Skip navigation

Whats up with Lion lately?

1643 Views 28 Replies Latest reply: Nov 10, 2012 10:44 AM by margaret.miz RSS
1 2 Previous Next
Brugboii Calculating status...
Currently Being Moderated
Jun 7, 2012 6:16 AM

I recently reinstalled Lion on my system and updated it and all that. Now I can't seem to install anything or run a program unless I'm at the computer. No matter what I set my power settings to my system will log out and cancel anything that's running, including downlaods and instalations. This is very frustrating when trying to download something overnight if it's a large file. It never used to do this, and I can only guess it's something with the latest update. Anyone else have this problem?

  • Linc Davis Level 10 Level 10 (107,755 points)
    Currently Being Moderated
    Jun 7, 2012 8:40 AM (in response to Brugboii)

    Launch the Console application in any of the following ways:

     

    Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

     

    In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

     

    If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Console in the page that opens.

     

    In the Console window, look under DIAGNOSTIC AND USAGE INFORMATION for crash or panic reports. Select the most recent report from each subcategory and post the contents — the text, please, not a screenshot. In the interest of privacy, I suggest that, before posting, you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if it’s present (it may not be.) Please don’t post shutdownStall or hang logs — they're very long and not helpful.

  • Linc Davis Level 10 Level 10 (107,755 points)
    Currently Being Moderated
    Jun 8, 2012 7:25 AM (in response to Brugboii)

    Uninstall Sophos according to the developer's instructions, then reboot and test. Never install Sophos, or any commercial "anti-virus" software, again.

  • Allan Eckert Level 8 Level 8 (39,395 points)
    Currently Being Moderated
    Jun 8, 2012 12:06 PM (in response to Brugboii)

    The vast majority of AV software cause more problems then they solve.

     

    Running multiple AV software applications is bad. They can step on each other causing you grief.

     

    I concur with Linc that you should uninstall Sophos.

     

    ClamXav is OK.

     

    Allan

  • Linc Davis Level 10 Level 10 (107,755 points)
    Currently Being Moderated
    Jun 8, 2012 12:31 PM (in response to Brugboii)

    Is there a problem with running anti-virus software?

     

    Yes: the problem you have now.

  • Allan Eckert Level 8 Level 8 (39,395 points)
    Currently Being Moderated
    Jun 8, 2012 1:02 PM (in response to Linc Davis)

    Do you think they are ever going to figure out that the cure is worst then the illness?

     

    Allan

  • baltwo Level 9 Level 9 (59,150 points)
    Currently Being Moderated
    Jun 8, 2012 1:19 PM (in response to Brugboii)

    For the AV stuff, see Reed's virus guide and Klaus1's virus guide

    27" i7 iMac 10.6.8, Mac OS X (10.7.4), G4 450 MP w/Leopard, 9.2.2
  • Allan Eckert Level 8 Level 8 (39,395 points)
    Currently Being Moderated
    Jun 8, 2012 1:20 PM (in response to Brugboii)

    Sorry. I just got tired of seeing this same question so many times.

     

    You are correct I had meant to type worse but was going to fast.

     

    You might find some helpful information at this site,

     

    http://www.reedcorner.net/guides/macvirus/

     

    Allan

  • Linc Davis Level 10 Level 10 (107,755 points)
    Currently Being Moderated
    Jun 8, 2012 1:29 PM (in response to Brugboii)

    Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.

     

    The most effective defense against malware is your own intelligence. All known malware on the Internet that affects a fully-updated installation of Mac OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?

     

    1. Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
    2. A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
    3. “Cracked” versions of commercial software downloaded from a bittorrent are likely to be infected.
    4. Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.

     

    Disable Java (not JavaScript) in your web browser(s). Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in Mac OS X 10.5.8 or earlier, because Java in those versions has bugs that make it unsafe to use on the Internet. Those bugs will probably never be fixed, because those older operating systems are no longer being maintained by Apple. Migrate to a newer version of the Mac OS as soon as you can.

     

    Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.

     

    Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.

  • R C-R Level 6 Level 6 (13,825 points)
    Currently Being Moderated
    Jun 10, 2012 3:58 AM (in response to Linc Davis)

    Linc Davis wrote:

    The most effective defense against malware is your own intelligence. All known malware on the Internet that affects a fully-updated installation of Mac OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped.

    That is a bit misleading. The latest Flashback variants take the form of "drive by" attacks that exploited a known vulnerability in Apple's version of Java. You did not have to install anything to get infected, just 'drive by' (visit) a maliciously crafted web page. Apple did patch the vulnerability eventually -- almost seven weeks after it was public knowledge & around a month after these variants of Flashback were in the wild, eventually infecting (according to some reports) as many as 650,000 Macs.

     

    Had you been running Sophos or any of several other A-V products, your exposure to these variants would have been limited to at most about two days after they first appeared. In fact, the malware was designed to self-destruct if it detected certain A-V products, so if you ran one of these products, you would have no exposure at all.

