XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
Privacy Policy
It is currently Sat Jul 11, 2020 4:19 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 62 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
PostPosted: Wed Apr 15, 2020 6:08 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 17710
Dang, you did say Hackintosh... slaps self up side head!


Attachments:
Groan.gif
Groan.gif [ 1.4 KiB | Viewed 1446 times ]
Top
 Profile  
 
PostPosted: Thu Apr 16, 2020 5:21 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
After installing High Sierra on the external drive (which btw is a very slow 2.5" 500 GB hdd taken from an old laptop) seems to boot fine (albeit slowly) however, there is still a MacOS Install Data folder in root. Can this be safely deleted?
Attachment:
Screen Shot 2020-04-16 at 9.23.53 AM.jpg [136 KiB]
Not downloaded yet

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Thu Apr 16, 2020 6:36 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 11390
Location: Caught between the moon and NYC
You could always rename the folder and reboot, assuming you have another way of booting the system (recovery partition + terminal would be my choice but not everyone is comfortable with terminal). If it boots, trash. If it doesn't, rename back, hide.

I suspect the poor interns who got stuck writing installer scripts didn't special case your environment.


Top
 Profile  
 
PostPosted: Thu Apr 16, 2020 9:11 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 17710
MacOS Install Data is there on my one 10.13.6 install... 381.8 MB, but not on the Clone of it! done 2 weeks ago?

Not on another 10.13.6 install, but the one where it does show up is the only one I ran Sec Update 2020-002 on, had to run it twice & it is dated 4-13-2020 !


Top
 Profile  
 
PostPosted: Thu Apr 16, 2020 10:52 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
MonkeyBoy wrote:
You could always rename the folder and reboot, assuming you have another way of booting the system (recovery partition + terminal would be my choice but not everyone is comfortable with terminal). If it boots, trash. If it doesn't, rename back, hide.

I suspect the poor interns who got stuck writing installer scripts didn't special case your environment.

Great idea. I can do that.

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Thu Apr 16, 2020 10:56 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
BDAqua wrote:
MacOS Install Data is there on my one 10.13.6 install... 381.8 MB, but not on the Clone of it! done 2 weeks ago?

Not on another 10.13.6 install, but the one where it does show up is the only one I ran Sec Update 2020-002 on, had to run it twice & it is dated 4-13-2020 !

Very interesting. That matches exactly my experience. I installed and immediately updated to the one missing security update and bingo boingo we get that potential spurious folder. I'm going to try Monkeyboy's suggestion just to see what happens.

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 8:52 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
Just updating this post.

While booted into the High Sierra external drive it was impossible to rename or delete the 'MacOS Install Data' folder. Probably a permissions issue. The easiest thing to do was to boot into mojave from internal drive and then I had complete control over the 'MacOS Install Data' folder on external HS. Since it appeared to be just a remnant of a failed attempt to do the latest security update (still on build 17G66) I just deleted it. I downloaded the stand alone security update from Apple and tried to install again...this time successfully. It completed with three reboots and is currently at build 17G12034. No leftover folder exists.

Slowly getting there!

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 9:55 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 11390
Location: Caught between the moon and NYC
I find the recovery partition's Terminal is really damn useful for making changes to root and other folders typically protected by SIP. Commands run through that Terminal are always run as root. If it's just permissions though (as opposed to SIP) you can usually walk around them by firing up Terminal in the booted OS then sudo su - and you'll be in a very root-like environment. Back in the day that's how I cleared the contents of /private/var/vm/, to free up space allocated to virtual memory, immediately before rebooting and after quitting as many running applications as possible.


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 10:40 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 17710
Interesting,I'm at build (17G11023)... no idea why they hide that... but the 002 update said Failed twice, last time it said not enough free space, 243 GB Free Space here, but after the second Application AppStore quit showing the Sec Update was needed!

I'm guessing it did not finish... GRRRRR.


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 2:05 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
BDAqua wrote:
Interesting,I'm at build (17G11023)... no idea why they hide that... but the 002 update said Failed twice, last time it said not enough free space, 243 GB Free Space here, but after the second Application AppStore quit showing the Sec Update was needed!

