|
|
Symantec Antivirus (for the Mac) LiveUpdate fails with an alert stating, “There was an error performing the update”
This occurred on a Mac OS X client workstation running Symantec AntiVirus for Mac – the Enterprise product version, not the consumer-oriented Norton AntiVirus for Mac – when attempting to run LiveUpdate.
In order to see a more helpful error message, you’d need to know to look at
/Library/Application Support/Symantec/LiveUpdate/liveupdt.log
where you’ll find the more descriptive:
"verifyCertPath(): objCertJ.buildCertPath failed to get cert path."
When I saw the above error message, it occurred to me right away that communication between the Symantec client and their servers was failing.Perhaps I might need to update a certificate by manually installing it ? The fix is easier, in fact. Update the Symantec LiveUpdate itself, which is a 4.6 MB .dmg file.
See Symantec’s article here: http://www.symantec.com/business/support/index?page=content&id=TECH154634
If you are managing your Macs centrally with Apple Remote Desktop (aka “ARD”), you can use “Send Unix command…”
to verify the LiveUpdate version on the client workstations using the following:
defaults read /Applications/Symantec\ Solutions/LiveUpdate.app/Contents/Info CFBundleGetInfoString
Using ARD, you can centrally push/distribute the updated LiveUpdate by mounting the .dmg download from Symantec, and using the package installer within.
After that, use the following command to get the client workstations to update. I suggest updating everything, rather than just (virus) definitions:
/Applications/Symantec\ Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate -liveupdatequiet YES -liveupdateautoquit YES -update LUal
The command to update definitions only is:
/Applications/Symantec\ Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate -liveupdatequiet YES -liveupdateautoquit YES -update LUdf
You can monitor some information about the update process by watching the log file (via ssh access, for example):
tail -f /Library/Application Support/Symantec/LiveUpdate/liveupdt.log
Please note that after repairing the problem (updating applying the LiveUpdate package/updating LiveUpdate itself), the update process can take a very long time ! Just let it do its thing.
Note that this problem can also occur on a Windows client where – for example -you might be trying to run LiveUpdate from a batch file or other script. See:
http://www.symantec.com/business/support/index?page=content&id=TECH167145
Note that the specific error message is the same (“verifyCertPath(): objCertJ.buildCertPath failed to get cert path”)
The most likely cause of this problem on either platform (Mac or Windows) is that the software is installed without then updating all components right away. And/or updating only virus definitions over a long period of time, without updating the program components – the the extent that the client falls too far out of date to communicate with the update server(s) correctly.
PLEASE NOTE: The following is being provided for informational purposes ONLY and should not be attempted if unless you are already familiar and comfortable with working in the Terminal. In no way is this meant to be a comprehensive method (not at all) for troubleshooting Mail.app.
When you get a spinning cursor (also known as the “spinning cursor of death” or the “spinning pinwheel of death” (SPOD) or “spinning beach-ball of death” (SBOD), this typically indicates that some task or event (internal to, for the application) is not completing – and the application (Mail) is waiting and so are you. Apple states the following about the spinning cursor: “The spinning wait cursor… is displayed automatically by the window server when an application can’t handle all of the events it receives. In general, if an app does not respond for about 2 to 4 seconds, the spinning wait cursor appears.” See http://developer.apple.com
In 10.4 and 10.5 you can use the Terminal to get the process id of Mail and then watch what files it’s accessing. As of OS X 10.5, fs_usage probably won’t give the expected result(s), and so for 10.5 and later, it’s better to use dtrace tools such as rwsnoop and opensnoop.
