Norton Utilities Incompatible with 10.4

Finally, Norton has admitted defeat. I also use DiskWarrior and have never
had a problem. Norton on the other hand I haven't touched since switching
to OS X. Leave it for the Windows users!

Peter Bolos
School of Psychology
Washington Singer Laboratories
01392 264634

On 6/7/05 7:04 AM, "Peter Bolos" <P.Bolosexeter.ac.uk> wrote:

> Norton on the other hand I haven't touched since switching
> to OS X.

I gave up on Norton much earlier than that...somewhere around Mac OS 8.5 or
8.5...when it had destroyed all but one of the last 4 or 5 disks I asked it
to fix (fortunately, none of the losses were crippling). The remnants of
the Peter Norton group (which had my serious respect) held out against being
"Symantecized" for a very long time, but finally it happened.

Actually, I gave up on Symantec on my Windows laptop a couple of years ago.
Symantec SystemWorks updated itself over the net and became unloadable.

A check with the support site on the web said that the solution was to
uninstall (completely, with lots of removals the uninstall process didn't
do, listed on about 2 pages of printout.

So I uninstalled SystemWorks and installed AVG.

  --John

---- Original message ----
>Date: Tue, 7 Jun 2005 10:34:54 -0700
>From: "John W. Baxter" <jwblistolympus.net>
>
>So I uninstalled SystemWorks and installed AVG.
>
> --John


I sure wish you guys had started this thread about a week earlier. I just
purchased Norton Utilities 8.0.2 for the Mac with devastating results.

My initial problem was that I have had two thumb drives corrupted in recent
weeks: one in Macintosh format and one in PC format. Neither drive will mount
on my G4 Mac - the OS (10.3.9) provides no icon, although System Profiler
reports them on the USB bus once I remove them to unhang the bus. My PC sees
both Sandisk flash drives, although it offers to format the Mac drive. The one in
PC format is visible and I can traverse the directory tree, but all my files have
been truncated to an 8K length. All that being said, I still haven't found any
software to resurrect my thumb drives.

Norton Utilites was recommmended to me as a possible solution to the thumb
drive problem, but again to no avail. So, I ran it on my hard drive, since one of
my HD based programs had mysteriously stopped working recently, even after a
reinstall. I ran Disk Doctor on my hard drive twice. It found a few things and
supposedly fixed them. Then, I ran Speed Disk to defrag the drive and it aborted
half way through saying it had encountered a disk error and to run Disk Doctor.
So, I ran Disk Doctor for the third time. Disk Doctor said it found a disk error
and quit. Thank you very much. $106 for this? Now I have a bigger head ache
than I started with.
---
Kevin Hopkins <kh2uiuc.edu>
Editor of the CUCUG Status Register
http://www.cucug.org/sr.html

At 9:30 AM -0700 6/1/05, Mike Millard wrote:
>Although they are not saying their products will hash your hard drive
>if you run them against a hard drive under OS X 10.4, Symantec says
>straight up on their web site that they will not be offering a version
>of Symantec SystemWorks and Norton Utilities compatible with Tiger.

Tiger introduced a new HFS+ file system data structure, the attributes b-tree. This is where ACLs are stored. Although this had been partially documented when HFS+ first came out years ago, there were no actual disks with attributes trees to test against.

I ran into the last Norton engineer at WWDC today, and asked him about this. He said he tried to write the code to handle the attributes b-tree as documented when he did the last major upgrade, but of course the documentation wasn't complete, and he couldn't test it, since no actual attributes b-tree existed at the time.

Software that has never been tested might be just little tiny bit unreliable. ;-) I certainly wouldn't run it on my Tiger disk.
--

David


Visualize Impeachment

At 12:02 AM -0700 6/8/05, David Shayer wrote:
>the last Norton engineer

IMHO, those four words are very telling.

--
Andrew Laurence
atlaurenuci.edu

I didn’t get any problems with Norton in OS 9. However even then it seemed to me that Norton/Symantec never got the hang of “background processes” on the Mac i.e. Norton-based control panels and extensions were best left uninstalled.

