Blog Archives
protect your mac from malware, viruses and other threats
If you’re new to Mac, you’re probably thinking that it’s a no-brainer that you need some kind of anti-virus app. Once you start looking around the web for reviews, it’s inevitable that you’re going to come across the Great Mac AntiVirus Debate: in the one corner, those who say Mac users who forego antivirus protection are arrogant and just setting themselves up for a fall, and in the other those who’ve used Macs for umpteen years, never had or heard of any real threat, and consequently say AV software is a waste of time.
You can read round this debate for years and never come to a satisfying conclusion, largely because its as much about what you ‘ought’ to do as it is about what is the case. Just because you’ve never had any viruses, doesn’t mean you won’t get one tomorrow. And yet, there are NO viruses in the wild known to affect macs, and so when one does arrive, it will be unknown to your AV scanner. Hence, an AV Scanner is just a waste of system resources (and possibly money, if you paid for it). Yikes! What do I do!!
What you do is sidestep the whole debate and stop thinking only about virus scanners, which after all deal with only a small subset of all the possible attack vectors in the internet age, and start thinking in terms of vulnerability scanners. Unlike a simple virus scanner, a vulnerability scanner examines your system not only for malware but also for any vulnerabilities in commercial software, plug ins, your system setup (including network and other sharing settings) and other installed items. The scanner will not only explain the threat and its severity but also tell you what, if anything, you need to do, recommend patches and guide you to links for more info where available.
You can use something like Nessus for free if you are a home user, which will give you a far better insight into the possible attacks someone could implement on your system (and it will check your system against almost all of the major virus scanner databases like Symantec, etc).
Even better, a vulnerability scanner like Nessus won’t just examine your machine, it’ll look at everything else (and all the installed apps) of anything on your home network including phones (any platform), other computer systems (any OS), and even your router.
uninstall flashback trojan
Among all the confusing posts and scare stories on offer this week about the flashback trojan, a lot of people seem to have missed the instructions for dealing with it.
Here’s F-Secure’s removal procedure:
Here’s Rich Mogull’s general advice for securing your mac in light of this new threat:
What you need to know about the flashback trojan
It’s also worth emphasizing that, for technical reasons, if your mac has Microsoft Office 2008 or 2011 or Apple’s XCode installed, this particular trojan will not have been able to infect your computer.
how to remove Lion Recovery disk
If you have reverted your mac to Snow Leopard from Lion, its important that you also remove the Recovery HD, as it can compromise the security of your Snow Leopard installation (for security issues with Lion, see here). Reverting to SL via Time Machine or restoring from a clone will leave the Recovery partition in place, meaning anyone can boot into it and reset your Snow Leopard passwords merely by restarting your mac while holding down the ‘option’ key.
To remove the Recovery disk follow this procedure:
1. Revert back to Snow Leopard using Time Machine or a clone.
2. Once you’re up and running and have confirmed everything is good, go to Terminal (Applications > Utilities > Terminal) and paste/type this command to confirm the presence of the Recovery HD:
diskutil list
then press ‘Return’. If you see a partition labelled something like this
Apple_Boot Recovery HD (see image above)
then you will need to continue with the rest of the procedure. If the Recovery HD is not listed here, you do not have the Recovery partition and need not worry further.
3. If you find the Recovery HD in the list, paste the following command into Terminal:
defaults write com.apple.DiskUtility DUDebugMenuEnabled 1
Press ‘Return’.
Now open Disk Utility (Applications > Utilities > Disk Utility). In the menubar at the top, choose Debug > ‘Show every partition’
On the left in the main Disk Utility window, you’ll be able to see ‘Recovery HD’ (it’ll be greyed out). You can click ‘Mount’ in the taskbar to make it active, and you can now delete it using control-click/right click – erase or by using the ‘erase’ tab in DU’s window.
If you want to confirm that the Recovery disk is no longer present, go back to Terminal and type the command from step 2.
Related posts:
how to secure your mac (OS X Lion)
how to uninstall MacKeeper – updated
MacKeeper – also known as 911 Bundle‘ in the App store — yes, you’ve seen the ads all over the internet, pop ups on your favourite webpages, it seems to be everywhere.
Many people that download and use MacKeeper experience severe problems as a result. If you have installed MacKeeper and wish to remove it, read on.