To look for specific mail message that might be causing the problem, try the following, using the Terminal (Applications/Utilties)
(The initial “sudo” is just to escalate privileges early, so as to avoid a delay between launching Mail and authenticating afterward and missing the output. This assumes the user (account) in question has administrative privileges).
sudo echo ''; open -a /Applications/Mail.app; sudo opensnoop | grep mbox
To see more of what Mail is accessing, try (all one one line):
sudo echo ''; open -a /Applications/Mail.app; sudo opensnoop | grep -v mds | grep -v grep | grep $(ps aux | grep [M]ail | grep -v bundle | awk '{ print $2 }')
In both cases, press ctl (control) and: c simultaneously in the Terminal to cancel the operation. Mail will still continue to run, quit it normally as desired.
Please *DO NOT DELETE ANYTHING* at all, especially while Mail is running. If necessary, force-quit Mail (see “Force Quit” in the Apple menu). However it’s best not to force-quit an application until you’re quite certain that it’s hung.
Please do not touch anything outside of the user’s Library/Mail directory, unless the problem turns out to be a 3rd-party bundle, which you should see listed as being in /Users//Library/Mail/Bundles/
Whatever you do, please make sure you have a full, known-good backup (of your Home folder at the very least in this case).
Rather than attempting to state what you might do with what you find, if you’re not sure then please contact us at the Core Solution Group to arrange to bring your Apple computer to us, or if that’s not an option we can arrange a remote support session (it’s easy to set up).
Infoworld published an article today that is a good overview – but – it should be emphasized the article is a start – and just that – seemingly geared towards those with only a beginner’s knowledge of what’s available and possible for managing Mac OS X in a centralized manner. Be it with available directory services (Microsoft’s Active Directory, or Apple’s Open Directory, and others), or where no centralized service(s) are available or an option.
See http://www.infoworld.com/t/mac-os-x/its-guide-managing-macs-in-the-os-x-lion-era-177361
Workgroup Manager is a free download from Apple, and can be used in conjunction with Mac OS X clients bound to Active Directory (beyond the scope of this post) or via dslocal (see links below). For Mac OS X 10.7 you should install the 10.7.2 version of the Server Admin tools and use the version of Workgroup Manager included with it.
http://support.apple.com/kb/DL1457
For 10.6 clients, see
http://support.apple.com/kb/DL1403
Note that you should use a version of Server Admin tools (namely, Workgroup Manager) that matches your client OS as closely as possible. For example, see
http://support.apple.com/downloads/#10.6%20server%20admin%20tools
Some additional key tools you should know about are (one is mentioned in the comments for the Infoworld article):
Munki
http://code.google.com/p/munki/
For managing software installation(s) on Mac clients
- Server: “A Munki server is simply a web server. It is nothing else. You do not need the munki tools installed on the server. It is possible to use a NAS appliance as a Munki server. You are simply setting up a filesystem on a web server for clients to access. Common choices: Mac OS X Server, a Linux Server, in other words a webserver product (i.e. Apache) running on a box with some way to get files on and off it. Good choices for transferring files to and from the munki server include file sharing via AFP, SMB or NFS”
- client: Mac OS X (client) workstation
Reposado – for hosting Apple software updates.
https://github.com/wdas/reposado
“you may use any existing web server you wish (but) Reposado… currently relies on the command-line “curl” binary to download updates from Apple’s servers. curl is available on OS X, RedHat Linux, and many other OSes, including Win32 and Win64 versions. See http://curl.haxx.se for more information.”
Apple Remote Desktop – for easy adjustment of client settings, client support (screen sharing), pushing out (Apple) package-installer compliant software installs, and more.
http://www.apple.com/remotedesktop/
dslocal mcx (client-local mcx for “Managed Client for Mac OS X”)
See http://www.afp548.com/article.php?story=using-mcx-in-the-dslocal-domain
and http://managingosx.wordpress.com/2008/02/07/mcx-dslocal-and-leopard/
Please contact the Core Solution Group if you would like to begin planning and implementation of one or more of these tools.