And anecdotal evidence from the net suggests that they never successfully made the transition to OS X either.

Who’s to say they will make the transition to Universal Binaries? Me thinks the Norton name (on the Mac) has been irreparably damaged, and should be put alongside Vioxx.

Okay, I have Norton AntiVirus 8.x on my G4 powerbook with Tiger, so I know that I have to upgrade or change my virus software. Before I hike over to Norton and order version 10, do I have other options?

Thanks, Charlie

What now? Never encountered or even thought about problems with Norton before. Upgraded today to Tiger and Norton Virus auto-protect didn't work when I started, so then found out about this problem.

Suggestions for utility programs to replace the whole suite of Norton products would be VERY welcome right about now.

Any suggestions as to Tiger compatible utlities to replace Norton? Annoying to find out AFTER I installed Tiger!

On 16 Jun 2005, at 23:46 , hartley wrote:
> Okay, I have Norton AntiVirus 8.x on my G4 powerbook with Tiger, so
> I know that I have to upgrade or change my virus software.

Why?

I've been using Macs since 1987. the only anti-virus I ever ran was
Disinfectant (An extension for System 7, for those who weren't around
back when the Mac had 22[1] viruses, total. Ever.

> Before I hike over to Norton and order version 10, do I have other
> options?

Yeah, you have two very good options:

1) don't run anti-virus software, it is a waste of money and/or
resources (my solution).

2) Clam-AV, which is free, if you'd like to scan your email anyway,
despite the fact that there are no viruses for OS X, and despite what
the morons and pundits say, there are unlikely to ever be viruses for
OS X.

[1] pretty sure it was 22. Maybe 24?

At 22:46 -0700 UTC, on 2005/06/16, hartley wrote:

> Okay, I have Norton AntiVirus 8.x on my G4 powerbook with Tiger, so I know
>that I have to upgrade or change my virus software.

What is that knowledge based on? There are no viruses for Mac OS X.

--
Sander Tekelenburg, <http://www.euronet.nl/~tekelenb/>

On Friday, June 17, 2005, at 01:46 AM, Bob0985 wrote:

> What now? Never encountered or even thought about problems with Norton
> before.

Norton once fried thee beautiful, brand new, recently released DVD iMac
I got at my old job the day when I installed it the day after I got it.
Although the information on the Norton site said it was compatible with
the OS version I was running (9.something), it didn't say anything
about it not working with this particular iMac. It wouldn't even get
started from the start up disks.

To give Apple credit, they did cover the repair under warranty.

Marilyn

Sander Tekelenburg wrote:
> At 22:46 -0700 UTC, on 2005/06/16, hartley wrote:
>>Okay, I have Norton AntiVirus 8.x on my G4 powerbook with Tiger, so I know
>>that I have to upgrade or change my virus software.
> What is that knowledge based on? There are no viruses for Mac OS X.

Unfortunately, this is both wrong and misleading.

First the wrong part:

1) There are viruses that specifically target OS X. A quick peak at the
Symantec database found me both a virus and a trojan right quick:

http://securityresponse.symantec.com/avcenter/venc/data/macos.mw2004.trojan.html
http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html

2) Many OS9 viruses run just fine in emulation, where they happily
inflict their damage.

3) There are an even larger set of cross platform/application hosted
viruses (particularly Word viruses) which could care less which
operating system you are running.

But most importantly, just because there haven't been any viruses yet,
doesn't mean that one won't come out tomorrow. There was a long time
during which noone had ever seen a virus for Linux, but most people were
wise enough to recognize that it was not a matter of immunity, but a
matter of time.

Sure, the odds are good that even if you don't run anti-virus software,
you'll be fine in the near term. The problem is that for a lot of people
the odds aren't good enough.

--Chris

At 16:17 -0700 UTC, on 2005/06/17, Christopher Smith wrote:

> Sander Tekelenburg wrote:

[...]

