Malwarebytes

You've got it wrong: The app you're talking about is "Adware Doctor" (see https://9to5mac.com/2018/09/07/adware-doctor/).

Since then, apps by Trend Micro have been found to do the same (see https://9to5mac.com/2018/09/09/additional-mac-app-store-apps-caught-stealing-and-uploading-browser-history/).

I have yet to hear this reported for Malwarebytes.

Malwarebytes was never sold on the App Store, so no idea what you're talking about. Perhaps you're referring to Adware Doctor (as Robby-is-on pointed out). Maybe do a little bit of research before spreading FUD?

You're right, I was wrong, and I apologize. I did do research the day the news broke of Apple pulling the spyware app, but somehow I got mixed up about the name similarities and changes. Again, I apologize to Malwarebytes and thank you for pointing out my error.

I use Little Snitch, and it has not noticed any phoning home by Malwarebytes. If you are concerned about app doing so, I recommend Little Snitch.

I recommend that you open the application and directly click on the help file menu. From here, you would need to click on uninstall.

Oops -- the two urls I referred to about 11 paragraphs down (this was a long slog for sure) were:

1. https://www.pcmag.com/article2/0,2817,2487706,00.asp
A review by PC mag's Neil Rubenking

2. https://www.av-test.org/en/it-security-product-overview/
Independent appraisal by av-test.org

Sorry about that. This, by the way, is my first review. I hope it helps somebody, as reviews here have helped me so much. Frankly I hope it saves somebody the time it takes to see through Malwarebytes' unfortunate marketing claims. Thanks for reading.

and how much is ClamXAV paying you for this typing?

I know! The price of this app is really steep.

I just download it from MacUpdate.com (https://www.macupdate.com/app/mac/52105/malwarebytes) and ClamXAV gave me the same warning and it moved the " .pkg" file right to the trash.

I submitted a screenshot of your comments and my comments to the author (Malwarebytes support). They replied with: "This is an automated email just to let you know we received your request and created ticket 2239506 for you".

I'll keep everyone informed.

I tried alerting MacUpdate via their support form. But I'm not sure if anything really happens after you click the button.

Thomas Reed (Malwarebytes Support)
Feb 22, 11:54 PST
Bruce,
I can confirm that here. This appears to be a false positive in ClamXav. We're communicating with the developer of ClamXav on that now.
Thanks for alerting us to this problem!
Thomas

Might you know what the minimum OS version is for it?

This is not true. Malwarebytes for Mac still offers the same protection it always has - manual scanning and removal of detected threats - for free. The only thing that costs money is the real-time protection feature, which proactively protects against threats.

Further, Malwarebytes for Mac does detect malware, as it always has.

of COURSE it has background processes running 'all the time' - the new version is an active scanner - it doesn't only run when the user does a manual scan - it's now like VirusBarrier or NAV for Mac

to Scion777 - yes, I know it's supposed to run in the background, however I noticed that it seemed to use a lot of memory and resources - more than I thought it should. When I uninstalled it, then restarted, the CPU usage when WAY down. That's why I suspect this program is using memory in a manner that's very inefficient.

Was that MacroSatan?

I agree. I could not find anyway to disable the trial version.

The application itself will not run without the hidden daemons also running. I'm not sure I trust them at all to make connections to their mothership or wherever else, without a full explanation. I also am not sure that they aren't creating new attack vectors with their constant scanning. I won't reinstall this product until they offer a version without the "trial" features.

Yes, disappointed to discover that there's no deactivate trial button...just wording on what'll happen if I do....

I'm not sure that I understand the desire to disable the trial. Can you explain?

Malwarebytes for Mac still offers the same protection it always has - manual scanning and removal of detected threats - for free. The only thing that costs money is the real-time protection feature, which proactively protects against threats.

If you wish to turn off the real-time protection feature - the only difference between trial and free modes - during the trial, it's very easy to do so.

I fully agree!
RiP Malwarebytes 1.2.6!