http://www.apple.com/stevejobs/
After much reading and thinking about the passing of Steve Jobs, the following are two of the favorite shared tidbits I came across about the man:
http://blog.pluckytree.org/2011/10/last-time-i-saw-steve-jobs.html
“…the problem with children is that they carry your heart with them. The exact phrase was, ‘It’s your heart running around outside your body.’ That’s a Steve Jobs quote.”
http://www.businessweek.com/printer/magazine/eric-schmidt-on-steve-jobs-10062011.html
Please note: If you use a PC (Personal Computer) – be it an Apple running Mac OS X or a Windows-based computer, and you live in the Pioneer Valley or Western MA and have reason to believe your computer is compromised (be it Mac OS X malware or a Windows virus or malware), please contact us to make an appointment to have your computer checked by our techs.
Update, 9/27/2011, 1:30 PM: Apple has updated their XProtect mechanism to cover the PDF exploit. See http://www.h-online.com/security/news/item/Apple-updates-malware-definition-list-to-defend-against-PDF-trojan-1350430.html
There are two new security concerns worthy of note for Apple’s Mac OS X, which may come as a surprise to some, but really shouldn’t.
First, it’s important to understand that no operating system is invulnerable, including Mac OS X.
There are in fact a growing number of pieces of malware targeting Mac OS X: Malicious software in the form of “Trojans”, ie: items that appear to be harmless while posing as something they’re not, and if installed, can put in place software that you don’t want that can take up resources and cause unapproved (and undesirable) changes to your computer’s operating system. This has been seen previously in the form of malware for Mac OS X posing as a installer for various kinds of software, some of which frankly would have to have been obtained illegally and that may still be floating about P2P (peer-to-peer) networks and dark corners of the Internet (websites that one should know full well are not trustworthy sources of software).
Two more recent items of concern are (very) recent malware (“Trojans”) that you should know about,
if you don’t already: A fake Flash installer, and a malicious PDF file. More information about them
is given a little further below.
You may be wondering what you can and should do to help keep your computer safe from malware.
Whether you’re using a Mac or a PC, one very good step you can take, is to create a non-administrator account and log in to that account for your everyday use. In OS X it’s easy enough to authenticate as a non-admin with the credentials of your admin account (username and password),and by running under a limited account, you can help to limit the damage that malware can accomplish.
However, migrating your data properly from an existing admin account to a non-admin account is beyond the scope of this post. Also, be advised that some software is written with the assumption that you are running as/under and administrator account, and – if not – either won’t install, or won’t run properly in part or in whole.
Another important security practice you should take – and I wish Apple would set as the default – is to disable
Safari’s ‘Open “safe” files after downloading’: Launch Safari and open Safari’s Preferences settings from the Safari menu, and in the first section, un-check the option at the bottom to Open “Safe” files after downloading.
If you want to feel fancy about it (or you’re already comfortable using the Terminal), another way to do this is to quit Safari and simply enter the following in a Terminal window (you can copy-paste if you like):
defaults write com.apple.Safari AutoOpenSafeDownloads -bool FALSE
(executed by pressing the Enter or Return key on your keyboard).
However, even prior to the above steps, the most important thing you can do is be careful and actively think about your online activities. Consider the site(s) you’re going to, whether you should even waste any time on software installers that you might find there, or any claims that a questionable site makes that you “need” something that they want you to download and install. Stop, and think about it. And where commercial software is concerned, if you didn’t obtain it legally, then you don’t know what else you might be getting when you unquestioningly supply your username and password to the installer you just got from obviouslyshadysite.sketch. At that point all bets are off, and this is where social-engineering will get you, if you’re not applying intelligence to how you use the Internet: Web, email, and especially P2P which can be used for legal purposes, but is very often used to distribute – or attempt to acquire – content illegally.
Adobe installers should only be obtained directly from Adobe (or purchased from reputable vendors – be it a store or online vendor), Apple software from Apple, and Microsoft (eg, Office) from Microsoft or from an established and trustworthy vendor.
