[zacharie]

Dear users,

I've just got a brand new powerbook 15 and the computer gives me headaches....
I've installed the last version of Virex from .mac. Since then I can't bring my computer to the desktop window.
The thing is stalled at the presentention screen stating 'Waiting for Apple file Service'
and nothing goes on.

I've restarted with the disk, repaired permissions but nothing comes of it.
Please if someone knows how to repair it let me know (I've re-installed the system fifth time since yesterday and I begin to be desperate). My old 667 Ti works so much better with the same 10.3.8 system and sames config. Why is that so?

Thanks you to give me an idea. I feel completely lost.

Zacharie.

[ManOfSteal]

This is happening each time you install the .Mac Virex software? 5 times after each system re-install you have performed?

[frankiec]

Why don't you wait to install Virex until an OS X virus actually appears?

Considering all the hype around Windows and its viruses compared to virus-free Macs when an OS X virus appears it'll be the biggest IT news of the year. You'll hear about it before you'll be a victim.

Every year I say, "maybe this year," but it hasn't happened it.

[cpac]

Originally posted by zacharie:
Dear users,

I've just got a brand new powerbook 15 and the computer gives me headaches....
I've installed the last version of Virex from .mac. Since then I can't bring my computer to the desktop window.
The thing is stalled at the presentention screen stating 'Waiting for Apple file Service'
and nothing goes on.

I've restarted with the disk, repaired permissions but nothing comes of it.
Please if someone knows how to repair it let me know (I've re-installed the system fifth time since yesterday and I begin to be desperate). My old 667 Ti works so much better with the same 10.3.8 system and sames config. Why is that so?

Thanks you to give me an idea. I feel completely lost.

Zacharie.

(1) Please use descriptive thread titles "Plese help" doesn't tell anybody what your problem is.

(2) When you've reinstalled the system, what sort of installation? Archive & Install? Clean install?

(3) If clean installs crash your system, then they have nothing to do with Virex, since that wouldn't have been installed. If, on the other had, the crashes start only once you've installed Virex, then all I can suggest is not installing Virex.

(4) Have you tried just waiting (for a while) when it says "Waiting for Apple File Service"?

[ghporter]

Originally posted by frankiec:
Why don't you wait to install Virex until an OS X virus actually appears?

Considering all the hype around Windows and its viruses compared to virus-free Macs when an OS X virus appears it'll be the biggest IT news of the year. You'll hear about it before you'll be a victim.

Every year I say, "maybe this year," but it hasn't happened it.

This may be good advice before someone has a problem, but it's too late now. Do you have any useful advice about this? Further, waiting until there is a virus in the wild is like waiting until your date says "um, that was great, but there's something I should tell you..." before putting on a condom. You might be safe, but then again...

I ALWAYS use antivirus software because even if something comes through that won't hurt my Mac at all, I do not want to help spread it all over the world. This is usually referred to as "being a good neighbor." It's a personal choice; please don't ridicule someone for having made that choice.

[zacharie]

Dear users,
I found that virex is apparently the culprit. I've installed it at the 5 installs, each of them clean installs. I've discovered virex was the convicted when i installed it at the end of every other apps.
I've came to a solution buy putting the new powerbook as target firewire drive and I pilot it with my old titanium. I've erased every virex related files and restarted the new computer with no problems.
I push the experience forward by intalling Virus barrier from Intego. NO problems with Virus barrier, it works great with the new machine.

Maybe it's good to know for you all that virex is not that good at its present version with 10.3.8

Thank you all and be well.

[analogika]

Thank you for the follow-up.

Good to know.

[frankiec]

Originally posted by ghporter:
This may be good advice before someone has a problem, but it's too late now. Do you have any useful advice about this? Further, waiting until there is a virus in the wild is like waiting until your date says "um, that was great, but there's something I should tell you..." before putting on a condom. You might be safe, but then again...

