An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 1 of 6 1 2 3 4 5 6
Antivirus and copy conflict
#40263 05/05/16 12:45 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
I got Sophos because my web hoster recommeded I get an antiviris. I've been using Sophos (who they recommended), and it was going ok, but now is conflicting with scheduled copies of Super Duper, which I've been using for years. SD says Sophos puts an error message on the offending email, and hence SD wont finish the copy.

I've contacted Sophos and there is nothing they can do.

So I have to now manually delete the bad email to get copies to work. Real tedious.

SD (and others) have said bail on silly antivirus. I would like to! The only reason I got on board again is because of this incident from 2 years ago or so. Any advice? Thanks.









From a couple of years ago:

Our systems have alerted us that on 12/25/2013 malicious IP addresses in Russia & - an IP address in Belarus) logged into the FTP account and uploaded malicious files.


We've removed the files from the account. The FTP password for the account has been changed to:

As a precuation, your wordpress passwords have been disabled. You can reset your wordpress passworsd by going to and clicking on 'Lost your password?'


This means that either the FTP password was easy to guess and was brute forced, or a computer that had the FTP password stored, or used the FTP account in the past, was hacked and infected with malware/trojan/viruses/keyloggers. There are a lot of known viruses and trojans in the wild that are specifically designed to steal FTP passwords stored in FTP accounts, even if they haven't been used in years.


Please scan all home, office, laptop and other computers that may have accessed that FTP account in the past or had the FTP password stored on them.

Re: Antivirus and copy conflict
kevs #40295 05/06/16 12:16 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: kevs
I got Sophos because my web hoster recommeded I get an antiviris.

... and my doctor recommended more bloodwork
... and my dealership recommended a tuneup
... and the McOrderBoy recommended I supersize my meal
... and best buy recommended the extended warranty

though not strictly an upsell in this case, you have to consider the source of "helpful suggestions". In the case of AV, it almost exclusively comes from someone with little to no mac experience. While the landscape is constantly changing, historically AV software has been more likely to cause problems than to prevent them. I've lost count of the number of times I've had to remove AV software to fix a mac.


I work for the Department of Redundancy Department
Re: Antivirus and copy conflict
kevs #40299 05/06/16 01:06 PM
Joined: Aug 2009
Likes: 5
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 5
I second what he is saying.....having Macintosh computers since their initial release in 1984, I've never had a single malware successfully establish itself on any of my platforms.

I too have seen many issues CREATED by anti-malware software "recommended/REQUIRED" to be installed by corporate IT departments as a result of blanket policies driven by their Windows installed user-base.


Freedom is never free....thank a Service member today.
Re: Antivirus and copy conflict
MacManiac #40308 05/06/16 06:22 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Virtual, boy I agree with you on the dealership. My dealer is always recommending things I don't need, but my isp -- they are specialized for photographers and very sharp guys. And they don't get anything from me being with Sophos. That's why I dug out the email to show you what happened. They say a there was a trojan that would have been prevented by an AV, no?

Where did the Trojan come from? Did I incidentally open something? Did an intern in my office put it in? I have no idea.

But was a lot of havoc...

I agree maybe it will never happen again, but you see the letter. I happened and would not have happened probably if an AV was there at that time, right? And it "could" happen again... maybe... right?

Re: Antivirus and copy conflict
kevs #40309 05/06/16 07:51 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: kevs
Virtual, boy I agree with you on the dealership. My dealer is always recommending things I don't need, but my isp -- they are specialized for photographers and very sharp guys. And they don't get anything from me being with Sophos. That's why I dug out the email to show you what happened. They say a there was a trojan that would have been prevented by an AV, no?

Where did the Trojan come from? Did I incidentally open something? Did an intern in my office put it in? I have no idea.

But was a lot of havoc...

I agree maybe it will never happen again, but you see the letter. I happened and would not have happened probably if an AV was there at that time, right? And it "could" happen again... maybe... right?


