AppAddict
May 30th, 2024

BlockBlock and KnockKnock from Objective-See

Mac Apps
The Enemy
The Enemy


Anyone who tells you that Macs don't get viruses is misinformed, and you shouldn't rely on that person for computing advice. Mac malware exists. Having said that, the average Mac user is in much better shape than the average Windows user because the bad actors of the world tend to concentrate on the platform with the largest market share. Additionally, those who have a modern Mac running a fully up to date OS have built-in behind the scenes protection that requires them to very little in order to be safe. If that's you and you get all your software from the App Store, move along and have a nice day. But, if you download software from developer web sites, Github or if you are living the Pirate's life (you gangster, you), it's probably a good idea to take the extra step to protect yourself.

The Objective-See Foundation is a non-profit 501(c)(3) corporation that has been around since 2015. It provides free, open-source security software for the Mac platform

BlockBlock
BlockBlock is a utility that loads at login and monitors your Mac for the installation of any persistent program, a category that includes most malware. When BlockBlock encounters a new persistent installation, it alerts you and asks for your input. Do you want to allow this or forbid it? "If the process and the persisted item is trusted, simply click 'Allow'. If not, click 'Block'. Both actions will create a rule to remember your selection (unless you selected the 'temporarily' checkbox). If you decide to block an item, BlockBlock will remove the item from the file system, blocking the persistence."

KnockKnock
KnockKnock serves as an on demand file scanning utility. "Press the 'Start Scan' button to instruct KnockKnock to scan known locations where persistent software or malware may be installed. By design, KnockKnock simply lists persistently installed software. Although by default signed-Apple binaries are filtered out, legitimate 3rd-party software will likely be displayed.

"If the item is an executable binary, KnockKnock automatically queries VirusTotal with a hash of the binary in order to retrieve any information. While VirusTotal is being queried, this button displays '■ ■ ■'. Once the query is complete, the title of the button is automatically updated with either the detection ratio, or a '?' if the binary is not known to VirusTotal."

"With the query complete, the button can be clicked to reveal a popup containing VirusTotal-specific information about the file. If the file is unknown, clicking the 'submit?' button will submit the file for analysis. Known files contain a link to the full analysis report and a 'rescan?' button that will rescan the file."

Other Options
Objective-See makes other security products including LuLu, an open-source free firewall and ReiKey, which detects keyboard trackers.

If your primary security concerns center around places you go online vs. the software you install, I would also suggest running a periodic scan with the commercial product, Malwarebytes, which has a free version for manual scans and a paid version for more extensive real-time protection.