Also know that Apple is taking steps to help counteract malware, with a brief explanation given at their support site, http://support.apple.com/kb/HT3662 (and the same mechanism exists in 10.7 as well)
More information about the fake-Flash installer/trojan can be found at arstechnica:
http://arstechnica.com/apple/news/2011/09/mac-trojan-pretends-to-be-flash-player-installer-to-get-in-the-door.ars
And there is more info about the malicious PDF file at f-secure.com. Note that while this
and the above fake installer might not yet have been seen extensively “in the wild” (meaning
it’s not wide-spread – yet) as always, be cautious.
http://www.f-secure.com/weblog/archives/00002241.html
There are manual removal instructions are available at F-Secure’s site, http://www.f-secure.com/v-descs/backdoor_osx_imuler_a.shtml BUT they miss a key detail where Lion/10.7 is concerned (see below):
Quoting and slightly modifying from the f-secure article:
Open Activity Monitor
Select checkvir then click Quit Process
Delete the following files:
/Users/<your_user_homefolder>/Library/LaunchAgents/checkvir
/Users/<your_user_homefolder/Library/LaunchAgents/checkvir.plist
Additional info you might need: Bear in mind that in Lion, your Library folder
is hidden by default, if you don’t see the Library folder within your home folder (In the Finder use the Go menu > Home)
you can get to it by instead choosing “Go to Folder…” (the second last item) in the Finder’s Go menu,
and typing in: ~/Library and then pressing the (highlighted in blue) Go button.
The following describes working with 10.7.1 (“Lion”) client and adding a setup for a printer that’s hosted by a Windows server, in an environment where Mac workstations are not bound to Active Directory (ie, no single-sign-on via Kerberos, no Kerberos auth for printing).
In the Add Printer dialog, choose Windows, select the domain in question,
locate the print server desired, and when asked to authenticate,
use: domain\username and the associated password.
Save to your keychain if desired (This may well be unacceptable in some settings due to security policies).
Choose the printer queue desired, and configure appropriately (pinter name, options).
When first printing to the printer, if asked to authenticate, do so again using the same
credentials as above (domain\username – and associated password).
If you skip the 2nd authentication request, the job will get spooled but fail to print (check the list for the printer in question and you’ll see a message relating to authentication failed/needed).
If you’re not working with Lion yet, you might not know that the icons in the Finder sidebar are all monochrome. It’s dull and ugly and frankly less useful – an awful choice for a UI change. Somebody at Apple thought they were being “cool” and hip but this is more like foolhardy and sickening.
Until someone comes up with a way to give us back colored icons in the Finder sidebar, here’s a workaround that I’ve come up with:
Make a new folder in your home folder (Finder Go menu > Home), and name it (for example): MyNav
Place shortcuts for your favorite folders in there: Go to the original folder you want to list in MyNav folder, click it and hold (keep holding down the mouse or trackpad button) and right after you start dragging the (original) folder, simultaneously hold down the command (aka “Apple”) and option keys, and drag the folder to the MyNav folder, and let go. The result will be a colorful alias of your source folder.
Add as many aliases as you like.
Next, click on/into the Finder, and open the Finder Preferences, staying in the General tab. Where it states, “New Finder windows show:”
click and drag down to “Other…” and then navigate to your Home folder with your “MyNav” folder in it, click on it and hit the “Choose” button in the lower-right.
Now anytime you open a new Finder window, there you’ll have your colored icons.
If you like, go back to the Finder preferences, and select the (check-box) option for “Always open folders in a new window” – and that way the MyNav folder will always be where you left it.
The next thing I did is go back to the Finder preferences, and in the Sidebar tab, I de-selected everything listed under “FAVORITES.”
If you open a new Finder window (and it takes you to the newly setup MyNav), and you still see some unwanted items listed under Favorites,
hold down the Command-key and click and drag the item out of the Sidebar.
Doing so has left me with Shared items still listed (which I happen to want there), and Devices.