I'm guessing it did not finish... GRRRRR.

I think it needs 244 GB free space! ;)

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 3:07 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 11390
Location: Caught between the moon and NYC
Since I install updates on multiple systems I always download the standalone updaters, so far they haven't been too funky. Sad to see, after all this time and all their problems, Apple still hasn't figured out delta updaters.


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 3:32 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 17710
I wasn't thinking & should've remembered, but I'm out of Data for this month.


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 3:35 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 11390
Location: Caught between the moon and NYC
Crap that sucks. What provider are you on? Some of them are offering free unlimited data for the Covid-19 but the method of getting it varies.


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 4:05 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 17710
My only internet is Hotspot with T-Mobile Android, Data is unlimited but not the high speed, it drops to near dialup speed after your HS Quota fills up.


Top
 Profile  
 
PostPosted: Fri Apr 17, 2020 5:34 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 11390
Location: Caught between the moon and NYC
Their CEO committed to providing "additional mobile hotspot data" for hotspot users. It's not unlimited but not sure what the limit is.

This particular link appears to be relevant for you:
https://www.t-mobile.com/support/accoun ... 19-updates
Quote:
Log in through My T-Mobile / T-Mobile app, myMetro app or MetrobyT-Mobile.com to add the COVID-19 Response – High-speed Smartphone Mobile Hotspot Data feature to each line

If your hotspot is prepaid service that link indicates they've automatically bumped you up to the 10GB/mo tier.


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 4:56 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
Something odd happened when I tried to install Avast for Mac on this system. Take a look at the pic.
Attachment:
Screen Shot 2020-04-18 at 8.46.57 AM.jpg [646.88 KiB]
Not downloaded yet


Any idea how to fix this?

In setting this up with a fresh clean install I set it up with an account under my name. I then added an account for my mother. Both accounts were admin accounts. I then logged in on her account and deleted my account. Could this have caused this? All other programs installed with no issue.

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 7:30 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 17710
Yikes, are you certain you want Avast on your Computer?
Quote:
Leaked Documents Expose the Secretive Market for Your Web Browsing Data...

An Avast antivirus subsidiary sells 'Every search. Every click. Every buy. On every site.' Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

https://x704.net/bbs/viewtopic.php?f=17 ... 15#p115715

Quote:
The latest version of the adware toolbar malware known as Genieo now has the ability to access the OS X Keychain without user knowledge, thanks to privileges gained during the initial install where the user willingly uses their admin password. Though the program itself does not use the technique to cause any malicious harm on its own, the trick will likely be copied and used by others to possibly compromise the security of the OS X password manager. The technique exploits no hack or flaw, but abuses existing privileges.
The program, once installed by the user who has generally been deceived into installing it, later mounts a special app that asks for keychain access, and then simulates the "Allow" click on its own, bypassing any user intervention. The entire process takes less than a second, so many users will never even see it happening. It is unclear how much of the Keychain database could be exploited using the technique, but it will certainly be abused by other parties if Apple does not move quickly to either change the way Keychain request dialogs work or update the XProtect program to block the Genieo installer entirely.

http://www.macnn.com/articles/15/09/03/ ... se.130243/

And it's uninstaller leaves lots of chaff hanging.


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 8:17 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
BDAqua wrote:
Yikes, are you certain you want Avast on your Computer?
Quote:
Leaked Documents Expose the Secretive Market for Your Web Browsing Data...

An Avast antivirus subsidiary sells 'Every search. Every click. Every buy. On every site.' Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

https://x704.net/bbs/viewtopic.php?f=17 ... 15#p115715

Quote:
The latest version of the adware toolbar malware known as Genieo now has the ability to access the OS X Keychain without user knowledge, thanks to privileges gained during the initial install where the user willingly uses their admin password. Though the program itself does not use the technique to cause any malicious harm on its own, the trick will likely be copied and used by others to possibly compromise the security of the OS X password manager. The technique exploits no hack or flaw, but abuses existing privileges.
The program, once installed by the user who has generally been deceived into installing it, later mounts a special app that asks for keychain access, and then simulates the "Allow" click on its own, bypassing any user intervention. The entire process takes less than a second, so many users will never even see it happening. It is unclear how much of the Keychain database could be exploited using the technique, but it will certainly be abused by other parties if Apple does not move quickly to either change the way Keychain request dialogs work or update the XProtect program to block the Genieo installer entirely.

http://www.macnn.com/articles/15/09/03/ ... se.130243/

And it's uninstaller leaves lots of chaff hanging.

