Known Bad Software Part I - MacKeeper
Before starting, I need to thank Matt Jacobs (@pnwbeard - Primary Apple Authorized Mac Technician, Apple Certified iOS Technician, Apple Authorized Support Professional), Diego Munoz (@diegomunozmusic - Primary Apple Certified iOS Technician, Apple Authorized Mac Technician, Apple Authorized Support Professional), mac-interactive (@macinteractive - Operated company providing Apple Support since 2003, experience in maintaining large networks of Macs in enterprise environment), and MacFixer.co.uk (@TheMacFixer - provides computer support, hardware repair, maintenance and upgrades for Apple Macintosh and iOS users in Hampshire, Isle of Wight, Wiltshire, Berkshire, Surrey and West Sussex for on-site repairs/collections) for their contributions to this blog post. Their knowledge and assistance over the years have made this possible. Give them a follow on Twitter as a thank you! Thank you very much for your contributions!
Known Bad Software (KBS), or sometimes referred to as Potentially Unwanted Programs (PUPs) are on the rise. As PUPs seems like a "politically correct" term to call these programs, I'm going to call a spade a spade. Welcome to Part 1 of a multipart series focusing on Known Bad Software. Our first software, the well-known, persistent piece of garbage, MacKeeper.
As most of you know, I have never been a fan of the software MacKeeper. In fact, I have been undoubtedly critical of them, enough to have them block me on Twitter. A fellow computer technician, @mac-interactive, took a screenshot of the message saying "MacKeeper has blocked you" and referred to it as the 'Badge of Honor'. I of course concur.
I wanted to write a post that chronicles the reasoning behind my hatred. I also want to talk about specific articles that praise MacKeeper, and touch on why I still believe it is garbage.
History: I want to start with a little history of MacKeeper, and the two companies that have owned it since its inception in March 2010.
MacKeeper was started by ZeoBIT, LLC, out of Sunnyvale, California. MacKeeper, and as most programs, started out slow before gaining speed in the computer "security" industry. The way it gained speed, however, is part of the reason that MacKeeper is so highly criticized.
In 2014, Holly Yecha filed a class-action lawsuit against MacKeeper's, at the time, former owner, ZeoBIT, LLC, claiming that the company's computer security program identifies problems that don't exist and generates false error messages to scare users into purchasing an upgrade. (see Holly Yencha, et al. v. ZeoBIT LLC, Case No. 2:13-cv-00578, in the U.S. District Court for the Western District of Pennsylvania). The lawsuit was settled, and I am ommitting a lot of the legal jargon, but ZeoBIT settled for $2 million and told customers they could get a refund if MacKeeper was purchased before 8 July, 2015. A win for the people!
As of December 6, 2016, ZeoBIT, LLC is no longer in operation, but not before they sold MacKeeper to Kromtech Alliance Corp. in April, 2013. Keep in mind, this is before the class-action lawsuit against ZeoBIT, LLC, which I believe is the reason ZeoBIT went under. It is, I think, an accurate guess to think that ZeoBIT, LLC simply rebranded as Kromtech Alliance Corp.
Kromtech is known for its shady marketing techniques, which many users claim try to scare the user into buying their software. This is similar to how ZeoBIT, LLC operated.
In June 2014, Kromtech partnered with Avira, a well known antivirus software, to integrate the Avira database technology into MacKeeper. ZeoBIT did the same in 2011. The licensing agreement, which you can even see when your installing MacKeeper, allows Avira's Secure Antivirus API to run as a background service, which can also take requests from MacKeeper to run scans.
Now keep in mind, there is a difference between Kromtech Security Center, and the software Kromtech is putting on the market. Kromtech Security Center has done some great work in security research. I just wish Kromtech put a little more effort into their poor excuse for their security software.
How I learned about MacKeeper: I was first introduced to MacKeeper in 2015. I had recently began my work as a technician with an AASP (Apple Authorized Service Provider). I was being trained by Matt Jacobs, who had been with the company for a little over two years at the time. This was about the time when MacKeeper was starting to gain some notoriety in the Apple community as being a piece of software that should be avoided.
