MacInTouch Amazon link...

anti-virus software

Channels
Security, Questions


I am intrigued by the free version of Avast and ClamXAV. ... I have not heard anyone mention Norton Security Online, which I can get for free from my cable provider...
It's probably just the way you structure the first comment above, but there is no free version of ClamXAV, only a free 30-day trial.

I’ve not tried the current Norton product, despite great experiences with it decades ago before Symantic took over, but I’ve never heard anything but negative comments about it.
 


Just wanted to add a note that Catalina Cache Cleaner, from northernsoftworks.com, includes ClamAV amongst its many other features (and there are a lot!).
Yes, but the ClamAV scanner uses the community database of signatures that include mostly Windows malware definitions, so scans can take a long time. ClamXAV makes the use of that extended database optional and uses over a million macOS unique definitions, along with quickscan and real-time scanning features.

Drive Genius 5 (and presumably 6) also uses the ClamAV scanner.
 


Katharine, you had mentioned previously about the desire to find an anti-virus program that also supported some of the older versions of macOS. Norton Security tends to follow along with Apple in supporting only the current and the two prior versions of macOS. The software may still work, but it is not supported.
TKS Ose, thanks for the clarification that Norton Security does not support older versions of the Mac OS. I had been looking at outdated system requirements several days ago. I went and followed the links supplied by my cable provider, confirming what you said, current macOS and two prior versions. I don’t want unsupported virus software on our computers.
 


It's probably just the way you structure the first comment above, but there is no free version of ClamXAV, only a free 30-day trial.
I’ve not tried the current Norton product, despite great experiences with it decades ago before Symantic took over, but I’ve never heard anything but negative comments about it.
Thanks, Al Varnell – as you suspected, my post was not clear. I will try to write better written posts in the future. Thanks for picking that up and the clarification about the ClamXAV free 30-day trial.

I, too, have read many negative comments from users about Norton. My instincts told me to be careful and do more checking before rushing into security software I might regret.
 


I happened to see this discussion on security software and wanted to contribute my experience, perhaps saving others the headache that I’m dealing with right now. Intego’s free VirusBarrier Scanner anti-virus software, available from the Mac App Store, absolutely ruined my Applications folder on a brand-new, clean Mojave 10.14.6 installation running on a 3.2GHz i5 Late 2015 Retina 5K 27” iMac with 32 GB of RAM. I retired about 6 years ago as an Apple Certified Macintosh Technician (ACMT). For 25 years, I worked exclusively with Macs as a hardware/software technician and consultant.

I noticed that at least one review of VirusBarrier Scanner on the Mac App Store had already pointed this out, but when selecting a file to scan (or dragging and dropping a file into the main window), the software stalls and stalls forever before it does an actual scan. It’s not updating its malware definitions, I have no idea of what it’s doing. It just sits there for anywhere from a half a minute to 2 minutes and does absolutely nothing. Then all of a sudden, boom — it starts to scan.

The progress bar in VirusBarrier Scanner is useless. There were approximately 800,000 items to scan in my (large) Applications folder, which took at least 40 minutes to scan. After ten minutes, the progress bar was at 90%, but then it suddenly kept repeatedly jumping backward to 70% every few minutes. This went on and on and on for the rest of the scan, forward and backward, forward and backward, progress bar jumping around all over the place. Impossible to tell where you’re at in a scan with “progress” like this.

After the scan was complete, the software had modified numerous folders on my iMac (even folders that were completely empty to begin with). I hope Intego realizes that backup software often reads modification dates as criteria for backing up.

The worst part: the software sent a bunch of my apps into translocation for some reason. How this could possibly happen is beyond me. Most of the non-Apple apps I double-clicked on after the scan all presented a Gatekeeper-like message saying “this app was created by Intego VirusBarrier Scanner, are you sure you want to open it?”.

Even after numerous restarts, this still happened. I had to completely reinstall my Applications folder from a Time Machine backup to fix the problem. A number of my Mac App Store apps had to be deleted and re-downloaded as well.

All this for simply running a malware scan, and remember that this was a clean installation. I thought I was “safe” downloading from a Mac-only company and using an on-demand scanner such as this one that didn’t install system files, daemons and kexts all over the place. Never again. This software is outright dangerous.

I urge others to be careful downloading Intego VirusBarrier Scanner. This is software that I would consider to be a worse and more damaging piece of malware than the malware it is supposed to look for.

