Antivirus

We are writing a blog post on this. Our opinion is none, rely on XProtect the built in protection in MacOS.

Keeping MacOS up to date is the best protection for MacOS.

We hope to have it posted by end of week.

One site with good info on XProtect is eclectliclight.co

I look forward to read your blog post.
But if you had to choose one, which one will you pick ?

@marcet 

If I had to choose, I would rely on XProtect.

Keep MacOS up to date. As soon as there is a new version. Turn on Auto update.

I firmly believe this is more than adequate to protect the Mac against malware.  you are actively sharing files with Windows users, there is little risk to you, in my opinion. Being alert, cautious etc, is the best preventive.

Maybe there is a "best', but we are not in that business, do not understand how these4 products work and cannot recommend any specific. Especially since we have been warned in a security conference that they have the potential to open more security holes than they close on MacOS.

Hey!

Can you tell me exactly what Malwarebytes is doing in order to prevent SoftRAID from running correctly please? SoftRAID appears to launch correctly on my system with the latest versions of both MB & SR.

Thank you.

@djtobes 

We do not know yet. If SoftRAID can launch, then it is not doing anything. What happens is the SoftRAID Monitor gets blocked. It can be removed as a "Launch Agent", or login item. We found at least one app that actually tampers with the SoftRAID installed components. Our focus was solving the problem, we did not hae time for a deep dive to see what is changed, we were relieved to figure out the cause.

If the SoftRAID App works, then there is no issue at all. Its only when some change made by one of these apps stops the Monitor from working that there is a problem.

The reason macOS is far superior to Windows, in terms of base OS malware protection, is that Apple has done quite a lot to prevent malware.  You can read about it here:

https://support.apple.com/en-euro/guide/security/sec469d47bd8/web

I'm a developer and if you stick to notarized software, you should be fine.  Additionally, if you use Firefox and use uBlockOrigin and Privacy Badger, you will be very protected from drive-by malware on websites.

The reason notarized apps are really safe is the hoops developers have to jump through to get notarized.  My company spent many months doing what was necessary to get notarized and it was a PITA.  (We don't use the typical languages for apps on macOS, that's the main reason.). What Microsoft should copy: not allowing execution of code in memory segments not specifically noted for code by the developer.  This would prevent a LOT of malware from ever getting a foothold.

@envoy510 

An one of the problems with this SoftRAID issue we have been dealing with is Its apparent, identified deve3loper can write code that deletes parts of other developers code. (We caught one instance, where a third party app was deleting for example, localized text from SoftRAID)

Apple does have extremely good protection. We are going to post a blog soon on this subject, with the holiday season, its been hard to get the time to write it.

I was taken aback by the warning issued by the SoftRAID 7.6.1 installer that specifically named Bitdefender, which I am using, but only ominously alluded to problems without providing specific information.  It took me, a software designer and developer who has worked in major financial and pharmaceutical companies in Switzerland, a long time to put the "trust Apple" mantra into proper perspective and to install third-party products to provide some functionality that Apple builds into macOS where I deemed appropriate. Bitdefender is one of them. Another, need I say it, is OWC SoftRAID. It struck me as rather "cheeky" to recommend uninstalling "theirs" and keeping "yours." particularly since, prior to 7.6.1 both products evidently coexisted without problems. I have notified Bitdefender that I expect them to work with OWC to resolve the problem. I tried to notify OWC similarly via Support but received no pro forma email acknowledgment.

I am running macOS Ventura 13.6.3 on both a 2018 15" MacBook Pro (Intel) and a 202116" MacBook Pro (M1 Max). I have installed the 7.6.1 updated on the Intel machine, but not on the Apple Silicon one. I suspect the problem does/will not occur in Ventura, as it is using the 7.5 driver. So far, so good.

@r_r_liu 

The problem is when third party applications alter, or block components of other third party applications.

If Bit Defender engineers reach out to us, and fix the problem, or give steps to undo the damage, (and prevent it) we are happy to post it on our warning page, or remove the warning if the cause is addressed. We have been contacted by another company already and are happy to work with anyone. We did not want to do this, but it is not our "bug".

Most of the software applications we identified in SoftRAID block the SoftRAID Monitor from loading. The SoftRAID driver is in /System/Library, which is write protected and cannot be altered. What is happening is the Monitor, which is in /Library/Application Support is being blocked.

SoftRAID Monitor is a faceless application that monitors your RAID and reports issues. Its critical to proper functioning of SoftRAID RAID Management.

Apple may not always have the best reputation for blocking malware, but it is quite excellent. Malware experts we trust have stated  third party solutions can actually open security holes. We will be posting a blog post on this as it is an important subject.

