There are a few items on this dev's site that cause me some concern, mainly because I'm so distrusting, especially for apps that claim to detect malware on a Mac. Here are the statements I find interesting, at least and worthy of verification, if possible:
1. "signed-Apple items are filtered out by default"
2. "since VirusTotal is fully integrated into KnockKnock, known malware will be detected (and highlighted in red). The remaining items that are not flagged can be manually examined."
3. "it ask to access the keychain"
4. "[it tries] to access the network"
1. While Malware on the Mac is still rare, some of the worst has been through the use of "signed" apps, at least for the first few days/weeks until Apple updates the list of safe devs. Therefore, this app intentionally misses any of these types of malware, we are still open to this vector until Apple (or the media) makes it known.
2. "VirusTotal" may be completely transparent and honest, but it web-based and so further removed from direct user trust and possible contact. This app depends on the veracity and safety of that site and its operators. It also has the capability. Further more, the dev suggests that there may still be other files/apps that could simply not yet be in the VirusTotal database and we should use other methods. "google the hash of the file, run strings on it..." or even contact the dev.
3. Although I don't normally use Keychain for saving passwords, etc., I don't like giving access to it to any other app, even if they "promise" to only look at certain parts of it.
4. To access the VirusTotal database, the app must use the web. While we can expect the app to transfer only relevant data about System, how will we know. I recommend at using a good VPN to eliminate third-party access to the data, whatever that may be.
Lastly, I notice that the site still has a copyright date of 2017. This leads me to believe that the development of this app, if not the dev's work, is in other areas and not a primary endeavor. Even if this is one simple site, it is does not require rocket science to create a script that will update details like this automatically... should the dev be so busy that he can't be bothered.
None of these things may bother you but I'll continue to use more 'mature' apps that update their malware databases at least once a day and don't require any access to other parts of my secure system areas.
I would like to say something positive, at least about the work of the dev; all his apps are free and all involve protecting the Mac from various attack vectors. Perhaps it would be best to use all of the separate apps than any particular one.
xabd (aka, Nervus Nelly
)