Uninstalling MacKeeper 2012
If you have used MacKeeper to encrypt any data, unencrypt it now. If you remove MacKeeper without unencrypting your data first, you will not be able to access it later. This only applies to data encrypted with MacKeeper, and not data encrypted using Mac OS built-in encryption services or using any other program.
Once that is done, you can follow MacKeeper’s uninstall instructions here:
http://help.mackeeper.zeobit.com/Manual/GettingStarted/UninstallingMacKeeper.html
These instructions promise that they will remove all MacKeeper’s associated files (see the note ‘Important’ at the bottom of their page). However, you may wish to do Step 4 in the procedure below for earlier versions of MacKeeper to check MacKeeper does not have access to your Keychain.
Uninstalling earlier versions of MacKeeper
If you have a version of MacKeeper earlier than MacKeeper 2012 you should follow the procedure below. You may not find ALL of the following, but any you do find should be removed.
Preparation:
i. Again, a warning: if you have used MacKeeper’s encryption feature, be sure to unencrypt before you uninstall MacKeeper.
Time Machine
ii. If you use Time Machine, leave it connected and do the Time Machine Step (TM step) where indicated. Instructions for the TM step are given in the box in step 1 below.
Clones
iii. If you use a clone without archiving, disconnect the clone and run the procedure below on your internal disk. When it is complete and you have verified everything is OK, connect your clone and wipe the partition using Disk Utility. Then make a new clone.
iv. If you use a clone with archiving, reboot into your clone now and run the procedure below on the clone first. Then shutdown your computer, disconnect the clone from the system and reboot into your internal drive. Run the entire procedure again on your internal drive.
Trash
v. If you have anything in the Trash, empty it now before you start.
The Uninstall Procedure:
Once you have prepared everything as above, you’re ready to start the uninstall procedure.
1. If MacKeeper is running, quit it. From the sidebar in any Finder window, choose your hard disk icon and go to your Library folder. Look in the Application Support folder for the folder inside it called ‘MacKeeper’:
/Library/Application Support/MacKeeper
Click on the folder once.
TM Step
If you are using Time Machine do the TM Step now.Enter Time Machine via the TM icon on your menubar at the top of your screen.
Click the little gear/cog in the Finder window and choose ‘delete all backups of xxx file’.
Enter your Admin password to confirm the delete. Exit Time Machine and then…
If you don’t use TM or after you have completed the TM step, hold down the ‘command’ key and press the ‘delete’ key once to send the file to the trash.
2. Still in Library, look for and trash any of these you find in the same way, remembering if you have Time Machine to do the TM step first in each case:
/Library/LaunchDaemons/com.zeobit.MacKeeper.AntiVirus
/Library/LaunchDaemons/com.zeobit.MacKeeper.plugin.AntiTheft.daemon
3. If you are using Lion, use the ‘Go’ menu in Finder’s menubar and hold down the ‘option’ key. Choose ‘Library’ from the menu (yes, this is a different Library folder from the one you were just in). If you are using Snow Leopard or Leopard, just click on the little ‘Home‘ icon in the Finder sidebar and navigate to the Library. Then trash any and all of these that you find, remembering to do the TM step (if applicable) first in each case:
Home/Library/Caches/com.zeobit.MacKeeper
Home/Library/Caches/com.zeobit.MacKeeper.Helper
Home/Library/LaunchAgents/com.zeobit.MacKeeper.Helper
Home/Library/LaunchAgents/com.zeobit.MacKeeper.plugin.Backup.agent
Home/Library/Preferences/com.zeobit.MacKeeper.plist
Home/Library/Preferences/com.zeobit.MacKeeper.Helper.plist
Be careful not to delete the wrong files: only those that have got the words ‘zeobit’, ‘MacKeeper’, ’911′ or ’911bundle’ should be trashed.
4. Go to Applications > Utilities > Keychain Access.app and double click on it. Notice the padlock in the window is up there on the left, rather than down the bottom. Click on it and enter your admin password. Now go through all the items in the ‘Keychains‘ list (such as Login, System, Root) with ‘All items’ selected in the ‘Category’ list. Anything you find related to ‘MacKeeper’ or ‘zeobit’, click on it, then choose Edit > Delete from the menu.
(Thanks to Al for also mentioning this point in the Comments below! 
).
