Malware and Adware on a Mac

Posted on Updated on by David LeonardCategories:Blog, Operating Systems, Security and Privacy

What does File Quarantine do for you on your Mac?

File Quarantine WarningWhen you attempt to open a file from the internet using Safari, or from an attachment to an email in the Mail program, the operating system will pop up a window warning you that the file comes from the internet and ask whether you really do want to open it. After you’ve seen this message a few times relating to different downloads it’s tempting to start thinking that the operating system is being a bit of a nanny and trying to save you from yourself (which, of course, you don’t need as you’re a perfectly rational person capable of making your own mind up).

However, this is not the only job that Mac’s File Quarantine does. When you come to open the file, It also checks the file to see if contains any known malware. Both of those words are important:

  • Known – as with all security programs on computers, there is always a small chance that something nasty is roaming around cyberspace and lands on your computer before the program that should check for it has become aware of it.
  • Malware – File Quarantine is not looking for computer viruses and it’s not looking for Adware (programs that pop adverts up at you).

Hellraiser warning
Figure 2. Malware has been detected
If File Quarantine does detect malware then it will display the dialog box shown in figure 2. Since you have already got the file in your system, you should respond by clicking on the “Move to trash” button. Clicking on the “Cancel” button will cancel your attempt to open the file, but it will still be left on your system. If the file is a “disk image” rather than a normal file then the options will be to “Cancel” or “Eject Disc Image”. Click on the latter option.

You can read more about File Quarantine at this Apple web page.

If you decide that File Quarantine is just nannying you and annoying you, then you can actually turn it off. This is achieved by opening a window in Terminal, entering the following command, and then re-booting the machine:

defaults write com.apple.LaunchServices LSQuarantine -boo1 NO

To turn File Quarantine back on, just repeat the command, but type “YES” instead of “NO”.

Having pointed that out (and you can read a bit more about it at Mactips), I don’t recommend turning File Quarantine off. As long as you have a fairly recent version of Mac OSX the popup window only happens the first time you open something downloaded from the internet. I think it’s worth having to click through that one window in order to keep the benefits of having OXS check for known malware.

AdwareMedic logoAs mentioned above, File Quarantine will not prevent the lesser threats posed by Adware getting onto your computer. In the world of Windows PCs, I recommend Malwarebytes and Spybot to clean a machine of known threats. In the world of Macs it’s a bit piecemeal. To add to the protection offered by File Quarantine, you can download and run a free program called AdwareMedic.

It’s very simple to download and run AdwareMedic and it should only take it a minute or so to check your system. See figure 4 for a results screen when I ran it on my MacBook Pro. I’d never seen any evidence of Adware on the Mac, but it’s still good to know that something unpleasant has been removed.

Adware found
Figure 4. AdwareMedic found this piece of adware on my MacBook Pro
If you still think you have an adware problem after running AdwareMedic then visit this AdwareMedic page for further advice. The suggestions on that page are largely concerned with problems that you think may be adware but which are, in fact, something else (such as your browser Home Page or your chosen Search Engine having been changed).

David Leonard