How to Check Package File for Malware Before You Install It in Mac

Mac users have enjoyed a long run of fairly virus-free computing, but it shouldn’t be taken for granted that there is no virus. While Apple has kept a close grip in the App Store, some malware, on rare occasions, still make it up there. Likewise, the macOS Gatekeeper is only useful when you do not override its settings, but that will restrict you to only install apps from the App store. So if you download an app that didn’t come from the App Store, how can you check whether it is safe to install?

check-mac-installer-package-suspackage

Suspicious Package is a special-purpose utility program designed to check macOS packages – software files that install application programs. Packages typically contain several components, including the app itself, scripts that automate the installation process, and other files the program needs. Although the macOS packaging system is an efficient way for developers to organize all the pieces that go into an app, it’s also possible for hackers to subvert it by inserting their own malicious programming. Suspicious Package allows you to inspect the contents of any macOS package, potentially heading off a malware infection.

check-mac-installer-package-security

The Suspicious Package app is available for download directly from mothersruin.com. To install it, you may have to temporarily bypass the macOS Gatekeeper which normally prevents you from installing non-App Store programs by accident. In “System Preferences” go to “Security & Privacy -> General -> Allow apps downloaded from:” and change the setting to “App Store and identified developers.” When you open the Suspicious Package dmg file, you’ll see the warning, “SuspiciousPackage.dmg blocked from opening because it is not from an identified developer.” Click the “Open Anyway” button to install the program.

check-mac-installer-package-quick

The “Quick Look” feature displays a package summary from the Finder without having to launch the Suspicious Package app itself. This is a handy time-saver if you have several packages to check. To use Quick Look, highlight the package you want to evaluate from the Finder, then find the Quick Look item in the Finder’s File menu, or press “command + Y.”

To check a package you’ve downloaded, launch Suspicious Package. From the “File” menu, select “Open,” then browse your Downloads or other folder for a package file to inspect. Suspicious Package analyzes the file, then displays a set of tabs: “Package Info,” “All Files,” and “All Scripts.” If the app detects problems with the package, the Review icon indicates a warning.

check-mac-installer-package-info

The Package Info tab gives an overview of what’s in the package. It shows how many items are installed, how many scripts it uses, and whether it is signed or not. It lists when the package was downloaded and the browser name. Finally, if the package has problems, Package Info shows the number of warnings given.

check-mac-security-package-files

Resembling a Finder window, All Files shows all the files stored in the package, including the application itself, supporting files, and folder organization. Click on any folder to see its contents.

check-mac-installer-package-script

The All Scripts tab lists all the macOS shell scripts used to install the package. Each script is a mini-program containing text commands used to copy, create, and delete files. Click on a script name to see the instructions. The File menu includes options to edit a script, should you want to.

When using Suspicious Package, you may see a warning that says the package isn’t signed. Package signing is a feature Apple developed so software developers can “stamp” their programs with a digital signature officially tying the application to the people who wrote it. The signature gives confidence that the software is legit and not a cheap knock-off. In fact, Apple requires signatures for all software in the App Store. Some developers, however, don’t spend the extra effort needed to sign their software. Many unsigned packages, including open-source and freeware programs, are actually okay to use. On the other hand, if you’re buying Mac software from a major vendor, the absence of a signature is a big red flag.

The vast majority of Mac programs are free of malware. However, programs downloaded from third-party sites carry a small risk of spyware and other unwanted baggage. Though primarily aimed at technical users, Suspicious Package lets anyone evaluate macOS software for malware and other problems. The app clearly reveals the contents of a software package before you install it. Especially for Mac people who don’t use the App Store as their only source for software, Suspicious Package makes a worthy addition to your Mac toolbox.

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.