Part of my weekend job at the computer store involves supporting the customers who come with Macs that aren't working right. And more and more of these Macs are coming in with ad injection software installed. That causes them problems when they try to do just about anything with their web browser. Here's more about ad injection software and what to do about it.
Ad injection software displays pop-up ads and advertisements when you try to visit a web site. It can load up a web page automatically when you open your browser, create a new tab or open a new window. It also can redirect your search queries, causing your web browser to go to a different site instead of Google, Bing, Yahoo or the search engine of your choice — often a site with more embedded ads. You'll know when you have an adware problem on your Mac, because your web browser just won't work the way it's supposed to.
Most of us will go to our web browser's Preferences menu to try to fix the problem: We'll try to set the search engine to what we prefer, set the home page to an empty page or one that we'd prefer, then close the preferences only to find that they haven't been changed, and that the behavior has continued.
That's because the ad-injection software — adware — has hijacked the web browser. And that software needs to be removed in order for the web browser to work the way it's supposed to.
But I didn't think Macs got viruses
Strictly speaking, Macs don't get actual bonafide computer viruses, at least not ones that are out "in the wild" (i.e., in actual distribution). Without getting into semantic differences between viruses and malware and adware, let me just clarify: Macs aren't immune to malware or adware, and never have been. For a very long time Mac users grew accustomed to thinking that they were impervious to the same sort of malware issues that PC users had.
In truth, very few Macs get any sort of problems with viruses or malware. That's because OS X is a different operating system from Windows, and many malware and adware developers exploit security problems in Windows, which still makes up the vast majority of computers used in the world. If you're trying to engineer software that will distribute widely, you go for the broadest possible population.
Unfortunately, some adware and malware does find its way onto the Mac. Fortunately, Apple provides a certain level of built-in protection, which we'll look at next.
OS X and Gatekeeper
In Mountain Lion (OS X 10.8) and newer, Apple has provided anti-malware software it calls Gatekeeper, which is built into the Security & Privacy system preference.
You won't see "Gatekeeper" listed anywhere, but you'll know its presence, right at the bottom of the General pane in the Security & Privacy system preference. Gatekeeper keeps software that doesn't belong on your Mac at bay by restricting what applications can be run.
You have three options for how to restrict the downloading of applications. You can specify that only apps downloaded from the Mac App Store can be run; the Mac App Store and identified developers; or anywhere.
Keeping it set to Mac App Store is the most safe. This prevents any apps from running unless they were downloaded directly from the Mac App Store, which Apple manages and checks.
Anywhere is the least safe; any application from anyone can be run on your Mac. Mac App Store and identified developers offers an additional measure of protection, because only apps made by developers with certificates signed by Apple can be executed.
This isn't foolproof, however — recently there was a spate of malware infestation on the Mac from China; Chinese Mac users who had downloaded pirated versions of Mac apps found their machines were infected with the "WireLurker" malware.
Rene is fond of saying that there's a battle between security and convenience, and that's demonstrably true here. While Apple tries to keep malware at bay through the development of Gatekeeper, it does offer you the option of not using Gatekeeper, or setting it up so you can override it if you're determined to. And that's most often when problems happen. If you override Gatekeeper's settings, you're making your Mac more susceptible to problems like adware injections, plain and simple.
Don't download what you don't know
The moral of the "WireLurker" story is to be very, very wary of software whose origins you can't confirm. It's tempting to click on free software downloads, and it's enticing to think that you'll get something for nothing. But there's the old adage about it being too good to be true, and this is sometimes the case with free software from suspicious web sites.
Pirated software sites certainly aren't the only way to get adware and other forms of malware downloaded to your Mac, though. Sometimes they'll disguise themselves as "extensions" that you'll load into Safari, Firefox, or Google Chrome web browsers. So be wary of those too. My rule of thumb is to only add extensions to Safari that Apple has listed in its Safari Extensions gallery (opens in new tab). You can also access this by clicking the Safari menu and selecting Safari Extensions.
I have adware installed. What do I do next?
Even if your Mac has been infected with adware, it's possible to remove it: You just have to know where to look. Check your web browser's extensions list. If you see anything installed by Spigot Inc., GoPhoto.it or Omnibar, remove it.
If that fails to work, you may have to go hunting through your Mac's system library folder for additional files that are contributing to the problem. Apple actually provides good instructions for doing this: they have a knowledgebase article (opens in new tab) that documents the most likely spots where adware can hide on your Mac, and provides step by step instructions for removing it.
If that looks like too much work, and you'd like to find a faster way to deal with it, check out AdwareMedic. It's free to download and it does a pretty good job of finding adware that doesn't belong on your Mac, giving you the option of getting rid of it. It's "donationware," so if you find it useful, make sure to throw the developer a few dollars.
AdwareMedic won't keep adware from getting installed on your Mac, however - it only removes it if it's already there. If you'd like to install a more proactive line of defense, there are a couple of options you might want to consider: ClamXav, a free anti-virus tool for the Mac, and Intego Mac Internet Security X8 (opens in new tab), a commercial application. Both can eradicate adware when they find it, and both can be set to actively monitor your Mac to make sure other adware doesn't find its way onto the Mac.
Hopefully this will get you on the path back to getting your Mac in tip top shape. If you still run into problems you can't solve, you're welcome to post comments here. You can also email me at email@example.com. Or take your Mac in to your friendly neighborhood Apple Store or Apple-authorized service provider, where a Mac technician can try to help you sort things out as well.
Get the best of iMore in in your inbox, every day!
Don't you need to turn off gateway to install this? You maybe should have mentioned that. Sent from the iMore App
Remember, use adblock as well for pesky annoying ads on many websites. That's another plus. Posted via the iMore App for Android
AdBlock is paid off to allow some of the most annoying ads, including Taboola.
Get uBlock instead.
This is true of AdBlock Plus but not the original AdBlock (different extension). Been using it for years with zero ads. uBlock looks great as well though.
Do you install any antivirus on your mac? If yes, what is your choice?
Like the piece says there are properly speaking no viruses on a mac. Therefore, running antivirus software is next to pointless. You do need to worry about adware/malware. It's not a biggie. Just download the free app malwarebytes and scan if you suspect any issues. Apple also has a page on what files to remove if you suspect anything. Otherwise, simply chill and be grateful you're not on a Windows box.
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.