On a happier note, I used the free version of BitDefender (on demand) Virus Scanner from the Mac App Store for years without incident.
My reference to VirusBarrier was for the paid version downloaded from Intego.com. I have no experience with the free version. The paid version has never caused an issue with any of my Macs, and works quite well. It does take a considerable time to scan the ±500GB on my internal drive, which makes sense.
 


Raj

My reference to VirusBarrier was for the paid version downloaded from Intego.com. I have no experience with the free version. The paid version has never caused an issue with any of my Macs, and works quite well. It does take a considerable time to scan the ±500GB on my internal drive, which makes sense.
Yes, I realized that. I have no experience with recent, paid versions of Intego products. A few of my former clients used them many years ago – there were always the usual slowdowns and "A/V software blues" but nothing like my experience. I will never use the free VirusBarrier version again, though. Like I said last week, I found it to be outright dangerous.

I'm in the midst of trying out a number of different A/V products right now, as I do believe malware is something to be very concerned with on Macs as Apple becomes more and more of a major player in the computing world. I tried the free version of Avast for Mac and could not believe how many files it installed on my iMac. The uninstaller still left many files present (even after running it twice) on my computer – it was not an uninstaller by any means. The Avast "uninstaller" left a kext sitting in the StagedExtensions folder which was impossible to remove unless I booted from recovery and ran this Terminal command:

rm -rf /Volumes/Macintosh\ HD/Library/StagedExtensions/Applications/kextname

I would not install Avast on my iMac again for this reason. I'm finding that many of the new A/V software products do not have a quick and simple way to scan a single file (i.e.: simply dragging and dropping a zip file into the main window for those one-off downloads without needing to have daemons, launch agents and kexts all taxing the processor in the background). I'm going to give Avira a try today and will let you know how it goes. It seems to have an easier way to scan single files.
 


Ric Ford

MacInTouch
I'm finding that many of the new A/V software products do not have a quick and simple way to scan a single file (i.e.: simply dragging and dropping a zip file into the main window for those one-off downloads without needing to have daemons, launch agents and kexts all taxing the processor in the background). I'm going to give Avira a try today and will let you know how it goes. It seems to have an easier way to scan single files.
This is an issue for me, too. I believe ClamXAV offered the capability, via right-click to the Services menu in the Finder, but I'm not currently running it. I'd be interested in hearing about any solutions for this need.
 


ClamXav does have a way to scan individual files in the main window when you open ClamXav. It has a Quick Scan and a "Drop Items here" button. I have been a long-time user of ClamXav and have been extremely happy with it. Support is great, too, as I try out the new betas.
 


ClamXav does have a way to scan individual files in the main window when you open ClamXav. It has a Quick Scan and a "Drop Items here" button.
It also still has the right click "Scan with ClamXAV" feature, if you prefer that, as does VirusBarrier Express and probably a few others I don't currently have.
 



So I'm looking for an A/V product for my novice mother. (We live under the same roof, and I'm the tech support.) I already have a subscription for ClamXAV. I'm wondering if I should just use that, or buy her a license for Bitdefender, about which I have also heard great things. Can anyone (AlVarnell?) offer any observations and/or opinions?

I want whatever would be easiest for her. I have no idea how ClamXAV reacts in the event that real-time scanning actually finds something. I'm around to help her clean up any missteps, but it would be nice to help her avoid the need for cleanup in the first place.
 


So I'm looking for an A/V product for my novice mother. (We live under the same roof, and I'm the tech support.) I already have a subscription for ClamXAV. I'm wondering if I should just use that, or buy her a license for Bitdefender, about which I have also heard great things.
I can’t adequately address the use of any of the paid versions of BitDefender, as I’ve only tested the free version from the App Store, which is hampered by Apple rules. I know it has performed well in AV testing against the others that allowed their product to be tested. The low-cost version is the same price as ClamXAV in the first year but escalates after that.

You can use your home ClamXAV subscription for up to three computers under the same roof, so it would be free for her to download and install then use your license.

Malwarebytes does a decent job, even the free version that lacks real-time scanning.

DetectX Swift is shareware for home use and is also competitive in this group of low-impact, anti-malware software offerings. There is no real-time component, so it must be run periodically.

Full disclosure: I’ve worked (uncompensated) with all three of these developers for a decade or more in various capacities.
 


Ric Ford

MacInTouch
Here's another Mac antivirus software review:
PCMac UK said:
Avast Security Premium (for Mac)

Pros

Certified by one independent testing lab. Speedy full scan. Useful bonus features. Ransomware protection. Wi-Fi intruder detection.

