Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

anti V

Nov 30, 2007 1:48AM PST

Peter,
i recently received an offer from Smith Micro, a portion of which i have pasted herewith: "With Intego VirusBarrier X4 on your Mac, you can rest assured that your computer has the best protection available against viruses of all kinds."
My own question: are we old timey mac operators still as bullet proof as we used to be ? i recall many postings from you on the subject of: we just don't have that kind of problem on the mac, and generally enjoyed your derisive scorn and witty repart

Discussion is locked

- Collapse -
At the risk of starting a flame war,
Nov 30, 2007 3:52AM PST

there is still not a single virus, in the wild, that attacks OS X.
The major AV companies would be very happy for you to lay down your hard earned cash to purchase their products but they always have a hard time telling us exactly what Mac virus's they protect against.
Note that I did not, and do not, say that OS X is bulletproof. One day, someone will eventually manage to write a self-propagating virus for OS X.

It is important to be clear about what a virus does. It must have the ability to sneak onto your machine, place itself into a critical area, infect it, replicate itself and then dispatch itself to other machines. They usually email themselves to every email address they can find on a machine.
This has not happened with OS X in the last 7 years.

Social Engineering, on the other hand, is something that there is not much protection against. If I were to send you a little AppleScript and told you to run it, would you? Probably not, but others would if I changed its name to Office 2004 for OS X and increased its size a little. So, if my little AppleScript deleted the contents of your Music & Picture folders, would the AV companies start to scream about a "New Virus that deletes music and pictures", you bet. Only problem is that this script would come to and end on your machine and not go anywhere else so it does not qualify as a virus.
Launching unknown apps is a risk we all take when we download freeware or shareware and believe the description. This is how Limewire and other P2P sites are used to spread virus's.
BTW, the Office 2004 scenario; it happened on Limewire in 2004!

Bottom line. The free ClamXAV will do exactly the same as Symantec/NetBarrier/Mcaffee but for a much better price. It will also spot Windows virus's that are sent to you. You can then get that warm fuzzy feeling when you do NOT forward the infection on to one of your less enlightened friends.

There is nothing wrong with 10.3.9; especially if it is the highest OS that your machine will comfortably support.

P

- Collapse -
Social Engineering continued.
Nov 30, 2007 3:56AM PST

Beyond the above we have an UPHILL discussion about "programmed" Windows users that are "programmed" to buy Antivirus, Firewall and now other "protection" software.

This is good for many companies so why would anyone rock this (money) boat?

-> This issue is simple for me to understand but I have written software for Linux and other OSes. Sadly I can't seem to convey why we don't need a firewall on Unix and it's derived OSes. But you really don't need it.

Welcome to our deprogramming discussion.

Bob

- Collapse -
thank you gentlemen
Dec 6, 2007 4:03PM PST

Thank you gentlemen. This info has eased my mind considerably. Peter, What would be the best way for someone who had acquired such a malicious script as you describe above find its location in order to delete it ?

- Collapse -
That script
Dec 6, 2007 8:47PM PST

if it came by email, you should have the name of the file.

Just do a search, Apple + F or Spotlight, for the name of the file.

Then delete it

P

- Collapse -
file name ?
Dec 7, 2007 11:46PM PST

Suppose a file name is not even known, as to what if any damage it might do or be capable of doing, how then can a non coder find and identify it so as to isolate and delete it ? Also, what if a malware script were only suspected to have been acquired in some piece of "freeware" ? i got a message from my ISP that my computer was sending out material thought to be spam. They use McAffe, i don't. i do have clam XV but no malware script detector. i had no clue if the message was genuine or a phishing attempt. i deleted it on the spot and didn't try any of the links contained within it. All of my friends send links in their email from time to time. And i GET that this is one of the more risky things we lay computer users do. And yet, unwilling to think badly of a friend, sometimes we DO click on the link. Shame on us, we are mortal.
Also, these days, i get a frequently occurring icon on my desktop that appears to be without content and looks as though it would be an application. It is labled "untitled" if i eject it (and i do) it will after a time reappear. If there is a pattern to its reappearances i haven't spotted that yet. It may be a function of connecting to my ISP to go on-line. Or not Any suggestions ?

