Launch the Console application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Console in the page that opens.
In the Console window, look under DIAGNOSTIC AND USAGE INFORMATION for crash or panic reports. Select the most recent report from each subcategory and post the contents — the text, please, not a screenshot. In the interest of privacy, I suggest that, before posting, you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if it’s present (it may not be.) Please don’t post shutdownStall or hang logs — they're very long and not helpful.
I'm not sure if this is what you wanted, or too much. I'm not computer savy.
Thu May 24 23:36:07 2012
panic(cpu 6 caller 0xffffff80002c473a): Kernel trap at 0xffffff800031b53f, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0x00000000000000d0, CR3: 0x0000000032a0c00d, CR4: 0x00000000000606e0
RAX: 0x000000000000000d, RBX: 0x0000000000008000, RCX: 0xffffff800cb17420, RDX: 0x0000000000008000
RSP: 0xffffff80792ebaf0, RBP: 0xffffff80792ebb30, RSI: 0xffffff800e00dc80, RDI: 0x0000000000000000
R8: 0x0000000000000000, R9: 0x0000000000000000, R10: 0xffffff800e00dcb8, R11: 0xffffff80002da800
R12: 0xffffff807ab7d300, R13: 0xffffff800d66f000, R14: 0xffffff800e00dc80, R15: 0x0000000000000000
RFL: 0x0000000000010282, RIP: 0xffffff800031b53f, CS: 0x0000000000000008, SS: 0x0000000000000010
CR2: 0x00000000000000d0, Error code: 0x0000000000000000, Faulting CPU: 0x6
Backtrace (CPU 6), Frame : Return Address
0xffffff80792eb7a0 : 0xffffff8000220792
0xffffff80792eb820 : 0xffffff80002c473a
0xffffff80792eb9d0 : 0xffffff80002da0cd
0xffffff80792eb9f0 : 0xffffff800031b53f
0xffffff80792ebb30 : 0xffffff7f80a63604
0xffffff80792ebcb0 : 0xffffff800053d509
0xffffff80792ebcf0 : 0xffffff8000582f84
0xffffff80792ebde0 : 0xffffff80005893e6
0xffffff80792ebed0 : 0xffffff80005897c9
0xffffff80792ebf60 : 0xffffff80005ccfe8
0xffffff80792ebfb0 : 0xffffff80002da5e9
Kernel Extensions in backtrace:
BSD process name corresponding to current thread: InterCheck
Mac OS version:
Darwin Kernel Version 11.4.0: Mon Apr 9 19:32:15 PDT 2012; root:xnu-1699.26.8~1/RELEASE_X86_64
Kernel UUID: A8ED611D-FB0F-3729-8392-E7A32C5E7D74
System model name: MacBookPro8,2 (Mac-94245A3940C91C80)
System uptime in nanoseconds: 4430048741155
last loaded kext at 72636638969: com.apple.filesystems.udf 2.2 (addr 0xffffff7f818a7000, size 274432)
last unloaded kext at 171631908155: com.apple.driver.AppleUSBUHCI 4.4.5 (addr 0xffffff7f80a51000, size 65536)
I also us ClamXav. Is there a problem with running anti-virus software? I've had sophos and Clam for a while and only recently started having problems. I know that macs are pretty secure from virus/malware. But I heard they were becoming more vulnerable as they grow in popularity and I wanted to be safe.
Hey guys be nice. I was just looking for a little education and help.
So anti-virus software is bad unless it's ClamXav? Why is that? and how can I protect my computer without messing it up again? For that matter how can I be sure that anything I install won't screw up my system? Sophos seemed ok according to macupdate.com.
And I think you meant to say worse... with an e.
Sorry. I just got tired of seeing this same question so many times.
You are correct I had meant to type worse but was going to fast.
You might find some helpful information at this site,
Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.
The most effective defense against malware is your own intelligence. All known malware on the Internet that affects a fully-updated installation of Mac OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
- Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
- A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
- “Cracked” versions of commercial software downloaded from a bittorrent are likely to be infected.
- Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
Linc Davis wrote:
The most effective defense against malware is your own intelligence. All known malware on the Internet that affects a fully-updated installation of Mac OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped.
That is a bit misleading. The latest Flashback variants take the form of "drive by" attacks that exploited a known vulnerability in Apple's version of Java. You did not have to install anything to get infected, just 'drive by' (visit) a maliciously crafted web page. Apple did patch the vulnerability eventually -- almost seven weeks after it was public knowledge & around a month after these variants of Flashback were in the wild, eventually infecting (according to some reports) as many as 650,000 Macs.
Had you been running Sophos or any of several other A-V products, your exposure to these variants would have been limited to at most about two days after they first appeared. In fact, the malware was designed to self-destruct if it detected certain A-V products, so if you ran one of these products, you would have no exposure at all.
The idea that all commercial A-V products do more harm than good is overly simplistic -- like any other kind of software, some are well designed & maintained, some are not. Personally, I have been running Sophos since November 2010 & have had not a single issue with it, even when beta testing new versions of Apple software.
I chose it over ClamXav in part because the latter is sometimes a bit slow to be updated (including for the 'drive-by' variants of Flashback). ClamXav also is somewhat limited in its "always on" capability: that feature (called Sentry) was introduced in the new 2.0 version (& still missing from the Mac Apple Store Version) & must be set up to scan specific folders to do anything. Sophos' "on access" scanner is not restricted to specific folders. There is also a potential issue with ClamXav if you try to scan the entire HD; for this reason its maker recommends that you not do that.
My feeling is that if you are going to use A-V software at all, it doesn't make much sense to use a product that doesn't include an "always on" scanner that detects malware as soon as it enters your system -- for a drive by type attack this limits you to a 'closing the gate after the horse has bolted' type of defense, so to speak. It also doesn't make much sense to me to use a product that isn't updated as quickly as possible with the latest "in the wild" malware definitions -- there isn't much point in using it otherwise.
Of course, any software product (including the OS itself) can be affected by issues like file corruption or conflicts with incompatible or out-of-date add-ons, & A-V software is no exception. Before deciding it is the cause of your problem, it is worth checking for file corruption with Disk Utility & reviewing your other software for potential problems.
A lot of good advice up there, though I fear some if it might be getting lost. In sum:
- don't use two AV programs on your system; they are likely to conflict.
- Sophos runs well for many people, but it's also a known cause of problems for others. ClamXAV, as far as I know, has never been reported on these forums as causing conflicts with either the OS or other s/w, and that's why most regulars here generally recommend it, if they have to recommend any AV s/w at all. Norton, Kaspersky and VirusBarrier and all others are best avoided.
- most experienced mac users don't feel the need for AV software because there simply are no known mac viruses. It's also logically impossible that if/when a mac virus appears, any AV s/w could defend against it. AV programs only scan for known viruses. They cannot protect you from what will come tomorrow.
- Regarding Flashback, it's worth pointing out that the vulnerability in Java that flashback exploits is an old one. Flashback wouldn't install on any system that used certain s/w which already plugged the vulnerability with its own Java packages. Indeed, if you had MS Word, Flashback wouldn't install for the same reason it wouldn't install if you had Sophos.
If you've removed Sophos and still have the problems, report back.
It's also logically impossible that if/when a mac virus appears, any AV s/w could defend against it. AV programs only scan for known viruses. They cannot protect you from what will come tomorrow.
That isn't entirely correct. Most A-V products rely primarily on recognizing certain characteristic code patterns in malware to detect it. Because the majority of "new" malware is created with the help of crime kits like Weyland-Yutani or Blackhole, some code segments are often the same as in older stuff. The big problem for A-V companies is finding the code segments unique only to the malware (to prevent false positives).
There are different ways to do this. The simplest & most reliable is to define a unique set of one or more code patterns ("virus definitions") for each variant of some malware as it is discovered in the wild & apply a simple "AND" logic: unless the software includes every code pattern in that specific set, it isn't considered that variant & raises no flags.
This is basically the approach taken in Apple's "XProtect" built-in A-V protection. (You can see the binary code patterns in the XProtect.plist as "Matches" entries.)
This approach does indeed require an update for each new variant. (In the XProtect.plist, you can see this as several different entries for the same basic type of malware like MacDefender or Flashback.A.)
However, more complex detection algorithms are possible. For instance, the A-V software can compare code segments from many different sets & if there are enough matches among them (even if not all are from the same set), the algorithm flags the software as malware, or at least suspicious enough to perform other tests to determine if it is. For instance, it might look for suspicious references to system files in the code.
Obviously, this isn't as foolproof as using an update for each new variant & is much harder to implement. However, it is a viable technique & if done well is capable of detecting at least some "new" malware without requiring an update specifically for it or generating false positives that would make it unreliable.
For obvious reasons, A-V companies don't publish the details of the detection algorithms they use so about the only way we can judge them is by what they detect & when. Sophos scores pretty well in this respect, certainly a lot better than XProtect (which is limited to download packages anyway) & at least in my experience better than ClamXav.
Ultimately, the choice to use any third-party A-V software or not is a personal one, & opinions obviously differ widely about that. However, it is worth considering that even Apple suggests doing so, for instance in http://support.apple.com/kb/PH4251 (for Lion users), in http://docs.info.apple.com/article.html?path=Mac/10.6/en/11389.html (for Snow Leopard users), & in various Security Configuration Guides.