I ALWAYS use antivirus software because even if something comes through that won't hurt my Mac at all, I do not want to help spread it all over the world. This is usually referred to as "being a good neighbor." It's a personal choice; please don't ridicule someone for having made that choice.

Blah, blah, blah, truthfully I didn't read your entire post.

Just because a virus exists in the wild doesn't mean you'll get it the first minute, day, or week it comes out.

You act like when there's the first OS X virus that millions of Mac users will get it instantly, no news, no warning.

No one ridiculed anyone except you ridiculing me.

It's quite obvious now that Virex has caused more problems than it's worth. Who knows. Maybe when a virus DOES EXIST then there will be a QUALITY Virex version that is released -- saving this guy T I M E from messing with unneeded software that only produces paranoia and a waste of energy, time, and bits and bytes.

But, hey, the anti-virus companies love to sell your products based on a ZERO threat.

Been using Macs for years, connected to the Internet 24/7, downloading, emailing, BitTorrenting, IRCing, "everythinging" -- where's the viruses? Still waiting.

When a virus appears it'll be on every Mac site, CNET, Google News, and everywhere else. You'd have to be seriously incapacitated to miss the news.

[ghporter]

Originally posted by frankiec:
No one ridiculed anyone except you ridiculing me.

I certainly didn't mean to sound like I was ridiculing you. I did want to point out that, whatever your thoughts on the usefulness of antivirus software, zacharie is having a problem with his, so helpful comments would be better than saying he's wasting his time. Sorry if it came across differently.

Yes, I'm a paranoid about computer security. It's a professional hazard. I'm very glad that there are no active viruses that affect Macs out in the wild right now. As far as we know. However, the popularity of plaguing Windows seems to be at a plateau, so don't be surprised if the cleverer script kiddies start targeting Unix and Unix-like OSs (including OS X) more forcefully in the near future.

[frankiec]

Virus software is only as good as it's data file. When a virus appears the software has to be updated. Install it now and update it later. Or don't install it now and install/update it later. But, fair enough, ghporter, I understand where you're coming from.

[ghporter]

Originally posted by frankiec:
But, fair enough, ghporter, I understand where you're coming from.

Cool. And of course the good AV stuff lets you set it to automatically update itself.

[SMacTech]

Originally posted by zacharie:
Dear users,
I found that virex is apparently the culprit. I've installed it at the 5 installs, each of them clean installs.

What a big surprise. That said, even if there were a virus on OS X, Virex wouldn't probably catch it anyways.

[Brass]

Originally posted by frankiec:
When a virus appears it'll be on every Mac site, CNET, Google News, and everywhere else. You'd have to be seriously incapacitated to miss the news.

I personally do not use any virus protection on my Mac. However, the above advice of don't worry about it until a virus appears is not good avice.

Most people are NOT aware of a major virus outbreak until after they've received the virus itself (many times, usually by email). There is no way the news is going to broadcast a story about a virus before the virus has begun doing the rounds on the net.

Once a virus has been released, they spread very quickly. In fact, they spread so quickly that virus vendors cannot even produce updates to detect the new virus in time to prevent many people from catching it.

Where I work, our virus definitions are updated hourly, and still I gett several virus ridden emails with every new outbreak.

[Uncle Skeleton]

Originally posted by Brass:
Once a virus has been released, they spread very quickly. In fact, they spread so quickly that virus vendors cannot even produce updates to detect the new virus in time to prevent many people from catching it.

Exactly. Whether you jump the gun on installing it now or not, it won't stop that first virus, after which you and everyone else who ever reads the news will know that things have changed and AV software is suddenly not useless.

[Brass]

Originally posted by Uncle Skeleton:
Exactly. Whether you jump the gun on installing it now or not, it won't stop that first virus, after which you and everyone else who ever reads the news will know that things have changed and AV software is suddenly not useless.

Not sure why it would be any different for the first virus to the 10,0000th virus? If AV software is not going to help with the first virus, why would it help any more with any other virus? That doesn't really make sense.

