Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
Not open for further replies.

Ramgrim

macrumors newbie
Original poster
Feb 23, 2017
1
0
Hello!

I wanted to check my system and heard about EtreCheck.

1) Is it safe app to use?

2) Is this safe place to download it from?

Screen+Shot+2016-10-28+at+14.50.42.png
 
It is the same site. HTTPS is more secure, as the connection will be encrypted between your computer and the server.

Thank you for reply!

Out of curiosity, what could happen if one used http one in etrecheck case? Could outside party somehow infect the downloaded app?
Or would downloading etrecheck from http be as safe as from https as I am not entering any data myself?
 
Last edited:
Out of curiosity, what could happen if one used http one in etrecheck case? Could outside party somehow infect the downloaded app?
Or would downloading etrecheck from http be as safe as from https as I am not entering any data myself?

A connection can be intercepted somewhere between your computer and the destination server, e.g. by the network provider, the DNS provider, the Internet-service provider and so forth. It is thus possible for someone to intercept your connection and redirect you to an infected software download. TLS (HTTPS) mitigates this by encrypting the connection between your computer and the server.

Note that macOS will refuse to open unsigned software by default, regardless whether it came from an HTTP or HTTPS website. This means that an attacker must also obtain a valid developer certificate from Apple (or steal one from another developer). You can always check the signature of a downloaded program with this Terminal command, and then see whether the name is legit.
Code:
spctl --assess -vv <application>


For example, using it on a downloaded copy of EtreCheck:
Code:
$ spctl --assess -vv ~/Downloads/EtreCheck.app
/Users/<username>/Downloads/EtreCheck.app: accepted
source=Developer ID
origin=Developer ID Application: Etresoft, Inc. (U87NE528LC)
 
A connection can be intercepted somewhere between your computer and the destination server, e.g. by the network provider, the DNS provider, the Internet-service provider and so forth. It is thus possible for someone to intercept your connection and redirect you to an infected software download. TLS (HTTPS) mitigates this by encrypting the connection between your computer and the server.

Note that macOS will refuse to open unsigned software by default, regardless whether it came from an HTTP or HTTPS website. This means that an attacker must also obtain a valid developer certificate from Apple (or steal one from another developer). You can always check the signature of a downloaded program with this Terminal command, and then see whether the name is legit.
Code:
spctl --assess -vv <application>


For example, using it on a downloaded copy of EtreCheck:
Code:
$ spctl --assess -vv ~/Downloads/EtreCheck.app
/Users/<username>/Downloads/EtreCheck.app: accepted
source=Developer ID
origin=Developer ID Application: Etresoft, Inc. (U87NE528LC)

Thank you for explanation!

I'd only ask then would it be possible for someone to make identical looking (but malicious) site with same name, only one has https and other http?

For example (using current example) https://etrecheck.com/ and http://etrecheck.com/
One being official and other scam site? Or would this be impossible?
 
Thank you for explanation!

I'd only ask then would it be possible for someone to make identical looking (but malicious) site with same name, only one has https and other http?

For example (using current example) https://etrecheck.com/ and http://etrecheck.com/
One being official and other scam site? Or would this be impossible?
Yes, but it's very unlikely.

I really wouldn't worry about it.

The developer of EtreCheck would notice it very quickly and take action. Pretty much the same goes for most of the other websites you visit on a daily basis.
 
Yes, but it's very unlikely.

I really wouldn't worry about it.

The developer of EtreCheck would notice it very quickly and take action. Pretty much the same goes for most of the other websites you visit on a daily basis.

Also, if someone even did such scam site, went as far as to somehow get valid developer certificate from Apple just to infect someone's Mac, the fake app would therefore not function as real one anyways?
For example if malicious app was masked as Etrecheck, no one would bother make it display what look like Etrecheck results after its scan? At least not good enough to fool anyone when its posted in Mac forums?