If you were running Windows, then a password-stealing Trojan is a possibility. But I'm not aware of any such Trojans targeting FTP passwords on OS X.

More likely, they just brute-forced your passwords. I have about twenty different Web sites, and I deploy some pretty formidable defenses (including adaptive firewalls and rate limiters), and I get, on average, anywhere between a couple of dozen and a few hundred attempts per day to hack my passwords. These attacks don't know or care who I am or what the Web sites are; they're totally automated.

If your FTP password is a dictionary word or a string of numbers attached to a dictionary word, it's gonna get breached, sooner or later. It's just a question of time. That's why my FTP passwords are long strings of random gibberish, like

,,<hB5%?nmK-~db7&s'llu;-=

(Not an actual password, of course, but that's what my passwords look like.)


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Antivirus and copy conflict
kevs #40310 05/06/16 07:53 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Your site host may be very sharp and knowledgable about photography, web hosting, and server based software such as wordpress, but that does not necessarily translate into knowledge of OS X.

Quote:
This means that either the FTP password was easy to guess and was brute forced,

Choosing a weak password, or breaking a password with a brute force attack has absolutely nothing nothing to do with your computer or anything on your computer. However Keychain Access and several third party applications will suggest strong passwords for your use.

Quote:
… or a computer that had the FTP password stored, or used the FTP account in the past, was hacked and infected with malware/trojan/viruses/keyloggers.

Given there has never been such a malware/virus/trojan/keylogger identified on a Mac the potentially infected computer would almost certainly have to have been a PC therefore an antivirus solution on your Mac would not have any benefit. The one known trojan for the Mac was a DNS redirector not a keyword thief and it was obviated by an OS X patch that both removed the virus and the vulnerability shortly after its discovery.

Quote:
There are a lot of known viruses and trojans in the wild that are specifically designed to steal FTP passwords stored in FTP accounts, even if they haven't been used in years.

Antivirus software can only detect known viruses from their signature or bit pattern and the only known signatures are for Windows PCs which cannot infect a Mac. Sophos and others do a good job of detecting Windows viruses contained in email or downloaded files on your Mac and can help prevent you from unwittingly passing those viruses along to your PC using friends but little to protect your Mac.

Trojans, true to the implication of their name, require your complicity and trick you into installing them on your Mac and are extremely difficult to differentiate from legitimate software installations. Your best protection is to avoid downloading software from sketchy websites or software aggregators who use their own installer which may include unwanted malware or adware in the package.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Antivirus and copy conflict
joemikeb #40311 05/06/16 08:27 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Thanks Tacit/ Joe.
What mean windows computer infected, it was my Mac that hot hit no?

And this Trojan could have come from an intern? Maybe an email attachment I accidentally opened? Maybe a software someone recommended? I have no idea... Wouldn't AV have prevented this?

Currently I get zillions of spam with attachments and Sophos is marking some with and error, (thats how Dave at SD explained it), and making some of my super duper clones abort. This is why I posted. What do you guys recommend?

Re: Antivirus and copy conflict
kevs #40313 05/06/16 11:55 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: kevs
Thanks Tacit/ Joe.
What mean windows computer infected, it was my Mac that hot hit no?

It was the site server that got hit either from a bot running on some unwary user's PC somewhere in the world or possibly being knowingly run from someone's computer somewhere in the world such as Russia or China. The odds of your Mac being hit are vanishingly small.

Originally Posted By: keys
And this Trojan could have come from an intern?


Not sure what you mean by an intern but by definition trojans have to be intentionally installed by a user of the computer. That means you would have had to download the Trojan's installer and then run the installer. Unless you have a null password you would have needed type in the administrative password to install it and assuming the right settings in Security & Privacy override OS X's reluctance to allow the install by entering your password multiple times. No AV software can protect a user from their own choices. However, as far as I know no such trojan exists or has ever existed for OS X.