[Big Mac]

The thing that I am wondering is, why Virex causing so much pain to the OP? Virex has been known to do strange things, but something like this has yet to be reported by anyone else (unless I have missed something). Where did you get your copy of Virex from, and which version is it?

[analogika]

Originally posted by Big Mac:
Where did you get your copy of Virex from, and which version is it?

Originally posted by zacharie:
I've installed the last version of Virex from .mac.

[Maflynn]

Personally I'm really on the fense with AV software.
While I wouldn't think of running my PC w/o it, for my mac well I do.

While the advice don't worry until one appears is wrong, in essence isn't that what we are all doing (those who don' have AV installed).

Without AV software you can help propagate a word or excel virus without you being infected and we all know its really a matter of time before one appears.

I wonder how NAV stacks up against Virex. I'm not norton fan as they've clearly abandoned the mac platform but I do like their anti-virus software on the PC.

FWIW I'm nearly ready to install some AV software because I don't want to get caught flat footed and I don't want to be a tool by helping propagate a virus.

Regards
Mike

[chris v]

All the way back to OS 8 at least, so often Virex was more like having a virus than preventing one. Remember having to disable Virex and restart half the time to get CDs or Zip disks to mount or programs to install? If I could have back the hours wasted futzing wih that mediocre program before I finally ditched it...

[Uncle Skeleton]

Originally posted by Brass:
Not sure why it would be any different for the first virus to the 10,0000th virus? If AV software is not going to help with the first virus, why would it help any more with any other virus? That doesn't really make sense.

Because on the 10,000th virus, the AV software is already protecting you from 9,999 other viruses. Before the 1st one it's just sitting around causing problems and trying to annoy and scare you to justify its existance.

[zacharie]

Dear Users,
I wish to precise that I've installed virex from .mac along with the mac os 10.3.8 update without any other 3rd parties app. Yet, the OS stalled at the opening.
Go and figure why, but I'm sure that Virex is the trouble maker.

Now, I don't have it in my laptop, have installed all my working apps, added Virus barrier and the computer works great and flawessly.
I don't work for intego, I've just wanted to add my opinion about other anti-virus programs on the larket which seems to cope very well with 10.3.8
Thank you.

[CharlesS]

Call me irresponsible, but I also am not worrying about anti-virus software until there's actually a virus for Mac OS X. The day a virus comes out for OS X, it will be all over MacNN as well as all the other media, and I'll know about it.

As for Word and Excel viruses, yes, Office for Mac can get those, but if you are a responsible user, you can set the preferences to warn you before running any macros.

[Detrius]

Originally posted by frankiec:
Blah, blah, blah, truthfully I didn't read your entire post.

Just because a virus exists in the wild doesn't mean you'll get it the first minute, day, or week it comes out....

But many people WILL get it the first minute, day, or week it comes out. If you go around telling *everyone* that they shouldn't bother with an antivirus, then some of those people that you told will have problems because of your advice. The statistically probability that you or I will be one of those people will be very low, but if thousands of people hear your advice, then some of them are likely to be among that are hit due to your advice. Keep that in mind.

[Uncle Skeleton]

Originally posted by Detrius:
But many people WILL get it the first minute, day, or week it comes out.

But those people won't be saved by AV software until the definitions for that software is updated with the new virus. How long will that take for that first virus? I haven't used AV software in 5 years and at that point it seemed like they got a new list like once a month. Is that still true?

[ghporter]

Originally posted by Uncle Skeleton:
But those people won't be saved by AV software until the definitions for that software is updated with the new virus. How long will that take for that first virus? I haven't used AV software in 5 years and at that point it seemed like they got a new list like once a month. Is that still true?

Typically the AV vendors have a usable update available within hours of the first verified sightings in the wild of a new virus. If you use antivirus software, and have it check in for updates once a month, you could be fine-or you could be SOL. On my PCs I have the AV package check EVERY DAY; I'm considering changing that to three times a day, depending on what goes on in certain areas.

