OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

VirusBarrier removed from App Store

Published March 10th, 2014 at 8:24 AM EDT , modified March 10th, 2014 at 8:24 AM EDT

Intego’s VirusBarrier Express has been my favorite malware scanner for manual scans for some time. It was from the App Store, so I could be sure it wasn’t installing components in the system anywhere, and it had truly excellent detection rates for Mac malware. I recommended it frequently. So I was shocked and dismayed to find that both it and the paid VirusBarrier Plus were quietly removed from the Mac App Store last week!

A colleague forwarded an e-mail from an Intego representative to me, giving the following as their official position on this matter:

Because of limitations placed on applications in the Mac App store by Apple, it is not possible to provide a virus scanning tool that provides the capability Mac users expect in such a utility. These limitations have resulted in a very large number of negative reviews on our Mac App Store products as consumers place the blame on Intego for the limitations. We feel that if we cannot meet user expectations in a product because of the App Store limitations, we should not offer that product through that channel.

We will be replacing the applications with a new set of security and performance applications in the near future that work extremely well within the App Store limitations.

Current users of the Intego applications will continue to receive virus definition updates as they always have.

This is truly unfortunate news, as it would seem to indicate that this is a decision that will not change as long as the App Store continues to place the restrictions it does on apps, and I don’t see Apple changing those restrictions at any point. It’s really too bad, but having seen the reviews of VirusBarrier Express that were posted on the App Store, I can completely understand how they would be upsetting to Intego.

I had read many of the reviews for VirusBarrier Express on the App Store as much as a year ago, and had posted my own review as an attempt to counter them. Many of those reviews were simply made through ignorance, by people who expected too much and had no understanding of App Store limitations. Other reviews, however, seemed deliberately malicious, filled with outright misinformation, and seemed like they could only have been posted with the express purpose of downgrading the ratings of the product.

It’s very injudicious, but that is a fairly common attitude in the Mac community. “Knowledgeable” Mac users seem to almost take it as an insult that someone may suggest that malware exists, some even denying that malware exists at all. Even those who do understand and accept that malware exists may have an unreasoningly contemptuous attitude for all anti-virus software. Such people will do whatever they can to hurt anti-virus companies, bad-mouthing them in public forums or user review sites whenever possible.

My biggest disappointment, though, does not involve the people who carry out such smear campaigns. I am greatly displeased that Intego folded under this pressure. So much so that I wonder if there’s not more going on here than their official statement reveals. After all, on sites featuring user reviews, like MacUpdate, the full version of VirusBarrier also has a number of detractors placing blame on Intego for problems. As I’ve pointed out, this is pretty much a constant issue with any anti-virus software on the Mac, and not a good reason for discontinuing a product. As a Mac-specific company, I would expect Intego to be aware of this.

Regardless of the causes, however, it looks like we will have to simply learn to do without VirusBarrier Express and VirusBarrier Plus. Dr. Web Light has now supplanted VirusBarrier as my top recommendation for manual scanning. It was a little behind VirusBarrier Express in detections in my testing, but is far ahead of everything else.

Tags: , ,

44 Comments

  • Jay says:

    “Current users of the Intego applications will continue to receive virus definition updates as they always have.” Meanwhile both virusbarrier and X6 have not received definition updates since Feb 27th. They contact the server just fine but say there are no new defs available. I hope they will resume work on this soon and provide the definitions as promised in their statement.

    • Thomas says:

      To be fair, there hasn’t been any new Mac malware discovered since the 27th. Of course, if you’re using VirusBarrier in part to detect Windows malware, to avoid passing it on accidentally to Windows users, you can bet that there have been many thousands of new Windows malware variants that have appeared during that time.

      • Jay says:

        Just got this in the mail:

        “Dear Intego customer,
        Thank you for your enquiry.
        Our last update is indeed from the 27 February 2014.
        We shall publish a new update tomorrow (on 11 March 2014).”

        Indeed lucky this didn’t happen during an ‘outbreak’ of some sorts.

  • George says:

    Hi, any alternative ?.

  • Chris says:

    I m using ClamXav not sure about its efficiency but I just use AV apps for scanning incoming files, not realtime.

