You know how this ends, right? “Knock Knock!” Followed up by, “Who’s there?” And then “something something” and a punchline. When it comes to Mac malware, how do we know whether it’s installed or not?
It’s not as if malware will respond to a Siri query, right? Enter KnockKnock, a Mac utility which checks your Mac each time it starts to scan and find persistent malware which may not be uncovered by other utilities or anti-virus apps.
Scan Me, Baby!
The way this nifty utility works is rather straightforward. When you startup your Mac, KnockKnock starts up, too, and when it finds certain kinds of files it queries a virus and malware site to find information about what it thinks is malware.
It doesn’t get much easier than this. Click to start the initial scan.
Most malware wants to be persistent and run each time your Mac is booted up. KnockKnock looks for persistently installed applications and that often reveals malware.
The app itself is simple and straightforward. Double-click to open, click on the Start Scan button. What you’ll see in the lefthand sidebar are apps or utilities or kernel extensions which are persistently installed. Signed Apple binaries are automatically filtered out but it will list legitimate 3rd party software.
Click on an item to reveal details and description. Here’s how the developer explains what happens next:
If the item is an executable binary, KnockKnock automatically queries VirusTotal with a hash of the binary in order to retrieve any information. While VirusTotal is being queried, this button displays ‘■ ■ ■’. Once the query is complete, the title of the button is automatically updated with either the detection ratio, or a ‘?’ if the binary is not known to VirusTotal.
From there more detail is available, including the VirusTotal information about a suspect file. KnockKnock will find many files even though Apple’s own files are filtered, but the app does not try to figure out whether a finding is malware or not, but if a file is known malware from the VirusTotal listings, it will be detected and highlighted in red.
After that, well, it’s all rather geeky, but KnockKnock will look for persistently installed items that a standard virus scanner app may not find. Not bad for free, right? But you’ll need to get your geek on.