AV for Mac
Mother-in-law has managed to get malware on her Mac.
Anyone recommend a no fuss AV?
This topic was created by Dewix .
"Anyone recommend a no fuss AV?"
Actually answering the question, here are my recommendations:
Freeware:
1) ClamXav is the most complete AV of the free options. The only drawback has been the annoying trend of the ClamAV project to shove detection of Mac malware behind detection of Windows malware.
2) Sophos Anti-Virus is fine. They're a good company, contributing a lot to the Mac community.
Shareware:
1) Intego: VirusBarrier is the best. This is the one I consistently find to be on top of all Mac malware. Their software is great. Their updates are frequent. The cost is worth it if you have a person who can't help but pick up malware. Set it up to run in the background 24/7. It doesn't eat much CPU time after the initial scan. Intego is also a terrific contributor to the Mac AV community.
Avoid:
- Symantec anything. Norton has frequently been terrible on Mac. Symantec has consistently resented the Mac and Mac users.
- MacKeeper: Total garbage from a garbage company, IMHO of course.
- iAnti-Virus: It's been neglected to the point of being dangerous.
OK:
- F-Secure. Plenty of friends like their AV. F-Secure, like Sophos and Intego, contribute a lot of work to the Mac AV community.
NOTE: The most basic and critical method for dealing with malware is to have backups of the machine, one local and one off-site (such as in the 'cloud'). Recall that the #1 Rule of Computing is: Make A Backup. If you don't, you get what you deserve. Not kidding. It's that critical.
https://Mac-Security.blogspot.com
As far as I'm aware, and I'd be happy to be corrected, there has never been a virus that has affected macs. Trojans are quite another thing, and there have been a few of these.
Back on topic, I use Mackeeper. It has some nice features, and in my opinion is worth the money. I have read that one should beware of similar sounding names such as Mac Protector, Mac Security, Mac Guard, and Mac Shield.
To set the record straight I do not work for Zeobit or sell Mackeeper, and it has been rightly criticised for heavy handed marketing and "misleading advertising"
Here's a recent review (Jan 2014)which is quite positive
http://macnetized.com/no-fluff-mackeeper-review-is-it-worth-it/
Mac keeper is a piece of malware shite itself.
Installs stuff all over the place including undocumented daemons, uninstalled still leaves stuff.
And they use all the malware ad practices ' your machine is infected click here' etc to get installs.
Why anyone in there right mind would use it is beyond me.
And the one positive review seems to me to either be in their pocket or just a naive idiot of a reporter.
Not with a bargepole.
https://discussions.apple.com/docs/DOC-3036
http://themacschool.blogspot.co.uk/2012/09/mackeeper-is-scam.html
+1 for Sophos. Have it on all of mine - seems to run nice and quitely in the background, routinely picks up malware in email attachements and zaps them, never hear from it the rest of the time. and it's free, but uses the same virus definitions as the paid-for windows software does
+1 for Sophos.
Sophos have had a free Mac antivirus client ('endpoint' in Sophos speak) for quite some time, which receives all of their usual definition updates daily - mine is picking up large volumes of Windows malware which turns up in my email Spam folder (...filtered there by SpamAssassin...).
I don't see any performance impact from this client. I tried the Intego client a long time back, but wasn't entirely satisfied with it. Don't recall now what it was that I didn't like.
Its also worth considering that F-Secure now have a Mac client. They are a fairly reliable company for security products - I used to use F-Secure on all our machines until I got the Mac and found that they didn't, at that time, support Macs.
http://www.f-secure.com/en/web/home_global/anti-virus-for-mac
Seconded. It took me chuffing ages to get rid of the Search crap that came down with the latest install of uTorrent I did. Yes, it was my fault for being a bit click happy through the install screens, but my god that stuff wouldn't let go. Hijacked the Search functions in Firefox and Safari, and it wouldn't let go of Safari for love nor money.
Never again.
For a long time MAC the company promoted the idea that MACs were invulnerable, this was in view of thousands of users and administrators contacting MAC tech support asking for help with, what turned out to be .... a virus.
It isn't necessarily the MAC OS that becomes infected. The software a user uses can become infected during use.