  • pierre says:

    hi thomas ,

    I tried to download Dr Web Light from app store and …Avast! free Mac blocked it , finding a virus !!! :

    file name : mzm.ewbtyyor.pkg
    virus name : MX97:ShellCode-AV (Expl)

    what is this ?

    • Thomas says:

      Avast has a well-known issue with false positives. That’s undoubtedly what this is. Despite Avast’s strong record at detecting Mac malware, I strongly recommend against Avast, due to the unacceptable frequency of problems like this.

  • pierre says:

    ok , thanks a lot Thomas

  • jean says:

    What about Avira. Avira seems great already on Windows and it’s free. I used AntiVir and later Avira for around 15 years on Windows.
    It seems it’s that good on Mac.

    • Thomas says:

      Avira has good detection rates, in my testing. I have very little other experience with it, so I can’t say how stable it is or how it affects performance.

      • Jay says:

        Never used it apart from testing but it has very low impact on CPU and RAM, my only issue with it is there is no way to exclude files or folders from scans unless you use some terminal tricks.

  • Darren Kehrer says:

    At this point, you might try ClamXav. With it’s recent updates to the app itself (from the website, not App store), it’s been a good alternative for me.
    http://www.clamxav.com/

  • pierre says:

    hi Thomas ,
    which one are you using yourself ?
    til , yesterday I used Avast free but due to its false-positive and above all , slowing down too much the machine (despite 16 GB RAM DDR3 , no swap ; 3.06 GHz core)

    thanks

    pierre

    • Thomas says:

      I personally use none, beyond testing. I have a number of App Store anti-virus apps installed, but can’t say I “use” them since I rarely open them, and even then only to test something.

  • John says:

    Hi,

    I installed Dr. Web Light on my wife’s iMac. She has 80G of data on her hard drive, plus Time Machine. It has been running non stop for over 3 days and still has a ways to go. It slows down her computer a lot. There is no way to set it up to run just at night. Also, once the full scan is complete, there is no way to scan just new previously unscanned files, so you have to run a full scan again, which takes many days and significantly affects performance. I would like to try something better, with the above mentioned features – what is recommended?

    Thanks

    • Thomas says:

      If it’s taking that long to scan a drive with only 80 GB on it, something is wrong. You mentioned Time Machine… if it’s also scanning a Time Machine backup, make it stop. Time Machine backups should not be touched by anti-virus software, or anything else except for Time Machine. Scanning a Time Machine backup could easily take a very, very long time, because a Time Machine backup will be full of tens of thousands of hard links pointing back to other files in the backup.

      Also, note that I don’t recommend doing full scans on a regular basis. You just need to check new incoming files. If you feel that you need stronger protection than just manual scans of incoming files, you probably need something with “on access” scanning features.

  • John says:

    Thanks, Thomas

    There is no obvious way to easily check new incoming files with Dr Web Light, other than doing each file individually. Ideally, I would be able to easily check just new files that haven’t been scanned yet, though this does not appear possible.

    I would think that scanning Time Machine would be important, as there can be virus’ in there as well?

    • Thomas says:

      As long as you can be 100% sure that your anti-virus software will not touch anything in your Time Machine backups without permission, you can scan it, but you’ll need to be aware it’s probably going to be a very lengthy process. As for any threats you find, they’re almost certainly not Mac threats and not a danger. However, if you want to remove them, you should only do so through Time Machine itself… find out where the infected files are, then delete all copies of them through the Time Machine interface.

  • John says:

    One other thing, as Time Machine is being scanned, threats are being found. Should I let the antivirus software deal with the threats in Time Machine?

    • Al says:

      They won’t be able to deal with them because TimeMachine will be locked up. That’s another reason to not bother scanning TM. It only contains items that were on your hard drive and they needed to be dealt with at the same time and place as they were found originally. You will only be able to delete them from inside the TimeMachine process. You can try to do that now, but if that’s too difficult then it might be best if you just make a mental note to scan your hard drive immediately after restoring from backup. Eventually all those old files will be deleted from TimeMachine anyway.

  • John says:

    Thanks, that helps a lot. I won’t bother with scanning Time Machine. I would like the possibility to do an initial full scan, then just scan new files after that. Since Dr Web Light doesn’t do that, is there another program that would, or is it better just do always do full scans?

