Whats a good free virus, malware scanner for Mac OS X?

[GGJstudios]

Nobody can be 100% reliant on "resonspible computing" either, hence the need to scan at times.

In the 13 years since OS X was released, safe computing practices have protected against 100% of the OS X malware in the wild. Of course, there is no guarantee that will continue to hold true in the future, but so far, safe computing has a better track record than antivirus apps. There is nothing that an antivirus app can detect that would have gotten past safe computing methods. The reverse is not true.

 

[2012Tony2012]

I use Sophos it's great it blocks pages that have threats to your mac and protects your mac really well and there's also another one called avast!

The problem with Sophos and many other AVs is that they run with elevated privileges which as a result could be worse than you were before using an AV.

 

[cool11]

It is the first time in the last ten years that I am concerned about possible virus in my mac.
Because I tried to install latest version of utorrent application, and it tried to install something like 'browser bars' etc.
I did not noticed anything till now, but I want to be sure.

Should I run clamXav once, scan my system, and then uninstall it?
I do not want a permanent antivirus on my system, but I need a check.

 

[GGJstudios]

It is the first time in the last ten years that I am concerned about possible virus in my mac.
Because I tried to install latest version of utorrent application, and it tried to install something like 'browser bars' etc.
I did not noticed anything till now, but I want to be sure.

Should I run clamXav once, scan my system, and then uninstall it?
I do not want a permanent antivirus on my system, but I need a check.

Did you actually install the "browser bars" app? If you did and don't want it, just delete it.

The most effective method for complete app removal is manual deletion:

Best way to FULLY DELETE a program​

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.

​

Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

 

[wiser12345]

GGJ, your belief that "no true viruses exist in the wild that can run on Mac OS X" is somewhat faulty, in that viruses can absolutely exist on the Mac platform...but few people bother to code viruses for Macs. There just isn't the same potential for widespread panic/buzz that exists for the Windows platform because Macs have a tiny user base by comparison. It's not attractive to the average malware coder that wants to see their work go mainstream.

Your advice is sound but is utterly identical to what any computer user should practice, Mac or Windows (or anything else).

It's just important to correct the tone of your message which seemed to suggest that because people use Macs they're somehow impervious to malware. Such is not the case...to be completely objective, it's just more that few malware coders bother.

What makes you think you have malware?

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. While you may elect to use it, 3rd party antivirus software is not required to keep your Mac malware-free.

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges. You can run scans when you choose, rather than leaving it running all the time, slowing your system. ClamXav has a Sentry feature which, if enabled, will use significant system resources to constantly scan. Disable the Sentry feature. You don't need it. Also, when you first install ClamXav, as with many antivirus apps, it may perform an initial full system scan, which will consume resources. Once the initial scan is complete, periodic on-demand scans will have much lower demands on resources.

 

[GGJstudios]

GGJ, your belief that "no true viruses exist in the wild that can run on Mac OS X" is somewhat faulty, in that viruses can absolutely exist on the Mac platform...but few people bother to code viruses for Macs.

It's not a "belief"; it's a fact, and is in no way "faulty". As my statement that you quoted begins, "Macs are not immune to malware...". I have never stated that true OS X viruses can't exist in the wild, only that they don't, and never have.

There just isn't the same potential for widespread panic/buzz that exists for the Windows platform because Macs have a tiny user base by comparison.

If you had spent a little time reading in this forum before posting, you would know that the "market share theory" has been debunked countless times. First, the installed base of OS X users is somewhere in excess of 75 million, certainly big enough to appeal to a malware writer wanting to make a name for themselves, or impact a significant number of users. Second, there were viruses in the wild that affected earlier versions of the Mac OS when Macs had a much smaller market share, but with the introduction of OS X and the increase in market share, the instances of malware declined and viruses in the wild declined to zero. If the size of the user base was a major factor, there would be more OS X malware today than in years past, but there is less. Much less.

It's not attractive to the average malware coder that wants to see their work go mainstream.

With all the publicity and popularity of Apple hardware and software, there is plenty of exposure and notoriety for anyone who would want to "go mainstream" with OS X malware.

It's just important to correct the tone of your message which seemed to suggest that because people use Macs they're somehow impervious to malware.

My "message" clearly states that Macs are not immune or impervious to malware, but that by practicing some simple safe computing rules, all OS X malware that exists in the wild can be successfully avoided. That message is completely true.

 

[Trebuin]

In the 13 years since OS X was released, safe computing practices have protected against 100% of the OS X malware in the wild. Of course, there is no guarantee that will continue to hold true in the future, but so far, safe computing has a better track record than antivirus apps. There is nothing that an antivirus app can detect that would have gotten past safe computing methods. The reverse is not true.