     

    The idea that all commercial A-V products do more harm than good is overly simplistic -- like any other kind of software, some are well designed & maintained, some are not. Personally, I have been running Sophos since November 2010 & have had not a single issue with it, even when beta testing new versions of Apple software.

     

    I chose it over ClamXav in part because the latter is sometimes a bit slow to be updated (including for the 'drive-by' variants of Flashback). ClamXav also is somewhat limited in its "always on" capability: that feature (called Sentry) was introduced in the new 2.0 version (& still missing from the Mac Apple Store Version) & must be set up to scan specific folders to do anything. Sophos' "on access" scanner is not restricted to specific folders. There is also a potential issue with ClamXav if you try to scan the entire HD; for this reason its maker recommends that you not do that.

     

    My feeling is that if you are going to use A-V software at all, it doesn't make much sense to use a product that doesn't include an "always on" scanner that detects malware as soon as it enters your system -- for a drive by type attack this limits you to a 'closing the gate after the horse has bolted' type of defense, so to speak. It also doesn't make much sense to me to use a product that isn't updated as quickly as possible with the latest "in the wild" malware definitions -- there isn't much point in using it otherwise.

     

    Of course, any software product (including the OS itself) can be affected by issues like file corruption or conflicts with incompatible or out-of-date add-ons, & A-V software is no exception. Before deciding it is the cause of your problem, it is worth checking for file corruption with Disk Utility & reviewing your other software for potential problems.

  • softwater Level 5 Level 5 (5,370 points)
    Currently Being Moderated
    Jun 10, 2012 4:51 AM (in response to Brugboii)

    A lot of good advice up there, though I fear some if it might be getting lost. In sum:

     

    - don't use two AV programs on your system; they are likely to conflict.

     

    - Sophos runs well for many people, but it's also a known cause of problems for others. ClamXAV, as far as I know, has never been reported on these forums as causing conflicts with either the OS or other s/w, and that's why most regulars here generally recommend it, if they have to recommend any AV s/w at all. Norton, Kaspersky and VirusBarrier and all others are best avoided.

     

    - most experienced mac users don't feel the need for AV software because there simply are no known mac viruses. It's also logically impossible that if/when a mac virus appears, any AV s/w could defend against it. AV programs only scan for known viruses. They cannot protect you from what will come tomorrow.

     

    - Regarding Flashback, it's worth pointing out that the vulnerability in Java that flashback exploits is an old one. Flashback wouldn't install on any system that used certain s/w which already plugged the vulnerability with its own Java packages. Indeed, if you had MS Word, Flashback wouldn't install for the same reason it wouldn't install if you had Sophos.

     

    If you've removed Sophos and still have the problems, report back.

  • R C-R Level 6 Level 6 (13,825 points)
    Currently Being Moderated
    Jun 10, 2012 6:32 AM (in response to softwater)

    softwater wrote:

    It's also logically impossible that if/when a mac virus appears, any AV s/w could defend against it. AV programs only scan for known viruses. They cannot protect you from what will come tomorrow.

    That isn't entirely correct. Most A-V products rely primarily on recognizing certain characteristic code patterns in malware to detect it. Because the majority of "new" malware is created with the help of crime kits like Weyland-Yutani or Blackhole, some code segments are often the same as in older stuff. The big problem for A-V companies is finding the code segments unique only to the malware (to prevent false positives).

     

    There are different ways to do this. The simplest & most reliable is to define a unique set of one or more code patterns ("virus definitions") for each variant of some malware as it is discovered in the wild & apply a simple "AND" logic: unless the software includes every code pattern in that specific set, it isn't considered that variant & raises no flags.

     

    This is basically the approach taken in Apple's "XProtect" built-in A-V protection. (You can see the binary code patterns in the XProtect.plist as "Matches" entries.)

     

    This approach does indeed require an update for each new variant. (In the XProtect.plist, you can see this as several different entries for the same basic type of malware like MacDefender or Flashback.A.)

     

    However, more complex detection algorithms are possible. For instance, the A-V software can compare code segments from many different sets & if there are enough matches among them (even if not all are from the same set), the algorithm flags the software as malware, or at least suspicious enough to perform other tests to determine if it is. For instance, it might look for suspicious references to system files in the code.

     

    Obviously, this isn't as foolproof as using an update for each new variant & is much harder to implement. However, it is a viable technique & if done well is capable of detecting at least some "new" malware without requiring an update specifically for it or generating false positives that would make it unreliable.

     

    For obvious reasons, A-V companies don't publish the details of the detection algorithms they use so about the only way we can judge them is by what they detect & when. Sophos scores pretty well in this respect, certainly a lot better than XProtect (which is limited to download packages anyway) & at least in my experience better than ClamXav.

     

    Ultimately, the choice to use any third-party A-V software or not is a personal one, & opinions obviously differ widely about that. However, it is worth considering that even Apple suggests doing so, for instance in http://support.apple.com/kb/PH4251 (for Lion users), in http://docs.info.apple.com/article.html?path=Mac/10.6/en/11389.html (for Snow Leopard users), & in various Security Configuration Guides.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.