Remove a User, Keep the Applications

Sept. 1, 2019: This article was updated due to an error. Thank you to Graham Pugh for catching it.

Over the course of my career working on Macs, I have come across many different situations. Some happen repeatedly, and some are one-and-done’s.

One reoccurring issue was when someone would go through me to pick up a new computer and alongside it, purchase some security software from me at the same time. Because of this, I would need to set up a user to install the security applications. I did, however, want the users to be able to set up their own accounts, with their own preferences and password of choice. The less passwords I know, the better. Not because I'd give them away, but I believe that passwords are personal, and they shouldn't be shared with anybody.

Because of this, I wanted to be able to install software, then allow the customers to set up their information. That’s where "usernuke" comes in.

This script allows users or Apple Technicians to reset their user account without losing root information (Applications, System, /Library).

To run this script, there are a few, relatively-simple instructions.

If you have a new Mac with a T2 Security Chip, follow these instructions from HT201573:

1. Start your Mac up in macOS Recovery, by holding Cmd + R when turning on your Mac

2. Select Disk Utility for the Utilities window

3. Select which volume you’re using, click File > Mount from the menu bar. Enter your administrator password if prompted

4. Quit Disk Utility

5. Click Terminal from the Utilities menu in the toolbar

6. Follow the instructions below beginning at 3a

If you have an earlier Mac, follow these:

1. Copy this script (usernuke.sh) to the root of the Startup disk hard drive. In that same area, you should see other folders like (Users, Library, System, Applications).

2. You then reboot your computer. The caveat is that before the machine powers on, hold “Cmd + S” keys to boot into Single-User mode. There will be a bunch of text that shows up on the display. Give it a moment to finish loading.

3. Then, you will type three commands. Each will take a moment or two to run, so be patient.

a. First, type:

  •  /sbin/fsck -fy
  • This checks the filesystem to make sure that the disk is verified

b. Once the filesystem check is complete, type:

  • /sbin/mount -uw /
  • This mounts your hard drive and allows you to access it the "User Nuke" from Single-User mode

c. Last, fire off the script by typing

  • sh /usernuke
  • You will be prompted to verify that you want to delete the users, then the machine will reboot at the end.

You can download the script here


The source code for the usernuke.sh bash script is as follows:

 #!/bin/bash

/sbin/mount -uw /

echo "Found the following users:"
ls -1 /Users/ | grep -v "Shared" | grep -v "Deleted Users" | grep -v "\."
declare -a userarray
userarray=( `ls /Users/ | grep -v "Shared" | grep -v "Deleted Users" | grep -v "\."` )
for (( i = 0 ; i < $ ; i++ ));
do 
       echo -n "Delete user $ (Y/N)?: "
           read -n 1 answer
           case "$answer" in
        y|Y)
           rm -Rf "/Users/$/"
           echo ""
                   echo "$ deleted."
        ;;
        n|N)
            echo ""
                    echo "$ NOT deleted."
        ;;
        *)
            echo ""
                    echo "$answer unknown. Please answer Y or N." 
            let i=(i-1)
        ;;
           esac     
   echo ""
done
rm -Rf "/Users/Deleted Users/"
if [ -d /var/db/dslocal ]; then
     rm -Rf /var/db/dslocal
     mkdir -p /var/db/dslocal/nodes
     cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/Default /var/db/dslocal/nodes/
     cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/dsmappings /var/db/dslocal/
fi
rm -rf /private/var/db/netinfo
rm -rf /private/var/db/openldap
rm -rf /private/var/db/samba
rm -rf /private/var/db/dhcpclient
mv /var/db/.AppleSetupDone /var/db/.RunLanguageChooserToo
rm -rf /Library/Caches
rm -rf /Library/Logs
rm -rf /Library/Preferences.
rm /usernuke

echo "User Nuke successfully removed user databases."
echo ""
echo "Press any key to shutdown."
read -n 1 nothing
/sbin/fsck -fy
shutdown -h now

Sextortion

Less than a month ago, security researcher Brian Krebs published an article called, Sextortion Scam Uses Recipient’s Hacked Passwords, and now, it appears that extortion has spread to the Apple platform.

Sextortion, by definition, is a form of blackmail in which sexual information or images are used to extort sexual favors from the victim. 

