased by Apple to build their Macs? They didn't write a single line of code for those. So, I guess we shouldn't trust those as being safe, either.

If you want, you can download the entire source code for EtreCheck from GitHub and read through it yourself.