One more handy part of this setup that I suggest – but you might not like as much. Consider it entirely optional,
since mounted drives will still show up in your Finder sidebar under Devices.
Here’s what I’ve done that you might also appreciate:
Navigate to your Home folder (for example) – the main thing is you need to select a native folder (not an alias of a folder),
and right-click on that folder – or hold the control key and click with your trackpad, or with multi-touch use a two-finger click 
Scroll down towards the bottom of the list that appears, and select “Folder Actions Setup”.
Cancel the list of options that shows up for now. In the left-hand side of the Folder Actions Setup window, click on Enable Folder Actions.
Down to the bottom-left of the dialog window, click on the + button, and then press (all at once): Shift Option G (for “Go to”)
and enter exactly the following: /Volumes
Select that folder (Volumes) in the left-hand list and then click the Open button on the right (should be highlighted in Blue).
That will bring up the list again to “Choose a Script to Attach:” and you want to select the first one listed, “add – new item alert.scpt”
The result should be a check-box for under the heading On, with the heading beside that of “Folders with Actions” and Volumes
listed below that heading. To the right of it, also selected “On” should be the Script, add – new item alert.scpt
Now, when a new drive gets mounted, you’ll get a dialog pop-up asking if you’d like to view it (or them for a drive with
multiple partitions).
This write-up is © David Haines, c/o the Core Solution Group. Redistribution or copying in any form without explicit permission is strictly forbidden.
All technology terms relating to Apple and Mac OS X (Lion or otherwise) are of course the property of Apple.
Mac OS 10.7 – Lion – are you ready and should you take the jump ?
The first and most important considerations before upgrading to Lion are the following:
If you’re thinking of updating a business-critical machine, don’t. See further down,
but we recommend against an *upgrade* install, and if this really is a critical machine for you
with business needs & revenue generation attached, it’s simply unwise to to dive into any new major OS update
right away. As the well-worn saying goes, “if it ain’t broke don’t fix it” and that could not be more true
of a machine you rely on for business purposes.
Do you have a spare Mac to use, that won’t impact your workflow in any way ?
If not, are you realistically prepared to invest significant amounts of your time for all of:
Installing Lion and getting acclimatized with it, discovering incompatibilities with your 3rd-party software and updating *where available* yet having to wait an uknown period of time before an update is released ?
Does your intended Mac for installing Lion meet the system requirements ?
http://www.apple.com/macosx/specs.html
There’s no retail (off-the shelf) installer disk(s) for Lion, instead you might want to purchase Apple’s USB-key installer – see
http://store.apple.com/us/product/MD256Z/A?
If you don’t have a brand new Mac that comes with Lion, and you want to run this latest big-cat Mac OS X,
be prepared to purchase and download the installer (approximately 3.7 GB in size !) using Apple’s App store application (10.6.6 required but 10.6.8 recommended).
So, for the download, you’ll need a high-speed internet connection. If you have a slow DSL or Satellite-based Internet connection, you might like to visit your nearest Apple store, (I suggest you call ahead and ask first of course), but word is they’ll let you use their WiFi to download the Lion installer.
But let’s take a step back: Before you do anything, run don’t walk and do a backup of your computer. Never ever hope for the best because that’s no fail-safe against the worst that might happen. Time Machine makes it easy.
Next, make sure to verify your Mac’s hard drive. You can boot from an external hard drive if you’ve created one
(beyond the scope of this write-up), and it should have a matching OS, in this case 10.6 (ideally 10.6.8),
or: Boot the install disk that came with your Mac, click through the first couple of screens until you see a Utilities menu available.
Use that to launch Disk Utility, select your Mac’s HD (hard drive) and click the verify button. If problems are found, use the Repair button. If that fails, I suggest you contact us and arrange for a more thorough check-up of your computer.