(Just trying to figure out how far can scamming go. :D)
 
2) Also, would it be possible for someone to make identical looking (but malicious) site with same name , only one has https and other http?

For example (using current example) https://etrecheck.com/ and http://etrecheck.com/
One being official and other scam site? Or would this be impossible?

That’s a bit more difficult to answer. A domain name is ultimately just a name that points to an IP address of another computer (the server). etrecheck.com points to 69.163.152.207. http:// and https:// are similarly just syntax for the port numbers to which the connection is made, 80 and 443 respectively. Domain names are maintained by DNS providers. As long as the DNS provider you are using correctly points etrecheck.com to 69.163.152.207, then an attacker could not claim either the HTTP or HTTPS website for themselves.

However, given what I said above, an attacker can intercept your connection and pretend to be etrecheck.com, regardless of port number. They could theoretically even act as a TLS server and still give you a valid HTTPS connection, but this is mitigated by separate mechanisms. For those I refer you to this excellent video:
.

For example if malicious app was masked as Etrecheck, no one would bother make it display what look like Etrecheck results after its scan? At least not good enough to fool anyone when its posted in Mac forums?

(Just trying to figure out how far can scamming go. :D)

Usually something like this is discovered quickly. But it is certainly possible that an attacker infects a working copy of the program. This happened with Transmission last year. The application worked normally, but it also installed ransomware in the background. It was discovered within hours though.
 
That’s a bit more difficult to answer. A domain name is ultimately just a name that points to an IP address of another computer (the server). etrecheck.com points to 69.163.152.207. HTTP and HTTPS is similarly just syntax for the port numbers to which the connection is made, 80 and 443 respectively. Domain names are maintained by DNS providers. As long as the DNS provider you are using correctly points etrecheck.com to 69.163.152.207, then an attacker could not claim either the HTTP or HTTPS website for themselves.

However, given what I said above, an attacker can intercept your connection and pretend to be etrecheck.com, regardless of port number. They could theoretically even act as a TLS server and still give you a valid HTTPS connection, but this is mitigated by separate mechanisms. For those I refer you to this excellent video:
.



Usually something like this is discovered quickly. But it is certainly possible that an attacker infects a working copy of the program. This happened with Transmission last year. The application worked normally, but it also installed ransomware in the background.

Thank you for the insight!

In short, known apps like Etrecheck can be infected, but the chance is rather low and there isn't much need to worry about things I can't change?

And in small chance I do get working app that still installs ransomware or some poop, Malwarebytes should take care of it?
 
I know this is an old thread, but I seem to recall John Daniel from Etresoft explaining why Etrecheck was no longer in the App Store. Now suddenly it’s back in the AppStore again. Does this seem strange to anyone
 
  • Like
Reactions: Brawdy14
I know this is an old thread, but I seem to recall John Daniel from Etresoft explaining why Etrecheck was no longer in the App Store. Now suddenly it’s back in the AppStore again. Does this seem strange to anyone

I remember the developer saying that too. Perhaps Apple have changed the rules in the App Store.

Here's what I see in MY store:- https://imgur.com/sLEh2rD

It doesn't say how much it costs. Has anyone reading here any idea?
 
According to the developer, the Pro version is $9.99. It's advertised in the App Store as having an "in app purchase".

Thanks, 'chscag'.

I'm slightly confused though. In the product reviews in the Apple App Store I see this:- https://imgur.com/gallery/WgHg1JM

That clearly shows the price being £9.99 - pounds sterling, not dollars.

I've searched all pages of the etresoft web site and no longer see a price mentioned anywhere. Maybe these tired old eyes have simply missed it! No doubt someone will provide a link if I'm mistaken.
 
Thanks, 'chscag'.

I'm slightly confused though. In the product reviews in the Apple App Store I see this:- https://imgur.com/gallery/WgHg1JM

That clearly shows the price being £9.99 - pounds sterling, not dollars.