As noted by Krebs, the perpetrators would first hack the computers password. After receiving the computer's password, the hackers would email the victim and inform them that their password was hacked. What they would do next is tell the victim that they recorded them doing nefarious things. You can read an entire email below.

porn-blackmail-scam-email-example.png

This type of email would be very convincing, as the hackers literally know your password, which would make the average user and even more advanced users assume that recording through the webcam is possible. This is one of the more intimidating and personal scams I've ever seen. This isn't simply an attempt at extortion, it's uncomfortably personal.

Quite some time ago, I wrote a blog entitled simply Should You Cover Your Computer Camera. Now, when I wrote this, I hadn't really considered something like sextortion. That being said, if you are going to be doing..."personal" things on your computer, you may be better off using a camera cover. In addition to covering your camera, it may be worth it to get a piece of camera-monitoring software that can help monitor your webcam activity and alert you to its use.

When it comes to webcam monitoring, there is nothing better than Oversight by Objective-See. This software, as I mentioned, alerts you to both your camera and your microphone becoming active. It will throw you a notification in the top-right corner of your screen, alerting you to its activation. It also allows to whitelist certain apps, meaning that when you get the alert whether to allow or block the enabling of your camera, you can choose "Yes, Always" or "Just Once." This way, you can make sure Facetime always comes through, but other applications do not. Now you may be thinking, "Isn't that what the small, green light next to the camera is for?" The short answer is: yes. The slightly longer answer is that the green light can be bypassed to remain off even while the camera is active.

© Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— Oversight Application for macOS

© Objective-See —— Oversight Application for macOS

There are other ways you can protect yourself, such as using a program such as Micro Snitch, which is a program by the creators of Little Snitch, or you could even use an actual camera cover. If you so desire, you even get a pair the two. I don't physically cover my camera, as I am not overly concerned of being spied on, but a large part of this is due to the fact that I purchased Micro Snitch years ago, and since then, Objective-See released Oversight, which I also have installed. I figure that between the two programs, I should be safe, although I've found myself definitely drifting towards Objective-See's tools as opposed to the creators of Little/Micro Snitch, Objective Development. TL;DR: Install Oversight.

I do understand why others may want it covered. We all remember that picture of Mark Zuckerberg holding up a sign in his office, and in the background you see a MacBook Pro with the microphone and camera covered. Many people were shocked by this, but I was not one of them. Zuckerberg has many whom I'm sure would like to access his webcam, whereas someone like myself doesn't really have to deal with creepy people like that in my reality. It's our differences in fame and fortune. Fortune will quickly make you a larger target for any type of cyber attack.

zuck_instagram.jpg

The FBI has listed a few ways to avoid sextortion scams. They are as follows:

1. Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.

2. Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.

3. Turn off [and/or cover] any web cameras when you are not using them.

If you or someone you know have been victims of a sextortion scam, contact the FBI toll-free at 1-800-CALL-FBI.

Finding Accurate Software Reviews: Harder Than It Looks

Preface: I recently received an email from one of my closest friends, and also one of the most knowledgeable people I know when it comes to Apple computers and Apple security. The email Matt Jacobs (@pnwbeard) sent me a short message followed by a link. His email was to the point, and I immediately knew I was going to do it. His email was as follows:

You should do an article about s***ty “review” sites that just link you to malware while running ads for malware.

https://www.soft32[dot]com/mac/?rel=menu
— Matt Jacobs

I followed the link on my iPhone, and the second the website popped up, I knew it was going to be a great article, so thanks to Matt's assistance and link to a jump-off point, here it is.


MacKeeper ad on the bottom of the Soft32 website.

MacKeeper ad on the bottom of the Soft32 website.

There are many "review" sites out there that "review software," at least that is their claim. Soft32 is one of them. They claim to review software and give you download links to software that is for PCs, Macs, and iOS/Android. It took one scroll before I crossed the first and most glaring red flag. An advertisement for...you guessed it, MACKEEPER! Clicking the link takes you directly to the MacKeeper webpage - no surprise.

 

Soft32 is just one of many terrible "review" sites. These sites provide links to free software, which is laced with malware. They also run ads for companies like MacKeeper, which are considered PUPs (Potentially Unwanted Programs). They aren't necessarily considered "malware" by anti-virus engines, but they are programs that you'd best avoid. There was even a tweet put out by Apple Support, saying that you should avoid MacKeeper. It's probably one of my all-time favorite tweets.