It’s also possible to use Disk Utility (found within Applications/Utilties) to verify (but not repair) your startup disk (ie: while you’re started up from it, as you typically do when using your Mac), but I strongly recommend you quit all other applications (please do),
and whatever method you choose for verifying your Mac’s HD, if it’s a laptop make sure it’s plugged in. If you have a Desktop model (Mac Mini, iMac, MacPro), a battery backup (with surge protection) is a good investment (you should already have one, for reasons also beyond the scope of this particular write-up). Even with a laptop, a decent surge-protector is a good idea.
As always, remember that as it does it’s job over time (years), a surge protector can lose its effectiveness.
Something else that you really should do before upgrading to Lion, is to check on compatibility for your critical and preferred applications, and peripherals (scanners, printers, cameras, etc.). Google is your friend, do some searching.
It’s very important to know that Classic (running OS 9 within Mac OS X) is non-existent (already true as of 10.6)
As far as printers go, it’s likely (although I’m not guaranteeing) that if your printer or scanner works in 10.6, that it will be supported in 10.7, see: http://support.apple.com/kb/HT3669
As with any major OS upgrade, you’ll need to allow for some down-time, and lost productivity. It’s new, a new environment, and many things you may be accustomed to working in a particular way will either be changed or even gone. Give yourself time to adjust and adapt !
Further recommended reading:
http://www.macworld.com/article/161064/2011/07/installing_lion_complete_guide.html?lsrc=top_3
http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars
Warning: The first link is to ZDnet, who have a history of reporting of questionable quality when it comes to being honest or accurate about anything relating to Apple. ZDnet does have a record of regularly nay-saying Apple (the company or its products) through the last two decades.
[Proceed with caution] http://www.zdnet.com/blog/bott/an-applecare-support-rep-talks-mac-malware-is-getting-worse/3342
For another, more healthy perspective, I suggest you start with http://www.wired.com/gadgetlab/2011/05/mac-malware/
For a more humorous take-down of Mr’s Bott’s nonsense, have a read of:
http://www.macworld.com/article/159995/2011/05/trolls_straw_men.html
Scroll down to/search for “Mac attacks”.
And http://daringfireball.net
Search for “Ars Technica Investigates the State of Malware on the Mac”
Note:
” I asked several Apple engineers whether any antivirus software was mandated or even recommended for Mac OS X, internally. All said no. …”
First off, contrary to what anyone tells you, Mac OS X is not invulnerable, but that does not mean it is somehow merely waiting for as many exploits to occur, as already exist (and continue to emerge) for Windows. There’s no logic in such thinking. There is nothing about Macs using Intel processors that makes them somehow more vulnerable. The only exception here is if you happen to use virtualization (Parallels, VMware, VirtualBox) to run Windows on your Mac, in which case that installation of Windows is as vulnerable as any other Windows installation.
But if marketshare is truly somehow the only defense for Mac OS X, then we would be seeing a real threat already, more than paltry number of social-engineering-based malware that does exist for Mac OS X. But here’s the rub: Regardless of what OS you use, if you go to some site and foolishly download something you know you shouldn’t (or even if you’re simply not sure !), download it, and mindlessly double-click it and enter your password – well, all bets are off, and nothing will keep your computer (use) safe.
The first thing you should do is always stop and think when anything asks for your administrator credentials. Another worthwile thing that you can do is to open Safari’s preferences (from the Safari menu), and un-click the option for “Open ‘Safe’ files after downloading” – always a good practice.
https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/
An excellent article about the most recent tempest over any-and-all-things-Apple. Users of mobile devices form other vendors should be concerned about the same issue. In this case the problem is that the data isn’t encrypted. There are indeed legitimate concerns, and Apple should absolutely release an update that encrypts this data, and gives users greater control (more granular options) over what is stored and for how long.
But it’s important to note, “it is not secret, malicious, or hidden. Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the Settings menu on their device. That does not stop the generation of these logs, however, it simply prevents applications from utilizing the APIs to access the data.”
|
|