I remember one of my first days of training: I had a yellow legal pad out, taking notes on what was referred to as the "Security Bundle," a suite of programs and processes designed to help customers that were having security issues. A piece of this was removing programs that at the time, were known by the acronym KBS, for Known Bad Software, a phrase and acronym coined by Matt. It was Matt's knowledge and experienced that really sparked my interest into the world of computer security, and more specifically, Mac Security.
"It all started with (OS X 10.9) Mavericks, which also seemed to open the door to malware," Matt told me. "I was running a 'tune-up' on a customer's machine (in 2013) that was running slower than it should. When I was working through my normal process of running a tune-up, MacKeeper crashed and asked if I wanted it to reopen. As I was just running a tune-up, I didn't think it was necessary to have it open. Right after I told it to not to reopen, the machine sped up to the speed it should be running. Not realizing MacKeeper was actually bad software, I thought it was a bad installation of the program, so I went out and installed it again. Sure enough, once it started running, the whole machine started running slow again."
After a lot of research, and going down the rabbit hole of Google, Matt discovered from a reputable source within the Apple Discussion Forums, that you (users) should stay away from MacKeeper. Matt fired off an email to Thomas Reed, at the time the creator of Adware Medic and owner/blogger on The Safe Mac website, now with Malwarebytes. Shortly after, a blog post by Reed went up on The Safe Mac, and MacKeeper began it's downfall in the eyes of the Apple community. "I don't know if my email to Thomas (Reed) had anything to do with his blog post, but I like to think it was," Matt stated.
It was after my training with Matt that triggered my love for investigating these types of poorly designed, unwanted programs.
When I was initially hired, I was being hired as Matt's replacement, as he and his family were moving. Roughly nine months later, Matt returned, and our store was also fortunate enough to get Diego Munoz, around a month before Matt came back. The three of us quickly became very close friends, and we worked very diligently on Matt's Security Bundle, Matt spearheading it. We were identified as Simply Mac's Research & Development team a short time later for the Security Bundle that went company-wide the following year, which I confirmed yesterday is still in use, and I just need to say this, Matt Jacobs has yet to get any credit for the production of this software, which is an abomination by that company. In our off-hours, we would test programs, run adware and see what it did and how it persisted, and worked to refine the Security Bundle to be as efficient as possible. The Security Bundle is still ran within the company, but the R & D team has mostly been disbanded with the massive customer increase, as well as some Apple Repair Extension Programs, that have kept Matt and Diego extremely busy, leaving little to no time to work on research and development. Even though I've left the company, I still spend my free time and time with Crash Security researching malware, adware, and known bad software like MacKeeper, so I can bring you blogs like this one.
Mac expert mac-interactive dug through some old emails, and he found the first surfacing of MacKeeper in his inbox from 30 November 2011. His email was sent out to his coworkers. It said, "Just had an email from a friend saying they had 'installed MacKeeper'...followed by 'is it any good? (...I removed some content for brevity...) Do [sic] the team have an experience? I would stay away from the app purely because of its excessive banner advertising and the fact that the banner click downloads the package!" Package is referring to MacKeeper's installer. 'Package' is the technical term for a type of installer. The response to mac-interactive was in the affirmative, telling him to stay away from it.
One of mac-interactive's coworkers stated at the time, "The client had carried out a 'clean up' operation using the application (MacKeeper), and it deleted a lot of their files from the Library folder in their home directory and also complete applications like 'iPhoto' and 'Pages'. A total of 2 hours has been spent getting the client's iMac up and running again. I talked the client through the reinstallation of Mac OS X 10.6 from their DVD which restored most functions. Then the client decided to purchase, download and install the latest version of Mac OS X (10.8), iPhoto and Pages applications from the App Store as they weren't sure where their original installation disks were and they wanted to be up to date.
The application, as I suspected was 'MacKeeper'. It's an app that appears a lot in 'Speed Up Your Mac' (advertisements) all over the internet.
This is a bad application in my opinion, and I generally uninstall it as soon as I find it on client's computers. Some versions of this application have been VERY difficult to remove in the past."