However, I must digress, before I dive down the rabbit hole that MacKeeper typically makes me do.

Let's get back to the review sites. There are many, and they are persistent. I think one of the other most reviled "review" sites is the one that is commonly reference by MacKeeper. It is called ShopperApproved[dot]com. It is a nightmare of a site, that seems the most jaded review site I've run across. Although this one doesn't give you free downloads of malware-infested software, it is another one you best avoid.

Another very popular site is called CNet. CNet, which used to be a somewhat trustworthy site when it comes to software and product reviews, has deteriorated immensely. While on the other side, a site like Softonic[dot]com is just pure garbage, pushing horrendous software that has no business on your machine. It is plagued by malware and advertisements that link to software that is poorly made and slows down your computer. Those pieces of software typically come bundled with malware as well, so either way, it's going to put malware on your machine.

 It's unfortunate that you have to tip-toe across the internet in order avoid stepping in a steaming pile of malware, but it is the state of the internet today. This isn't just an Apple-specific issue, but also occurs across all platforms.

reviewmacsoftware.PNG

You see, these reviews occur on sites everywhere, and they are actually the most popular sites when consumers go out looking for reviews. This is due, in part, to the fact that these sites give away "free software." Sites like Softonic, along with the aforementioned Soft32, are all sites that utilize this "free" tactic in order to get you to click on their advertisements or download malicious content. Just remember that with software, as with phone calls, "If it sounds too good to be true, it probably is."

I'm sure you may be thinking, "Well then what is a reputable review site?" Unfortunately, there aren't a ton of good ones out there, and there are a ton of bad ones.

The best, publicly acclaimed review sites begin with Tom's Guide. Although I disagree with some of their content, overall, their reviews are, if nothing else, honest. They don't try to sell you additional software or offer free downloads. Another relatively good alternative for Mac users is the Apple Discussion boards. As a reminder, this is a user-to-user to discussion board, so the opinion your are getting is just another Apple user's opinion, however, many of the most common replies on this site are avid users who have a plethora of Mac knowledge. I am very often perusing the Apple Discussion boards in an attempt to provide insight to others who may need it. Another reputable site is 9to5Mac.com, Macworld.com(NOT Macworld[dot]co[dot]uk -- that site is a nightmare), and iMore.com.

With everything listed, I would recommend them in that order, but with one exception. . .ASK ME! Just send an email to stuart@crashsecurity.com or text/call me at (541) 714-5880, and I would be more than happy to let you know if the software in question is good or bad.

Gladiator_Thumb_Down_01.gif

A special thank you to my good friend and fellow Mac user Matt Jacobs (@pnwbeard) for the idea for this post. Matt is a Table Top Game designer and developer, and he does a fantastic job. He is currently working on a game called XO. Check it out and support him on Patreon.

Why MacKeeper IS a Scam

Known Bad Software Part I - MacKeeper


Before starting, I need to thank Matt Jacobs (@pnwbeard - Primary Apple Authorized Mac Technician, Apple Certified iOS Technician, Apple Authorized Support Professional), Diego Munoz (@diegomunozmusic - Primary Apple Certified iOS Technician, Apple Authorized Mac Technician, Apple Authorized Support Professional), mac-interactive (@macinteractive - Operated company providing Apple Support since 2003, experience in maintaining large networks of Macs in enterprise environment), and MacFixer.co.uk (@TheMacFixer - provides computer support, hardware repair, maintenance and upgrades for Apple Macintosh and iOS users in Hampshire, Isle of Wight, Wiltshire, Berkshire, Surrey and West Sussex for on-site repairs/collections) for their contributions to this blog post. Their knowledge and assistance over the years have made this possible. Give them a follow on Twitter as a thank you! Thank you very much for your contributions!

Let's begin...

Known Bad Software (KBS), or sometimes referred to as Potentially Unwanted Programs (PUPs) are on the rise. As PUPs seems like a "politically correct" term to call these programs, I'm going to call a spade a spade. Welcome to Part 1 of a multipart series focusing on Known Bad Software. Our first software, the well-known, persistent piece of garbage, MacKeeper.

