1 3 4 5 6 7 Previous Next 100 Replies Latest reply: Apr 22, 2012 12:44 AM by Ramón Tech Go to original post
  • 60. Re: Dr Web Flashback Virus checker accurate?
    etresoft Level 7 Level 7 (24,270 points)

     

    fane_j wrote:

     

    etresoft wrote:

     

    The environment.plist file is never required.

    BBEdit and others require it. Hence, your statement is incorrect.

     

    Just because they did use it doesn't mean they should have used it.

     

    Moreover, if Apple provides this facility, and explains how it should be used, I don't understand why a developer shouldn't use it.

    Apple provides many facilities, one of which is the DYLD_INSERT_LIBRARIES, that are only for development or testing. There are many ways to do the same thing, some of those ways are just bad. They may be easy and it may be correct to use them in development until you get time to do it properly. You shouldn't deliver using those hacks. If BBedit did that, that's just wrong.

     

     

     

    There are other, much better ways to accomplish the same thing.

    Such as?

     

    Don't use environment variables. They are designed for command-line environments. If you still want to use them, you can set them from the software itself using values from resource files. If you need to make any of those modifiable by the end user, provide a set of preferences for setting that. Again, environment.plist is the wrong answer.

     

    An Aqua user interface application should never rely on environment variables.

    And if it needs, or it is used, to run shell scripts, Perl, Phython, etc, what should it rely on?

    Shell scripts are different. There are numerous ways to set environment variables in shell scripts. That is what they were designed for. environment.plist injects environment variables into the GUI user interface. It's just a hack, that's all.

    It is poor practice to ship code using that file.

    You are certainly entitled to your opinion. I see no reason or argument why anyone should agree with it.

     

    That's fine. Whether you believe me or not, there are a number of ways to construct software on MacOS X that are big red flags that the authors of that software are doing it wrong or were doing it wrong the last time they checked it in 2004. I don't have BBEdit but I do have TextWranger. I have no .MacOSX/environment.plist file. I have a great number of highly unusual system modifications. If you have something so unusual that I don't have, you don't want it.

  • 61. Re: Dr Web Flashback Virus checker accurate?
    MadMacs0 Level 4 Level 4 (3,735 points)

    etresoft wrote:

     

     

    MadMacs0 wrote:

     

    I still cannot comment on your Tip, so either I don't know how or I don't have permission.

     

     

    It must be a permissions issue. There must be some level of points you need to add a comment. Can you see the comments I made?

    Yes, I saw three of your comments when I was there and I clicked all over the screen but nothing let me in. I assume it looks something like the "Reply" button in the lower right?

     

    I suspect it's a point thing which seems to be of great importance to the host for some reason.

  • 62. Re: Dr Web Flashback Virus checker accurate?
    fane_j Level 4 Level 4 (3,660 points)

    etresoft wrote:

     

    Apple provides many facilities, one of which is the DYLD_INSERT_LIBRARIES, that are only for development or testing.

    Environment.plist is not for testing.

    You shouldn't deliver using those hacks.

    If environment.plist is a hack, then it is a hack designed by Apple, made by Apple, supported by Apple, and indicated to developers by Apple (see the two developer library docs I referred above). You'll forgive me if, between Apple's recommandation and yours, I go with Apple's.

    Don't use environment variables. […] Again, environment.plist is the wrong answer.

    Please explain that to Apple. They've been providing and supporting the wrong answer for, what is it now? Over 10 years? Since v10.0 or thereabouts?

    I have no .MacOSX/environment.plist file. I have a great number of highly unusual system modifications. If you have something so unusual that I don't have, you don't want it.

    With great respect, I'm not about to consider that your configuration is the proper measure for all Mac OS X users. Between Apple and BareBones (who've been developing Mac software for over twenty years now) on one side, and you on the other side, with regret, I'll have to choose the former.

  • 63. Re: Dr Web Flashback Virus checker accurate?
    etresoft Level 7 Level 7 (24,270 points)

    fane_j wrote:

     

    Environment.plist is not for testing.

     

    I never said it was. I said DYLD_INSERT_LIBRARIES is for testing. Environment.plist is for lazy programmers.

     

    If environment.plist is a hack, then it is a hack designed by Apple, made by Apple, supported by Apple, and indicated to developers by Apple (see the two developer library docs I referred above). You'll forgive me if, between Apple's recommandation and yours, I go with Apple's.