Originally Posted By: kevs
Maybe an email attachment I accidentally opened? Maybe a software someone recommended? I have no idea... Wouldn't AV have prevented this?


I say again, "Antivirus software works by detecting the signature of KNOWN viruses. There are no KNOWN viruses for the Mac. Therefore an AV cannot detect Mac viruses — but it can detect Windows viruses because there are tens of thousands of known Windows viruses and variants. Windows viruses cannot infect OS X. Therefore AV software would be capable of nothing other than slowing your Mac down and causing a number of annoying problems.

Originally Posted By: keys
Currently I get zillions of spam with attachments and Sophos is marking some with and error, (thats how Dave at SD explained it), and making some of my super duper clones abort. This is why I posted. What do you guys recommend?

Those messages may be virus infected or they may be false positives. In either case they would be Windows viruses not OS X viruses. I run barefoot so I don't know how Sophos works but typically you can set AV software to move the suspected file to a Quarantine folder. Once it is there you have several options…
  1. Exempt the Quarantine folder from SD backups so you should then be able to complete an SD backup.
  2. Simply delete the suspected file. If it is something you need, contact the originator and ask them to send you a clean copy of the file.
  3. Most AV softrware will identify the specific virus it has detected. Go to the AV vendors web site and look up the virus and determine if it is a Windows virus or an OS X virus. Then you can make an informed decision on where to go from there (If it is a Windows virus the primary risk is in passing the infected file to a PC user thus earning their animosity, but your Mac is safe
  4. If the file is sufficiently important and you cannot get a clean copy you may be able to get software from Sophos to disinfect the file that will run on a Mac. Of course that involves more money.
Asking what I/we do is a legitimate question. As I mentioned, I run barefoot — that is without AV software. Occasionally I scan for adware and other not-quite-malware using MalwareBytes anti-Malware. I use a reasonably strong password can actually remember, keep System Preferences ➯ Security & Privacy ➯ Allow apps downloaded from: set to [i]Mac App Store and identified developers[i], avoid sketchy web sites and software aggregators, keep OS X, Java, and Flash rigorously up to date. Keep my ear to the ground for warnings of actual Apple (OS X and iOS) viruses in case one appears and I have to bite the bullet and get antivirus software.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Antivirus and copy conflict
joemikeb #40315 05/07/16 01:39 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Thanks Joe, when my isp says: Our systems have alerted us that on 12/25/2013 malicious IP addresses in Russia & - an IP address in Belarus) logged into the FTP account and uploaded malicious files.We've removed the files from the account. The FTP password for the account has been changed to"

They are talking about my computer account right? Not some server I have nothing to do with. They are placing the blame on my shoulders...

But... you are saying they don't know what they are talking about? (and while they are smart, maybe you are smarter..).

They definitely blamed this on me, my weak password or what not, and demanded I got Sophos so as they don't have to save my ass in the future.

Their analysis was wrong? It's hard to get my head around it.

Ironically Sophos was driving me crazy for a year, asking every day or so if I wanted to clean up a threat (always a trojan attachment coming in from spam) I would go to Quarantine manager and clean up the threat). And enormous amounts of work and help from one of their top techs. I was able to have them clean up these threats without bothering me or me going to Qaurentine manager. Then this stuff started happening with the conflict with Super Duper. So maybe that's related?

Someone suggested elsewhere I try Avast or one other AV to see if it does not conflict with SD. But you advice would probably be to go barefoot, which is what I had breen doing for 10 years until I got that email from the isp, after I could not get into my blog. I'm open to bailing totally, but I probably would not tell the isp for awhile.

Re: Antivirus and copy conflict
kevs #40331 05/07/16 03:43 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: kevs
Thanks Joe, when my isp says: Our systems have alerted us that on 12/25/2013 malicious IP addresses in Russia & - an IP address in Belarus) logged into the FTP account and uploaded malicious files.We've removed the files from the account. The FTP password for the account has been changed to"

They are talking about my computer account right? Not some server I have nothing to do with.