My   Badge of Honor

My Badge of Honor

As most of you know, I have never been a fan of the software MacKeeper. In fact, I have been undoubtedly critical of them, enough to have them block me on Twitter. A fellow computer technician, @mac-interactive, took a screenshot of the message saying "MacKeeper has blocked you" and referred to it as the 'Badge of Honor'. I of course concur. 

I wanted to write a post that chronicles the reasoning behind my hatred. I also want to talk about specific articles that praise MacKeeper, and touch on why I still believe it is garbage.

History: I want to start with a little history of MacKeeper, and the two companies that have owned it since its inception in March 2010.

MacKeeper was started by ZeoBIT, LLC, out of Sunnyvale, California. MacKeeper, and as most programs, started out slow before gaining speed in the computer "security" industry. The way it gained speed, however, is part of the reason that MacKeeper is so highly criticized.

In 2014, Holly Yecha filed a class-action lawsuit against MacKeeper's, at the time, former owner, ZeoBIT, LLC, claiming that the company's computer security program identifies problems that don't exist and generates false error messages to scare users into purchasing an upgrade. (see Holly Yencha, et al. v. ZeoBIT LLC, Case No. 2:13-cv-00578, in the U.S. District Court for the Western District of Pennsylvania). The lawsuit was settled, and I am ommitting a lot of the legal jargon, but ZeoBIT settled for $2 million and told customers they could get a refund if MacKeeper was purchased before 8 July, 2015. A win for the people!

As of December 6, 2016, ZeoBIT, LLC is no longer in operation, but not before they sold MacKeeper to Kromtech Alliance Corp. in April, 2013. Keep in mind, this is before the class-action lawsuit against ZeoBIT, LLC, which I believe is the reason ZeoBIT went under. It is, I think, an accurate guess to think that ZeoBIT, LLC simply rebranded as Kromtech Alliance Corp.

Kromtech is known for its shady marketing techniques, which many users claim try to scare the user into buying their software. This is similar to how ZeoBIT, LLC operated.

https://mackeeper.com/blog/post/5-avira-licenses-anti-virus-technology-to-kromtech-to-power-mackeeper-security

https://mackeeper.com/blog/post/5-avira-licenses-anti-virus-technology-to-kromtech-to-power-mackeeper-security

In June 2014, Kromtech partnered with Avira, a well known antivirus software, to integrate the Avira database technology into MacKeeper. ZeoBIT did the same in 2011. The licensing agreement, which you can even see when your installing MacKeeper, allows Avira's Secure Antivirus API to run as a background service, which can also take requests from MacKeeper to run scans.

Now keep in mind, there is a difference between Kromtech Security Center, and the software Kromtech is putting on the market. Kromtech Security Center has done some great work in security research. I just wish Kromtech put a little more effort into their poor excuse for their security software.

How I learned about MacKeeper: I was first introduced to MacKeeper in 2015. I had recently began my work as a technician with an AASP (Apple Authorized Service Provider). I was being trained by Matt Jacobs, who had been with the company for a little over two years at the time. This was about the time when MacKeeper was starting to gain some notoriety in the Apple community as being a piece of software that should be avoided.

I remember one of my first days of training: I had a yellow legal pad out, taking notes on what was referred to as the "Security Bundle," a suite of programs and processes designed to help customers that were having security issues. A piece of this was removing programs that at the time, were known by the acronym KBS, for Known Bad Software, a phrase and acronym coined by Matt. It was Matt's knowledge and experienced that really sparked my interest into the world of computer security, and more specifically, Mac Security.

mavericks-600x409.png

"It all started with (OS X 10.9) Mavericks, which also seemed to open the door to malware," Matt told me. "I was running a 'tune-up' on a customer's machine (in 2013) that was running slower than it should. When I was working through my normal process of running a tune-up, MacKeeper crashed and asked if I wanted it to reopen. As I was just running a tune-up, I didn't think it was necessary to have it open. Right after I told it to not to reopen, the machine sped up to the speed it should be running. Not realizing MacKeeper was actually bad software, I thought it was a bad installation of the program, so I went out and installed it again. Sure enough, once it started running, the whole machine started running slow again."

