If you’re new to Mac, you’re probably thinking that it’s a no-brainer that you need some kind of anti-virus app. Once you start looking around the web for reviews, it’s inevitable that you’re going to come across the Great Mac AntiVirus Debate: in the one corner, those who say Mac users who forego antivirus protection are arrogant and just setting themselves up for a fall, and in the other those who’ve used Macs for umpteen years, never had or heard of any real threat, and consequently say AV software is a waste of time.
You can read round this debate for years and never come to a satisfying conclusion, largely because its as much about what you ‘ought’ to do as it is about what is the case. Just because you’ve never had any viruses, doesn’t mean you won’t get one tomorrow. And yet, there are NO viruses in the wild known to affect macs, and so when one does arrive, it will be unknown to your AV scanner. Hence, an AV Scanner is just a waste of system resources (and possibly money, if you paid for it). Yikes! What do I do!!
What you do is sidestep the whole debate and stop thinking only about virus scanners, which after all deal with only a small subset of all the possible attack vectors in the internet age, and start thinking in terms of vulnerability scanners. Unlike a simple virus scanner, a vulnerability scanner examines your system not only for malware but also for any vulnerabilities in commercial software, plug ins, your system setup (including network and other sharing settings) and other installed items. The scanner will not only explain the threat and its severity but also tell you what, if anything, you need to do, recommend patches and guide you to links for more info where available.
You can use something like Nessus for free if you are a home user, which will give you a far better insight into the possible attacks someone could implement on your system (and it will check your system against almost all of the major virus scanner databases like Symantec, etc).
Even better, a vulnerability scanner like Nessus won’t just examine your machine, it’ll look at everything else (and all the installed apps) of anything on your home network including phones (any platform), other computer systems (any OS), and even your router.
Security in OS X Lion is a big problem that not many people are aware of, and here’s why: your Lion computer contains the install/recovery disk on the internal drive. That means anyone with a basic knowledge of Mac and Lion can start up your mac and reset your passwords, thereby accessing your user accounts and all your personal data. The same trick can help kids easily get round restrictions applied through OS X’s ‘Parental Controls’ feature.
How is this possible, you may ask? First, a little history. Among the 250 changes vaunted about Lion over its predecessor, Snow Leopard, there is one that is widely known but whose implications are rarely pointed out: you download the OS rather than install it from a disc. In the past, if your OS went bad and needed to be recovered, or you forgot your admin passwords, the simplest answer was to insert your install disk. From that, you could restore the OS and reset your passwords. That made your Mac a little safer (though not entirely safe) so long as your disc was kept somewhere physically different from your computer.
With Lion having no install disc, Apple had to find an answer as to how to provide the recovery option. The solution was to install a Recovery partition on the same disk as the operating system itself. In the event that the OS goes bottoms up and needs to be recovered or re-installed, you just restart your computer holding down the ‘command’ and ‘r’ keys to access the Recovery partition.
So far so good, but likewise, just as with the old DVD install discs, you — or anyone else — can also reset the user account passwords from the Recovery partition. That means your passwords are effectively useless. Anyone who wants to hack your user account just has to restart your Mac holding down ‘command’ and ‘r’ and then use the built-in Password Utility to make new passwords for your accounts. Now I’m not going to tell you quite how to do it (you do need a little knowledge to get the user account names and know how to do the reset) but it is widely publicized elsewhere, and indeed even in Apple’s own online documentation (so if you really want to know, google is your friend or follow some of the links in this post…).
What’s the answer to this security nightmare? Here’s one thing that’s NOT the answer but which I have seen widely touted: setting a firmware password. If you’re not familiar with the concept of the firmware password, don’t worry. It is practically useless, since anyone can reset that simply by taking off the back of your computer, and then pulling out and then putting back in one of the memory chips.
Apple, of course, thought about this problem. Their own solution is to encourage you to use FileVault 2 (FV2) to encrypt all your data. Indeed, this is the BEST solution. Without your password, no one can access the disk on your computer no matter what they do (and that includes YOU if you forget it…). However, there are a couple of drawbacks to FV2. One is that it requires extra disk space, and if you have more than one partition on your hard drive, or a lot of data, and little space you may not be able to encrypt and decrypt your data. The other drawback is that FV2 places a little extra wear-and-tear on your hard disk (though that may be negligible given the security pay off).