>> There are no viruses for Mac OS X.
>
> Unfortunately, this is both wrong and misleading.
>
> First the wrong part:
>
> 1) There are viruses that specifically target OS X. A quick peak at the
> Symantec database found me both a virus and a trojan right quick:
>
>
>http://securityresponse.symantec.com/avcenter/venc/data/macos.mw2004.trojan.html

If I'm not mistaken that refers to an AS script with a Word icon slapped on
it. The only ones at risk are those who are willing to download a free,
extremely small Word installer from an unreliable source and run it.

Trojans will always exist and rely on social engineering. Make the user
belief it does one thing but in fact do another. I don't see how any sort of
antivus app can protect against that.

> http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html

AFAIK renepo ('opener') is what is called a "root kit'. Something that, when
installed, will take over the machine. It still needs a vehicle to get
installed, so labeling this a virus seems nonsensical to me.

As far as I can see, these Symantec pages say nothing about how these
so-called viruses propagate.

> 2) Many OS9 viruses run just fine in emulation, where they happily
> inflict their damage.

Granted, I hadn't considered Classic. But since there've been only some 30 to
40 viruses in all for Mac OS pre-X, many of which I think don't even function
under Mac OS 9, the risk seems extremely small to me. In any case, running
the free Disinfectant and one of the (also free) apps that protect against
Autostart (or just disable QT's option to automagically execute stuff on a
removable volume) will suffice.

> 3) There are an even larger set of cross platform/application hosted
> viruses (particularly Word viruses) which could care less which
> operating system you are running.

AFAIK these don't affect Macs. At worst you can pass them on. Sure, you can
invest in avoiding that if you feel you need to bother for the sake of those
Windows users who don't.

> But most importantly, just because there haven't been any viruses yet,
> doesn't mean that one won't come out tomorrow.

True, but I think it is reasonable to expect that the first Mac OS X virus
will very quickly create an enormous amount of noise and it's thus unlikely
that more than few people will be affected. And that is probably not very
different for those who already /do/ run antivirus apps, as such an app will
have to be made aware of that new virus too before it can protect against it.


--
Sander Tekelenburg, <http://www.euronet.nl/~tekelenb/>

Quoting Google Kreme <gkremegmail.com>:

> 1) don't run anti-virus software, it is a waste of money and/or
> resources (my solution).

Not to mention that current AV Mac solutions can be more dangerous than the
non-existant viruses they protect against. Wasn't there a release of Virex on
.Mac that erased files on disk? And one that erased entire Eudora mailboxes
when it detected one message with a Windows virus?

AV solutions tend to be reactionary. In other words when a new virus
appears it
takes awhile for software to be updated. In the Windows world this window of
oppourtunity tends to be small (assuming you update your virus software
frequently) because they are under constant barrage. In the Mac world if a
virus were ever released I think it would take quite some time for AV software
to get updated. And all that time you're vulnerable.

Not running AV software, but remaining aware of Mac issues, the window of
opportunity will be pretty much the same. If a real virus ever does get
released for the Mac then I can download the latest signatures and software
then. In the meantime I don't intend to risk my data to a solution that seems
to have destroyed more data than the threat it's meant to protect against.

"There are no viruses for Mac OS X"

No quite so simple - I've had Word files corrupted with worms on my Mac.

On 6/20/05 17:05, "Sander Tekelenburg" <tekelenbeuronet.nl> wrote:

> Trojans will always exist and rely on social engineering. Make the user
> belief it does one thing but in fact do another. I don't see how any sort of
> antivus app can protect against that.

They can't until they're known, but they do quite nicely against known ones.

>
>> http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html
>
> AFAIK renepo ('opener') is what is called a "root kit'. Something that, when
> installed, will take over the machine. It still needs a vehicle to get
> installed, so labeling this a virus seems nonsensical to me.
>
> As far as I can see, these Symantec pages say nothing about how these
> so-called viruses propagate.

Trojans are still malware, and considering the lack of AV in general, and
how easy it is to get mac users to enter administrator passwords "because
the screen said to", trojaning a Mac is probably easier by orders of
magnitude.

>
>> 2) Many OS9 viruses run just fine in emulation, where they happily
>> inflict their damage.
>
> Granted, I hadn't considered Classic. But since there've been only some 30 to
> 40 viruses in all for Mac OS pre-X, many of which I think don't even function
> under Mac OS 9, the risk seems extremely small to me. In any case, running
> the free Disinfectant and one of the (also free) apps that protect against
> Autostart (or just disable QT's option to automagically execute stuff on a
> removable volume) will suffice.