After a lot of research, and going down the rabbit hole of Google, Matt discovered from a reputable source within the Apple Discussion Forums, that you (users) should stay away from MacKeeper. Matt fired off an email to Thomas Reed, at the time the creator of Adware Medic and owner/blogger on The Safe Mac website, now with Malwarebytes. Shortly after, a blog post by Reed went up on The Safe Mac, and MacKeeper began it's downfall in the eyes of the Apple community. "I don't know if my email to Thomas (Reed) had anything to do with his blog post, but I like to think it was," Matt stated.

It was after my training with Matt that triggered my love for investigating these types of poorly designed, unwanted programs.

From left to right: Stuart Ashenbrenner, Diego Munoz, Matt Jacobs

From left to right: Stuart Ashenbrenner, Diego Munoz, Matt Jacobs

When I was initially hired, I was being hired as Matt's replacement, as he and his family were moving. Roughly nine months later, Matt returned, and our store was also fortunate enough to get Diego Munoz, around a month before Matt came back. The three of us quickly became very close friends, and we worked very diligently on Matt's Security Bundle, Matt spearheading it. We were identified as Simply Mac's Research & Development team a short time later for the Security Bundle that went company-wide the following year, which I confirmed yesterday is still in use, and I just need to say this, Matt Jacobs has yet to get any credit for the production of this software, which is an abomination by that company. In our off-hours, we would test programs, run adware and see what it did and how it persisted, and worked to refine the Security Bundle to be as efficient as possible. The Security Bundle is still ran within the company, but the R & D team has mostly been disbanded with the massive customer increase, as well as some Apple Repair Extension Programs, that have kept Matt and Diego extremely busy, leaving little to no time to work on research and development. Even though I've left the company, I still spend my free time and time with Crash Security researching malware, adware, and known bad software like MacKeeper, so I can bring you blogs like this one.

Mac expert mac-interactive dug through some old emails, and he found the first surfacing of MacKeeper in his inbox from 30 November 2011. His email was sent out to his coworkers. It said, "Just had an email from a friend saying they had 'installed MacKeeper'...followed by 'is it any good? (...I removed some content for brevity...) Do [sic] the team have an experience? I would stay away from the app purely because of its excessive banner advertising and the fact that the banner click downloads the package!" Package is referring to MacKeeper's installer. 'Package' is the technical term for a type of installer. The response to mac-interactive was in the affirmative, telling him to stay away from it.

One of mac-interactive's coworkers stated at the time, "The client had carried out a 'clean up' operation using the application (MacKeeper), and it deleted a lot of their files from the Library folder in their home directory and also complete applications like 'iPhoto' and 'Pages'. A total of 2 hours has been spent getting the client's iMac up and running again. I talked the client through the reinstallation of Mac OS X 10.6 from their DVD which restored most functions. Then the client decided to purchase, download and install the latest version of Mac OS X (10.8), iPhoto and Pages applications from the App Store as they weren't sure where their original installation disks were and they wanted to be up to date.

The application, as I suspected was 'MacKeeper'. It's an app that appears a lot in 'Speed Up Your Mac' (advertisements) all over the internet.

This is a bad application in my opinion, and I generally uninstall it as soon as I find it on client's computers. Some versions of this application have been VERY difficult to remove in the past."

dwightschrute_false_mac-300x207-300x205.jpg

MacKeeper's problems: First, they provide cleaning software, which they claim you need, and they claim that they are criticized on forums because the people on the forms don't understand this and still believe Macs don't get viruses. Let's address this: NO! Many people who criticize MacKeeper on forums and discussion boards are actually security or Mac professionals. I believe that Macs need malware protection, which is sometimes bundled with an antivirus program. I think it is necessary. Macs are getting targeted for malware more and more every day. The idea that "Macs can't get viruses" just isn't true anymore, which prior to OS X 10.9 Mavericks was actually a valid statement. Actually, the phrase should have said, "Macs haven't gotten viruses." The ad campaign that Apple put out years ago is now irrelevant, except for the fact that the majority of Mac users truly believe that Macs can't get a virus, malware, adware, anything. What this does is makes them extremely vulnerable, and in-turn, they click on anything, believing that there is no way it can be malicious. However, malware protection is COMPLETELY, 100% different than "cleaning" software, which claims to "free up RAM space", yada yada yada.

