Andy's Un-Official Unsolicited Mac Advice Thread

12627293132153

Comments

  • wxwaxwxwax Registered Users Posts: 15,471 Major grins
    edited June 7, 2006
    DavidTO wrote:
    Thanks, I didn't know that.

    Hmm, tempting to get Firewire hard drives. I think I'll hold off until i see for myself whether or not "Macs just work."

    First test: do "Macs just deliver?" I'm getting impatient!
    Sid.
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
    http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
  • DavidTODavidTO Registered Users, Retired Mod Posts: 19,160 Major grins
    edited June 7, 2006
    wxwax wrote:
    Let's put it this way: when you say "Macs just work," then list your maintenance routine, one becomes a little skeptical. deal.gif

    That is the no-problem-guarantee, over-zealous, extra-cautious routine.

    Also, spyware/adware of various kinds is so common and its use so widespread, that I simply don't believe that none has been written for Macs. I think it's entirely possible you have some on your machine and are oblivious. I imagine they made this program for a reason. naughty.gif

    They have Mac virus programs, too. But since OSX there hasn't been a single virus that has been found in the wild, and the anti-viral packages are more dangerous than caution and back-ups.

    With dubious reports of a nascent malware menace threatening Mac OS X's current status as (for all intents and purposes) a virus-free platform, many readers have inquired about the need for installation Mac OS X anti-virus software.

    Ask McAfee or Symantec and you'll be met with an implore that users purchase, install and regularly use their Mac OS X virus scanning software. With scare tactic statistics like "a 228 percent increase in malware attacks over the past three years" -- even though no single piece of Mac OS X malware has yet managed to successfully cause significant system damage or reliably spread -- it's easy to see why some users are taking the bait.

    However, what the virus software companies aren't telling users in their barrage of press releases and dire statements to publications that dutifully pass claims of a rising threat onto readers as fact is that, to date, more problems have been caused by anti-virus software on Mac OS X systems than actual vulnerabilities thwarted. While this circumstance doesn't negate the potential utility of having anti-virus software installed, and won't let the cautious rest easier should the currently mythical Mac OS X attack horde materialize, it should give pause to users who feel coerced into purchasing anti-virus software.

    First, let's look at some of the problems that have been caused, on a widespread basis, by Symantec's Norton AntiVirus:

    Ironically, a "highly critical" flaw was found in Norton AntiVirus. The vulnerability was as follows: During decompression of RAR files Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected. These vulnerabilities can be exploited remotely without user interaction in default configurations through common protocols such as SMTP. Symantec posted an antivirus based protection signature to LiveUpdate on December 20, 2005, providing a heuristic detection for potential exploits of the Symantec decomposer RAR archive vulnerability. The company also recommended that users 'Scan Compressed Files' to 'Off' in the Norton Auto-Protect pane of System Preferences to mitigate this vulnerability.
    Version 9.0 of Norton Antivirus spawned a file appropriately named "spacesuckingfile.xxxxxx" after it completed a virus scan. This was a temporary file that Norton AntiVirus created when scanning archives on your computer to help determine the amount of free space available on the disk before it begins unstuffing and scanning archives. The file contains no actual data and may be deleted. Normally, Norton AntiVirus deletes this file when scanning the archives is complete, though it may not be deleted automatically. Version 9.0.1 of Norton AntiVirus resolved this issue.
    The AutoProtect component of Norton AntiVirus produced an issue with apparent corruption of Mac OS X temp files that could result in spiking processor usage and complete system unresponsiveness.
    Sophos Anti-Virus is another popular tool that has succumbed to its own flaws in an attempt to "protect" users against a malware threat.

    A previous version of Sophos' AntiVirus software generated false positives for the "OSX/Inqtana.B worm", invoking users to delete critical application and system files and causing serious issues. Inqtana.B was a variant of OSX/Inqtana.A -- a Java based proof of concept bluetooth worm that affects older versions of Mac OS X 10.4.x (Tiger). The vulnerability did not affect Mac OS X 10.4.5 or Mac OS X 10.4.6, and had not been found in the wild. Despite that, Sophos' software was identifying "infected" files -- sometimes numbering in the thousands -- on Mac OS X 10.4.5 systems.