MacKeeper's problems: First, they provide cleaning software, which they claim you need, and they claim that they are criticized on forums because the people on the forms don't understand this and still believe Macs don't get viruses. Let's address this: NO! Many people who criticize MacKeeper on forums and discussion boards are actually security or Mac professionals. I believe that Macs need malware protection, which is sometimes bundled with an antivirus program. I think it is necessary. Macs are getting targeted for malware more and more every day. The idea that "Macs can't get viruses" just isn't true anymore, which prior to OS X 10.9 Mavericks was actually a valid statement. Actually, the phrase should have said, "Macs haven't gotten viruses." The ad campaign that Apple put out years ago is now irrelevant, except for the fact that the majority of Mac users truly believe that Macs can't get a virus, malware, adware, anything. What this does is makes them extremely vulnerable, and in-turn, they click on anything, believing that there is no way it can be malicious. However, malware protection is COMPLETELY, 100% different than "cleaning" software, which claims to "free up RAM space", yada yada yada.
Now for my favorite part...why do I, personally, have such hatred for MacKeeper? Now keep in mind, I am one of many who hate this software. I asked Diego Munoz, why he thought MacKeeper was so reviled. Munoz says, "I think most people who revile it are somewhat tech savvy and know how different computer processes work and they can see how "sketchy" they are."
Marketing: Beginning with their marketing tactics, MacKeeper is supremely one of the most aggressive advertisers that I've come across online. Their ads are predominantly on pages that are uncommon to the average user, but occasionally, you will see them on CNN[dot]com or other popular sites.. You will see their banner ads splattered across common pirating or torrenting pages, any page that speaks about computer speed, and the strangest - on the pages of other "security" software like CleanMyMac. Speedtest.net, a well known webpage for testing the upload and download time of your internet runs MacKeeper ads, and I have yet to run across a computer that is running MacKeeper and is benefiting from it. When I asked Diego about why he thinks it gets installed, he replied, "I think it's a guilt trip scam, and 100% of the computers I've worked on have not benefited from this. In fact, 100% of them do better without it."
MacKeeper has been everywhere as far as marketing is concerned. Part, if not all of this, is made possible by CJ Affiliate, formerly Commission Junction, who is owned by Alliance Data. CJ Affiliate is a site that allows you to publish advertisements to target a specific audience. Based on how many 'clicks' your links get, you "stock" goes up, meaning that affiliates can turn a higher profit per click. Let me give you an example...if I use CJ Affiliate, MacKeeper can run an ad on my site, potentially. For ever click from my website to MacKeeper's site, I would give a certain amount of kickback money from that. Furthermore, if someone goes on to MacKeeper's site and buys something after visiting from my link, I get a kickback from that as well. Because of this, MacKeeper is on a TON of websites, because it is easy money for businesses, as they are getting a kickback off each click. The thing about MacKeeper that pushes this forward is that fact that MacKeeper sure does look legitimate. I will give them that. There website and software look as if they will actually help, which I don't think they do. I, as Diego mention, believe that removing it is more beneficial.
Fake Advertisements: MacKeeper has even been known, in the past, to also produce fake advertisements, trying to get the user to click on them. MacKeeper claims this is due to competitors trying to deface the company, but the following still remain. MacKeeper has been so well noted as being a piece of Known Bad Software, that some highly touted antivirus engines actually recognize MacKeeper as, not necessarily a piece of malware, but as a PUP, and the antivirus will help you remove it.
Macfixer.co.uk told me, "I think the selling tactics give it away, any legitimate software would not use pop-under ads telling people they needed to clean their Macs by scaring them. They also make it difficult to uninstall and even if you follow the guides on-line various crap is left remaining. So whilst the only harm it may do is to slow down your system and bundle a number of very poor ‘utilities’, ultimately its the shoddy business tactics that mean I tell all and sundry to avoid it. I’ve had dozens of cases where a poorly running Mac is restored to full health after MacKeeper has been given the boot."
I digress momentarily to say this: many antivirus programs make your Mac slower, especially the big ones that you heard of from the Windows platform. Antivirus software like Norton, Sophos (not as much), Avast, McAfee, AVG, and Kaspersky seem to slow a Mac down rather drastically. The difference with MacKeeper is that it repeatedly tells you that "your system is at risk," and that you should update MacKeeper to the Premium version, of course at a cost.
They claim their software can clean your memory, to name just one. You don't need a program to "clean your memory." It may remove the 200MB from your Safari cache, but 200MB on a hard drive over the size of 128GB is so minute, it's ridiculous to market towards people in this fashion.