- Collapse -
Stuff
Dec 8, 2007 3:52AM PST

Files do not just "appear" on the desktop. They arrive there by virtue of something that the user has done. What are these mysterious files? What icon do they have.
When you say "eject it", do you mean you put it in the trash or do you mean that when you move it the Trash icon changes to an Eject symbol.

Spam is not a virus. It's a nuisance but that's about all.

P

- Collapse -
Correction
Dec 8, 2007 5:32AM PST

"Files do not just "appear" on the desktop. They arrive there by virtue of something that the user has done". Yes i can definitely agree with that statement, because i have generally found it, by experience to be true. What was done, or by whom on the other hand, since it can be a button selected in error or a freeware product naively downloaded in good faith or from other causes, done long enough ago to be forgotten, can then become an exercise of the: OH MY GAWD! NOW look what have i done! catagory.
The icon itself looks like the generic application symbol bearing the label: "untitled". If i mouse > single-click to highlight it and then try to use file > eject "untitled" it flees the scene just as most applications will when so treated. The catch is i haven't as yet discovered what is turning it on or from whence or when to expect its return. A new discovery, it appears from file > info to contain about 9.5 Mb of invisible something or other. i said before it appeared empty but mis-spoke due to the empty look of the window. Yes i did understand that spam is not a virus. My guilty thought that a mal-script i allowed in may be dictating something and attempting to send it out from my address identifiable to mcAfee as "spam" was a speculation on my part only . Does it seem to you that such could be the case ?

- Collapse -
Not in the case of OS X
Dec 8, 2007 7:38AM PST

for it to do that it would require permission from you and I believe you would not be doing that.

It sounds like you may have downloaded a .dmg file whih, when launched, puts another folder or window on the desktop. .dmg files are usually images of the original files/CD's/DVD. The fact that you have an eject option would indicate that this is a mounted volume, however small, and not just a file. Try doing the same with a file and you will find that the option is Move to Trash.

Somehow you are triggering the image. Just a thought, but is there a program that you run that causes this to happen? Some users, when confronted with a .dmg file, use the mounted volume that it creates to run the program. Usually the culprit is something like Firefox where the mounted folder contains the app which should be dragged into the applications folder. Worth investigating.

Don't get too paranoid about this stuff, a certain amount is good but common sense should prevail.

To be a little safer, try creating an account that does NOT have admin rights and use that as your main user account.

P

- Collapse -
volume
Dec 8, 2007 2:35PM PST

So far this image:

is about all i have been able to discover about the thing. It re-appeared tonight after being "gone" all day. This happened while i was watching the telly in another room. No browser in play, just letting the hard drive be indexed.

- Collapse -
parent
Dec 8, 2007 2:43PM PST

Also it does not appear to have a parent, if you can tell by the apple-f finding as displayed. Could this mean it is coming from system prefs?

- Collapse -
Disk Image,
Dec 8, 2007 11:17PM PST

This file appears to be a copy of something, probably a CD, but I have no idea where it would come from.
I am a little surprised that you only found one item with the name "Untitled". I have dozens of them but none is a volume.
Try a search for dot dg (.dmg), if you have OS X
or
Try a search for dot smi (.smi) if you have System 9

These are the file types that create this type of Untitled volume.

What version of the Mac OS are you running there? I asked because you mentioned that all you were doing was let the HD be indexed.
In later versions of OS X this is an ongoing, automatic, process.

P

- Collapse -
running OS X
Dec 26, 2007 12:48AM PST

i am still limping along with OS X 3.9 and the mysterious image has not shown up for lo these many days. It was overlong at 9 Mb to be a CD. i have cleared out a lot of "old" no longer used stuff associated with audio/video. There WAS a freeware that perported to provide many thousands of channels of free TV. i have forgotten the name of it already. Maybe that was the culprit. If the "untitled" volume turns up again, i may comment more, but so far it has stopped. Logical fallacy-wise, doing "a" doesn't NECESSARILY cause "b" as in washing my car doesn't cause it to rain even if it feels that way.
As to indexing, i accidentally set some button or other to have the need to index ? maybe ? i dunno, i just do it; like i just still repair permissions and rebuild desktop in the "classic" mode weekly and still zap the pram. It is like throwing spilled salt over your shoulder for luck. Being ignorant myself of most computer things, i have to rely a lot on luck and the fates and ritual. And of course when all else fails, Mr MacFixit and Mr macproffit to bail me out of my foolishments.