Cons
Doesn't add much to free edition's features. Expensive. Poor scores in phishing protection test. Password manager includes only basic features.

Bottom Line
Avast Security Pro (for Mac) adds ransomware protection and Wi-Fi intruder detection to the features found in Avast's free antivirus, but these additions don't merit its high price.
 


So I'm looking for an A/V product for my novice mother.
I have always been of the opinion that a single anti-virus product by itself is insufficient for protecting one's devices. Instead, it is necessary to overlap protections, looking at the vectors these threats arrive on. This means:
  • Blocking ads and ensuring privacy when browsing the internet by turning on privacy settings within all browsers and using plug-ins such as uBlock Origin and Ghostery.
  • Turning off the ability for photos and trackers to automatically load in email. This should be done both in email applications as well as with online web accounts.
  • Create a separate administrative account with superuser/administrator access for installing applications and updates. User accounts should not have those privileges.
  • Set DNS at the device or router level to one of the known secure services, such as Cloudfare's 1.1.1.1 (and its backup 1.0.0.1).
  • Turn on the device's firewall protections. Even if just to the default settings.
Perhaps others here may have additional suggestions. With the above in place, any good anti-virus program that scans files, as they are copied to the drive or might get past the above lines of defense, should suffice.
 



Ric Ford

MacInTouch
I'm finding that many of the new A/V software products do not have a quick and simple way to scan a single file (i.e.: simply dragging and dropping a zip file into the main window for those one-off downloads without needing to have daemons, launch agents and kexts all taxing the processor in the background).
I don't think it qualifies as avoiding background processes, but F-Secure Safe does at least let you choose a file, or folder, or set of files/folders to quickly scan. (And there's an Uninstall app.)
 


So I'm looking for an A/V product for my novice mother. (We live under the same roof, and I'm the tech support.) I already have a subscription for ClamXAV. I'm wondering if I should just use that, or buy her a license for Bitdefender, about which I have also heard great things. Can anyone (AlVarnell?) offer any observations and/or opinions?
I want whatever would be easiest for her. I have no idea how ClamXAV reacts in the event that real-time scanning actually finds something. I'm around to help her clean up any missteps, but it would be nice to help her avoid the need for cleanup in the first place.
Since there are no known viruses for Macs [see below —MacInTouch], the only app you need to get for your other is Malwarebytes. The paid version can be set up to run in the background. It will protect from all adware and malware. Or you can use the free version and run it occasionally, like once a week.

If you visit the Apple Support Communities you'll find post after post describing how the anti-virus and cleaning apps have trashed their systems and severely compromised performance.

Under no circumstances install and run "cleaning", "optimizing" or "speed-up" apps?
 


Ric Ford

MacInTouch
Since there are no known viruses for Macs...
That seems more than a little misleading. Whether or not "virus" as an extremely specific manifestation of malware has been prevalent in recent years or not, there have been plenty of Mac malware infections, documented here on MacInTouch and all over the web.
That said, I won't argue that antivirus software (and especially sleazy "cleaners") can't be a cure worse than the disease. And Apple is certainly doing quite a bit to combat malware, though it has also made some shocking blunders and created much confusion, as well.
 


While "viruses" (malware that spreads from app to app on a single computer) and "worms" (malware that spreads between computers over networks) are rare on the Mac platform, they're not unheard of. Fortunately, the standard security model in modern releases of macOS makes it extremely difficult for this kind of malware to spread without assistance from an authorized user.

But there are many more kinds of malware and infection vectors than that. There can be compromised applications (frequently when downloaded from untrusted sites, but occasionally from trusted sites like the original publisher as well), infected documents (usually exploiting security holes in application scripting), and hardware vulnerabilities (e.g. Thunderstrike). These are not technically "viruses", but they have similar effects on users and are generally dealt with in the same way (antivirus software and/or specialized cleanup tools).

The fact that macOS has far less malware than other platforms is partly due to lower popularity, but is also in a large part due to the OS's security model. In addition to UNIX-standard security, macOS employs features like SIP, Gatekeeper and Notarization to help catch potentially dangerous software. A user with the password to an administrator account can override these safeguards, but the very fact of requiring a positive action (not just clicking "OK") means software that spreads on its own (viruses and worms) will be much more difficult to implement, especially if the user keeps the OS and application software up to date with the latest security patches.
 