Al fazed:
The computer is a Mac (i.e. Macintosh) not a MAC. The company is Apple, not MAC. Given this level of knowledge, perhaps you'll understand if I ask for a source for your assertion that:
> thousands of users and administrators contacting MAC tech support asking for help with, what turned out to be .... a virus.
Are you perhaps thinking of other forms of malware, such as a Trojan?
What?
"Apple products are secure and never get viruses and malware."
NO. As a Mac security expert I have to point out that Macs have had over 100 malware since the birth of OS X. Technically, none of them have been actual viruses. But 'virus' has been wrongly shoved into the vernacular to mean all malware. Actual Mac malware has mostly been Trojan horses with a few drive-by infections thanks to stupid Oracle Java and stupid Adobe Flash, AIR, Shockwave and Reader. I personally suggest not installing Java or Adobe freeware unless forced to. Apple has been reasonably on top of security flaws in its own software, the worst of which has been QuickTime. Apple uses their XProtect and Gateway technologies to help keep their users free of malware. But don't count on Apple being perfect, just the best.
As for iOS, there have been a couple bone fide malware that made their way onto the Apple iTunes App Store, both yanked by Apple and unavailable. There have been a couple proof-of-concept malware as well, also pulled by Apple. All remaining malware for iOS is specific to jailbroken devices, in which case you're on your own anyway, no sympathy.
https://Mac-Security.blogspot.com
1. True - should run as always irrespective of OS used behind it, but I've never seen OSX malware infections creep in like this per se (as others have said, true viruses and worms are light on the ground) - the vast majority are drive-bys, 'free stuff' posing as something else, blah blah. Good practise obvs but I wouldn't flag an SPI firewall as being a specific salve for OSX. I run one anyhow though since that's just the right thing to do in most cases
2. Turn Gatekeeper on and you lose ability to install hundreds of awesome 3rd party apps, trapping yourself in Apple's store - simply because the developer won't play their game (for good reasons)
3. This is the only piece of advice on your list I'd concur with. But same applies for all operating systems for obvious reasons
4. Isn't there an application firewall already in OSX from the Lions onward? I don't see any point disabling that or replacing it
5. ClamXAV isn't real-time - if your idea is to stop buggers getting in in the first place, then this is a chocolate hammer. Sophos runs real time and, IMHO, doesn't chew up resources on well-configured and maintained OSX installs. YMMV I guess.
In my (now) long experience with OSX, I've found all the security basics that apply to any OS have kept me and machines of those I help, clean:
Don't run on an admin account. DON'T give the admin credentials to kids, less competents, etc
Run AV - yes yes yes, you can probably get away with it, but those days are slowing ending
Keep it patched - you'd be surprised how many OSX machines I come across with 300MB - 1GB of updates waiting in the wings
Get rid of Java if you don't use it
While Gatekeeper will bring up a dialog box warning about the evils of unsigned non-app-store applications, you CAN still run 3rd party applications. All you have to do is right-click on the application and choose open, the very first time you open it. It will ask the usual 'are you sure?', after which it will open like normal.
Yeah, right. Like that's going to be able to do anything about the malware downloaded via a click in HTTPS (e.g. gmail) or on an E-mail downloaded through IMAPS.
"Rather than clean them up after they've got in, the idea is not to let the buggers in in the first place."
Unfortunately, Mother-in-law is bound to click on flashing links that say "Your Mac is running slow, click OK to repair"
Unfortunately, Mother-in-law is bound to click on flashing links that say "Your Mac is running slow, click OK to repair"
You can fix that by giving her a standard account instead of one with admin rights, and lock down anything but from the App shop.
First of all, you need to identify what the real problem is - the original post was a tad too terse.
Next, try to install Carbon Copy Cloner so you can take a dump of the entire machine, alternatively, scrape at least all the data off it
Then rebuild the machine from the recovery partition, and when I say rebuild, I mean zap the partition and start from scratch, then start the app store and pull everything in you bought, then install only software you trust.
Next, create a non-admin account for the user. If you want, you can add something like teamviewer for remote support so you can log in and fix things, but the user should be blocked from doing dumb things. It's either that or they're on their own - I suspect that this is the cause of your problem in the first place
Also install a good filter like Little Snitch or even Hands Off! which can also block disk access
Consider an anti-virus product
Restore all data
Last but not least, make another Carbon Copy Backup so you have a build in case things go south regardless.