     

    There is a great deal in Apple's example code, documentation, and in the operating system itself that should not be used in production code. A competent, professional developer will know which ones those are.

     

    Please explain that to Apple. They've been providing and supporting the wrong answer for, what is it now? Over 10 years? Since v10.0 or thereabouts?

     

    I'm sorry, but if you don't get it then you just don't get it. I can't do any more to explain it. I don't even rely on environment variables when I'm writing pure command-line scripts on Linux. If I have 3rd party software that does require them, I set them up in my own, controlled environment using resource files and then kick off the third party tools in the properly setup environment. I would never stick a file in a user's home directory for that.

     

    With great respect, I'm not about to consider that your configuration is the proper measure for all Mac OS X users. Between Apple and BareBones (who've been developing Mac software for over twenty years now) on one side, and you on the other side, with regret, I'll have to choose the former.

     

    BBEdit only uses that file to run scripts from the GUI. I'm quite sure that it isn't required. People using BBEdit probably know how to deal with that file. If it gets blown away, they can easily restore it. (And, for the record, I've been developing Mac software for 25 years now).

  • 64. Re: Dr Web Flashback Virus checker accurate?
    billynicol Level 1 Level 1 (0 points)

    Does the following show infection of flashback or flashfake etc? I followed some instructions about Launchagents but don't know how to read them

     

    ls -la ~/Library/LaunchAgents

     

    grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v "/Users/$USER/\.Trash"

    William-Nicols-iMac:~ billynicol$ ls -la ~/Library/LaunchAgents

    total 64

    drwx------   9 billynicol  staff   306  9 Apr 22:26 .

    drwx------@ 59 billynicol  staff  2006  9 Apr 22:21 ..

    -rw-r--r--@  1 billynicol  staff  6148  9 Apr 22:26 .DS_Store

    -rw-r--r--   1 billynicol  staff   618 12 Oct 21:00 com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.2DF3B7F9-9CFE-47E0-BE4C-51 E3F211FE7E.plist

    -rw-r--r--   1 billynicol  staff   901 28 Feb  2011 com.apple.CSConfigDotMacCert-billynicol@me.com-SharedServices.Agent.plist

    -rw-r--r--   1 billynicol  staff   817 28 Feb  2011 com.apple.SafariBookmarksSyncer.plist

    -rw-r--r--   1 billynicol  staff   540 28 Feb 16:47 com.avast.install.plist

    -rw-r--r--   1 billynicol  staff   807  9 Jul  2011 com.google.keystone.agent.plist

    -rw-r--r--   1 billynicol  staff   776 16 Sep  2011 com.valvesoftware.steamclean.plist

    William-Nicols-iMac:~ billynicol$ 

    William-Nicols-iMac:~ billynicol$ grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v "/Users/$USER/\.Trash"

    William-Nicols-iMac:~ billynicol$

     

    and

     

    can I ask:

     

    I found the ".flserv" and "com.adobe.flp.plist" on my mac, but when I checked using instructions from http://brakertech.com/detect-mac-flashback/ through terminal it says system clear. I also checked through Kaperskyhttp://www.flashbackcheck.com/ and if I put my mac UUID in, it also says I am or have been infected. I wonder if even although the files were there and created a 'bot' with my Mac, the actual malware in safari and firefox was not installed. Is this correct?

     


  • 65. Re: Dr Web Flashback Virus checker accurate?
    WZZZ Level 6 Level 6 (12,225 points)

    The stuff in ~/Library/LaunchAgents looks OK.

     

    Check using this new Kaspersky tool.

     

    https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site

  • 66. Re: Dr Web Flashback Virus checker accurate?
    MadMacs0 Level 4 Level 4 (3,735 points)

    WZZZ wrote:

     

    The stuff in ~/Library/LaunchAgents looks OK.

     

    Check using this new Kaspersky tool.

     

    https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site

    Just had an instance of a user being locked out of his account using this tool Re: Non-Apple Software No Longer Works . I think it's recoverable, but proceed with caution.

  • 67. Re: Dr Web Flashback Virus checker accurate?
    fane_j Level 4 Level 4 (3,660 points)

    etresoft wrote:

     

    Environment.plist is for lazy programmers.

    As I said, you're welcome to your opinion. AFAIC, any programmer who uses what Apple provides in the manner Apple recommends and for the purposes Apple designed it, is a good programmer.

    I've been developing Mac software for 25 years now).