Now let's consider how viruses propagate. Typically they move from machine to machine through email or web pages/postings. Now we Mac users are, from a chatting and mailing perspective, a promiscuous bunch; we'll send all sorts of things through email, forums, blogs, and anything else we can think of. We LOVE to share cool stuff. The problem with that? It lowers our tolerance for weird and suspicious stuff. A PC user receiving an email apparently from someone he knows might think twice before opening it if the subject line reads "Check out this Stickybrain article!" because they don't know from Stickybrain. (You gotta admit, a lot of Mac apps have goofy sounding names-intentionally goofy, at that!).

So the odds are, since OS X is pretty well scrubbed for holes (and it's actually modular, like all Unix-like OSs), that a virus isn't terribly likely to come out today. We can say (often smugly) that virus writers like Windows because they have more fun with it. But in reality, it takes a lot of work to find holes in Windows, and every time a new hole is found, that hole's cousins get closed up too. It's getting to be harder and harder to find new exploits to play with, so sooner or later, somebody's going to start concentrating on OS X. With its close relationship to Berkley's Unix and Linux, I think it's overdue for a nice, big nasty surprise.

99.999% of the time, my seatbelt does nothing but remind me it's there. When that 100,000th drive comes around (whether it's actually drive #100,000 or the next one), I'm still going to be wearing it.

</antivirus zealot mode>

[Big Mac]

Viruses don't necessarily exploit holes in the OS. The most secure OS in the world will still execute malicious code if told to do so. The major threat to the creation and propagation of new Windows malware is cracker boredom.

[Brass]

Originally posted by Uncle Skeleton:
Because on the 10,000th virus, the AV software is already protecting you from 9,999 other viruses. Before the 1st one it's just sitting around causing problems and trying to annoy and scare you to justify its existance.

So you're saying that you wouldn't install AV software for protection against new viruses, but only for protection against existing viruses?

(and being that there are currently none, you won't install it now)

OK. Fair enough.

[tooki]

But antivirus software, by pure logic alone, can only protect against known viruses. (I'll ignore heuristic scanning for now.) Existing AV software will do nothing against a virus it can't recognize. I can assure you that when the first virus for Mac OS X emerges, it'll be all over the Mac news and tech sites, newsletters, etc. Regardless of whether you have antivirus software installed or not, you'll be vulnerable until you download fresh software. At that point, what difference does it make if you're just downloading a new definition, or the full install? Either way you are unprotected until you take action.

I suppose that users with self-updating AV software could fare better, but realistically, unless it's some radically powerful virus, most people won't get infected anyway. (I mean, on the Mac, the technical hurdles to creating a virus are extremely high -- especially one that can be transmitted via email, instant messaging, web pages, or some other internet protocol.

My hunch is that the first Mac OS X viruses will a) not be viruses but worms, b) won't be able to infect a system outside the user account that contracted it, c) won't spread rapidly.

tooki

[Macpilot]

Originally posted by tooki:

My hunch is that the first Mac OS X viruses will a) not be viruses but worms, b) won't be able to infect a system outside the user account that contracted it, c) won't spread rapidly.

tooki

This is interesting. I guess it would be a good idea to create an account that is not the admin, so if you got a virus/worm or whatever, in the non-admin account, it could not affect the admin account. Is this correct? Should all OS X users operate the machines in this way. I think I have seen this recommeded elsewhere. Sounds reasonable.

[Uncle Skeleton]

Originally posted by Macpilot:
This is interesting. I guess it would be a good idea to create an account that is not the admin, so if you got a virus/worm or whatever, in the non-admin account, it could not affect the admin account. Is this correct? Should all OS X users operate the machines in this way. I think I have seen this recommeded elsewhere. Sounds reasonable.

I say no. The most important thing to protect on your system is not your system, it's your data. Your data will be accessible to your user no matter what type of user your user is.

[CharlesS]

Originally posted by Uncle Skeleton:
I say no. The most important thing to protect on your system is not your system, it's your data. Your data will be accessible to your user no matter what type of user your user is.