Fake Reviews: One of the issues I have seen is the false advertising by people claiming to be Mac experts, lobbying for MacKeeper. To give you an example, I found macsumo[dot]com, a website that contains the word "mac," which also makes Apple users more trustworthy of them. Macsumo has only four articles, but unfortunately, the website lands on one of the first pages of a "MacKeeper" web search.
Macsumo[dot]com's most recent article posted on 3 April 2018, titled Mackeeper Review (April 2018) – Testing The World’s Most Controversial Mac App leads off with an interesting question. "First things first, do you really need cleaning tools like Mackeeper?" they ask. Their answer...Yes, you do!?!?! This is a flat-out falsehood. You don't need "cleaning tools." Do you need malware tools? Yes, I think so, but cleaning tools, no. Macsumo also claimed it sped up their machine, which would be a first. The most bizarre part of this blog post was the fact that one-eighth of the way into the article, they offer an "Exclusive MacKeeper discount", claiming "Macsumo exclusive 20% discount link." These ads then are scattered throughout the ENTIRE article, and by entire, I mean there are six in total. Yet, when you follow the link, you get to the purchase page for MacKeeper. No discount, just their primary purchase page. So much of the "advertising" from MacKeeper, in these forms, is simply clickbait (an ad designed to just make you click it). If you think about it, MacKeeper not only makes money on their product, but they make money on page hits, so if they put ads that convince consumers that their computer is running slow, then user clicks on it, and MacKeeper can then tell potential advertising clients that their pages get x-amount of hits per day. Still, there was a funny aspect to macsumo[dot]com: 1.) Their Terms of Service, which contain the "Links" section. See the picture below to see what I mean.
2.) The amount of CPU usage my computer was using simply having their website loaded. Pictured below - a whopping 95%
Leave it to a lobbyist for MacKeeper to have high CPU usage...
A big question regarding if MacKeeper is a scam is still lingering. To use the definition of a scam directly from the dictionary:
a dishonest scheme; a fraud.
"an insurance scam"
synonyms:fraud, swindle, fraudulent scheme, racket, trick; More
"a guy that scams the elderly out of their savings"
synonyms:swindle, cheat, deceive, trick, dupe, hoodwink, double-cross, gull;
If those are the definitions of a scam, then MacKeeper is most definitely a scam. "Deceive": MacKeeper claims your computer is at high-risk when it is not. It seems ridiculous that a company that many find trustworthy is still in operation.
Now I do differ with some of my colleagues in this belief. People like mac-interactive said, "I think it has been a scam in it’s history, but now they seemed to have morphed into a general support service.
An example of a point in history of when it definitely was a scam can be seen in the September 2011 Apple Help Writer article (since updated) and here: http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/. A fake scan window that claims that the (clean system) is in a SERIOUS condition."
The other thing I have found that MacKeeper does to deceive its customers is constantly touting their 5-star rating from shopperapproved[dot]com. Here is one of the 5-star reviews. Read the review carefully. It doesn't seem like a 5-star review to me.
The website shopperapproved[dot]com is a site in and of itself that is questionable. In its first 12 days online, it had over 1,000 reviews, which sounds fishy to me. Also, according to TrustPilot, ShopperApproved[dot]com has a trust-rating of 3.4/10, basically meaning you shouldn't trust it.
Deception in Support: The funniest thing MacKeeper does, is it only speaks to its reviews from this site, but you have to dig to find their negative reviews, which there are a ton of them.
Again, their deception is almost staggering into wanting to make you believe that everything they do is 5-star service, and every customer representative you chat with through MacKeeper is the most Apple-savvy technician you could possibly find. Yet, every time I have chatted with someone on MacKeeper, which is well over twenty times, I have always "chatted" with the same representative, Andrew, or according to MacKeeper's website, Andrii (above-left). They have only FIVE customer support staff members, all who are, according to MacKeeper's website, "Apple Certified Professionals," which is their equivalent to the Apple Certified Support Professional, which is an actual accreditation through Apple. Yet, when you look at each profile, four of the members are only certified through OS X 10.9 Mavericks (circled in the picture above), which came out in October 2013. One member is certified with OS X 10.10 Yosemite, released in June 2014. We are currently on macOS 10.13 High Sierra, and it's 2018!