You are misconstruing the message from your ISP. They are talking about logging onto your account ON THEIR SERVER not your user account on your Mac.
Originally Posted By: keys
They are placing the blame on my shoulders…

They are not placing blame on your shoulders. They are placing blame on the owners of the computers in Belarus.
Originally Posted By: keys
But… you are saying they don't know what they are talking about? (and while they are smart, maybe you are smarter..).

They definitely blamed this on me, my weak password or what not, and demanded I got Sophos so as they don't have to save my ass in the future.

Their analysis was wrong? It's hard to get my head around it.

This thread has gotten tangled and there have been misinterpretations and misunderstandings. In the first place assigning blame is a pointless exercise that accomplishes nothing. Are your ISP (Internet Service Provider) and web site host one in the same or separate entities? From your comments I find it has been difficult to keep straight what is coming from your ISP, your web host, and Shirtpocket software (the vendor of Super Duper.) This post has been helpful in sorting all that out.

What I am sure of is whoever is demanding you get Sophos does hot have a full grasp or understanding of the current state of the Macintosh vis-a-vis security and viruses.
Originally Posted By: keys
Ironically Sophos was driving me crazy for a year, asking every day or so if I wanted to clean up a threat (always a trojan attachment coming in from spam) I would go to Quarantine manager and clean up the threat). And enormous amounts of work and help from one of their top techs. I was able to have them clean up these threats without bothering me or me going to Quarantine manager.

Did you ever sort out what kinds of malware were showing up in Quarantine manager? Ie. were they windows viruses or some other kind of virus? If they are Windows viruses and you are not posting the files on your blog or otherwise risking infecting Windows computers then why do you care about them? Windows viruses cannot infect your Mac.
Originally Posted By: keys
Then this stuff started happening with the conflict with Super Duper. So maybe that's related?

I started with Carbon Copy Cloner but switched to Super Duper when it came out. I forget whether it was Yosemite or El Capitan that I had problems with SD and switched back to CCC. All I can say is CCC is working perfectly for me now.
Originally Posted By: keys
Someone suggested elsewhere I try Avast or one other AV to see if it does not conflict with SD. But you advice would probably be to go barefoot, which is what I had been doing for 10 years until I got that email from the sip, after I could not get into my blog.

IMHO as far as AV software goes it is pretty much six of one and half a dozen of the other. But that is must my opinion.
Originally Posted By: keys
I'm open to bailing totally, but I probably would not tell the sip for awhile.

Again IMHO the software you run on your computer is none of your ISPs business.

I suspect that at least in part, the ISPs demand is a result of a misunderstanding of the original message to mean your personal computer had been hacked or infected, and subsequent miscommunication between yourself and the ISP's tech support coupled with a Windows-centric viewpoint on their end.

Rather than assuming you are being blamed as the malefactor in this scenario, there are questions you need to ask yourself why you are receiving so much virus infected traffic? Maybe you need to take another look at where you goon the internet with a more cautious/skeptical viewpoint? Maybe you need to unsubscribe from sources that consistently turn up with infected files? Perhaps rather than going to the hassle of disinfecting infected files in the quarantine folder all you need to do is delete them?


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Antivirus and copy conflict
joemikeb #40335 05/07/16 04:46 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Originally Posted By: joemikeb
I started with Carbon Copy Cloner but switched to Super Duper when it came out. I forget whether it was Yosemite or El Capitan that I had problems with SD and switched back to CCC. All I can say is CCC is working perfectly for me now.
For me, it was El Capitan. I, too, made the switch to CCC and it's also working fine for me.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Antivirus and copy conflict
joemikeb #40342 05/07/16 08:47 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Thanks Joe:
To clarify my isp is ATT, they are not involved.
Who I meant is my web hoster: the one who host my wordpress blog. Something bad happened with the blog, I think I could not log in. And they sent me that email. The implication was I was at fault. They solved the situation, created a nice new long password, and then insisted I get the AV.