Won't do diddly for trojans or application virii.

>
>> 3) There are an even larger set of cross platform/application hosted
>> viruses (particularly Word viruses) which could care less which
>> operating system you are running.
>
> AFAIK these don't affect Macs. At worst you can pass them on. Sure, you can
> invest in avoiding that if you feel you need to bother for the sake of those
> Windows users who don't.

That's completely incorrect. Word virii will make your application use sheer
hell. It can't infect anything outside of the application, and due to the
lack of VB in Entourage, they don't affect that either. But Word/Excel/PPT
virii can easily affect those applications regardless of platform.

>
>> But most importantly, just because there haven't been any viruses yet,
>> doesn't mean that one won't come out tomorrow.
>
> True, but I think it is reasonable to expect that the first Mac OS X virus
> will very quickly create an enormous amount of noise and it's thus unlikely
> that more than few people will be affected. And that is probably not very
> different for those who already /do/ run antivirus apps, as such an app will
> have to be made aware of that new virus too before it can protect against it.

The difference is, running AV applications can be updated within seconds of
the fix being available. If you don't have AV, you're kinda more screwed for
longer. As well, via heuristics and other techniques, virus - like behavior
can be detected even if the malware causing it is as of yet unknown.

john

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

[Alright, this discussion is devolving into familiar territory. No more posts that are not specifically about Norton, please. -Adam]

On 20 Jun 2005, at 16:05 , Christopher Smith wrote:
> Unfortunately, this is both wrong and misleading.

No, it's not.

> First the wrong part:
>
> 1) There are viruses that specifically target OS X. A quick peak
> at the
> Symantec database found me both a virus and a trojan right quick:
>
> http://securityresponse.symantec.com/avcenter/venc/data/
> macos.mw2004.trojan.html

This is not a virus at all, it is a trojan, an application which is
clearly an application to all but the most casual inspection (it has
a custom icon, but it is an executable file and shows up as such).
This is equivalent to having a .exe on Windows in default
configuration where it doesn't show the extension. Ant no anti-virus
will protect you from this type of 'attack' even if it can alert you
to one specific application, after the fact.

> http://securityresponse.symantec.com/avcenter/venc/data/
> sh.renepo.b.html

 From the page:
7. Requires one or more of the following to install this script and
to copy itself to the startup items folder:

* Admin or physical access (boot from a CD or firewire/usb, ignore
permissions on the internal drive).
* Write access to either /Library/StartupItems /System/Library/
StartupItems.
* Write access to any existing StartupItem (which is replaced with
this script).
* Write access to the rc, crontab, or periodic files.

So, if you are a total moron and intentionally set your machine up to
allow anything to access it at any time, then this so-called 'virus'
can install itself. Otherwise, it can't. And even if it installs
itself, it can't spread. At all. In an OS X default configuration,
in fact, this is a non-starter. Add to that that even if you ARE a
moron and open up your machine to anything and everyone, you STILL
have to manually install this. It can't install itself. It can't
spread itself. It's a piece of social-engineering that relies on
stupidity, and nothing can prevent stupidity.

> 2) Many OS9 viruses run just fine in emulation, where they happily
> inflict their damage.

There are not "many" OS 9 Viruses, so this statement is flat-out
false. As far as I know, the only viruses that operate at ALL under
OS 9 are Microsoft Macro viruses. None of the OS 7 era viruses will
operate under Classic, or under OS 9, with the possible exception of
the "auto-start worm", but I can't find details on that.

> 3) There are an even larger set of cross platform/application hosted
> viruses (particularly Word viruses) which could care less which
> operating system you are running.

Can you name any besides Microsoft ones? I've never heard of a non-
Microsoft macro virus that can affect Macs.

> But most importantly, just because there haven't been any viruses
> yet, doesn't mean that one won't come out tomorrow.

Just because the sun has risen in the east for 5 billion years is no
reason it won't rise in the west tomorrow.