From the sounds of it, your system must have had some issues, and Malwarebytes must have tripped over them. This is not a normal experience. We've had no reports of such behavior. Further, there is absolutely nothing Malwarebytes would have done to ruin your Little Snitch rules. Malwarebytes does not conflict with or falsely detect any components of Little Snitch.

Please keep in mind that our product support is always there and ready to help, and we would want to hear about this kind of thing.

Nice of you to say "Your system must have had some issues." WTF? I had a perfectly running system without any hit of troubles. I run Etre Check regularly, and had run the OLD Malwarebytes regularly too. I had no signs of slowness, no programs quitting or freezing, and all my apps worked nominally. UNTIL I tried to UNINSTALL MalwareBytes. Then I had this difficulty. So your idea is to blame my system.- which you never inspected or had any information about? Are you really a legit developer to say this to a (former) user?

How about you design a program that doesn't give us troubles and then we'll talk, ok Mr. Developer?

Very difficult to uninstall. I don't know why the developer would release something that just pisses off customers. Why would I buy this?

I uninhibited this application because I use Clean My Mac X which does very well this job and even more. Thanks
Alain

Runs fine for me I run this on High Sierra, Mojave and on 3 Windows 10 machines, and honestly I love the app, no issues. Not sure what the cause is here... I know I've had similarly frustrating situations with the likes of Sophos for Mac, never being able to purge a keychain instance without a very very lengthy and frustrating effort, which required enabling Root... Sorry to see it take such a bad turn for you here! One thing I've learned over the years is to have a second "clean" user account on your machine that you can back out into when something like this happens and you can then do some trouble shooting from a "Clean User" instance.

2.2.7 must be last release of AdwareMedic. Softpedia shows the last release was v2.2.6 in Jun 2015. Malewarebytes Anti-Malware version 1.0.1 was released in Jul 2016 . The last release of version 1 was 1.2.6 in Dec 2016 and now they skipped v2.

Version 3.x is still free. They are allowing you to use the premium features free for one month. From their PDF manual:

If you elect to use the Trial and do not wish to purchase a Premium subscription at the end of the trial, your Malwarebytes program will revert to Free mode. The only differences will be that the added features enabled by the trial will cease to function. All other functionality remains unchanged.

Here's how to deactivate the trail version and make it their free version from the start: https://support.malwarebytes.com/docs/DOC-1033

You'll get the same functionality as before with the free version. The subscription-based premium version includes real time protection, i.e. a sentry function with preemptive blocking of malware, auto-updates etc. And PS: why only one star? Downvoting a great free app just because they enhanced functionality and would like some money for that premium version? You're actually hurting the developers with this behavior.

It IS still free. We're giving you a free 30-day trial of ADDITIONAL functionality in 3.0. If you don't want to pay for that, you don't have to, and you'll still be able to use the same functionality - manual scans and removal of all detected threats - as you had in the previous versions.

I cannot deactivate demo. I do not find at least where. If I can deactivate the scanner in real time, but nothing to deactivate demo. He is the same?
He would have been perfect if the installer offered the possibility of not installing the extras. Having a anti-virus, they are more programs competing by the resources of mac. And it slows down everything.
In its previous version, it was a complement to the anti-virus that in addition does not overload anything, since it was executed manually. Even though also it installs a demon always working.
It seems to me that I am going to erase everything manually what has the name of malwarebytes making a search with easyfind. It is what its developer looks for?

Macs are still virus-free.
Malware and "viruses" are not the same things. Malware doesn't self-propagate. It's on your computer because you installed it, either by being mislead or by being silently included along with something else.
And I don't mean that with judgement. It's simply a fact.
Avoidance of malware is not a technological thing. It's about being suspicious of everything that comes into your computer. It's about "is it really a PDF?", "did my bank really send this to me?", "is this really a video codec for porn?". It's about going to adobe.com to get Adobe Reader or Flash Player rather than clicking a button because a page said to. It's about doing Google searches of everything you're going t install, with the word "malware" in the search, BEFORE you install it. MalwareBytes itself is not malware-prevention. It's a remover to clean up afterwards.

