KnockKnock is a Mac app from security expert Patrick Wardle (Objective-See) that scans for persistently installed software and checks VirusTotal to flag potential malware infections. The scan examines login items, startup scripts, login/logout “hooks”, periodic scripts, system extensions, Spotlight importers, and Quicklook plugins. (You can exclude Apple’s software from scans/reports via the app’s preference settings.)
Malware installs itself persistently, to ensure it is automatically executed each time a computer is restarted. KnockKnock uncovers persistently installed software in order to generically reveal such malware.
…
Q: KnockKnock found many applications, should I be worried?
A: No. KnockKnock simply enumerates items that are automatically started; either during startup, during login, or during another application’s launch (e.g. browser extensions). Although signed-Apple items are filtered out by default, many legitimate 3rd-party items will likely be shown. Of course, the goal is that KnockKnock will also display any persistently installed malware.
Q: Ok, so how do I determine if something is malware?
A: By design KnockKnock itself doesn’t try to determine if something is malware or not. However, since VirusTotal is fully integrated into KnockKnock, known malware will be detected (and highlighted in red). The remaining items that are not flagged can be manually examined.
KnockKnock 2.4.1 is a free download for OS X 10.11 (“El Capitan”) and later.
|