Ric Ford

MacInTouch
Since there are no known viruses for Macs...
That seems more than a little misleading. Whether or not "virus" as an extremely specific manifestation of malware has been prevalent in recent years or not, there have been plenty of Mac malware infections, documented here on MacInTouch and all over the web.
In fact, here's a particularly timely update...
Malwarebytes Labs said:
Mac threat detections on the rise in 2019 - Malwarebytes Labs
Conventional wisdom has been that, although not invulnerable to cyberthreats (as some old Apple ads would have you believe), Macs are afflicted with considerably fewer infections than Windows PCs. However, when reviewing our 2019 Mac detection telemetry, we noticed a startling upward trend. Indeed, the times, they are a-changin’.

To get a sense of how Mac malware performed against all other threats in 2019, we looked at the top detections across all platforms: Windows PCs, Macs, and Android. Of the top 25 detections, six of them were Mac threats. Overall, Mac threats accounted for more than 16 percent of total detections.

Perhaps 16 percent doesn’t sound impressive, but when you consider the number of devices on which these threats were detected, the results become extremely interesting. Although the total number of Mac threats is smaller than the total number of PC threats, so is the total number of Macs. Considering that our Mac user base is about 1/12 the size of our Windows user base, that 16 percent figure becomes more significant.
 


[FYI:]
AV-Test said:
Test antivirus software for MacOS Mojave - December 2019
During October and November 2019 we evaluated 11 home user security products for MacOS Mojave. We always used the most current version of all products for the testing. They were allowed to update themselves and query their in-the-cloud services. We focused on malware detection, false positives and performance.
Tied for #1:
  • Airo 1.0 (new this year)
  • avast Security 14.2
  • AVG AntiVirus 19.4
  • BitDefender Antivirus for Mac 8.1
  • ClamXAV 3.0
  • Kaspersky Internet Security 20.0
  • Norton Security 8.5
  • Trend Micro Antivirus 10.0
 




[FYI:]

Tied for #1:
  • Airo 1.0 (new this year)
  • avast Security 14.2
  • AVG AntiVirus 19.4
  • BitDefender Antivirus for Mac 8.1
  • ClamXAV 3.0
  • Kaspersky Internet Security 20.0
  • Norton Security 8.5
  • Trend Micro Antivirus 10.0
I wonder that Intego's VirusBarrier is not included in the testing results.
 





What about Malwarebytes?
I can only assume that Malwarebytes did not agree to be tested. I don't have sufficient details about the testing methodology to speculate why, but typically these tests are stacked against anti-malware software that lacks the ability to scan every file in any location.
 


I want whatever would be easiest for her. I have no idea how ClamXAV reacts in the event that real-time scanning actually finds something. I'm around to help her clean up any missteps, but it would be nice to help her avoid the need for cleanup in the first place.
We use ClamXAV in our household, and – wonder of wonders! – my partner (who is somewhat non-technical, perhaps like your Mom) actually had ClamXAV find a virus on her Mac Mini.

I honestly don't remember the virus, or the exact error message that came up, but I do remember the UI was pretty straightforward: basically, "We've found a virus, it's this type, it's at this location, do you want us to remove it?") Seemed like a pretty concise set of information and instructions to me.

After she got this message from ClamXAV, my partner called me in, and we gave the OK for the virus removal. I remember Googling the virus type afterwards; it was a Mac virus. I searched around the Mac Mini for any of the reported directories the virus created if activated; I didn't find any of them. I've assume that meant that ClamXAV detected it before we did something to cause it to deploy.
 


After she got this message from ClamXAV, my partner called me in, and we gave the OK for the virus removal. I remember Googling the virus type afterwards; it was a Mac virus. I searched around the Mac Mini for any of the reported directories the virus created if activated; I didn't find any of them. I've assume that meant that ClamXAV detected it before we did something to cause it to deploy.
It's certainly feasible that the malware was discovered after download and before it could be installed, by ClamXAV's Sentry real-time scanning function. But if it was discovered during a manual or scheduled scan as already installed, ClamXAV will attempt to remove all active components of the infection, even if it only reported finding one.
 


Today an alert noted a new version of ClamXAV was available. After I allowed the update, ClamXAV scanned and detected malware. I only partially remember the name, which was something like "calculator nnnnn" where nnnnn is a series of characters (numerals?).

Before allowing ClamXAV to do anything else, I scanned with Malwarebytes 4.0. Malwarebytes did not detect anything. ClamXAV offered to move the malware to the trash. I clicked OK. It seems the malware was immediately deleted, since nothing appeared in the trash and a subsequent scan with ClamXAV found nothing.