These statements have equal validity. You can ignore the body of
evidence, or you can not. If you don't ignore it, the only logical
conclusion is that OS X is not susceptible to viruses.

Until there is a proven in-the-wild virus that can spread infection
from machine to machine it is correct to say that OS X is immune.

Yes, there may at some point in the future be some extremely limited
cases where viruses might affect some tiny fraction of installed OS X
machines, but most OS X machines are insanely secure. And even this
remote possibility has little more probability of occurring than the
Vogon Constructor Fleet showing up this Thursday.

> There was a long time
> during which noone had ever seen a virus for Linux, but most people
> were
> wise enough to recognize that it was not a matter of immunity, but a
> matter of time.

Linux is not secure by nature, and by default enables many many
services, each of which is an attack vector. No one was ever
surprised to see attacks on Linux, and even then, the occurrence of
viruses is so small, I can't actually verify any exist. There are
rootkits, trojans, and exploits, but anti-virus won't help you with
those anyway. How many BSD viruses are there? The only quote I can
find that is not from someone with a product to seel is from Dr. Nic
Peeling and Dr. Julian Satchell's ANALYSIS OF THE IMPACT OF OPEN
SOURCE SOFTWARE which contains the following:

     "There are about 60,000 viruses known for Windows, 40 or so
     for the Macintosh, about 5 for commercial Unix versions, and
     perhaps 40 for Linux. Most of the Windows viruses are not
     important, but many hundreds have caused widespread damage.
     Two or three of the Macintosh viruses were widespread enough
     to be of importance. None of the Unix or Linux viruses became
     widespread - most were confined to the laboratory."

By "Macintosh" they are referring to pre-OS X, and most if no all of
those won't work at all on OS X, even under Classic.

(And please note, an exploit is not a virus unless the exploit can be
spread from machine to machine, automatically.)

> Sure, the odds are good that even if you don't run anti-virus
> software,
> you'll be fine in the near term.

Where near term is a length of time that exceeds the average life-
span of a Macintosh.

> The problem is that for a lot of people the odds aren't good enough.

A lot of people have been trained to live in fear and expectation
that "viruses are part of computers". This is not true, but is MSFT
and Virus Vendors FUD.

And this ignores the key fact that is so often ignored about anti-
virus software and which makes running it on a a Mac truly silly:

     Anti-Virus software is REACTIVE.

That is, it can't do anything about a virus it's never seen, and
since it's never seen an OS X virus, it can't protect you AT ALL from
any potential mythical OS X virus that may come down the line,
however unlikely that is. And since it can't protect you, it seems
like a waste of perfectly good money to pay some FUD spreading
markedroids money for software that does nothing but possibly help
out the 95% of people out there who run an inferior OS riddled with
tens of thousands of viruses, exploits, root kits, and trojans.

[OK, last post on the generalities of viruses, etc. in this thread. -Adam]


On 6/22/05 06:53, "Google Kreme" <gkremegmail.com> wrote:

>> http://securityresponse.symantec.com/avcenter/venc/data/
>> macos.mw2004.trojan.html
>
> This is not a virus at all, it is a trojan, an application which is
> clearly an application to all but the most casual inspection (it has
> a custom icon, but it is an executable file and shows up as such).
> This is equivalent to having a .exe on Windows in default
> configuration where it doesn't show the extension. Ant no anti-virus
> will protect you from this type of 'attack' even if it can alert you
> to one specific application, after the fact.

Actually, yes it can. The malware code is going to have a farily distinctive
binary signature that is identifiable, and from there, can be dealt with in
a number of ways. It's not like AV software looks for names like
"iamanevelvirus.app"

> So, if you are a total moron and intentionally set your machine up to
> allow anything to access it at any time, then this so-called 'virus'
> can install itself. Otherwise, it can't. And even if it installs
> itself, it can't spread. At all. In an OS X default configuration,
> in fact, this is a non-starter. Add to that that even if you ARE a
> moron and open up your machine to anything and everyone, you STILL
> have to manually install this. It can't install itself. It can't
> spread itself. It's a piece of social-engineering that relies on
> stupidity, and nothing can prevent stupidity.