Good luck.
The OP doesn't mention which version of OS X is in use, I suggest backing up, erase and re-install latest OS then manual restore of documents and photos (Don't use Time Machine as it will probably put the malware back).
I agree, MacKeeper is evil. When you try and uninstall, it keeps trying to get you to change your mind. Nasty, insidious pile of crap.
The lack of old OS Version support in AV products for a Mac can be a headache. I have one client who is using an old Apple Mac stuck on OS 10.5 with no upgrade options. As he tends to spend a little too much time on dodgy sites the only way we've found of keeping him clear of viruses is good backups. A total reset seems to be the only simple way out of problems he walks into.
I'll respond even though I think the OP seems a bit provocative. Who knows what bit of malware we are dealing with. No ant-malware software can protect against STUPID, and most attacks do use social engineering nowadays so exploit stupidity or gullibility.
For reference we use the cross-platform ESET (yes even on Linux). Less overhead than most of it's peers and no complaints after 4 years of use.
Without further info..
Install Mavericks, fully patch.
Move the bad app and anything not useful to the Trash.
Remove anything dodgy listed in Apple Menu>System Preferences>Users&Groups>Startup Items
Delete anything suspect in :
~/Library/Launchagents
~/Library/Launchdeamons
/Library/Launchagents
/Library/Launchdeamons
Sorry couldn't give you much on details.
Was asked to look at her slow/twitchy Mac book the weekend before getting married, so forgive me for not remembering the OS version or what malware it was.
It was spyware with an auto-installer, which was easy enough to remove, if you follow steps found on the good ol' web.
With paranoia and prevention in mind I tried Commodo. It really does not work well.
I'll be popping around in 2 weeks, so I'll keep you all posted.
I use it for mine and my 76 y.o. father's Macs.
Free, easy to set up and forget. Automatically updates itself and runs quietly in the background. No major performance hit seen thus far, but YMMV, depending on the age of the system and its condition.
Also, preventing the malware in the first place is BEST.
1. Disable Java plugins from all browsers as someone said before. Disable all unneeded plugins to reduce the "attack footprint".
2. I personally prefer to run Ffx with no java/flash and rely on HTML5 for videos/YouTube, etc.
3. I have my Pops on Chrome for its built-in Flash and PDF reader plugins, plus its automatic updates of both when needed without intervention. Then I added WOT and ABP to the mix and he's fine. Show her how to use things like WOT (Web of Trust) or similar, so she can avoid clicking on malware-baited search results.
Congrats on tying the knot Dewix,
From the info you did provide, to save yourself a world of hurt in the long haul, (I'm sure someone's speech at your wedding reminded you that her family are now your family)
as a bare minimum follow the sound advice from several other posters above:
1. Don't waste time fixing up every thing, go for a fresh install (time allocation: 2 pints +? for installing apps)
2. Harden her preferred browser with the suggestions by the venerable rm -rf *.*, ghostery and self-destructing cookies also recommended to minimise her browser slow down and reduce future attack vectors. If she likes watching the occasional cat video on youtube, add https://www.youtube.com/html5 to her bookmarks.
(time allocation: 1 pint)
3. Change her user account to remove useless start up apps and remove admin privileges.
4. Setup remote management so you can do future maintenance from home via VNC (3&4: time allocation 1 pint)
5. Use carbon copy cloner to make a fully functional back up, so no matter what happens you never have to sit around your inlaws drinking pints on sunday afternoon unless mandated by law. (time allocation: Sunday Roast)
As several people have mentioned, AV on it's own isn't worth a whole lot and probably won't save you from tech support emergencies during an FA cup final.
All her data is already backed up with Time Machine, right? (If not, you are at fault for not showing her this painless way to back up her files.)
Restart her Mac folding Command-R and restore the computer from the Internet. Fresh OS, hard drive erased. After the install, restore the files from Time Machine. (Once again, automated and easy.) Done.
https://www.apple.com/osx/recovery/
I would recommend Avast. I have it on my MAC's and it does not intrude from performance standpoint and it isn't overly chatty either.
I would also recommend that you ensure that the App Store update service is enabled by default. Ideally you should also do this for any non App store apps as well.