    Sophos quickly resolved the issue, but results of the false positives were, in some cases, disastrous. Users who thought their systems were infected deleted dozens (in some cases hundreds) of critical files rendering some applications useless and eliminating important data.

    Virex from McAfee (the company that released the aforementioned warning that Mac malware threats were up more than 200 percent in the past year) was a component of the .Mac subscribers package up until mid-2005, when Apple decided to pull the offering due to a number of issues documented here on MacFixIt, including slow overall system performance, constant fan activity, degraded performance in some applications and more. We also posted instructions for removing Virex from a Mac OS X system.

    Intego's VirusBarrier X, which was the first anti-virus package to become a Universal binary and has been among the least problematic of commercial offerings, has also exhibited various issues through its lifetime.

    In 2003, Virus Barrier X caused an issue where the system became totally unresponsive and refuses to start up properly from that moment forth.

    Intego's later fixed the issue a March 2003 virus definition release.

    Another minor issue was caused by VirusBarrier in late 2005, where hard drive space was rapidly decimated by the creation of several thousand tiny (4 KB) files spawned by VirusBarrier.

    Fortunately, your best bet for Mac OS X virus protection at this point is completely free. ClamXav is a free graphical interface (GUI) for the open-source ClamAV virus checker. The ClamAV scanning routine is also built into some Mac OS X utilities like Tiger Cache Cleaner.

    Even this tool, however, has been known to cause some issues -- particularly when installing software. In one case, application of the Adobe Illustrator CS2 12.0.1 updater was prevented by ClamXav's scanning operation.

    The bottom line is that Mac OS X virus software has, collectively, precipitated more security flaws, slow-downs, accidental file deletions and overall system issues than perhaps any other grouping of software.

    It's also important to remember that just because you have an AntiVirus software package installed and regularly scanning your hard drive does not -- by any means -- ensure you will not contract a Mac OS X virus should one materialize. Virus scanning software works by checking files on your hard drive against a pre-defined set of file types that could potentially be malware. Should the dreaded effective Mac OS X virus surface, current AntiVirus software will be rendered impotent against its spread until virus definitions are updated to account for the new type.

    Some virus scanning software packages use routines to check for "suspicious" actions that could indicate the presence of malware, but the chances of such a routine actually stopping a cleverly crafted piece of malware are slim -- especially since there has yet to be a compelling piece of malware for Mac OS X to compare against.

    In fact, the single best reason for installing anti-virus software on your Mac OS X system remains one of a good samaritan nature -- prevention of passing malware along to users of Windows systems.

    For some practical tips on reducing the threat of contracting malware on your Mac, see our tutorial "10 simple steps for securing your Mac".
    Moderator Emeritus
    Dgrin FAQ | Me | Workshops
  • wxwaxwxwax Registered Users Posts: 15,471 Major grins
    edited June 7, 2006
    Note that a virus is not the same thing as adware/spyware. Two very diferent animals.

    I accept that a Mac virus is a rare beast.

    It's the spyware stuff I'm not so sure about.
    Sid.
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
    http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
  • DavidTODavidTO Registered Users, Retired Mod Posts: 19,160 Major grins
    edited June 7, 2006
    wxwax wrote:
    Note that a virus is not the same thing as adware/spyware. Two very diferent animals.

    I accept that a Mac virus is a rare beast.

    It's the spyware stuff I'm not so sure about.


    Understood. I have heard nothing about Mac spyware...neither that they are a threat, a concern, nor had I ever heard of an app that dealt with them. That's how low on the radar it is.
    Moderator Emeritus
    Dgrin FAQ | Me | Workshops
  • colourboxcolourbox Registered Users Posts: 2,095 Major grins
    edited June 7, 2006
    wxwax wrote:
    Hmm, tempting to get Firewire hard drives. I think I'll hold off until i see for myself whether or not "Macs just work."

    I wouldn't get just a FireWire drive. It's never fun to try to use a drive to move big data and find out a computer doesn't have a certain connector. I have Macs and PCs, old and new, and so what works for me is both USB and FireWire connectors so that a drive is useful to any of my computers.

    There is FireWire 400 and FireWire 800. Some say external SATA ports/cards will start to give FireWire 800 serious competition at the high end. Apple dropped the FireWire 800 port from the 15" MacBook Pro, but kept it on the new 17" MBP, which confused everybody. All Macs have FireWire 400 and USB 2.0 ports.
  • DavidTODavidTO Registered Users, Retired Mod Posts: 19,160 Major grins
    edited June 7, 2006
    colourbox wrote:
    I wouldn't get just a FireWire drive.