Using FileVault 2 is really the only security option if you’re using Lion. However, if you don’t have the space for it, there is a ‘second-best’ strategy (see below why it’s only ‘second best’), and that is to remove the recovery disk and use a clone as your recovery option instead (WARNING: the Recovery disk is required for FileVault 2, so by removing it you will also remove the ability to use FV2).
There’s a couple of ways to remove the recovery partition on your internal disk, but this is probably the best:
1. Clone your current system to an external disk using Carbon Copy Cloner. This will clone your entire system exactly as it is now, but it will not copy the Recovery disk.
2. Still booted into your internal OS (the one on your machine), open Terminal.app and paste the following command:
defaults write com.apple.DiskUtility DUDebugMenuEnabled 1
3. Open Disk Utility.app (Applications/Utilities/Disk Utility.app). In the menu bar of Disk Utility, choose Debug > Show Every Partition.
4. In the left-hand pane of Disk Utility, you can now see the Recovery HD. Click on it. Then click on the Erase tab on the (larger) right-hand pane. Click the Erase button down there on the bottom right.
5. Quit Disk Utility.
Now you can use your bootable clone as your recovery disk if your OS becomes corrupt and no one can boot up your computer with ‘command-r’. If you keep the clone backed up on a regular incremental schedule (you can choose anything from once an hour, once a day, week, or month), you can simply restore a corrupted internal disk to exactly the same state as your last backup.
Why only ‘second best’?
As alluded to earlier, it is still possible for advanced users to start up your mac and reset the password without the Recovery partition (this was also true in Snow Leopard even without the install disc). In fact, what this procedure does is give your OS X Lion installation the same security level as an OS X Snow Leopard installation, which is not actually that great, but better than Lion with a Recovery disk! Also, if you are storing highly sensitive data, don’t neglect the fact that someone who has complete unfettered access to your hard drive could even remove the disk and recover the data using special software.
The short story is if you want to be absolutely certain that your data is secure, FileVault 2 is really your only option.
featured picture Security Workstation by digitalhadz
Last updated: June 16, 2018
If you’re unfamiliar with the reputation of MacKeeper but have come here because you downloaded it – or it downloaded itself after you were inadvertantly redirected to some unwanted website – and are now wondering whether you made a mistake, let me present you with a few facts.
MacKeeper is one of the most infamous pieces of software on the macOS platform. This post itself was first published in September 2011, and has since received over 2 million hits from people wishing to uninstall MacKeeper from their computers.
When I ran MacKeeper’s free trial version on a brand new clean install of macOS, it told me that my system was in ‘serious’ condition and that I needed to buy MacKeeper in order to solve all my problems.
It seems, then, that MacKeeper thinks macOS, freshly installed, is a poor piece of software engineering, but the feeling is mutual. macOS doesn’t like MacKeeper much either. macOS provides the following warning about MacKeeper:
MESSAGE FROM CONSOLE
12/05/2015 17:48:00.946 com.apple.xpc.launchd: (com.mackeeper.MacKeeper.Helper) This service is defined to be constantly running and is inherently inefficient.
If you have installed MacKeeper and wish to remove it, read on.
i. If you have used MacKeeper’s encryption feature, be sure to unencrypt before you uninstall MacKeeper. You should also check whether any of your personal files are stored in /Documents/MacKeeper Backups.
Backups & other disks
ii. If you have any disks connected to your mac, including Time Machine, eject them before you start the uninstall procedure.
iii. If you have anything in the Trash, empty it now before you start.
You are now ready to uninstall MacKeeper.
The Easy Way
As I’ve been involved in helping people uninstall MacKeeper for over 5 years, I eventually got round to the task of automating the process so that folks who were not that technically proficient with computers could take advantage of the information on this page.
If that sounds like you, then the easiest way to uninstall MacKeeper is to use my app DetectX. This is a shareware that can be used for free 😀. You do not need to sign up to anything, subscribe to anything or give anyone your email address. Just download the app, run it, remove MacKeeper and be on your way.
After several years of testing and refining my app’s removal procedure, I now recommend using it even for proficient users as it is simply faster, more reliable and less prone to error than doing it any other way. The only people who should really consider the manual option are those that are running versions of macOS that are too old to run DetectX.
Please note also that the list of filepaths below is somewhat out of date. Follow the instructions, but consult my post here for the most recent update to the list of MacKeeper filepaths.
The Manual Way
If you need to remove MacKeeper manually then follow these instrutions carefully. They’ve been refined over the years by many people who contributed in the hundreds of comments that follow this post and have been proven to work without exception. However, bear in mind that the onus is on you to follow the instructions to the letter. For that reason, go slow, read carefully and don’t do anything if you’re not sure what you’re doing. If you have any doubts, post a question in the comments.