Too bad safe practices (or antivirus) don't help as much for me for people actively hacking my system. My mistake for leaving my system on. Turns out some guy installed a remote software (one of the VNCs) on my computer using my usb while the computer was locked. The only reason I knew was through camera shots I had of him through "Witness" app when he woke my computer from sleep. One quick check with my backup showed a bunch of VNC files added. One quick restore later and everything was back to the way it should be.

 

[GGJstudios]

Too bad safe practices (or antivirus) don't help as much for me for people actively hacking my system. My mistake for leaving my system on. Turns out some guy installed a remote software (one of the VNCs) on my computer using my usb while the computer was locked.

Yes, safe computing practices would have protected you. One of those safe computing recommendations is:

Never let someone else have access to install anything on your Mac.

 

[Trebuin]

Yes, safe computing practices would have protected you. One of those safe computing recommendations is:

Access was actually unpreventable (unless I just didn't bring my laptop on that trip, you're at the mercy of the host nation), but I could have prevented the install by not leaving my computer in standby. Apparently the USB hack they use only works when the computer is powered beyond the file vault. For windows, it has to be logged into an account. I don't know if OS X needs to be logged into an account or not for the USB hack to work.

I sent you a PM with a little more details.

 

[kdum8]

Access was actually unpreventable (unless I just didn't bring my laptop on that trip, you're at the mercy of the host nation), but I could have prevented the install by not leaving my computer in standby. Apparently the USB hack they use only works when the computer is powered beyond the file vault. For windows, it has to be logged into an account. I don't know if OS X needs to be logged into an account or not for the USB hack to work.

I sent you a PM with a little more details.

Wow what an incredible story! Would you be willing to post more details so that others can take steps to avoid what happened to you? How did the guy get around your password, what was he trying to achieve? what is the witness app?

 

[Trebuin]

Wow what an incredible story! Would you be willing to post more details so that others can take steps to avoid what happened to you? How did the guy get around your password, what was he trying to achieve? what is the witness app?

Wow, this thread's so old that I'm surprised to get a response. Anyhow, there are countries that have invested a lot of money into finding exploits for various hardware for various purposes. There's really no way to prevent this and as more exploits come out, the less secure your device will be.

Take a look at Apple and the iOS encryption battle that is going on today. The US wants Apple to create or reveal a bottom exploit to upload a new firmware, bypassing the password requirements. If this were created, that firmware could likely be exploited to load onto any firmware. These programs have already proven unsafe as one hacking group made news last year by losing control of some software designed to exploit various hardware. Jailbreakers are also offered money not to publicly release exploits, but rather sell them to those companies.

The court case is a balance of individual privacy, and government power to force a company to expend a lot of resources to do thy master's bidding. From the individual perspective, all we can do is create multiple encryptions of different methods to prevent access to personal information. Everything else shouldn't really matter. Consider everything on your computer public information unless you keep it off the net and secured somewhere safe.

 

[kdum8]

Wow, this thread's so old that I'm surprised to get a response. Anyhow, there are countries that have invested a lot of money into finding exploits for various hardware for various purposes. There's really no way to prevent this and as more exploits come out, the less secure your device will be.

Take a look at Apple and the iOS encryption battle that is going on today. The US wants Apple to create or reveal a bottom exploit to upload a new firmware, bypassing the password requirements. If this were created, that firmware could likely be exploited to load onto any firmware. These programs have already proven unsafe as one hacking group made news last year by losing control of some software designed to exploit various hardware. Jailbreakers are also offered money not to publicly release exploits, but rather sell them to those companies.

The court case is a balance of individual privacy, and government power to force a company to expend a lot of resources to do thy master's bidding. From the individual perspective, all we can do is create multiple encryptions of different methods to prevent access to personal information. Everything else shouldn't really matter. Consider everything on your computer public information unless you keep it off the net and secured somewhere safe.

Thanks for your reply. Based on your previous posts, are you saying it isn't safe to leave a Mac in sleep and it's possible to bypass your system password? I carry my laptop abroad with me all the time. I do have FileVault enabled.

 

[Trebuin]

Correct, but you need to be a target of interest, so if you're boring like me, you won't need to worry about the high tech tools. Sophos has a good low resource antivirus. Another protection tip I would offer is never get anything bleeding edge because they may have been compromised in some way.

 

[GGJstudios]

Correct, but you need to be a target of interest, so if you're boring like me, you won't need to worry about the high tech tools. Sophos has a good low resource antivirus. Another protection tip I would offer is never get anything bleeding edge because they may have been compromised in some way.

See post #17 in this thread regarding Sophos.

 

[Trebuin]

See post #17 in this thread regarding Sophos.

It does require elevated privileges to install; if someone finds a vulnerability to the software, it has a gateway through directly to the OS.