I knew this was once an issue and I thought they had stopped the practice. However, I have removed it from the system. I guess the practice itself tells me something about the company and I'll go a different direction. I have used Sophos in the past and it seemed to do a decent job. I decided to try Avast when Sophos went to the online version of their service. I'm going to revisit that.

The original question remains however, in the sense that the warning might suggest something isn't quite right. Maybe a permissions issue? I just don't want to send this to my mother, clone it over only to find out their are issues popping up like this. Any problem with my having deleted the original account I used to make the initial install?

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 9:16 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6878
Location: NYC
Re. Sophos home now managed online in the cloud, I tried it for 10 minutes and saw what a miserable thing it was and got rid of it right away. Needed to access its very minimal settings from Firefox, or whatever browser. My data managed in the cloud, definitely not for me.

After I saw what a miserable thing it was, I restored a clone, since it had already run some kind of installer. This was back in November. Since then I've stayed at version 9.7.18, which I keep getting nagged about whenever I update, and promptly dismiss

Attachment:
sophos home remind me later.png
sophos home remind me later.png [ 51.67 KiB | Viewed 1390 times ]


And every time I run the Sophos updater, which keeps adding new definitions, even though 9.7.18 is supposed to be out of date, I also prevent its fucking installation deployer from running or doing anything with BlockBlock (highly recommended)

https://objective-see.com/products/blockblock.html

Attachment:
Sophos Installation Deployer blocked.png
Sophos Installation Deployer blocked.png [ 85.42 KiB | Viewed 1390 times ]


So this way I think I still have some level of protection from the old Sophos managed locally. Checked that the on-access function is still good by downloading the harmless eicar malware test file, eicar.com, which Sophos immediately stops in its tracks.

As a FYI, there's also the free VirusBarrier Scanner from Intego. It won't do on-access scanning, but if you have a suspect file, or just want to scan the drive or any area of it, it comes well recommended.

https://www.intego.com/virusbarrier-scanner

Someone here recommended Avira, but from what I've read the free version is loaded with nuisance advertising popups.

There's also MalwareBytes Browser Guard for Chrome/Brave or Firefox

https://www.malwarebytes.com/browserguard/

I'm also using addon BitDefender Traffic Light, which also stopped the eicar.

https://www.bitdefender.com/solutions/trafficlight.html


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 1:05 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
WZZZ wrote:
Re. Sophos home now managed online in the cloud, I tried it for 10 minutes and saw what a miserable thing it was and got rid of it right away. Needed to access its very minimal settings from Firefox, or whatever browser. My data managed in the cloud, definitely not for me.

After I saw what a miserable thing it was, I restored a clone, since it had already run some kind of installer. This was back in November. Since then I've stayed at version 9.7.18, which I keep getting nagged about whenever I update, and promptly dismiss

Attachment:
sophos home remind me later.png


And every time I run the Sophos updater, which keeps adding new definitions, even though 9.7.18 is supposed to be out of date, I also prevent its fucking installation deployer from running or doing anything with BlockBlock (highly recommended)

https://objective-see.com/products/blockblock.html

Attachment:
Sophos Installation Deployer blocked.png



So this way I think I still have some level of protection from the old Sophos managed locally. Checked that the on-access function is still good by downloading the harmless eicar malware test file, eicar.com, which Sophos immediately stops in its tracks.

As a FYI, there's also the free VirusBarrier Scanner from Intego. It won't do on-access scanning, but if you have a suspect file, or just want to scan the drive or any area of it, it comes well recommended.

https://www.intego.com/virusbarrier-scanner

Someone here recommended Avira, but from what I've read the free version is loaded with nuisance advertising popups.