    • Paul says:

      ClamXav does. Not the version from the App Store. Get the full version from the developer, that includes Sentry, which will scan new files.

  • Gilles C. says:

    I checked Dr. Web and I don’t feel using a program that was last updated Jul 31, 2012.

    • Thomas says:

      It really doesn’t matter when the app itself was last updated, so long as it works with the OS. The important thing is the definitions, and those get updated frequently. Updates are downloaded automatically when you start the app.

  • nigelh says:

    Just to add my couple of cents worth here, I too have tried a number of AV products and in the end, reached the conclusion that Sophos’ Free AV for Mac is head-and-shoulders above all the others and is painless to use, It includes a live scanner, intercepts websites that are known bad places to visit, and has a clean, easy-to-use interface. I’ve even used it to scan my partner’s Win7 pc laptop over the wireless network, which ran surprisingly rapidly. Of course, it does include all of the Win virus definitions, otherwise that would have been a rather pointless exercise!

  • bentkitty100 says:

    Can VirusBarrier be downloaded from Softonic or Download.com or something? Because if so, the AppStore removal could lead to an increase in adware downloads because people are downloading AV software from adware-distributing sites.

    • Thomas says:

      Nope, it’s not available through those places. There is no longer a free version of VirusBarrier at all, unfortunately.

  • doray says:

    Is it OK for VirusBarrier to decompress and scan archives (such as zip files) in Time Machine backups? Without my knowing it, VirusBarrier scanned my Time Machine backups. Since I had it set to scan archives, it would have decompressed them, which I’m concerned might modify them somehow. And since Time Machine backups should not be changed, would scanning archives cause the Time Machine backups to become corrupted or less reliable?

  • doray says:

    So if an antivirus program decompresses compressed files in a Time Machine backup, that doesn’t modify the backup or compressed files at all? I just want to make sure, because if there’s any chance it’s compromised, I’d erase and start a new set of backups.

    • Thomas says:

      No, scanning an archive file (.zip, .dmg, etc) shouldn’t modify the file at all, so on that basis, your backups should be fine. However, it’s never a good idea to scan a Time Machine backup, because if the anti-virus software does make any changes (for example, if it detects and automatically quarantines or deletes a malicious file), that can damage your backups.

    • Al says:

      The A-V program decompresses those files to a temporary location on your boot drive and scans them there, then deletes the decompressed file when it’s finished with it.

      As Thomas mentioned, it’s rarely a good idea to scan a Time Machine volume, but in all cases that I’ve examined, it was impossible for the A-V software to make any modifications whatsoever to the TM volume and all attempts to do so resulted in an error. So it’s probably OK to scan it, but be prepared for it to take a very long time and make sure the A-V program does not even attempt to automatically clean any infections it finds. If you find anything, then simply make a mental note of it and should you have to restore your HD from TM then scan your HD immediately after the restoration. There are ways to remove infected files from within TM if you know where they are, but you should really do that as part of the process of cleaning up when they are originally found on your HD when you know exactly where they were found.

      • doray says:

        Thank you for your explanation of how and where the files are decompressed — that makes sense as to why the files aren’t modified.

  • doray says:

    Thank you very much for your thorough reply! The antivirus program didn’t find any viruses or quarantine any files. So I don’t think it would have made any changes to my Time Machine backups, but I don’t know. Based on that, if it were you, would you erase and start a new set of backups just to be safe, or is that completely unnecessary?
    Also, do you still recommend VirusBarrier, the paid version, available from Intego?

    • Thomas says:

      I would say your backups are probably fine.

      I’ve never really recommended VirusBarrier itself. It is far too invasive and heavy-handed, and that makes it too prone to causing problems. VirusBarrier Express gave all the benefits of Intego’s very thorough database of malware signatures without all the disadvantages of VirusBarrier. I’m sad to see it go, and I’m sad to see Intego going down the path they have chosen recently.

  • doray says:

    You mentioned that antivirus programs should not touch [existing] Time Machine backups. I’ve also seen that AV programs can interfere with accessing Time Machine backups, causing them to hang. So is it OK to have an antivirus program running while new Time Machine backups are being created/written, or would it interfere with that too? If OK, is it only OK if the program is set not to scan the backup hard drive? Thank you!