Thanks for moralizing! :-D
I'm perfectly aware of all that you wrote, being an ex-computer engineer and curing macs and pcs all around town probably before you were born. ;-)
If adwares targeted to Macs were science fiction a few years ago, it's not impossible now that sooner or later there'll be viruses too. Who can say it will never happen?
In fact, I was amazed that I — "oh no, not me !" ;-) — got that thing installed, so figure what the less knowledgeable people get!
Recently I've cured a friend's Macbook paralyzed by LaunchAgents she can't remember having installed, and she never goes to porn sites, piratebay or the likes...
I let you watch your safe-porn, Mr Know-All. ;-)

Aargl, you need to take a giant chill pill! Here's one for ya: http://is.gd/GoTzqf

Your attack on Xenedar was completely unprovoked and unseemly.

They made it perfectly clear (to most people) that they were NOT "moralizing" or criticizing, by stating "I don't mean that with judgement. It's simply a fact."
However, YOU unjustifiably felt it necessary to attack and cast aspersions on THEM.

Despite your air of superiority, the mere fact that you ended up with malware on your computer shows that (regardless of your boasted years of experience) you may not be as proficient as you proclaim to be.

You owe Xenedar an apology.


As for your friend's assertion that she "never goes" to porn or piracy sites: As the late Charlie Rich said: "no one knows what goes on behind closed doors."

If anyone asks me, I never go to them either. ;-)

Well, if you only know people who never fail, I'm glad for them and for you... :-D
I'm just saying that all around me I only know people who use pcs or macs without being geeks or even prepared to use them, so it's very likely they will click "ok" when they shouldn't... and when something bad happens they have no other resource than find a knowledgeable friend to help them.
You're probably right that people should have a "computer driving license", but that's not what happens in real life. ;-)
So my initial review was not meant for all of you, wise computer masters, but to reassure beginners on the efficiency of this software. I'm sure many of them come to Macupdate too.
Blaming someone who knows nothing about computers because they did something wrong they can't even remember is useless and rather stupid, in my opinion, I always prefer helping them.
If you've got time to lose, writing all those true but useless thoughts on "Are there viruses on Mac?", I think that's just sterile, but I don't really mind. ;-)

Guys, we all know people in our lives like @jamesdeanappleeater's parents. We need to be careful of taking a blanket position that avoidance of malware is mainly just a question of people not reading instructions carefully and exercising reasonable decision making when it comes to selecting Ok vs Cancel, or in general, the software we install, and where we get it from.

The users on this MacUpdate forum for the most are technically knowledgeable with far more computer experience than most, representing (just throwing out a figure) maybe 1/10 of one percent of the population. What seems 'obvious' to us, like "read the instructions', "only download direct from the developer's site', 'know your source', and so on, is NOT necessarily or always obvious to the other 99.9% of the general computer using population.

By its nature, malware (and I'm including in this crapware, bloatware and PUPs) is created and propagated with the intent to DECEIVE. There is no technical, moral or legal reason that any malware must advertise its presence, state its purpose in clear understandable language or even offer the opportunity to Install or Not install. That malware will always present itself with even the OPTION to not install itself is a very dangerous assumption.

@jamesdeanappleeater: brought up the example of his parents. everyone of us on this thread have family members or friends just like his parents, and we on this thread are probably the 'techie' person others in our family turned to when they have a problem. It is a bit naive IMO to make the case that if his parents (or just anyone of our own family or friends) simply READ the instructions, they wouldn't need to ask our help or be afraid to take action. again, I'm not making this about @jamesdeanappleeater's parents, you could fill in with any person we know in our lives that fit the same mold.