    That's admirable, and deserves respect. Nevertheless, it doesn't give you the right to set yourself up as the final arbiter of a user's configuration ("If you have something so unusual that I don't have, you don't want it."). And, with the greatest respect, between you on one side, and Apple and Rich Siegel on the other, I'll go with them.

  • 68. Re: Dr Web Flashback Virus checker accurate?
    billynicol Level 1 Level 1 (0 points)

    Does anyone know or have an opinion please?

    I found the ".flserv" and "com.adobe.flp.plist" on my imac, but when I checked using instructions from http://brakertech.com/detect-mac-flashback/ through terminal it suggested my system is clear.

     

    I also checked through Kaperskyhttp://www.flashbackcheck.com/ and if I put my mac UUID in, it says I am or have been infected. I wonder if even although the files were there and created a 'bot' with my Mac, the actual malware in safari and firefox was not installed. Is this correct?  I have removed both .flserv and com.adobe.flp.plist now too so imagine I am safe.

     

    Nonoe of my credit card sites, bank, facebook etc have been weird so think I am OK.

  • 69. Re: Dr Web Flashback Virus checker accurate?
    etresoft Level 7 Level 7 (24,270 points)

    billynicol wrote:

     

    Does anyone know or have an opinion please?

    I found the ".flserv" and "com.adobe.flp.plist" on my imac, but when I checked using instructions from http://brakertech.com/detect-mac-flashback/ through terminal it suggested my system is clear.

    That suggests you shouldn't use that tool.

     

    I also checked through Kaperskyhttp://www.flashbackcheck.com/ and if I put my mac UUID in, it says I am or have been infected. I wonder if even although the files were there and created a 'bot' with my Mac, the actual malware in safari and firefox was not installed. Is this correct?  I have removed both .flserv and com.adobe.flp.plist now too so imagine I am safe.

     

    No way to tell at this point. There are a couple of different places that could have malware installed. Have you checked them all?

     

    Apple says it will release a removal tool soon. Until then, you can check the results of:

     

    cat ~/.MacOSX/environment.plist

     

    If you are tired of using these Terminal commands, you can try my removal script at: https://discussions.apple.com/docs/DOC-3271

    Just remember to accept default. Press "enter" if you aren't sure.

  • 70. Re: Dr Web Flashback Virus checker accurate?
    fane_j Level 4 Level 4 (3,660 points)

    billynicol wrote:

     

    I wonder if even although the files were there and created a 'bot' with my Mac, the actual malware in safari and firefox was not installed. Is this correct?

    No-one can give you that assurance. Over the past weeks, this malware has been developed very quickly (and, IMHO, by more that one person or one group), in different variants. As a result, I doubt that anyone can provide a definitive list of what it installs and where and in what phase.

    I have removed both .flserv and com.adobe.flp.plist now too so imagine I am safe.

    Nonoe of my credit card sites, bank, facebook etc have been weird so think I am OK.

    The stress being on "imagine". Yes, you may be OK. Or your credit card and bank account info may be right now on sale…

  • 71. Re: Dr Web Flashback Virus checker accurate?
    MadMacs0 Level 4 Level 4 (3,735 points)

    billynicol wrote:

     

    Nonoe of my credit card sites, bank, facebook etc have been weird so think I am OK.

    The only other symptom reported by users infected with the current variant (as well as some previous) was occasionally being suddenly redirected to an advertising site. If you start seeing that you might want to dig deeper.

  • 72. Re: Dr Web Flashback Virus checker accurate?
    jsd2 Level 5 Level 5 (6,200 points)

    F-Secure just released a free Flashback detection and removal tool:

    http://www.f-secure.com/weblog/archives/00002346.html

  • 73. Re: Dr Web Flashback Virus checker accurate?
    jo823 Level 1 Level 1 (0 points)

    Thanks again to everyone on this thread, you all really helped me out and I appreciate it.  I just finished erasing everything and re-installing from scratch today-just to be totally safe-and all now seems to be good.

     

    I did download Little Snitch, but was wondering if anyone felt the need to run an Anti-Virus program on their Macs as well?  I didn't get one initially because everyone at the Apple Store said it wasn't necessary, but this latest experience has me second-guessing myself.  Any recommendations? 

  • 74. Re: Dr Web Flashback Virus checker accurate?
    WZZZ Level 6 Level 6 (12,225 points)

    I'm still not ready to put an AV full time on my computer (except, that is, for ClamXav, which I have), but It's probably making a lot of us do some second guessing.

1 3 4 5 6 7 Previous Next