I've searched all pages of the etresoft web site and no longer see a price mentioned anywhere. Maybe these tired old eyes have simply missed it! No doubt someone will provide a link if I'm mistaken.

There are, the last time I checked, 195 countries in the world. Most of them have their own currencies and most of them are included in Apple's App Store. Anyone who wants to know how much the EtreCheck Power User package is going to cost can download the app for free and look at the "Buy Power User package" button. That button will clearly show Apple's price for the product in the currency of the country associated with your Apple ID. Furthermore, you will have to confirm the purchase and price again in a pop-up window.

I am not responsible for random screenshots you might find on the internet. Nor am I responsible for the blatant falsehoods that are often included in app reviews. As I'm sure YOU are aware, David, sometimes people on the internet aren't 100% truthful.
 
I am not responsible for random screenshots you might find on the internet. Nor am I responsible for the blatant falsehoods that are often included in app reviews.

THIS is NOT a random screenshot:- https://imgur.com/gallery/WgHg1JM

I personally took the screenshot - it's from my own iMac screen!
Are you, or are you not, John, the author of the comment made by the 'Developer' shown in the screenshot I took?
 
Last edited by a moderator:
Talking about things that don’t seem right, I have just read a comment from Etresoft about how pleased he is that he has just got his product on the App Store, yet I have just seen this from 2017 http://macappstore.org/etrecheck/

Your finding is truly intriguing! :confused:

My question remains unanswered.

If he's genuine, John will return and answer in a civil manner. It's important that one can be confident in a developer before downloading and then installing, or running, software on one's computer.

His integrity had not been in question until be started wriggling on the Apple Support Communities forums earlier this year. His LinkedIn persona appeared fine when I first checked it some years ago but it is no longer visible to me. The web site is shown http://etresoft.com indicating that the company is based in Canada, but the map at linkedIn shows the company being in California, USA. https://www.linkedin.com/company/etresoft-inc./
 
Last edited by a moderator:
Both you and I, Asinrutee, know that 'etresoft' posted another message earlier today, in between the current posts 18 and 19 - either he, or a moderator, has removed it. He stated that EtreCheck didn't feature in the Apple Store until September 21st 2018, so your finding is truly intriguing! :confused:

My question remains unanswered.

If he's genuine, John will return and answer in a civil manner. It's important that one can be confident in a developer before downloading and then installing, or running, software on one's computer.

His integrity had not been in question until be started wriggling on the Apple Support Communities forums earlier this year. His LinkedIn persona appeared fine when I first checked it some years ago but it is no longer visible to me. The web site is shown http://etresoft.com indicating that the company is based in Canada, but the map at linkedIn shows the company being in California, USA. https://www.linkedin.com/company/etresoft-inc./

I hope he does, because it will be interesting to hear what he has to say, but there do seem to be some questions to be answered
 
His integrity had not been in question until be started wriggling on the Apple Support Communities forums earlier this year.
My integrity has never been in question.

His LinkedIn persona appeared fine when I first checked it some years ago but it is no longer visible to me.
I deleted that account due to online harassment from cyber-stalkers.

The web site is shown http://etresoft.com indicating that the company is based in Canada, but the map at linkedIn shows the company being in California, USA. https://www.linkedin.com/company/etresoft-inc./
As I have stated before in this thread, if you have a problem with information displayed on some random website, you need to contact that website. I am not responsible for any information you see on Mac App Store reviews, macappstore.org, Linkedin, or any web sites other than my own.
 
I am not responsible for any information you see on Mac App Store reviews
Are you claiming that the responses - 'Developer Response' - in the Mac App Store have NOT been made by you, John?

The truth WILL out - always! :)

Here's an example, just so there is no misunderstanding:-
 

Attachments

  • Screenshot 2018-11-24 at 22.07.30.png
    Screenshot 2018-11-24 at 22.07.30.png
    3.1 MB · Views: 749
Last edited:
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.