    I agree, don't turn your back on USB 2, it's way too prevalent to ignore. But firewire is great, and preferable, IMO.
    Moderator Emeritus
    Dgrin FAQ | Me | Workshops
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 7, 2006
    wxwax wrote:
    Hmm, tempting to get Firewire hard drives. I think I'll hold off until i see for myself whether or not "Macs just work."

    My newer external drives are both firewire and USB 2.0.
  • wxwaxwxwax Registered Users Posts: 15,471 Major grins
    edited June 7, 2006
    colourbox wrote:
    I wouldn't get just a FireWire drive. It's never fun to try to use a drive to move data and find out you have mismatched connectors. I have Macs and PCs, old and new, and the best drive to get should have USB and FireWire connectors so that any drive can access the data.

    There is FireWire 400 and FireWire 800. Some say external SATA ports/cards will start to give FireWire 800 serious competition at the high end. Apple dropped the FireWire 800 port from the 15" MacBook Pro, but kept it on the new 17" MBP, which confused everybody. All Macs have FireWire 400 and USB 2.0 ports.

    Thanks. I note that the test David posted was between FW 400 and USB 2.

    My first Mac is a Macbook. Or it will be, when I finally get it! I only have one external that's both USB and FW. The others are USB only. Never thought I'd need FW! lol3.gif
    Sid.
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
    http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 7, 2006
    wxwax wrote:
    I only have one external that's both USB and FW.


    Buy more now!!!!!!!! deal.giflol3.gif
  • DavidTODavidTO Registered Users, Retired Mod Posts: 19,160 Major grins
    edited June 7, 2006
    wxwax wrote:
    Thanks. I note that the test David posted was between FW 400 and USB 2.

    My first Mac is a Macbook. Or it will be, when I finally get it! I only have one external that's both USB and FW. The others are USB only. Never thought I'd need FW! lol3.gif


    If you decide you need it, you can always just buy new cases and move the drives. Easy peasy, and cheaper, too.
    Moderator Emeritus
    Dgrin FAQ | Me | Workshops
  • wxwaxwxwax Registered Users Posts: 15,471 Major grins
    edited June 7, 2006
    patch29 wrote:
    Buy more now!!!!!!!! deal.giflol3.gif
    lol3.gif
    Sid.
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
    http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
  • wxwaxwxwax Registered Users Posts: 15,471 Major grins
    edited June 7, 2006
    DavidTO wrote:
    If you decide you need it, you can always just buy new cases and move the drives. Easy peasy, and cheaper, too.
    I never thought about that!

    That might be because I have no idea how these things work. lol3.gif
    Sid.
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
    http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 7, 2006
    My reinstall is going well. XP is up and running via Parallels. I just found out that my internet connection is live. :uhoh I went back to OSX and turned off the airport for now, that solved that problem.

    Do I want Automatic Updates On? ear.gif

    I guess I need to download some virus software now. :cry
  • Mike LaneMike Lane Registered Users Posts: 7,106 Major grins
    edited June 7, 2006
    patch29 wrote:
    Do I want Automatic Updates On? ear.gif
    nod.gifnod.gifnod.gifnod.gif
    Y'all don't want to hear me, you just want to dance.

    http://photos.mikelanestudios.com/
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 7, 2006
    Mike Lane wrote:
    nod.gifnod.gifnod.gifnod.gif

    Thanks.

    I am in the process of installing Firefox, Ad Aware SE personal and AVG free. The windows firewall is on and I am also accessing the internet via my airport which should have a firewall too. So am I safe enough? I am not checking email or surfing (outside of updates). ne_nau.gif
  • colourboxcolourbox Registered Users Posts: 2,095 Major grins
    edited June 7, 2006
    wxwax wrote:
    My first Mac is a Macbook. Or it will be, when I finally get it!

    Hope you're maxing out the RAM (with cheaper non-Apple sticks). A friend bought a MacBook for non-demanding uses (Word, e-mail, web) and I took a look at its virtual memory usage and at the out-of-the-box 512MB RAM it hit virtual memory much more than I expected. If I were running Photoshop on one I would definitely go to 2GB as soon as possible and plug in a Photoshop scratch drive into the FireWire port.
  • Mike LaneMike Lane Registered Users Posts: 7,106 Major grins
    edited June 7, 2006
    patch29 wrote:
    Thanks.