It reilies on two things:

1) In OS X pre 10.4, the /Library/StartupItems folder doesn't exist, so only
requires an administrator - level, (NOT root) access to create a startup
item that runs AS root. Note that pre-Tiger, the code in
/Library/StartupItems doesn't have to be owned by root to run as root. So if
you are a non-technical user, (none of those in the Mac world), running on a
default setup, (first user created has administrator privileges) and not
running Mac OS X 10.4, you can get thoroughly rooted and never see an
authentication dialog. Not that an authentication dialog is any protection
because....

2) Pretty much any OS X user, regardless of reason or source, will, when
requested, enter in administrator credentials without a second thought.
They've been trained by Apple and a host of other installers to do that.
"Installing software requires administrator credentials". It's trivial to
fake an authentication dialog, and get a nice set of administrator
credentials. At that point, you own the box.

>
>> 2) Many OS9 viruses run just fine in emulation, where they happily
>> inflict their damage.
>
> There are not "many" OS 9 Viruses, so this statement is flat-out
> false. As far as I know, the only viruses that operate at ALL under
> OS 9 are Microsoft Macro viruses. None of the OS 7 era viruses will
> operate under Classic, or under OS 9, with the possible exception of
> the "auto-start worm", but I can't find details on that.

The QT autostart worm relied on QuickTime and was OS independent.


> These statements have equal validity. You can ignore the body of
> evidence, or you can not. If you don't ignore it, the only logical
> conclusion is that OS X is not susceptible to viruses.
>
> Until there is a proven in-the-wild virus that can spread infection
> from machine to machine it is correct to say that OS X is immune.
>
> Yes, there may at some point in the future be some extremely limited
> cases where viruses might affect some tiny fraction of installed OS X
> machines, but most OS X machines are insanely secure. And even this
> remote possibility has little more probability of occurring than the
> Vogon Constructor Fleet showing up this Thursday.

This is the hair-splitting argument I love from geeks. "If it doesn't
completely spread and propogate all on its own, it doesn't count." Trojans
are, and always have been a far greater problem than viruses, and they are,
just like "classic" virii, detectable and preventable. But a trojan that
doesn't behave in an obvious manner, just sitting there and collecting data,
running as root, and every so often dumping out a zip file to some haxx0r
site is going to cause you just as much damage as a classic virii ala Witty
or Michelangelo.

If this data includes personal data, and when the auditors come asking why
you were so vulnerable, saying "That's a trojan, not a virus, so I don't
need AV software or precautions of any kind outside of login security" is
NOT going to be the defense you want to use.

> (And please note, an exploit is not a virus unless the exploit can be
> spread from machine to machine, automatically.)

So you're saying that nothing but virii count, and that trojan propagation
is completely, 100% due to stupidty, and therefore, nothing can ever be done
about it, so we should either throw up our hands, or never install anything
that we can't first review the source on.

Splitting malware hairs like this helps no one, and is remarkably
short-sighted, especially in a business environment.

> And this ignores the key fact that is so often ignored about anti-
> virus software and which makes running it on a a Mac truly silly:
>
> Anti-Virus software is REACTIVE.
>
> That is, it can't do anything about a virus it's never seen, and
> since it's never seen an OS X virus, it can't protect you AT ALL from
> any potential mythical OS X virus that may come down the line,
> however unlikely that is. And since it can't protect you, it seems
> like a waste of perfectly good money to pay some FUD spreading
> markedroids money for software that does nothing but possibly help
> out the 95% of people out there who run an inferior OS riddled with
> tens of thousands of viruses, exploits, root kits, and trojans.

That's not correct. While AV software is most effective at preventing
attacks it knows about, it's quite capable of detecting virus - like
behavior, such as modifying files in /etc, /var, adding startup items, and
dealing with them in a user-configurable way so as to prevent problems. The
most common way is to quarantine the new/modified files and notify the user
or administrator that it's done so. The configuration can be tricky, but to
say that AV software is utterly useless unless it has the proper malware
signature is simply wrong.

joh

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com