They will walk you through your system scan, then tell you, "Your system is at critical risk," which is a direct quote from a chat log I had with them. This was after installing MacKeeper on a fresh operating system, meaning that I erased a hard drive, installed an operating system, installed MacKeeper, and ran their scan. They said my newly installed operating system was at "Serious" status. Below you can see a video-only beginning interaction which they claim is a chat with a real person. It's not. It's 100% auto-generated text. They are auto-responses, just one message after another, which you can see below (no audio).
This type of "support" leads to reviews like the this review. One of the more bizarre parts is that I have installed MacKeeper probably over one-hundred times to experiment with it, have chats with their "technicians," etc. Yet over all this time, I have never ONCE been asked to review the software. Even if you go to shopperapproved[dot]com, you can't just leave a review for something. I still have no idea how those reviews appear, but mac-interactive believes that once a purchase is made, the customer is sent a specific link to leave a review.
One of the most difficult parts is finding positive MacKeeper reviews that aren't from shopperapproved[dot]com. When you type it into an internet search, you get some options, but then you stumble across an ad, yes an ad, that is for "MacKeeper reviews." The link to it? It goes to MacKeeper's website! I couldn't believe this. Do you know what this means? It basically means that MacKeeper is paying for an ad that claims it has MacKeeper reviews and it goes directly to their site. The advertisement on Google below and left leads to the page below and on the right. It is absolutely reprehensible. One of the funniest parts, MacKeeper's ad gave them only 4.1 out of 5 stars 😂😂😂.
There have been some reviews left over the years from well-known website. In 2014, a company/website called 9to5Mac said, "Buying MacKeeper is basically paying to get scammed everyday."
Likewise, two years prior, CultOfMac.com noted, "MacKeeper uses hidden "activators" which download malware without the user's consent."
Even people who write positive reviews of MacKeeper on their webpages, like macsumo[dot]com almost always have advertisements for MacKeeper on their website. If I am going to give an honest review about a product, I probably shouldn't be running their advertisements too. Isn't that exactly what a conflict of interest is? But this goes back to the CJ Affiliate part of it; getting paid for clicks.
MacKeeper is so bad at having their content reviewed, that their own Youtube channel put up this video, saying it was a review of MacKeeper. By the way, noticed how it says "Shopper Approved" in the title. They claimed this video was her testimonial.
This shows your what a mess MacKeeper is. If this is their types of reviews, then you can tell they are a fledgling operation. That is, if their reviews are even legitimate, which I highly doubt.
Blatant Lies: One of the things that companies similar MacKeeper purport is that if you use free antivirus or malware software and don't pay for it, that you yourself become the product. Now I realize that on occasion, this holds true. The idea of "too good to be true" can be accurate in many circumstances when you are talking about computers. However, until recently, Malwarebytes for Mac was 100% free, and it still is free but contains a paid option. ClamXAV, one of my favorite virus-scanners was free until approximately a year ago. EVERY tool created by Patrick Wardle (@patrickwardle) on his website, Objective-See.com (@objective-see) is free, and they are amazing tools that are perfect for anyone concerned about computer security or information security. Please let me know if you are interested in any of these, and I can give you more information.
Apple's Faux pas: As much as I would like to place 100% of the blame directly on MacKeeper's shoulders, you simply can't without calling out Apple simultaneously. Apple has, for seven years, allowed ZeoBIT, LLC, followed by Kromtech Alliance Corp., to carry a valid, signed certificate, meaning that Apple is allowing MacKeeper to be produced for their machines. Apple even once called out MacKeeper on the Apple Support Twitter account, claiming MacKeeper to be malware in January of 2018. Unfortunately, this tweet has since been removed, which is a shame. It felt like a momentary win for Apple, only for them to most likely kowtow to MacKeeper threats.
According to mac-interactive, "It did exist on the App Store for a while as the 911 Bundle, which was a great shame." I did confirm this in only a few seconds of research. If Apple could be more upfront with the terrible software that is out there, we may be able to curb this problem.
Final Thoughts: The problem is that there are also garbage pieces of software that not only don't help your computer, they seem to actually make it worse. There are a surprising number of these, and unfortunately, most of the ones you may see in the App Store aren't good. I highly suggest doing some research before downloading any antivirus or malware protection, and even ask me if you would like.
Lastly, I'd like to leave you with my own review of MacKeeper, and yes, it is SHOPPER APPROVED! Enjoy!