5. Open the Activity Monitor utility (Applications>Utilities>Activity Monitor.app), make sure ‘All Processes’ is showing in the drop down menu just over on the right of the dialogue box, then scroll down the list and see if any processes called ‘MacKeeper’, ‘zeobit’ or ’911 bundle’ are still running. Older versions of MacKeeper may have a ‘WINE’ process running, so also look for ‘wine’. Anything you find, click on it and hit ‘Quit Process’ (top left).
6. Go to your Applications folder from a Finder window and select MacKeeper (if you have Time Machine, do the TM step now). Then, hold down ‘command’ and press ‘delete’ once. If you assigned MacKeeper to be pinned in the Dock, be sure to also drag the icon off the Dock and release it anywhere over the desktop. It will, satisfyingly, disappear in the ‘poof’ of a cloud. 
7. When you’re done filling up your trash can with all this junk, click on the Finder> Empty Trash.
8. Go to
> System Preferences > Users & Groups (or ‘Accounts’ for Snow L) | Login Items
If you see anything to do with MacKeeper in the list of items there, highlight it, then click the little minus ‘-’ button near the bottom of the list.
9. Restart your Mac. Everything should be back to normal, but check the Activity Monitor one last time to be sure.
10. After restart, be sure to fix your system permissions. If you encounter any problems that you did not have before, fix the ACLs too.
**If you are running a clone, remember to follow the instructions given above under “Preparation: Clones”.**
Supplementary: If you have a problem with MacKeeper pop-ups while using your browser, try clearing out the caches, like this:
In Safari menubar, choose ‘Safari > Reset Safari’. Make sure all the options are checked.
This will not only clear out your caches, but everything else stored by the browser. Don’t worry, it won’t affect your bookmarks, but it will reset your ‘top sites’ and history.
In Firefox menubar, choose ‘Tools > Clear Recent History…’ and choose ‘Everything’. Again, it’ll clear everything out but won’t delete your bookmarks.
Obviously, if you use any other browsers like Opera or something you’ll have to find the same options for those too.
Related Posts
block MacKeeper and other browser ads
protect your mac from malware viruses and other threats
NOTES
1. If you have any problems carrying out the steps, try starting your Mac up in Safe mode, and then running the procedure.
2. You can safely ignore any MacKeeper files that are in the Logs, BOM or Receipts folders.
3. If you have only downloaded the MacKeeper package but not ran the installer, you only need to send the .pkg file in your Downloads folder to the Trash. That’s it!
Acknowledgements
This post has been refined and improved over time thanks to suggestions and replies made in the Comments and on Apple Support Communities. Thanks especially to Al, Lyndon and Jack.
how to turn a Lion into a (Snow) Leopard
Well, a lot of folks are so unhappy with the new Lion operating system that they’re returning to Snow Leopard. Even some people who are buying new Macs with Lion pre-installed are wishing they could get rid of the new hairy cat for the cooler and more efficient previous one.
In this post I’m going to point you to a few links that should help you do just that.
What you will need:
Snow Leopard Install disks
External Drive
Carbon Copy Cloner (free software).
Safety first, folks! Go to How to Clone your hard drive — do this before you start! It’s your insurance, and it’s far better and easier than Time Machine. Even if you use TM, make a clone too!
Take a look at How to Install Snow Leopard on an External Disk — If you’ve already got Lion on your internal, install SL on an external first. Try it out for a week or so. If you’re convinced you’re going to revert fully (rather than just run both in tandem, like I do), then clone it back to your internal HDD using carbon copy cloner, as detailed above in How to Clone your hard drive.
Finally, How to revert your Mac to Snow Leopard offers a comprehensive guide from ASC community member ds store.
Good luck!
Have you reverted to Snow Leopard? Let us know how it went, and why you decided to ditch the Lion in the comments below.
OS X Lion 10.7 — the jury’s verdict
It’s been over 10 days since the jury went out to weigh up the evidence for and against Mac’s new operating system, 10.7 (OS X Lion). With Apple announcing a million downloads in the first 24 hours, there’s been no shortage of heated debate across the blogosphere and discussion boards (this thread runs to 60 pages and counting! Also see this witty and perceptive post about one user’s frustrations with the upgrade).
So it appears that some love it, others hate it, many are merely sanguine about the whole experience. A number of people are reporting trying it and reverting back to Snow Leopard with brow-mopping relief. My guess, though, is that the vast majority of Snow Leopard users are patiently waiting till a few updates have been released and all the early bugs ironed out.