But they were wrong? My computer having an AV would not have prevented what happened?

As far as Sophos goes: it's just collecting spam bad attachments/ trojans and putting them in Quarantine and asking if I want to clean the threat. Total nuisance, as without Sophos, I would just delete the spam emails and that would be the end of it. I guess the main function the AV performs is preventing me from accidentally double clicking a bad attachment? And that could happen...

But the key is this, you and others don't think having an AV would have prevented the original occurrence with the Wordpress blog and the password issue and the trojan that caused that? And if that is the case, then I will probably lean to bailing on having any AV is they are a PITA.

They gave me the impression that this was a local thing that someone who sat at my computer in my house inserted the Trojan on my computer or who knows what...

The new nuisance, and reason for the post was the new situation of Sophos making super duper clones abort.

BTW someone else mentioned CCC, I looked at them years ago but found SD much nicer and they have great customer service. What issue did you have with SD? You find CCC works just as well, interface wise, and does CCC have good support? Someone mentioned SD does not clone the OS recovery utility? Hear that?

Jon, just saw your post now about CCC, same question to you about that vs SD, and if you want to comment on AV please do. This is helping guys!


Last edited by kevs; 05/07/16 08:51 PM.
Re: Antivirus and copy conflict
kevs #40344 05/07/16 09:11 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
CCC can clone the OS X recovery partition; SuperDuper! can't. (Perhaps it's why SD dropped their price?)

I've used CCC for about 6 years, and in my experience, their customer support is outstanding.

I've never used AV and never missed it.

As far as I can make out from what you've posted, the only way you, personally, could have been at fault for that blog incident was by using an easily guessed password.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Antivirus and copy conflict
kevs #40348 05/07/16 10:16 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: kevs
Thanks Joe:
To clarify my isp is ATT, they are not involved.
Who I meant is my web hoster: the one who host my wordpress blog. Something bad happened with the blog, I think I could not log in. And they sent me that email. The implication was I was at fault. They solved the situation, created a nice new long password, and then insisted I get the AV.

But they were wrong? My computer having an AV would not have prevented what happened?


Correct.

You set up a WordPress blog. Someone got into it. There are three ways that people hack into WordPress blogs:

1. When you created the WordPress blog you did not choose a good password. They figured out the password.

2. You did not do security updates on the Wordpress blog.

3. Your Windows PC got infected with a Trojan.

You do not have a Windows PC, so that means (3) is not what happened. That leaves either 1 or 2.

They said the hackers used FTP to get in. That rules out (2). That leaves only one possibility: you did not choose a good password, so the hackers figured it out.

Note that this is not the password on your computer; it's the password you set up WordPress with.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Antivirus and copy conflict
tacit #40349 05/07/16 11:29 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Thanks Artie/ Tacit.

Boy, I'm glad I saved, and could find that email they sent me, otherwise you could never have seen in such specificity why they insisted I get Sophos. So as Joe said, they may be smart guys but not conversant with Mac or everything? And they really are pretty smart, they run the servers for a long time and even by that email write intelligently, so I trust them, even though, I was happy being AV free for years....

So I had a weak password...

I never had a Trojan as they implied in the email? Again, I keep thinking they are saying a Trojan was on my local computer and that created the window to hack the password... (I've never had a thorough discussion about it with them, they don't seem to want to waste time on past issues)

I assume Tacit you don't bother with AV either...

So the only reason to have an AV is if I"m so lame as to accidentally double click an email attachment or someone comes into my house and installs something sinister...? But in short, no one it seems who is very Mac savvy recommends bothering with AV. My web hoster would probably would still insist Sophos would have prevented it...even if I explained all this, my guess.