Now for my favorite part...why do I, personally, have such hatred for MacKeeper? Now keep in mind, I am one of many who hate this software. I asked Diego Munoz, why he thought MacKeeper was so reviled. Munoz says, "I think most people who revile it are somewhat tech savvy and know how different computer processes work and they can see how "sketchy" they are."

Marketing: Beginning with their marketing tactics, MacKeeper is supremely one of the most aggressive advertisers that I've come across online. Their ads are predominantly on pages that are uncommon to the average user, but occasionally, you will see them on CNN[dot]com or other popular sites.. You will see their banner ads splattered across common pirating or torrenting pages, any page that speaks about computer speed, and the strangest - on the pages of other "security" software like CleanMyMac. Speedtest.net, a well known webpage for testing the upload and download time of your internet runs MacKeeper ads, and I have yet to run across a computer that is running MacKeeper and is benefiting from it. When I asked Diego about why he thinks it gets installed, he replied, "I think it's a guilt trip scam, and 100% of the computers I've worked on have not benefited from this. In fact, 100% of them do better without it."

Screen Shot 2018-05-08 at 8.46.58 AM.png

MacKeeper has been everywhere as far as marketing is concerned. Part, if not all of this, is made possible by CJ Affiliate, formerly Commission Junction, who is owned by Alliance Data. CJ Affiliate is a site that allows you to publish advertisements to target a specific audience. Based on how many 'clicks' your links get, you "stock" goes up, meaning that affiliates can turn a higher profit per click. Let me give you an example...if I use CJ Affiliate, MacKeeper can run an ad on my site, potentially. For ever click from my website to MacKeeper's site, I would give a certain amount of kickback money from that. Furthermore, if someone goes on to MacKeeper's site and buys something after visiting from my link, I get a kickback from that as well. Because of this, MacKeeper is on a TON of websites, because it is easy money for businesses, as they are getting a kickback off each click. The thing about MacKeeper that pushes this forward is that fact that MacKeeper sure does look legitimate. I will give them that. There website and software look as if they will actually help, which I don't think they do. I, as Diego mention, believe that removing it is more beneficial.

Fake Advertisements: MacKeeper has even been known, in the past, to also produce fake advertisements, trying to get the user to click on them. MacKeeper claims this is due to competitors trying to deface the company, but the following still remain. MacKeeper has been so well noted as being a piece of Known Bad Software, that some highly touted antivirus engines actually recognize MacKeeper as, not necessarily a piece of malware, but as a PUP, and the antivirus will help you remove it.

Macfixer.co.uk told me, "I think the selling tactics give it away, any legitimate software would not use pop-under ads telling people they needed to clean their Macs by scaring them. They also make it difficult to uninstall and even if you follow the guides on-line various crap is left remaining. So whilst the only harm it may do is to slow down your system and bundle a number of very poor ‘utilities’, ultimately its the shoddy business tactics that mean I tell all and sundry to avoid it. I’ve had dozens of cases where a poorly running Mac is restored to full health after MacKeeper has been given the boot."

I digress momentarily to say this: many antivirus programs make your Mac slower, especially the big ones that you heard of from the Windows platform. Antivirus software like Norton, Sophos (not as much), Avast, McAfee, AVG, and Kaspersky seem to slow a Mac down rather drastically. The difference with MacKeeper is that it repeatedly tells you that "your system is at risk," and that you should update MacKeeper to the Premium version, of course at a cost.

They claim their software can clean your memory, to name just one. You don't need a program to "clean your memory." It may remove the 200MB from your Safari cache, but 200MB on a hard drive over the size of 128GB is so minute, it's ridiculous to market towards people in this fashion.

Fake Reviews: One of the issues I have seen is the false advertising by people claiming to be Mac experts, lobbying for MacKeeper. To give you an example, I found macsumo[dot]com, a website that contains the word "mac," which also makes Apple users more trustworthy of them. Macsumo has only four articles, but unfortunately, the website lands on one of the first pages of a "MacKeeper" web search.