    • Thomas says:

      This depends greatly on the anti-virus software. A proper anti-virus app should not interfere with Time Machine backups… But anything with active, on-access scanning could interfere if there’s a bug.

  • Sarath says:

    Thank you for your straight-to-point comments, Thomas. Appreciate your support !

    I have one query for which I haven’t yet found a satisfactory reply. I have a Macbook Pro and I am not worried about installing an Anti-virus on it because I use it sensibly. I have a couple of pen drives to which I copy data from Mac and use it outside for printing, project, etc., which is returned with different types of viruses as a gift – 100% sure !

    As all of those are Windows-related virus, when I connect back it to Mac, I just see them as regular files –> I select them all – Move to Trash – Empty Trash. Work Done !

    The worry part is that, I have a HDD (NTFS-exFAT) which is a reflection of my digital life which I never take chances !

    So, if there was a virus or something from the pen drive that got into my Mac, although it cannot affect my Mac, it puts a risk of affecting my HDD the next time it is connected which will defy the very purpose of why I got a Mac !

    So, I want an Anti-virus, which is highly effective in clearing Windows-related variants of malware/virus from any external device (pen drive, HDD, some other’s…) and yet it is free. I would probably be not running it all the time until unless I am about to connect an external device. And, ofcourse, I first completely update the anti-virus to that date, then connect the device, clean it, then close Anti-virus.

    Sophos – Avast – ClamXav – or other – Which one would you recommend ?

    As I may not be running it all the time, probably the resource-affecting factor is a bit less for me, but I would leave it to you.

    Thank you for your time, and un-valuable efforts.

    Cheers !

    • Thomas says:

      If you just want something to scan those flash drives when you connect them, Dr. Web Light would do an admirable job, and ClamXav has been improved significantly lately and might rival it at this point. Use one of them to manually scan those drives when you connect them.

      Note that connecting a drive will never result in any of the contents being automatically copied to another drive, so you need not worry about such transmission, unless you have some third-party syncing software that might cause that to happen. The only way Windows malware could escape from those flash drives is if you copied it along with something else, and then it would still simply be inert if you never opened it.

      By the way, I hope you meant “invaluable” there at the end! 😉

      • Sarath says:

        Oops… yeah, I meant ‘invaluable’ 🙂

        Thank you, Thomas.

        Regret for the delay as I assumed that I will get an automated e-mail once you reply. Prolly, I will book mark the URL & keep visiting for an update.

        While waiting for the reply, I installed Sophos 9.0.8, it is simple & looks ok but I am not sure how effective it is as until now it din’t (or may be couldn’t !) find any. Some time later, I will remove Sophos & try ClamXav and/or Dr. Web Light.

        Thank you.

  • doray says:

    I see that Intego just came out with a new version of VirusBarrier: X8. But I don’t think it’s available in the App Store, not yet anyway. I’d be interested to know what you think of it.

    • Thomas says:

      From what I’ve been told by Intego, I don’t think they’ll be releasing any further App Store versions of their software. As for VirusBarrier X8, I haven’t looked at it yet, but if it’s like previous versions, it’s a bit more heavy-handed than I like to recommend.

  • Susan says:

    Thank you for your website. Scanning with Dr. Web Light now after I noticed some unusual files and that the Guest Account had downloaded files different from (and more recently) than my home account. I don’t use the Guest Account. Nobody should be using the Guest account, or ever should have. I did leave my computer with a shop to add ram, but tjat was abpit ot/ Tried to delete Guest but wasn’t able to.

    Anyway, with only about a third of the scan done, already 147 files have been skipped. (I set no parameters to skip files). Downloaded from the Mac apps site so I’m sure the app is OK. Can you suggest a place to go to the manufacturer directly and safely download a user manual that might provide assistance in terms of understanding the skipped files?

    Working off a tiny screen pc now while mac scans – so apologies for any typos.

    Thanks again

    • Thomas says:

      Any anti-virus apps from the Mac App Store are limited in what they can scan. They cannot scan anything that you don’t have permission to view.

This post is more than 90 days old and has been locked. No further comments are allowed.