    I am in the process of installing Firefox, Ad Aware SE personal and AVG free. The windows firewall is on and I am also accessing the internet via my airport which should have a firewall too. So am I safe enough? I am not checking email or surfing (outside of updates). ne_nau.gif
    If you're not surfing for pr0n or warez or c1a1!5 you'll be more than fine.
    Y'all don't want to hear me, you just want to dance.

    http://photos.mikelanestudios.com/
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 7, 2006
    Mike Lane wrote:
    If you're not surfing for pr0n or warez or c1a1!5 you'll be more than fine.

    only for V$AGRuH lol3.gif

    No I will only go to known sites that I need updates for that I cannot access on the mac side. I will leave the internet connection on, just because it is a pain to turn on and off.

    The only Windows update that came up was a publish update, I did not do it, since I am not using publisher. ne_nau.gif

    Thanks for the info.
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 7, 2006
    ChrisJ wrote:
    If you're looking for a Firewire enclosure, I think you're out of luck... but a few USB2 enclosures seem to exist:

    http://www.cooldrives.com/almiposa25in.html
    http://www.addonics.com/products/external_hdd/#25sata

    I've never used either of these companies' products, though...


    Thanks, The top one looks good, the price is right, but it is out of stock and unknown. I will keep searching. I am not in a big rush, but it would be nice to have a spare drive.
  • jimfjimf Registered Users Posts: 338 Major grins
    edited June 7, 2006
    wxwax wrote:
    I accept that a Mac virus is a rare beast.

    It's the spyware stuff I'm not so sure about.

    The biggest difference by far is that the Mac makes good use of its security infrastructure and Windows does not.

    Notice that Mac malware was common prior to OSX. It disappeared. Why? It's not because the Mac lost marketshare; it's been growing ever since the release of OSX. The issue is that OS9, like Windows, provided no protection against the modification of system files. As such anything that managed to run at all could change the system to its heart's content. And people wrote software that did exactly that.

    Windows, despite moving to a platform with inherent security in NT, 2K, and later XP, has continued to run most user accounts with full system privileges -- thus rendering the security infrastructure completely worthless.

    It is possible to secure NT, 2K, and XP. In fact, I wrote a software package that did just that for NT3.5. The problem is that if you do this a remarkable amount of software will fail, having been written assuming full system privileges. This includes children's software -- which, to me, is total insanity. Microsoft's problem is that if they chose to turn on security they'd break a lot of software and they were having a hard enough problem getting people off of the unstable Win9x codebase. So they opted for loose security and we've all been paying the price for it.

    The good news for Windows folk is that Vista will (supposedly) move to a security architecture very similar to OSX. In so doing we should see malware issues largely evaporate. It couldn't happen soon enough for me.

    It will always be possible to write that malware because there are always bugs in operating system software. But with a locked-down system it becomes orders of magnitude more difficult. And that is why there are no known spyware applications on OSX, Linux, or FreeBSD yet Windows is completely infested.

    By the way, it is possible to substantially improve OSX security with two simple changes. First, create an administrator account separate from the normal user logins. Second, disable administrator privileges for all other accounts. This makes a big difference because /Applications is otherwise writeable by user accounts, and that allows malware to modify applications therein. From that point it's a fairly short step to infecting the rest of the system.

    The annoyance in doing this is that you will no longer be able to simply drop new applications into /Applications; you'll have to switch to the administrator account to do it. Apple was smart enough, at least, to have all system administration tasks authenticate if necessary ... so administration can still be done by random accounts, you just have to supply the administrator account and password.
    jim frost
    jimf@frostbytes.com
  • ChrisJChrisJ Registered Users Posts: 2,164 Major grins
    edited June 7, 2006
    patch29 wrote:
    Thanks, The top one looks good, the price is right, but it is out of stock and unknown. I will keep searching. I am not in a big rush, but it would be nice to have a spare drive.

    See the follow-up msg posted a couple below that one... Firewire/USB2 combo coming later this month, but it's $99(!) for the enclosure. I'm sure other manufacturer's will follow soon enough.