While your data is important, a virus that spreads to all your apps and gains root access through the StartupItems and LoginHook exploits to spread all over the rest of the system is quite a bit harder to clean out than one that only affects your home folder.

[ghporter]

Originally posted by tooki:
My hunch is that the first Mac OS X viruses will a) not be viruses but worms, b) won't be able to infect a system outside the user account that contracted it, c) won't spread rapidly.

Unfortunately, once it hits the press, the copycats will start up, and even if their output is trivial, it will be a nuisance. That's what most viruses in the PC world are, anyway. Dammit. Once that first one is out, Pandora's Box will be open... Dammit twice. With any luck that will be a LONG time in the future.

[SMacTech]

The problem with A/V software is configuring it properly so it doesn't rob the system's performance. Often times, the default is to inspect every file that is opened and saved to the disk, each and every time it is opened and saved. Which is, if you think about it, extremely silly and counter-productive. Not only that, but it will inspect Applications, data files, pdf, jpg, and on and on, over and over. If you feel the need to do that, you are being extremely paranoid.

On better programs, you can build an exclusions list, so that it isn't always inspecting trusted apps and documents for viruses.

Imagine, saving a 1GB video file, or opening one while doing a FCP project, and having the AV software constantly inspecting the file for a virus. Suddenly your 1.5Ghz Mac feels like a 1ghz one.

Virex is crap, and I often wonder why Apple includes it with .mac membership.

[Uncle Skeleton]

Hey, there are a lot of mods in this thread. Will one of them please edit the thread title to be more descriptive already?

[ghporter]

Originally posted by SMacTech:
The problem with A/V software is configuring it properly so it doesn't rob the system's performance. Often times, the default is to inspect every file that is opened and saved to the disk, each and every time it is opened and saved. Which is, if you think about it, extremely silly and counter-productive. Not only that, but it will inspect Applications, data files, pdf, jpg, and on and on, over and over. If you feel the need to do that, you are being extremely paranoid.

On better programs, you can build an exclusions list, so that it isn't always inspecting trusted apps and documents for viruses.

The point behind checking each file as it's opened is that some other process might have modified it in the background, so before allowing the system to "run with" the file, the AV software examines it. In many products you CAN instruct the software to ignore files, such as text files, documents, and so on; including everything covers the AV maker's butt-"Your product is defective because I didn't tell it to check all executable files and a virus wiped me out" is something their lawyers don't want to hear. This tayloring is essential, and present in all of the products that I'd bother with. It's also very easy to configure on my personal choice, Symantec.

As for speed, Symantec's Client Security product is pretty quick. The only time I notice it is a)when I mount a disk or image and b)when the "little alien" icon goes nuts on its regularly scheduled update check. Of course since there are relatively few threats to OS X and apparently none active, the AV makers haven't seemed to work on optimizing their products to make them as smooth and imperceptable as their PC products. Look for that in the future.

And there are security threats for PC platforms within some .pdf, .jpg, and even Office files. AV makers don't want to have to answer the question "why do you look at these files on PCs and not on my Mac?" because the people who would ask such a question sadly probably wouldn't understand the answer. So they make the scans look at all the same files on both platforms.

As a PC user, I have developed the philosophy that, even though I'm paranoid about computer security, that doesn't mean that they aren't out to get me. This is appropriate on the PC platform because they certainly ARE out to get PC users. I really am afraid that it's only a matter of time before Mac users are on their list as well.

[CharlesS]

Originally posted by ghporter:
The point behind checking each file as it's opened is that some other process might have modified it in the background, so before allowing the system to "run with" the file, the AV software examines it. In many products you CAN instruct the software to ignore files, such as text files, documents, and so on; including everything covers the AV maker's butt-"Your product is defective because I didn't tell it to check all executable files and a virus wiped me out" is something their lawyers don't want to hear. This tayloring is essential, and present in all of the products that I'd bother with. It's also very easy to configure on my personal choice, Symantec.