Now if I did keep Sophos, which I leaning to not do, I'm leaning to bail on AV altogether, is SD correct in that Sophos is labeling spam attachments as errors, and hence SD wont do the clone? And if so is there anything I could do? Or I would have to try a different AV.. Avast... etc Neither SD or Sophos had a solution to that.

BTW for wordpress, I don't remember doing security updates. I have some type of AV there I think-- some spam plugin, and I update that, and I update Wordpress, or I think it updates itself now..

CCC- SD, So if I stay with SD, and my MacHD goes haywire, and I clone back with my SD clone, the recovery partition is not there? Why not-- SD seems to be pretty robust, how could they miss what the competitor could do? Will they fix that later? And isn't that a Mac thing embedded into the OS? And couldn't one add it on later anyway or you would never ever have that again?

Re: Antivirus and copy conflict
kevs #40350 05/07/16 11:49 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Quote:
So the only reason to have an AV is if I"m so lame as to accidentally double click an email attachment or someone comes into my house and installs something sinister...?

At least one more reason: if there's malware in an email sent to you and you forward that email to a Windows user you could infect the other person's computer.

Quote:
CCC- SD, So if I stay with SD, and my MacHD goes haywire, and I clone back with my SD clone, the recovery partition is not there? Why not-- SD seems to be pretty robust, how could they miss what the competitor could do? Will they fix that later? And isn't that a Mac thing embedded into the OS? And couldn't one add it on later anyway or you would never ever have that again?

I've got no idea what coding factors allow CCC to clone the recovery partition but prevent SD from doing so, but it's been a bunch of years since the partition was introduced, and if SD can't clone it yet it doesn't look good for the future. (Note that pre-recovery partition SD was $40 shareware and CCC was donationware, and post-recovery partition SD has lowered their price to $28 while CCC has gone to $40 shareware, which I suspect is a clue.)

The recovery partition is part of an OS X install, and the only way you can get it back in a pinch is by reinstalling which is presumably less preferable than restoring from a clone.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Antivirus and copy conflict
tacit #40351 05/07/16 11:55 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
As to the blog password antivirus issue, Tacit said it all.

As to the CCC vs SD question I depend on Time Machine as my primary backup and it has proven very reliable and very flexible but Time Machine Versus clones is another thread. However I do make occasional clones of my boot drive and just so I have a nice warm fuzzy feeling in case of a near total disaster, my recovery drive as well. I had switched to SD in the past primarily because it had a "cleaner" UI and not for any performance reasons. The reasons I have gone back to CCC are — in no particular order...
  • Yosemite broke SD's ability to automatically download and install updates. Certainly not a deal breaker, but an annoyance.
  • As Artie said, CCC can copy the Recovery Partition and SD could not. That may have changed recently, but CCC has worked well enought there has been no reason to see if it has. (Copying the Recovery Partition is a deal maker for me).
  • At the time I had a problem with a failed SD clone and CCC successfully cloned the same drive
  • As both Artie and Jon indicated CCC works well and it always has.
  • The current CCC user interface is in my opinion "cleaner" than it used to be which removes my original objection to it.

By-the-way TechTool Pro 8's Pro-To-Go mode can create a bootable Recovery drive on an internal or external HD/SSD/Thumb drive but it adds one additional feature to its Recovery drive, a working copy of TechTool Pro 8 including Pro-To-Go.

Last edited by joemikeb; 05/08/16 12:04 AM. Reason: By-the-way

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Antivirus and copy conflict
joemikeb #40359 05/08/16 03:53 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Thanks guys. I have not used Tech Tool Pro for years, but I remember that nice feature of them having the hidden e drive or something. I really love the new Mac feature command R, hidden recovery, it's so fast easy to test your Mac HD.

Are Time Machines backups of bootable backups of the OS? Reading online people say it's not.. but I remember it being offered recently from Migration tool (which I did not choose), which would make it seem then it's a bootable copy.