 

[GGJstudios]

It does require elevated privileges to install; if someone finds a vulnerability to the software, it has a gateway through directly to the OS.

Exactly. That's why it's not recommended. If someone insists on using an antivirus app, there are several that don't require elevated privileges, such as ClamXAV.

 

[Walter Kemble]

Hi. I suddenly started getting a page representing itself as Facebook, saying that I have malware on my computer. I'll give you a screenshot of the page. It does not let me proceed to the Facebook page unless I either: a) use a malware cleaner for mac or windows (links were provided) -tried the mac one & it took me to something for Mavericks.
or
b) check a box that assures Facebook that I have cleaned my computer.

I didn't do any of those things ...I closed Safari & opened Chrome ...NO PROBLEM with Facebook.

Restarted computer, went back to Safari (default) cleaned history/cache -tried logging in with Facebook ...it did the code generator thing ...very good ...then got the same message as in this screen shot.

...LoL ...oh ****....I forgot ....the reason I wanted to reply was because ClamXav is no longer a free app. Going with your advice about not reaching for a credit card I thought you'd want to know this.

Thanks much.

Kemble

What makes you think you have malware?

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. While you may elect to use it, 3rd party antivirus software is not required to keep your Mac malware-free.

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges. You can run scans when you choose, rather than leaving it running all the time, slowing your system. ClamXav has a Sentry feature which, if enabled, will use significant system resources to constantly scan. Disable the Sentry feature. You don't need it. Also, when you first install ClamXav, as with many antivirus apps, it may perform an initial full system scan, which will consume resources. Once the initial scan is complete, periodic on-demand scans will have much lower demands on resources.

 

[GGJstudios]

Hi. I suddenly started getting a page representing itself as Facebook, saying that I have malware on my computer. I'll give you a screenshot of the page. It does not let me proceed to the Facebook page unless I either: a) use a malware cleaner for mac or windows (links were provided) -tried the mac one & it took me to something for Mavericks.
or
b) check a box that assures Facebook that I have cleaned my computer.

I didn't do any of those things ...I closed Safari & opened Chrome ...NO PROBLEM with Facebook.

Restarted computer, went back to Safari (default) cleaned history/cache -tried logging in with Facebook ...it did the code generator thing ...very good ...then got the same message as in this screen shot.

...LoL ...oh ****....I forgot ....the reason I wanted to reply was because ClamXav is no longer a free app. Going with your advice about not reaching for a credit card I thought you'd want to know this.

Thanks much.

Kemble

It sounds like you did, but make sure you have cleared all cookies and cache in your browser, not just history. Also, have you downloaded or enabled any Facebook-recommended apps? If so, you may want to remove those.

It's also possible you may have some adware:

Remove unwanted adware that displays pop-up ads and graphics on your Mac
Adware can be removed by using this tool: AdwareMedic

 

[Weaselboy]

Restarted computer, went back to Safari (default) cleaned history/cache -tried logging in with Facebook ...it did the code generator thing ...very good ...then got the same message as in this screen shot.

Just run the free app MalwareBytes to check for any malware.

 

[Walter Kemble]

It sounds like you did, but make sure you have cleared all cookies and cache in your browser, not just history. Also, have you downloaded or enabled any Facebook-recommended apps? If so, you may want to remove those.

It's also possible you may have some adware:

Remove unwanted adware that displays pop-up ads and graphics on your Mac
Adware can be removed by using this tool: AdwareMedic

THANKS!!
[doublepost=1464903373][/doublepost]

Just run the free app MalwareBytes to check for any malware.

THANKS!! -ran Malwarebytes ....says my machine was clean. Interestingly, I cleared Safari's cache/history etc so had to get a code texted to my phone to login to Facebook on my computer. Facebook gave me a message when I requested the code that, "Their systems are overloaded -please try again later."

Everything seems to be fine. It started when I tried to login using Facebook on a friend's site & something called "Podbean" wanted to manage my Facebook posts.

Cheers & thanks again.

 

[grahamperrin]

… Sophos it's great …

Good, not great.

Last time I dug into things, I drove a small tractor through a design flaw that allowed the EICAR test file to be written to, and read from, part of a volume that was reportedly protected by on-access scanning.

In an ideal world I should have reported the flaw to Sophos Labs, but on an earlier occasion I was deeply disappointed by the company wasting masses of my time as a result of lousy documentation – instead of properly fixing, the company simply ceased to list a known issue as a known issue, and so on.

… Sophos has a good low resource …

Last time I checked, the on-access scanner defaulted to not scanning compressed files. A saner level of protection can have much more of an impact on end use.

Worse: things such as Unable to complete login … because the default number of WorkerThreads was too low. Whenever the Sophos software prevented colleagues from logging in to the operating system, that certainly was not good use of resources.