Just recently, Intego sent out a report of a new Mac malware that parades itself as a Flash update.
https://www.intego.com/mac-security-blog/fake-flash-player-update-infects-mac-with-scareware/
The software is even signed with a legit Apple signature. So it passes the Gatekeeper firewall. To the general population of computer users. it very closely mimics the same look, feel and procedures as a real Adobe flash update, using 'normal, simply English'. In this scenario, even after reading all the language, "reasonable people", like @jamesdeanappleeater's parents, might make the decision that they will not 'bother' to call the 'techie' in the family and ask if it is alright to proceed. And they will click 'OK'.

First of all, let me be clear, I am NOT in any way ridiculing his or anyones parents or making derogatory remarks. If anything, I am saying his parents are representative of many of my friends and family, and probably everyone reading this thread would say the same that they know people just like that.. People who have been shell shocked, warned not to do this or that on their computer, and conditioned by years of hearing about threats and viruses, and malware, stuff that at a technical level they don't really understand the difference, how it propogates, etc, that they are almost paralyzed with fear to do anything without first calling their son or the designated 'computer guy' in the family.

And you know what? that's OKAY with me that they keep coming to me and asking, because like this new Flash scam, they can read all the 'normal, simple English', and it all seems very clear and legit, and still be a total scam. And again, that even assumes that malware even offers the opportunity to refuse installation. There is NO technical reason that malware can't be installed silently as part of a larger install of what appears on the surface to be legit software. Once you enter your password, you have opened the door to whatever that install wants to do. For all the criticism about the Mac App Store, I for one believe it has done a great deal to reduce the risk of mailcious software. My wife is extremely intelligent, with a Master's Degree and successful professional career, but she is not a computer techie, and doesn't care to be, or want to be, or profess to be. Prior to MAS, she was always asking me, "is this program safe? is it okay if I buy and download it from this site?". After having been bitten too many times by crapware, malware, bogus ware, etc, she was paralyzed to do or install anything without consulting me. Now with MAS, thanks to the vetting process, the availability of reviews from REAL users, she now buys software on MAS, with much greater confidence, and I don't feel she needs to check with me every time she finds something she wants to try. Is MAS perfect? No. Can bad stuff still get through? Sure, but it it far better than no vetting process at all.

So, 1) don't assume that malware must always make its presence known and provide an opportunity to cancel installation; this is MALWARE people, it doesn't have to play by civilized rules. 2) like the Flash malware scam that's come out, don't assume that clear, simple instructions will always lead towards making the right decision. It's meant to deceive, and lay people who don't work with computers for a living, can be deceived.
3) because lay people can be deceived, never try to discourage them from coming to you when they are in doubt. Don't make them feel bad for coming to you or make them feel dumb. Believe me, it takes FAR MORE time to clean up an infection for them later than the little amount of time it would take if they had just stopped to ask you in the first place before proceeding with what turns out be mailcious.

This week it was discovered that copies of the popular program Transmission were infected with ransomware, named 'Keyranger'. It was embedded in the installer of what to all eyes was a legit, safe installer/program downloaded directly from the developer's site. The ransomware was code signed.

http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/

The argument stated in this thread that adware/crapware/malware can be avoided by carefully reading and researching what you install, and that people who get infected are people who can't read simple 'English', can't understand Install instructions and don't know the difference between OK and Cancel,...well that is totally wrong! There is no technical reason what happened with Transmission can't't happen again and again and again.

Malware doesn't have to advertise itself, it doesn't have to give you a choice to Ok or Cancel, it doesn't have to 'play by the rules'. It doesn't have to explain what it intends to do in simple, clear English. By nature, it is there to DECEIVE. You can argue the fault is the developers of Transmission for having lax security and allowing their app and web site to get compromised. To some degree yes, but are you willing to stand there and say I don't need to malware detection software because i TRUST the developers of the apps I use to secure their web sites, and their installers? In any software company, are you sure they have procedures to make sure maiicious code isn't being injected into the code base? Or maybe they are cocky and think, we're on Macs, who cares, it won't happen to us. Software these days can be THOUSANDS and MILLIONS of lines of code, no one person can understand it all. Whether by error or by intent, it wouldn't take much for malicious code to be introduced into any software package. Donwloading direct from a dev's web site isn't 100%j insurance, as the situation with Transmission clearly demonstrates.