There's also MalwareBytes Browser Guard for Chrome/Brave or Firefox

https://www.malwarebytes.com/browserguard/

I'm also using addon BitDefender Traffic Light, which also stopped the eicar.

https://www.bitdefender.com/solutions/trafficlight.html

Oh boy! Thanks WZZZ. I just installed the version of Norton Security that comes with my Xfinity service. It's impossible for the average Joe (like myself) to get much in the way of useful info regarding things like virus protection info by surfing the webs. I've got fingers crossed that Norton Security does a decent job and doesn't use me as a data collection tool. I added the Bit Defender Web protection too.

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 1:45 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 17710
Norton has probably messed up more Macs than all other Anti-virus Apps put together.


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 1:54 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6878
Location: NYC
Not certain about Norton from Xfinity, but from my days at ASC and now looking through "norton site:discussions.apple.com" the universal opinion seems still to be that anything Norton is particularly to be avoided on Macs. Among any of the AV, not designed very well to work with Macs, causes problems.

That said, the universal opinion/aka ASC echo chamber is anything AV is to be avoided for Macs, which is not something I particularly agree with. However, since I don't go to dodgy sites or download things promiscuously, I also have to say that I've never encountered any malware/adware on my machines. Have had Sophos for years, and, excepting the eicar test file, it's never once alerted me to anything, but neither have any of the other programs I have running, including the native XProtect, or the Malware Removal Tool/MRT. In addition, should point out that there isn't very much malware, per se, for Macs around. It's mostly adware these days, which appears to be far more profitable for these scumbags.

Since this is for your mother's use, and she might get into trouble more easily, in addition to the BitDefender Traffic Light, I would also again recommend Malwarebytes Browser Guard. As an example, from nyorker.com, a site with a decent reputation:

Attachment:
Screen Shot 2020-04-18 at 5.48.52 PM.png
Screen Shot 2020-04-18 at 5.48.52 PM.png [ 199.29 KiB | Viewed 1382 times ]


Or even from the Times:

Attachment:
Screen Shot 2020-04-18 at 5.53.34 PM.png
Screen Shot 2020-04-18 at 5.53.34 PM.png [ 192.12 KiB | Viewed 1382 times ]


Btw the "Get Full Protection" button leads to Malwarebytes for Mac Premium, free 14 day trial, which then reverts to a manual scan. Not especially inexpensive, and don't think your mother would be all that prepared to know what to do with the manual scanner.


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 3:06 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
WZZZ & BDA I do appreciate your thoughts on this. It's really hard to stay on top of it all. I do not mind getting rid of Norton as it noticeably slowed my machine down. I used to happily run ClamX for years but that is probably long gone or not been updated in years. I was always happy with Sophos when it ran locally but was not happy to see the move to web based. Hmmm. I shall ponder. Thanks for the tip on Malwarebytes Browser Guard.

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 3:17 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 17710
The new ClamXAV is a nightmare to remove, more hidden files than Avast & AVG even.

The new Acronis Backup for Mac is the only thing I've seen that is worse to remove than all the AV Apps, besides, it doesn't work in any way shape or form.


Top
 Profile  
 
PostPosted: Sat Apr 18, 2020 7:34 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1289
Location: Burblandia
Still had the older stand alone version of Sophos Home Edition so I'm back using that for now. It is ver. 9.7.18. It does warn about needing to update in future OS but does seem to apply new definitions for now at least. I always liked this version because it does stay pretty much in the background, and it did find a couple things on my system several years ago. I must have stopped using it when I took the message to upgrade at face value and didn't like the web based version. Actually, Avast has a pretty pleasant user interface and reminds me a bit of Sophos. I do remember reading that the blatant data collection model had been stopped when it was exposed. I hope that is the case, but for now I will stick with Sophos HE.

Thanks all.

Regarding policy change at Avast I found this at PCWorld

And some more at Bank Info

And finally at Vice

_________________
GA-EX58-UD3R Rev. 1.6 FK • Xeon x5650 • NVIDIA GeForce GTX 760


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 62 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group