Macsumo[dot]com's most recent article posted on 3 April 2018, titled Mackeeper Review (April 2018) – Testing The World’s Most Controversial Mac App leads off with an interesting question. "First things first, do you really need cleaning tools like Mackeeper?" they ask. Their answer...Yes, you do!?!?! This is a flat-out falsehood. You don't need "cleaning tools." Do you need malware tools? Yes, I think so, but cleaning tools, no. Macsumo also claimed it sped up their machine, which would be a first. The most bizarre part of this blog post was the fact that one-eighth of the way into the article, they offer an "Exclusive MacKeeper discount", claiming "Macsumo exclusive 20% discount link." These ads then are scattered throughout the ENTIRE article, and by entire, I mean there are six in total. Yet, when you follow the link, you get to the purchase page for MacKeeper. No discount, just their primary purchase page. So much of the "advertising" from MacKeeper, in these forms, is simply clickbait (an ad designed to just make you click it). If you think about it, MacKeeper not only makes money on their product, but they make money on page hits, so if they put ads that convince consumers that their computer is running slow, then user clicks on it, and MacKeeper can then tell potential advertising clients that their pages get x-amount of hits per day. Still, there was a funny aspect to macsumo[dot]com: 1.) Their Terms of Service, which contain the "Links" section. See the picture below to see what I mean.

Macsumo[dot]com Terms of §6

Macsumo[dot]com Terms of §6

2.) The amount of CPU usage my computer was using simply having their website loaded. Pictured below - a whopping 95%

Screen Shot 2018-04-19 at 4.51.54 PM.png

Leave it to a lobbyist for MacKeeper to have high CPU usage...

A big question regarding if MacKeeper is a scam is still lingering. To use the definition of a scam directly from the dictionary:


scam

noun

informal

1. 

a dishonest scheme; a fraud.

"an insurance scam"

synonyms:fraud, swindle, fraudulent scheme, racket, trick; More

verb

1. 

swindle.

"a guy that scams the elderly out of their savings"

synonyms:swindle, cheat, deceive, trick, dupe, hoodwink, double-cross, gull;


IMG_4837.png

If those are the definitions of a scam, then MacKeeper is most definitely a scam. "Deceive": MacKeeper claims your computer is at high-risk when it is not. It seems ridiculous that a company that many find trustworthy is still in operation.

Now I do differ with some of my colleagues in this belief. People like mac-interactive said, "I think it has been a scam in it’s history, but now they seemed to have morphed into a general support service.
An example of a point in history of when it definitely was a scam can be seen in the September 2011 Apple Help Writer article (since updated) and here: http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/. A fake scan window that claims that the (clean system) is in a SERIOUS condition."

The other thing I have found that MacKeeper does to deceive its customers is constantly touting their 5-star rating from shopperapproved[dot]com. Here is one of the 5-star reviews. Read the review carefully. It doesn't seem like a 5-star review to me.

The website shopperapproved[dot]com is a site in and of itself that is questionable. In its first 12 days online, it had over 1,000 reviews, which sounds fishy to me. Also, according to TrustPilot, ShopperApproved[dot]com has a trust-rating of 3.4/10, basically meaning you shouldn't trust it.

Deception in Support: The funniest thing MacKeeper does, is it only speaks to its reviews from this site, but you have to dig to find their negative reviews, which there are a ton of them.

Screen Shot 2018-05-07 at 7.45.59 PM.png
Screen Shot 2016-06-17 at 8.09.21 PM.png

Again, their deception is almost staggering into wanting to make you believe that everything they do is 5-star service, and every customer representative you chat with through MacKeeper is the most Apple-savvy technician you could possibly find. Yet, every time I have chatted with someone on MacKeeper, which is well over twenty times, I have always "chatted" with the same representative, Andrew, or according to MacKeeper's website, Andrii (above-left). They have only FIVE customer support staff members, all who are, according to MacKeeper's website, "Apple Certified Professionals,"  which is their equivalent to the Apple Certified Support Professional, which is an actual accreditation through Apple. Yet, when you look at each profile, four of the members are only certified through OS X 10.9 Mavericks (circled in the picture above), which came out in October 2013. One member is certified with OS X 10.10 Yosemite, released in June 2014. We are currently on macOS 10.13 High Sierra, and it's 2018!

They will walk you through your system scan, then tell you, "Your system is at critical risk," which is a direct quote from a chat log I had with them. This was after installing MacKeeper on a fresh operating system, meaning that I erased a hard drive, installed an operating system, installed MacKeeper, and ran their scan. They said my newly installed operating system was at "Serious" status. Below you can see a video-only beginning interaction which they claim is a chat with a real person. It's not. It's 100% auto-generated text. They are auto-responses, just one message after another, which you can see below (no audio).