Does Norton AntiVirus still litter the /System/Library/Extensions folder with kernel extensions?

[theolein]

While it's certainly a good idea to run AV software that isn't buggy, just in case, I personally am not all that worried. Although OSX does have a couple of local user permission escalation vulnerabilities, (CharlesS mentioned them above), I think Apple will, eventually, get around to clearing that up.

In fact, my biggest worry isn't about viruses, worms or trojans, it's about Apple's response times. Sometimes, generally when it's some Open Source software, Apple is very quick in providing patches. Other times, however, such as was the case last year with the URL/File Helper vulnerability, Apple takes months to release a patch. We're still, some months after Apple was informed of this, waiting for patches of the local user permission escalation vulnerabilities. I don't know whether it's because the problem involves other system software that will break when the problem is patched and Apple has to exhautively test the patches, but the waiting sucks.

Other than that, I'm not really worried. OSX is very similar to Linux in its core (the whole unix thing), and most Linux users (desktop, not server) don't run AV software yet are not often victims of hacks. While Linux patches are out there far quicker than OSX patches are, the way the systems work are similar enough to make it fairly difficult for remote attacks or automatic vectors to succede. No programmes run automatically when one just clicks on them (the big problem on Windows systems, via WSH) so mail attachments are unlikely to do much damage. One needs to actively start a programme to enable a vector.

That said, I think the first real OSX problems will be due to cleverly crafted trojans that do no obvious damage but install themselves as startup items or use some other vulnerability to install rootkits etc. Since very few Mac users bother to check the MD5 checksums on things they download, if they even exist, it should be possible for some clever cracker to modify or even write some simple utility himself and place it on versiontracker or macupdate. People who try that utility out will find it perhaps useless and discard it, but only after it had done its damage.

[tooki]

Originally posted by ghporter:
This is appropriate on the PC platform because they certainly ARE out to get PC users. I really am afraid that it's only a matter of time before Mac users are on their list as well.

I've gotta disagree with you there: it's not a matter of time. Virus writers have had tons of time to write viruses and other malware for the Mac, and yet they haven't in a very, very long time. Clearly there are other factors at work, such as the Mac's higher intrinsic security, the reduced spreadability of Mac viruses, and the fact that Windows is just simply a much easier and larger target.

I'm not saying that the Mac world should become complacent about security, but I plain and simply do not believe that the PC mindset (with respect to malware) is applicable to the Mac.

tooki

[CharlesS]

Originally posted by tooki:
I've gotta disagree with you there: it's not a matter of time. Virus writers have had tons of time to write viruses and other malware for the Mac, and yet they haven't in a very, very long time. Clearly there are other factors at work, such as the Mac's higher intrinsic security, the reduced spreadability of Mac viruses, and the fact that Windows is just simply a much easier and larger target.

I'm not saying that the Mac world should become complacent about security, but I plain and simply do not believe that the PC mindset (with respect to malware) is applicable to the Mac.

tooki

Oh, I'm sure that someone will write a virus eventually. It's gotta happen sooner or later. Even OS 9 had the AutoStart worm and SevenDust. Someone will eventually make one for OS X. 6 billion people on this planet, eventually one of those is going to decide to do it.

Of course, once it happens, someone else will quickly make a freeware like Agax that will scan for and root out this particular virus. We'll all download it, and life will go on...

[eggman]

I'm with tooki. Think of all the PC folks who burn with a seething hatred for Macs. And yet... and yet the Mac has been mercifully free of the ravages of virii.

Heck, cell phones that have been on the market for a year or two have been exploited, while OS X has not. I'm not saying that it can't or won't happen - that would be absurd. It's just somewhat remarkable that it hasn't happened yet... which leads me to believe that it isn't such an easy thing to do.

Whereas PCs are just asking for it: ActiveX, Outlook Macros, IE buffer overflows... the hits just keep coming.