Anyway, trying to get my head around the SD not backing up the recovery drive.

So if my Mac HD fried, and I cloned back from a SD clone, the recovery drive is not there, fine. But could I then add the recovery drive to the OS, manually and stay with what I have or do I have wipe Mac HD clean to get it as a feature? i.e. putting back in all my apps manually one at a time..?? That is the confusing part.

Re: Antivirus and copy conflict
kevs #40370 05/08/16 03:07 PM
Banned
Offline
Banned

Joined: Nov 2015
Originally Posted By: kevs


Anyway, trying to get my head around the SD not backing up the recovery drive.

So if my Mac HD fried, and I cloned back from a SD clone, the recovery drive is not there, fine. But could I then add the recovery drive to the OS, manually and stay with what I have or do I have wipe Mac HD clean to get it as a feature? i.e. putting back in all my apps manually one at a time..?? That is the confusing part.


I use SD for my weekly backups of both of my Macs, and there have been a couple of times when I have needed to do a "full" recovery from an SD clone. That is, I boot my problematic Mac to the clone, use Disk Utility (on the clone) to Erase and Format the internal SSD, and then use SD to do the restore. Given that I have both TechTool Pro and Disk Warrior, it is of little concern to me that SD cannot backup the Recovery HD partition. But, there are at least two ways of re-creating it:

1. Assuming one has the file "Install OS X "whatever OS"" (I have the file "Install OS X El Capitan" in a couple of places), one can use the excellent (and free!) utility called "Recovery Partition Creator" (http://www.macworld.com/article/2602951/...-any-drive.html). One can get it from here:

http://musings.silvertooth.us/2014/07/recovery-partition-creator-3-8/

It does work flawlessly with El Capitan.

2. After Erasing and Formatting one's internal drive, perform a fresh, "virgin" installation of the OS one uses. This will create the Recovery HD partition. Then, use Migration Assistant to "migrate"/copy stuff from the SD backup. I have also restored in that fashion too, and again it works perfectly.

Last edited by honestone; 05/08/16 03:14 PM.
Re: Antivirus and copy conflict
kevs #40372 05/08/16 04:40 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: kevs
Are Time Machines backups of bootable backups of the OS? Reading online people say it's not.. but I remember it being offered recently from Migration tool (which I did not choose), which would make it seem then it's a bootable copy.

Time Machine backups ARE NOT BOOTABLE however you can boot from a Recovery drive and then restore from a Time Machine backup. It is too long a story to go into the reasons, but I did exactly that at least three times in the last week and it always worked perfectly.
Originally Posted By: keys
So if my Mac HD fried, and I cloned back from a SD clone, the recovery drive is not there, fine. But could I then add the recovery drive to the OS, manually and stay with what I have or do I have wipe Mac HD clean to get it as a feature? i.e. putting back in all my apps manually one at a time..?? That is the confusing part.

First the recovery Drive is not part of the OS but it is installed by the OS X installer in a separate invisible volume on your boot drive. If the volume structure on the boot volume got damaged you could still boot from the Recover drive and run Disk Utility, OS X install, or Recover from a Time Machine backup. If your HD mechanism fried it would take the Recovery Drive with it. You would have to install a replacement HD, boot an internet version of Recovery Drive (handily provided by Apple) or a Recovery drive on a different drive and install the latest version of OS X which would create a new recovery drive on your new HD in the process. Then you could run migration assistant to recover your files, settings, applications, etc from either a clone or a Time Machine Backup.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Antivirus and copy conflict
joemikeb #40376 05/08/16 06:04 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Thanks Honestone/ Joe, great info.

Interesting. I never thought of using TM before as an OS backup, but if my Mac HD went sour, but was still working, you would then erase it, from the recovery drive, and then use migration assistant and bring in the last copy of the Mac HD from TM, correct flow chart?