Here we go!
1. If MacKeeper is running, quit it. From the sidebar in any Finder window, choose your hard disk icon and go to your Library folder. Look in the Application Support folder for the folder inside it called ‘MacKeeper’:
Drag this folder to the Trash.
2. Still in Library, look for and trash any of these you find in the same way:
3. If you are using OS X Lion 10.7 or later, use the ‘Go’ menu in Finder’s menubar and hold down the ‘option’ key. Choose ‘Library’ from the menu (yes, this is a different Library folder from the one you were just in). If you are using Snow Leopard or Leopard, just click on the little ‘Home‘ icon in the Finder sidebar and navigate to the Library. Then trash any and all of these that you find:
Be careful not to delete the wrong files: only those that have got the words ‘zeobit’, ‘MacKeeper’, ‘911’ or ‘911bundle’ should be trashed.
Update May 2015:
Due to recent changes in MacKeeper, the following files should also be searched for and removed:
~/Library/Application Support/MacKeeper Helper
The last item above will require removal in Terminal or turning on of invisible files in the GUI (various 3rd party apps can do this, including my own DetectX and FastTasks 2).
4. Go to Applications > Utilities > Keychain Access.app and double click on it. Notice the padlock in the window is up there on the left, rather than down the bottom. Click on it and enter your admin password. Now go through all the items in the ‘Keychains‘ list (such as Login, System, Root) with ‘All items’ selected in the ‘Category’ list. Anything you find related to ‘MacKeeper’ or ‘zeobit’, click on it, then choose Edit > Delete from the menu.
(Thanks to Al for also mentioning this point in the Comments below! 🙂 ).
5. Open the Activity Monitor utility (Applications>Utilities>Activity Monitor.app). In 10.10 Yosemite or later, select the View menu and choose ‘All Processes’. For earlier versions of macOS, select ‘All Processes from the drop down menu just over on the right of the dialogue box. Next, scroll down the list of items shown and see if any processes called ‘MacKeeper’, ‘zeobit’ or ‘911 bundle’ are still running. Older versions of MacKeeper may have a ‘WINE’ process running, so also look for ‘wine’. Anything you find, click on it and hit the ‘Quit Process’ or ‘X’ button (Yosemite) in the top left corner.
6. Go to your Applications folder from a Finder window and select MacKeeper. Then, hold down ‘command’ and press ‘delete’ once. If you assigned MacKeeper to be pinned in the Dock, be sure to also drag the icon off the Dock and release it anywhere over the desktop. It will, satisfyingly, disappear in the ‘poof’ of a cloud. 😀
7. When you’re done filling up your trash can with all this junk, click on the Finder> Empty Trash.
8. Go to
> System Preferences > Users & Groups (or ‘Accounts’ for Snow Leopard) | Login Items
If you see anything to do with MacKeeper in the list of items there, highlight it, then click the little minus ‘-‘ button near the bottom of the list.
9. Restart your Mac. Everything should be back to normal, but check the Activity Monitor one last time to be sure.
Supplementary: If you have a problem with MacKeeper pop-ups while using your browser, try clearing out the caches, like this:
In Safari menubar, choose ‘Safari > Reset Safari’. Make sure all the options are checked.
This will not only clear out your caches, but everything else stored by the browser. Don’t worry, it won’t affect your bookmarks, but it will reset your ‘top sites’ and history.
In Firefox menubar, choose ‘Tools > Clear Recent History…’ and choose ‘Everything’. Again, it’ll clear everything out but won’t delete your bookmarks.
Obviously, if you use any other browsers like Opera or something you’ll have to find the same options for those too.
Terminal tricks for defeating adware
block MacKeeper and other browser ads
protect your mac from malware viruses and other threats
FastTasks 2 – get Applehelpwriter’s free utility app from Sqwarq.com
1. If you have any problems carrying out the steps, try starting your Mac up in Safe mode, and then running the procedure.
2. You can safely ignore any MacKeeper files that are in the BOM or Receipts folders.
3. If you have only downloaded the MacKeeper package but not ran the installer, you only need to send the .pkg file in your Downloads folder to the Trash. That’s it!
4. If you are seeing ads on this site, we recommend that you use an adblocker!
This post has been refined and improved over time thanks to suggestions and replies made in the Comments and on Apple Support Communities. Thanks especially to Al, Lyndon and Jack.