    ATA/IDE/PATA are pretty much all the same thing by different names. You just need the 2.5" size.
    Chris
  • pathfinderpathfinder Super Moderators Posts: 14,708 moderator
    edited June 7, 2006
    wxwax wrote:
    Thanks. I note that the test David posted was between FW 400 and USB 2.

    My first Mac is a Macbook. Or it will be, when I finally get it! I only have one external that's both USB and FW. The others are USB only. Never thought I'd need FW! lol3.gif

    One advantage of FW external drives, is that you can boot from them if you have a duplicate copy of your system drive in OS X on the external drive, as with Super Duper for a B/U.

    You cannot boot from a USB 2.0 drive on a MAC. You can just store data on a USB 2.0 drive.
    Pathfinder - www.pathfinder.smugmug.com

    Moderator of the Technique Forum and Finishing School on Dgrin
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 7, 2006
    ChrisJ wrote:
    See the follow-up msg posted a couple below that one... Firewire/USB2 combo coming later this month, but it's $99(!) for the enclosure. I'm sure other manufacturer's will follow soon enough.

    ATA/IDE/PATA are pretty much all the same thing by different names. You just need the 2.5" size.


    I saw that, just a little pricey.

    So is SATA the one with a different connector?
  • colourboxcolourbox Registered Users Posts: 2,095 Major grins
    edited June 8, 2006
    pathfinder wrote:
    You cannot boot from a USB 2.0 drive on a MAC. You can just store data on a USB 2.0 drive.

    Actually, this is changing. Reports on the Apple forums say that Intel Macs can boot off of a USB 2 drive.
  • StevenVStevenV Registered Users Posts: 1,174 Major grins
    edited June 8, 2006
    StevenV wrote:
    I guess there might be some pages with java or javascript code on them that "do evil," but I've not seen any like that.

    Ah, frack. IE And Firefox Sport New Zero-day Flaw. It's more a phishing/data-harvesting type thing, but it's reportedly cross-platform and cross-browser.
  • wxwaxwxwax Registered Users Posts: 15,471 Major grins
    edited June 8, 2006
    colourbox wrote:
    Hope you're maxing out the RAM (with cheaper non-Apple sticks). A friend bought a MacBook for non-demanding uses (Word, e-mail, web) and I took a look at its virtual memory usage and at the out-of-the-box 512MB RAM it hit virtual memory much more than I expected. If I were running Photoshop on one I would definitely go to 2GB as soon as possible and plug in a Photoshop scratch drive into the FireWire port.
    Thanks. I have 2GB ready to install. I don't know what you mean wrt the PS scratch disk, I'll root around. Thanks for the tips!
    Sid.
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
    http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
  • wxwaxwxwax Registered Users Posts: 15,471 Major grins
    edited June 8, 2006
    jimf wrote:
    By the way, it is possible to substantially improve OSX security with two simple changes. First, create an administrator account separate from the normal user logins. Second, disable administrator privileges for all other accounts. This makes a big difference because /Applications is otherwise writeable by user accounts, and that allows malware to modify applications therein. From that point it's a fairly short step to infecting the rest of the system.

    The annoyance in doing this is that you will no longer be able to simply drop new applications into /Applications; you'll have to switch to the administrator account to do it. Apple was smart enough, at least, to have all system administration tasks authenticate if necessary ... so administration can still be done by random accounts, you just have to supply the administrator account and password.

    What a great post! I'll see if I can figure out how to do that.
    Sid.
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
    http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 8, 2006
    I ran XP today and it wanted to install 44 updates, does that seem normal for a new install? Most were MS security updates. I guess it would be good to run all of them at once?
  • jimfjimf Registered Users Posts: 338 Major grins
    edited June 8, 2006
    patch29 wrote:
    I ran XP today and it wanted to install 44 updates, does that seem normal for a new install? Most were MS security updates. I guess it would be good to run all of them at once?

    Yes, as of last week an XPSP2 install required 44 updates.

    jim
    jim frost
    jimf@frostbytes.com
  • patch29patch29 Registered Users, Retired Mod Posts: 2,928 Major grins
    edited June 8, 2006
    jimf wrote:
    Yes, as of last week an XPSP2 install required 44 updates.

    jim


    Thanks. I will let them install. thumb.gif
Sign In or Register to comment.