This is life in the modern cyber world, no one is immune, not Linux, Mac, Windows, iOS, Android or xyz of the future. I;m not here to argue what product is best, worse, that's up to you, I'm just saying even if you think you practice 'safe computing', don't let your ego get in the way. anyone is vulnerable.

If you use Transmission, and upgraded to version 2.90, BE SURE TO READ THE ARTICLE AND GET THE UPDATE AND CHECK YOUR SYSTEM FOR KEYRANGER MALWARE. And by the way, as of this date, MalwareBytes did NOT detect Keyranger, either as part of the Transmission install package, or detect it after running the infected Transmission app. I tested it inside a Virtual machine just to see.

Yup,

I was lucky - I installed Transmission 2.90 before the download got infected.

Had I downloaded it a few days later, I could have become a victim to ransomware. PHEW!
Thankfully, I keep a lot of backups so I wouldn't have lost much by erasing the drive and cloning it from one of last night's.

BACKUP! BACKUP! BACKUP! BACKUP! BACKUP! BACKUP! BACKUP! BACKUP! BACKUP! BACKUP! BACKUP! BACKUP!

(can't say it enough)

The - what can only be nebulously referred to as - "logic" surrounding the Transmission breach is just plain fascinating. The thought process seems to be "since one app developer was breached severely in an extreme and highly unusual way, there's no point me ever paying any attention to what I'm putting onto my computer."
The Transmission breach was EXTRAORDINARY. It was accomplished by incorporating the malware into their source, which was then compiled and signed BY THEM inadvertently.
The real world analogy is that someone stole a real ID from your electricity/water/phone company, had plastic freaking surgery to look like them, showed up at your front door, you checked their ID and let them in. And then they stole your sh*t.
Do I have to say again how outright, flabbergastingly UNUSUAL the Transmission incident is?
Should you still check identifications before letting people into your house? Yes, of course you should. Are you going to just let in anyone because one time one thing happened once, and now doing anything sensible is just pointless? No, don't be utterly stupid.
And yet, people are determined that it means they bear no responsibility for what goes onto their computer the other 99.99999999999999999% of the time.
What it says is the exact opposite. It says that you need to be prepared for if/when even KNOWN REPUTABLE software goes rogue (e.g.: let's say uTorrent's sidebar becomes a vector for side-loading software into the main app or into your profile, or Google's Chrome Store gets breached and a compromised extension update goes out). You need to be vigilant and you need to have a backup.
Everything I've ever said is simple Digital/Online Stranger Danger, and it baffles me that people are determined to argue against basic common sense. Would you be alarmed if your child argued against what you teach them about real-world Stranger Danger? "But daddy, if a stranger might somehow miraculously guess the password anyway, there's no point me asking for it at all." Would you just not bother teaching them because, hey, even if you teach them well, some absolutely extraordinary "struck-by-lightning"/"won-the-lottery"-level unlikely confluence of circumstances might mean they're taken anyway?
And yes, NOW I'm moralizing. Because frankly, some people asked for it and deserve it.
To summarize: don't be an idiot. Treat entrants into your computer with at least the same caution as entrants into your house.

I don't think anyone is saying that just because the Transmission situation was unique and unusual that you don't need to be careful. I'm saying the exact OPPOSITE. I'm saying you can be careful, careless, smart, dumb, knowledgeable or ignorant and you can STilL have sh&t happen to you. Whether you are a computer 'expert' and practice 'safe computing', or a complete novice, there is no reason NOT to use Malware protection.