It’s worth remembering the options: even if you buy Lion now to take advantage of the $30 opening price, you don’t have to install it now. You could buy it and leave the installer app in your Apps folder till the updates get released. Nor do you have to install it over the top of your existing installation. You could install Lion on an external disc instead, or move your Snow Leopard to an external disc and have Lion on your internal disc. Either of those options will allow you to play around with it and switch over fully when you’re truly ready. Don’t forget you can check out whether your existing software will work with Lion.
I have to say though, after ten days, 10.7 is starting to grow on me, and I think the external drive with Snow Leopard sitting on it is going to be gathering dust in a cupboard from now on. That’s not to say I’m thrilled with all that Lion has to offer. It’s a mixed bag, so sit back and let me read the court’s judgement in full.
The Good, …
-
Mission Control
— yes, I have unwillingly been converted. The four-finger screen swipe (left/right to change screen, up/down for Spaces and Expose, respectively) is addictive, and now I don’t think I could live without it. The truth is I could never get along with Spaces or Expose in Snow Leopard anyway, but Mission Control really does sort of force itself upon you. I do miss the App Switcher that is no longer available via the trackpad (Cmd-Tab still invokes it). There are free 3rd Party programs that you can get to add it back into the trackpad, but my experience is they are awkward at best.
-
Preview
— this is an app I use a lot and I love what they’ve done to it. Preview’s enhancements are one of the most undersold changes in all the talk about Lion. It’s always been ahead of Adobe Reader to my mind, but it did have shortcomings, particularly with adding and placing comments neatly and readably. The new Preview has tidied that up nicely, with the comment markers placeable with much finer precision and clear, neat lines indicating which comment each belongs to. The full screen feature also looks great and makes reading a pleasure.
-
Mail
— is growing on me. Switch it back to Classic view for a tidier interface, but there’s still lots of nice things about it. The animated display when you double-click to open a message is very neat (note: you won’t see the animation if you’ve got your IMAP account settings set to ‘Don’t keep copies of any messages’ in Mail Preferences | Advanced).
the Bad, …
Well, overall, the worst thing about Lion is that most of the good things are really cosmetic. There’s not a lot of new things you can do with Lion, and what there are, I don’t like much, particularly the triumvirate of data guardians otherwise known as
-
Resume, Autosave and Versions
— Apple has gone to extraordinary lengths to ensure every keystroke, every page, every file you ever open is remembered somewhere (and often in multiple somewheres) on your internal drive and your backup drives. It’s worth noting that not all of these are places the average user can either find or remove. This is something that not everyone is thrilled about, and certainly it’s raised a few eyebrows among the security-conscious. If I were a Chinese blogger, I’m not sure I’d want to update to Lion (you think the Chinese don’t buy Macs? Oh,please!). Another thing worth noting about the Evil Trinity is that Apple has also made them extremely difficult to turn off. Resume, despite what you might be reading elsewhere, cannot be turned off by default (or at least no one’s found a way to do it yet).
However, with all these things, it’s not so much that you can’t beat them, but that you have to work around them. Adjusting your workflow to avoid Resume, Autosave and Versions is certainly possible, but something some may rightly begrudge paying $30 to have to do (in which case, that external backup of Snow Leopard I mentioned above is your friend!). I’ve already written about Resume, and I hope to post workarounds for Versions and Autosave in the near future (sign up for the RSS feed).
The only other ‘bad’ thing I have to say about 10.7 is LaunchPad. This is the iPad look-alike-finger-swiping app display (known as ‘springboard’ on the iPad). A complete waste of time: literally, it’ll take you forever to organise it, and even then it’s a very slow way to find anything but your most familiar apps. There have always been much faster and more efficient ways to get to both your most-oft used apps (the Dock) and those you only occasionally fire up (Finder).
…and the Ugly.
It’s not often that Apple do ugly, but its been universally acknowledged that the designs for iCal, Address Book and Photo Booth are a real eyesore. Fortunately, it’s easy to get rid of them with a bit of mucking about.
Conclusion
So should you upgrade or not? Well, why make it a black-and-white decision when you could have the best of both worlds? If you have a spare drive hanging around, whip it out, pay your $30 and take Lion for a test-drive. If it’s not for you right now, just put it away till the updates smooth it out and the time is right regarding compatibility. After all, if you’ve invested heavily in Apple products or have a lot of legacy material, then it’s probably only a matter of time before you give in and let the Lion tame you, too!