I found this information which I assume describes the malware:

<https://www.pcrisk.com/removal-guides/14990-fake-calculator-malware-mac>
 


Today an alert noted a new version of ClamXAV was available. After I allowed the update, ClamXAV scanned and detected malware. I only partially remember the name, which was something like "calculator nnnnn" where nnnnn is a series of characters (numerals?).

Before allowing ClamXAV to do anything else, I scanned with Malwarebytes 4.0. Malwarebytes did not detect anything. ClamXAV offered to move the malware to the trash. I clicked OK. It seems the malware was immediately deleted, since nothing appeared in the trash and a subsequent scan with ClamXAV found nothing.

I found this information which I assume describes the malware...
Most important, the information you found is like most similar instructions, an ad for some PUA application. Do not download Combo Cleaner under any circumstances. The description of the infection is probably accurate.

There were several other reports of Calculator being found by other users today, and I suspect it was due to a new definition rather than the new ClamXAV version, but I’ll need some time to confirm all the detail.

It would help if you could check the scan log at the time you found it and give me the exact infection name, including those numbers.
 


I only partially remember the name, which was something like "calculator nnnnn" where nnnnn is a series of characters (numerals?).
As I suspected, there was a new signature added to the ClamXAV database yesterday, but it was for "PUA.OSX.Mac-Auto-Fixer" without any numbers, so may have been different from what you found.

But just in case, it appears that the signature mistakenly removed the folder
/Users/UserName/Library/Applications Support/Calculator
which has a single file named FinancialRates.plist which might cause issues with the real Calculator's ability to convert foreign currency, although mine is from 2004 and clearly does not show current rates. I suspect it is probably left over from a legacy OS X.

The signature has been updated to not delete that folder, so hopefully nobody else will see that issue now.
 


The product was tested in June of 2019. It did not have great performance. When I go to the Intego web site, I notice there has not been a press release since 2016. Between the two, perhaps it was time to give them a break and test other products.
Intego continues putting out updates to their software. I just checked and they had some. When I looked at their most recent rating, the total for the three criteria was 17 rather than the highest possible of 18. When I went back and looked, I see the lowest rating on any of their three criteria since June 2018 is a 4 out of 6, so either they may need to revise their scale or there is not a lot of difference among products.
 


As I suspected, there was a new signature added to the ClamXAV database yesterday, but it was for "PUA.OSX.Mac-Auto-Fixer" without any numbers, so may have been different from what you found.
But just in case, it appears that the signature mistakenly removed the folder /Users/<UserName>/Library/Applications Support/Calculator which has a single file named FinancialRates.plist which might cause issues with the real Calculator's ability to convert foreign currency, although mine is from 2004 and clearly does not show current rates. I suspect it is probably left over from a legacy OS X.
The signature has been updated to not delete that folder, so hopefully nobody else will see that issue now.
So, I just installed ClamXAV from a fresh download of the installer from the site and a Quick Scan revealed the PUA.OSX.Mac-Auto-Fixer file. I deleted. I do not now have the folder or plist file you note.

Are you saying these two items were on the computer from way back? Now that they are no longer there, is that an issue for Calculator and how it functions?

Thanks for this info. I was concerned about where this Mac-Auto-Fixer came from but couldn't track it down. It didn't make sense that it should be there in terms of recent downloads, including email, I had done; everything seemed safe. DetectX Swift and Malwarebytes had not detected these items.
 


So, I just installed ClamXAV from a fresh download of the installer from the site and a Quick Scan revealed the PUA.OSX.Mac-Auto-Fixer file. I deleted. I do not now have the folder or plist file you note.
I should have noted I installed ClamXAV and deleted the folder/file before I had seen Al's post.
 


ClamXAV will attempt to remove all active components of the infection, even if it only reported finding one.
Is that to be taken as potentially removing more than the user would want or expect to be removed, such as removing an entire mailbox full of messages when only one individual message is infected?

Or am I thinking of a program like Thunderbird that complicates such removals by not storing mail on a per-file basis (at least by default?)
 


Intego continues putting out updates to their software.
But if their last press release was in 2016, that would seem to indicate they are in maintenance mode, as opposed to adding new innovations to keep pace with the many ways the Mac has changed since then. I wanted to consider them, based on their reputation for UI polish, but unless things change, I just can't.
 


It's worth noting that BitDefender has a free AV scanner, which one runs manually. I personally prefer periodic manual checks over the potential drawbacks of running autonomous system-wide processes. Before scanning, it updates a huge definitions database.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts