Any one using clean my mac 2 on OS X Mawerick? Is it worth?

OT (in a thread with other OT), but did you get the latest XProtect updates in 10.9? They appeared for some on 2/7. We'd been talking about this in the Lounge.

WZZZ wrote:

OT (in a thread with other OT), but did you get the latest XProtect updates in 10.9? They appeared for some on 2/7. We'd been talking about this in the Lounge.

As noted above, I was not in Mavericks when they were posted and received them in Mountain Lion well within 24 hours of posting.

Then I logged into Mavericks and was eventually updated there:

Booted -- Feb 6 18:29:30

Started downloading XProtect Package -- Feb 6 20:11:50

Extracting File -- Feb 6 20:11:57

but nothing after that until:

Extracting File (again) -- Feb 7 05:51:42

Installed -- Feb 7 07:41:56

So there was an eleven hour delay from the time the installation package started download until it was finally installed and almost two hours for the final installation attempt. No errors were logged. Bug report filed.

Thanks.

Do me a favor, next time you drop by the lounge.

Have anybody running Mavericks who was not updated within 24 hours of Feb 5 20:56:17 GMT (and their computer was awake) file a bug report. This is the first XProtect update since Mavericks was released (Oct 22) and it uses a totally different process to deliver the updates, so it's important to get Apple Engineering's attention on this if there is something wrong with it.

There may be another opportunity for an update shortly New CoinThief malware discovered.

MadMacs0 wrote:

Have anybody running Mavericks who was not updated within 24 hours of Feb 5 20:56:17 GMT (and their computer was awake) file a bug report.

It seems that many Mavericks users got the update on February 7th. I did not get it automatically at all (although I had already installed the latest version of Flash).

The reason for this may be that in System Preferences > App Store I had the "Automatically check for updates" & indented below it the "Download newly available updates in the background" options checked, but not the "Install system data files and security updates" one. However, I had been running with those App Store prefs since Mavericks was installed. Prior to this update I had been getting update notifications, just like the text in the preference window says I should, but I got no notice about this update.

In fact, when I checked my /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.p list file, it had not been modified since November 3rd, 2013, on or about the same date I upgraded the iMac from 10.8.5 to Mavericks. The file still listed plugin bundle version 11.8.800.94 as the minimum required to run Flash.

I eventually downloaded & ran the updater package manually, using a URL mentioned in the Lounge discussion, which did update the XProtect.meta.plist file, so I can't check to see if enabling the App Store preference to install security updates (presumably automatically) would have worked. That pref is now enabled on my Mac, so whenever the next XProtect update is released, I will see if that makes any difference.

BTW, the URL mentioned in the Lounge is http://swcdn.apple.com/content/downloads/55/06/031-0812/hrky0nw78b88vcxz8tgi5izc qan365rkuz/XProtectPlistConfigData.pkg

Depending on where on the planet you live, this may or may not connect to a valid site, but if it does the downloaded file should open with Installer.app & perform the update. However, I make no guarantees about this so proceed at your own risk if you try it.

MadMacs0 wrote:

Do me a favor, next time you drop by the lounge.

Have anybody running Mavericks who was not updated within 24 hours of Feb 5 20:56:17 GMT (and their computer was awake) file a bug report. This is the first XProtect update since Mavericks was released (Oct 22) and it uses a totally different process to deliver the updates, so it's important to get Apple Engineering's attention on this if there is something wrong with it.

There may be another opportunity for an update shortly New CoinThief malware discovered.

Everyone who participated in that thread appears to have gotten the update, even if belatedly.

I'm keeping my bitcoins under the mattress.

I'm aware of how one can manually accomplish the update, but that's not the point. It needs to smoothly and reliably work on it's own with no "help" from the user, and if it's not then it needs to be fixed.

I know we've had conversations in the past concerning the "Install system data files and security updates" option and I still don't know whether that disables XProtect updates or not. I'm not getting consistent answers from users on that one.

A couple of other things to look at:

Keep an eye on /Library/Updates/ for the 031-0812 folder. That will indicate that it's been downloaded and is awaiting installation.

Search your install.log for "031-0812" to see if Software Update is picking it up. It should when it downloaded it and eventually do the installation, but in my case there were long delays between being notified that an update was available, downloading the update and finally installing it after one false start.

It won't show up in Software Update as an available download or install.

WZZZ wrote:

Everyone who participated in that thread appears to have gotten the update, even if belatedly.

With all due respect for those experts in the lounge, I don't care when and how they eventually got their update. If they didn't get it automatically within 24 hours of posting then it needs to be fixed and I'm sure most of them know how to submit bug reports to Apple Product-Security.

If we are going to continue to tell new users that they don't need anti-virus because OS X will adequately protect them as long as they keep their software up-to-date, then Apple needs to do their part in a timely manner.

MadMacs0 wrote:

I know we've had conversations in the past concerning the "Install system data files and security updates" option and I still don't know whether that disables XProtect updates or not. I'm not getting consistent answers from users on that one.

The Help Center page for the App Store preferences isn't much help with that. For that option, it just says, "Have your Mac install system files and security updates automatically." The inference is that without the option checked, they won't be installed automatically (what else could it mean?) but that leaves open the question of how to install them manually. (But see below.)

A couple of other things to look at:

Keep an eye on /Library/Updates/ for the 031-0812 folder. That will indicate that it's been downloaded and is awaiting installation.

Search your install.log for "031-0812" to see if Software Update is picking it up. It should when it downloaded it and eventually do the installation, but in my case there were long delays between being notified that an update was available, downloading the update and finally installing it after one false start.

There is no 031-0812 folder in my /Library/Updates/ folder, but in my case that isn't surprising since, as I said, I downloaded & installed the package manually. My install.log has multiple entries for "031-0812" (& for 031-2660, whatever that is), beginning on Feb 5. However, there is no indication I can find that anything was installed until I did the manual download & install.

A clue for why may be that until I enabled the "Install system files and security updates" option, during every update check, the install log showed this:

SoftwareUpdate: Automatic check parameters: autoDownload=YES, autoConfigData=NO, autoCriticalInstall=NO

After I enabled that option, the entries now say this:

SoftwareUpdate: Automatic check parameters: autoDownload=YES, autoConfigData=YES, autoCriticalInstall=YES

So my guess is that without that option enabled, these security updates will not be installed automatically. (I don't know if they will be downloaded in the background since I can't find anything in the logs one way or another about that.) So it may be that the bug (if that is what it is) is that contrary to what the App Store preference pane says about being notified when updates are ready to be installed (when the "Download newly available updates in the background" option is enabled), either this is broken or it does not apply to security updates.

MadMacs0 wrote:

With all due respect for those experts in the lounge, I don't care when and how they eventually got their update. If they didn't get it automatically within 24 hours of posting then it needs to be fixed and I'm sure most of them know how to submit bug reports to Apple Product-Security.

With all due respect to you, before we deluge Apple with bug reports it might be a good idea to check a few things. For instance, not everyone will have their Macs connected to the Internet during the first 24 hours after an update is posted.

It is also not unlikely that some will have network issues that prevent their Macs from connecting to the swcdn.apple.com servers in a timely manner, or that a few cached images of that domain's contents maintained by ISP's aren't being updated in a timely manner. (When I run a traceroute on swcdn.apple.com, sometimes it ends at a regional akamai.net server; other times at a local "vip-001.aaplimg.com" or "vip-002.aaplimg.com" one that is located in my city.)

It may be that, like I mentioned in my other post, that by design certain settings in the App Store preferences prevent the automatic installation of security updates, in which case what we need is better documentation for that. (For various reasons, some people do not want these things installed automatically.) Or it could be that a corrupted preference file or some incompatible third party addition is interfering with downloading or installing the updates.

I wrote:

It is also not unlikely that some will have network issues ...

I found a couple of Apple docs that might be of interest regarding that, http://support.apple.com/kb/TS4335 &

http://support.apple.com/kb/HT3923

From the second one:

The latter (http://swcdn.apple.com) currently redirects to the Akamai content distribution network that hosts the updates. Note that the redirected IP address of http://swcdn.apple.com may vary over time or by geographic region.

For me, this is certainly true. As I mentioned, on the day & at the time I downloaded the update manually, I apparently was getting it from a locally cached image on a server maintained by my ISP, not from a Akamai one.

If we are going to continue to tell new users that they don't need anti-virus because OS X will adequately protect them as long as they keep their software up-to-date, then Apple needs to do their part in a timely manner.

I provided Apple's product security team with a copy of CoinThief on Monday at 8:36 am (EST). Here we are on Wednesday afternoon at almost 3:00 pm (EST) - almost three full work days later (okay, forgot time difference between EST and PST) - and still no definition for CoinThief in XProtect. (I checked this to make absolutely sure, since Icefog was given the perplexing name "Prxl" by Apple, by trying to run the app in a virtual machine that had been forced to check for XProtect updates. It definitely isn't detected.)

To make matters worse, I would think (hope?) that SecureMac provided a copy to Apple sooner than that... though you never know.

Unfortunately, there's every indication that Apple isn't going to be doing their part in a timely manner. Last time, with Icefog, it took a full week before the definition was in there. Plus, there's still stuff that has never been added, like NetWeird (aka Wirenet), which infected someone here:

https://discussions.apple.com/thread/5875133?start=0&tstart=0

The much-vaunted security in Mac OS X seems to be even less perfect than the more pessimistic of us had thought.

Score one for the you-do-need-AV side.

Btw Thomas have you been stealthily peeking in at this Lounge topic, inside of which some of VBE's possible failings have been discussed? Very long thread about XProtect updating in 10.9. among other things, but it's in there.

https://discussions.apple.com/thread/5877662?answerId=24808526022#24808526022

I don't suppose you will be tempted to enter?

thomas_r. wrote:

Unfortunately, there's every indication that Apple isn't going to be doing their part in a timely manner....

To be fair to Apple about this, rushing out an XProtect malware signature update before adequately testing its potential for triggering false positives would almost certainly do more harm than good.

You probably know more about this than I do but as I understand it, XProtect uses a relatively simple, signature-only based malware detection mechanism. That may make it difficult for Apple to create signatures sufficiently unique to avoid that, at least not without extensive testing against a huge database of benevolent software OS X users might have on their systems.

I did stumble across that, but didn't feel particularly compelled to respond. I hate to say, but I'm somewhat in agreement with etresoft regarding the guy having problems updating XProtect... there's probably something weird with his setup, like a firewall in the router or something that is acting like a firewall on his computer.

Regarding VBE, my opinion would be that if you think you need to scan every nook and cranny on your hard drive, it's the wrong tool for the job. You'd do better to use something like Sophos for that. Also, there's really nothing that can reliably identify all keyloggers and whatnot out there. Some AVs will get some of them, but none will get all of them. So if someone has a keylogger or something similar, they just need to wipe the drive to insure there's nothing else nasty on there.

You can feel free to echo these ideas there... I'd prefer not to post in the Lounge again. It's simply too toxic in there, and if I posted after leaving, you can bet it would get some comments not related to the topic you guys are discussing there.