One note: Since you are in a sensitive industry, you must keep MacOS current. Apple still supports Ventura with XProtect, but you are several Ventura Updates behind, and unless you are manually updating XProtect, your system is not protected from the latest exploits. Read about XProtect, a great source is eclecticlight.co

Posted by: @softraid-support

↑

One note: Since you are in a sensitive industry, you must keep MacOS current. Apple still supports Ventura with XProtect, but you are several Ventura Updates behind, and unless you are manually updating XProtect, your system is not protected from the latest exploits. Read about XProtect, a great source is eclecticlight.co

 

I'm sorry. MacOS Ventura 13.6.3 IS the most recent update to macOS Ventura. Settings > Software Update is only offering an Upgrade to Sonoma; if there were an update to Ventura, Software Update would be offering it.

I reiterate. In the grey area where third-party software is notarized by Apple and causes problems with other notarized software, it behooves both parties to seek a solution together. If everything was working OK before OWC released 7.6.1 of SoftRAID, then, in the user's view, the culprit is SoftRAID; it evidently is doing something differently in 7.6.1 than in 7.6. That doesn't mean, however, that the solution isn't for the other party involved to modify its product. What is definitely counterproductive is for either or both parties to point fingers at the other. I see no reason for OWC to wait until Bitdefender, quasi as supplicant, approaches OWC, especially since it's OWC customers who are experiencing a problem.

By the way, is the problem present in Ventura, given that it is using the 7.5 driver?

@r_r_liu 

Sorry you are correct, I "read" 13.3 by mistake. sorry.

As of ventura 13.3, you cannot "update" the SoftRAID driver. It is fixed in the system. The driver will always be 7.5 in Ventura.

the problem is not a change in 7.6.1. We built a validation into 7.6.1, we have been suffering this issue for a long time. What we missed was when the driver loaded from the /Library folder, then these apps could try to disable the monitor but could not (I am being non technical here). I.e, this problem has actually existed for a long time and we did not know, as it did not effect the Monitor.  As of 1.3., SoftRAID Monitor loads from /Library, while the softraid driver loads from /System, and these apps can successfully block the Monitor. That is the issue and why we put the dialog box there. We do not have high level contacts at these companies, so will wait until they reach out. We are starting to hear, which is good, as it is the engineers that reach out.

On Notarization, I learned something I did not understand, as to how SoftRAID could be damaged by third party apps. Notarized apps are protected when copied from one system to another. Once installed, there is no "check" to confirm thay are still intact. So a third party app can for instance, delete localized text. etc.

Something we are investigating, from what I understand.

As of 1.3., SoftRAID Monitor loads from /Library, while the softraid driver loads from /System, and these apps can successfully block the Monitor.

What is "1.3"?

In the meantime an "Adrian B." (title in signature "Technical Support Engineer") from Bitdefender has mailed me. Here is the essence of his email:

I'd like to get a better understanding of the issue/error you are facing so please take a screenshot of it and attach it to your reply. You can also use a phone or a camera to take a picture. 

 

I'll also need a few more details about what is happening so I can get back to you with an accurate solution.

Of course, if I understand your elucidations above, there's really nothing to take a screenshot of. The monitor is blocked from loading. If by "monitor" you mean what I see when I start SoftRAID, then logical making a screenshot of its absence is only of philosophical interest, but hardly helpful for debugging. If you mean something that runs in the background and monitors the disks' health, then the fact that the user interface is present but monitor isn't running ("the lights are on but nobody's home"), then a screenshot of the user interface won't help either.

I am going to point Adrian to this thread and ask him to escalate to a "high-level contact", an engineer, who should contact someone working on the problem on your side.

Thanks for taking the time to explain the situation.

Regards,

Richard

@r_r_liu 

Please ask them to contact us. I can put him in touch with our VP engineering. We would be happy to explain technically what is happening.

We would love to resolve this with every developer that is conflicting with SoftRAID. It does no good to have such issues. thanks for your efforts.

If you post an email address, I will delete it before moderating the post.

Here is another example of why this problem is complicated. From another user:
FYI, I just installed Softraid 7.6.1 on a MacBook Pro M1 Max running Sonoma 14.2 and Bit Defender 9.4.1.4. I turned off Bitdefender Shield during the Softraid 7.6.1 upgrade installation. Afterward, I turned Bitdefender Shield back on. Softraid seens to have no problem launching or running.

@softraid-support Not getting anywhere (hopefully only so far) with Adrian B. I'll continue to press him to escalate to the engineers.

Regarding the quote on turning Bitdefender off before installation of SoftRAID 7.6.1, then back on: I have the same version of Bitdefender. The MacBook Pro (M1 Max) is running macOS Ventura 13.6.3. I took no such precaution during the installation, and have ignored the warning that appears when the SoftRAID monitor starts. 🤞 (Keeping fingers crossed).