Okay, so the Transmission case was extraordinary and unique. Here's something just came out recently. It is not about a program that went rogue and was compromised at the source. It is about a new program created from scratch with no other purpose than to be malware.

https://www.intego.com/mac-security-blog/eleanor-is-dangerous-mac-malware-that-can-steal-data/?utm_medium=email&utm_source=security_alert&utm_campaign=security_alert_eleanor_20160707&utm_content=screenshot

At one point this was AVAILABLE ON MACUPDATE, until its true purpose became evident. We can ask, how did it get through gate keeper? Well, as I've been saying , there is no technical obstacle to creating a program like this File Converter 'app'. Anyone can register with Apple as a developer and provide enough info, bogus or otherwise, and obtain a valid signature. You can write a malware program, complete with valid signature, and get it posted in a dozen places, from MacUpdate to fake developer sites, 'industry review' sites, that look very legit etc.

By the time anyone realizes its malware, there is little chance of catching the culprit. There are dozens of ISV developers right now working out of Russia, Eastern and Central Europe, all producing perfectly code signed software. Fortunately, the vast majority are hard working, honest ISVs. But what would prevent any of them from suddenly turning out malicious software, either intentionally or by being compromised, like Transmission was. Again, this File Converter malware recently discovered, there is no technical reason why another situation like that can't be repeated over and over again, code signed or not.

Now we can argue all we want about how people need to be careful, use common sense, treat software like you would a stranger coming to your door (all of which I agree with), but you will still have people that get bit. People aren't supposed to get accidentally shot either if they are careful, but still people do.

When bad things happen to good people, it doesn't necessarily make these people stupid or idiots, and we shouldn't make such blanket conclusions. We have to remember, what is obvious to us on this forum as the top 1/10 of one percent who are computer knowledgeable and experienced, is not necessarily obvious to the other 99.9%. Now you can argue all you want that the people who downloaded the File Converter malware program should have been more careful, okay if you take that position, then no one would ever try ANY new program.. Every new program on the market MIGHT be malware, just like this File Converter app. After all, when a new software company starts up , or new apps come out, what does ANYONE really know about them or the program? At some point, somebody has to be the first to try it. Like the old days when monarchs would get assassinated by being poisoned. Bring in the food taster, let him eat it, if he is still standing after five minutes, then I'll eat.
Well, Malwarebytes is my 'food taster'!

My wife has a Masters Degree, a very successful professional career, and is very smart. No one would dare call her ignorant, stupid or carelless BUT she is not a techie, doesn't want to be, doesn't care to be, doesn't have the time to become one. Fortunately she has me to ask "is this program okay? Is this legit?" Is this a scam?" But some people don't have that person in their lives, and even if they do, I can't be there to protect her every second. For all the hate that people have against the App Store, one thing it has done is provide a first line of defense against crapware and malware. My wife is so much more confident now making her own software decisions and buying programs on MAS, being able to read reviews from other uses and so on. It has liberated her from being totally dependent on me to make decisions for her about what to buy. MAS isn't perfect and can't protect against everything, let alone just plain software that doesn't work well, (not malicious, but just plain sucks), but it's SOMETHING.

We can agree to disagree on whether avoiding malware or viruses is just a matter of common sense or being prudent, and people should be more careful and so on and all of that can be true, and even if we agree some people are just plain dumb and got themselves into trouble, that's still no reason not to recommend that people use antivirus and anti malware protection. Because careful and smart people still get hurt sometimes.

Life is full of things we have put in place to save people from themselves, from their own carelessness, ignorance or stupidity. We have safety locks on guns, child locks on car doors, and dead bolts on our front doors, and yet people still get accidentally shot, children still get hurt in cars, and people still get their homes broken into. Do we take away people's guns, cars and homes cause they might be dumb or careless that one time, no of course not.

I have seen a report that Snort (used by some AV software to filter network connections) has a rule that is triggering on our user-agent string. (This is a string sent to web servers to identify the browser.) This would appear to be triggering because our user-agent string, which begins with "Malwarebytes," contains the word "malware."

We have attempted to contact the folks behind Snort, but have yet to receive a response.