No wonder they moved on to High Sierra. Thanks again, XKCD.
Yes Virginia, Macs do get viruses. By 2017, McAfee said they have detected over 700,000 malware strains so far. The lion’s share of Mac malware is adware. It’s certainly better to get infected by adware than ransomware (although Mac ransomware is a thing, too). But adware is also something you want to get rid of. Some adware can engage in spyware actions which violate your privacy and put your sensitive data at risk. All malware pretty much uses CPU cycles and memory which can be better allocated toward the applications you actually want to run!
Now that the “Macs don’t get malware” myth is gradually starting to fade away, it’s likely you will be called upon to remove malware from someone’s Mac.
My Windows malware removal post was very popular. I said I would write similar posts for other computing platforms if people liked the Windows one. So, I’m a woman of my word and I aim to please.
Before I start recommending programs, I’ll show you a couple of little procedures I was taught that may help users and tech support with very mild forms of Mac malware. If a user’s Mac behaves suspiciously, I would try these steps first first and run malware removal applications as your second step.
This is what you can do if a user’s Mac gets “you’ve got a virus” scareware in their web browser. (This applies to any web browser in macOS, not just Safari.)
Close the web browser right away. The user can always retrieve the tabs they were using later.
Open the Downloads folder. Drag every installer file and unfamiliar file into Trash. Empty the Trash. Then relaunch the web browser. If you don’t see the scareware pages again, chances are you removed the web malware. But I would still run malware removal tools afterwards.
Here’s something you can try if you see the UI of an app that you suspect is malicious. Note the name of the app. Then try to close it. If you can’t close it and are forced to drag the window elsewhere, that’s a good reason to be suspicious. Open the Utilities folder and launch Activity Monitor. Look under All Processes for the name of the suspicious app or anything else you don’t recognize. Click Quit Process for each of them. Check your Applications folder and see if you can find the suspicious app’s name there. If so, drag the icon into Trash, then empty Trash. Whether or not you were able to Trash the malicious application, you should still run malware removal tools afterwards. My malware removal experience has taught me that removed malware can still leave malicious files and unwelcome changes to configuration files.
As in my Windows piece, I recommend putting these apps onto USB sticks and DVDs as well. Have them available to carry with you in both mediums just in case you can only access one method or the other on a Mac. Many Macbooks lack optical drives, and you may also find a Mac with a functioning optical drive with malfunctioning USB ports. As I said, be prepared for anything.
Malwarebytes for Mac
I recommended Malwarebytes in my Windows piece. The Mac version is great, too! The free version of Malwarebytes for Mac will scan your disks and remove any malware it recognizes, and the UI is nice and simple. You can download it from here.
No consumer malware removal tool will help with zero day or fileless attacks. But the majority of Mac malware can be removed with Malwarebyes for Mac, provided you have updated its signatures recently.
Mac Rogue Remover Tool
Some versions of macOS still have a serious problem with Mac Defender, Mac Security, Mac Protector, and Mac Guard rogue anti-spyware programs. If your user runs the Leopard, Snow Leopard, Lion, or Mountain Lion versions of OS X, BleepingComputer’s tool will remove those particular trojans which plague those operating systems.
Kaspersky Virus Scanner for Mac
Kaspersky’s freeware tool for Mac can detect and remove malware for Windows and Android. Windows and Android malware may not noticeably affect your Mac, but you don’t want to be sharing that malware to Windows PCs or Android devices if they connect to your Mac over the internet, by being mounted, or by sharing disks.
Kaspersky Virus Scanner will also remove malware that targets macOS specifically, so it’s worth a try. You can learn more here.
It’s not unheard of for Macs to be difficult or impossible to boot into macOS properly. Some Mac malware may damage the file system or boot sector. Put a DVD or USB stick with the following OS into the user’s Mac and reboot it. Before the Mac tries to boot into macOS or OS X, hit the Option(⌥) key. You will execute Startup Manager, and you can select the optical or USB disk from there.
Disk images on a USB stick need to be written with software which makes them bootable. Again, you can use UNetbootin to make a bootable USB drive. There are Windows, Mac, and Linux versions of UNetbootin you can download from here.
I recommended PartedMagic for Windows. But as it supports HFS and HFS+ as well, you can also use PartedMagic to fix broken file systems on a Mac. PartedMagic can partition, rescue data, fix how your HDD boots, and even do disk cloning.
You can download it here.
As a side note: For any Comcast XFinity customers: they offer FREE copies of Norton Internet Security Suite for Mac and Windows: https://constantguard.xfinity.com/products-and-services/norton-security-suite/
For those wanting to get savvier with their OSX security, maybe you should mention some of the small little tools that can make a difference:
- New tool for OSX: Oversight. Warns on Camera and Mic usage
- Little snitch: opensnitch : OpenSnitch is a GNU/Linux port of the Little Snitch application firewall (the one mentioned here)
- Little flocker: Little Flocker for Mac : Free Download : MacUpdate