IMG_4838.jpg

This type of "support" leads to reviews like the this review. One of the more bizarre parts is that I have installed MacKeeper probably over one-hundred times to experiment with it, have chats with their "technicians," etc. Yet over all this time, I have never ONCE been asked to review the software. Even if you go to shopperapproved[dot]com, you can't just leave a review for something. I still have no idea how those reviews appear, but mac-interactive believes that once a purchase is made, the customer is sent a specific link to leave a review.

One of the most difficult parts is finding positive MacKeeper reviews that aren't from shopperapproved[dot]com. When you type it into an internet search, you get some options, but then you stumble across an ad, yes an ad, that is for "MacKeeper reviews." The link to it? It goes to MacKeeper's website! I couldn't believe this. Do you know what this means? It basically means that MacKeeper is paying for an ad that claims it has MacKeeper reviews and it goes directly to their site. The advertisement on Google below and left leads to the page below and on the right. It is absolutely reprehensible. One of the funniest parts, MacKeeper's ad gave them only 4.1 out of 5 stars 😂😂😂.

Screen Shot 2018-04-28 at 3.58.12 PM.png

There have been some reviews left over the years from well-known website. In 2014, a company/website called 9to5Mac said, "Buying MacKeeper is basically paying to get scammed everyday."

Screen Shot 2018-04-28 at 3.58.47 PM.png

Likewise, two years prior, CultOfMac.com noted, "MacKeeper uses hidden "activators" which download malware without the user's consent."

Even people who write positive reviews of MacKeeper on their webpages, like macsumo[dot]com almost always have advertisements for MacKeeper on their website. If I am going to give an honest review about a product, I probably shouldn't be running their advertisements too. Isn't that exactly what a conflict of interest is? But this goes back to the CJ Affiliate part of it; getting paid for clicks.

MacKeeper is so bad at having their content reviewed, that their own Youtube channel put up this video, saying it was a review of MacKeeper. By the way, noticed how it says "Shopper Approved" in the title. They claimed this video was her testimonial. 

This shows your what a mess MacKeeper is. If this is their types of reviews, then you can tell they are a fledgling operation. That is, if their reviews are even legitimate, which I highly doubt.

Blatant Lies: One of the things that companies similar MacKeeper purport is that if you use free antivirus or malware software and don't pay for it, that you yourself become the product. Now I realize that on occasion, this holds true. The idea of "too good to be true" can be accurate in many circumstances when you are talking about computers. However, until recently, Malwarebytes for Mac was 100% free, and it still is free but contains a paid option. ClamXAV, one of my favorite virus-scanners was free until approximately a year ago. EVERY tool created by Patrick Wardle (@patrickwardle) on his website, Objective-See.com (@objective-see) is free, and they are amazing tools that are perfect for anyone concerned about computer security or information security. Please let me know if you are interested in any of these, and I can give you more information.

IMG_5498.PNG

Apple's Faux pas: As much as I would like to place 100% of the blame directly on MacKeeper's shoulders, you simply can't without calling out Apple simultaneously. Apple has, for seven years, allowed ZeoBIT, LLC, followed by Kromtech Alliance Corp., to carry a valid, signed certificate, meaning that Apple is allowing MacKeeper to be produced for their machines. Apple even once called out MacKeeper on the Apple Support Twitter account, claiming MacKeeper to be malware in January of 2018. Unfortunately, this tweet has since been removed, which is a shame. It felt like a momentary win for Apple, only for them to most likely kowtow to MacKeeper threats.

According to mac-interactive, "It did exist on the App Store for a while as the 911 Bundle, which was a great shame." I did confirm this in only a few seconds of research. If Apple could be more upfront with the terrible software that is out there, we may be able to curb this problem.

Final Thoughts: The problem is that there are also garbage pieces of software that not only don't help your computer, they seem to actually make it worse. There are a surprising number of these, and unfortunately, most of the ones you may see in the App Store aren't good. I highly suggest doing some research before downloading any antivirus or malware protection, and even ask me if you would like.

Lastly, I'd like to leave you with my own review of MacKeeper, and yes, it is SHOPPER APPROVED! Enjoy!