And if the HD needed to be replaced, ( I just hired someone to put a new SSD in my laptop 2 weeks ago).. they put in a new OS, and then I did a migration from the old hardrive, but if the hardrive was fried, I would migrate from TM as well. If TM was fried for some reason or did not have recent Mac HD backups for a long time for some reason, then I would migrate from the SD clone, treating it as the "new computer", and then be able to get the recovery partition later installed by the 3rd party links listed above?

This is nice, in the past I just used TM in a limited way as I only had a 700 GB external, and exuded so much including the OS. But in this latest overhaul, I bought a new 8TB drive to replace that which has everything covered, so for first time I'll think of TM , and not SD as the emergency go to replacement for the fried Mac HD, right? not the SD external.

I'm open to CCC, but have been with SD for a long time and am ok with it.

How do you all even know that SD did not do the recovery partition? I guess I don't read the forums here enough, just out of the loop, is some newsletter you all get to let you know about these arcane things?

But this is a nice mind shifter about TM.

Re: Antivirus and copy conflict
joemikeb #40377 05/08/16 07:03 PM
Banned
Offline
Banned

Joined: Nov 2015
Originally Posted By: joemikeb
Originally Posted By: kevs
Are Time Machines backups of bootable backups of the OS? Reading online people say it's not.. but I remember it being offered recently from Migration tool (which I did not choose), which would make it seem then it's a bootable copy.

Time Machine backups ARE NOT BOOTABLE however you can boot from a Recovery drive and then restore from a Time Machine backup. It is too long a story to go into the reasons, but I did exactly that at least three times in the last week and it always worked perfectly.


CORRECT! And, that is one of the disadvantages of Time Machine backups. With SuperDuper! or Carbon Copy Cloner, one just needs to re-boot their Mac from either of those clones, and then do either a direct restore (each of those programs will first Erase (and Format?) the internal device, and then do the restore, or as I mentioned earlier, run Disk Utility from the clone to Erase and Format the internal drive, do a fresh, "virgin" installation of the OS (and making sure to get to the last used version on one's machine), boot the Mac from that freshly installed OS, and finally use Migration Assistant to "migrate"/copy stuff from the clone.

]
Originally Posted By: joemikeb
Originally Posted By: kevs
So if my Mac HD fried, and I cloned back from a SD clone, the recovery drive is not there, fine. But could I then add the recovery drive to the OS, manually and stay with what I have or do I have wipe Mac HD clean to get it as a feature? i.e. putting back in all my apps manually one at a time..?? That is the confusing part.

First the recovery Drive is not part of the OS but it is installed by the OS X installer in a separate invisible volume on your boot drive. If the volume structure on the boot volume got damaged you could still boot from the Recover drive and run Disk Utility, OS X install, or Recover from a Time Machine backup. If your HD mechanism fried it would take the Recovery Drive with it. You would have to install a replacement HD, boot an internet version of Recovery Drive (handily provided by Apple) or a Recovery drive on a different drive and install the latest version of OS X which would create a new recovery drive on your new HD in the process. Then you could run migration assistant to recover your files, settings, applications, etc from either a clone or a Time Machine Backup.


Let me state again. There are two ways of getting the Recovery HD partition back:

1. Erase and Format the internal drive, and then do a fresh, "virgin" installation of the OS. The Recovery HD partition will get created as part of that installation.

2. With the restore from SuperDuper! already complete, and assuming you have the "Install OS X "whatever OS"" file someplace, use the utility I mentioned above, Recovery Partition Creator, to re-create the Recovery HD partition.

For #1, it will be necessary to use Migration Assistant to "migrate"/copy all the necessary stuff from the backup/clone. For #2, that stuff is already there via the Restore.

Last edited by honestone; 05/08/16 07:12 PM.
Re: Antivirus and copy conflict
kevs #40378 05/08/16 07:11 PM
Banned
Offline
Banned

Joined: Nov 2015
Originally Posted By: kevs
Thanks Honestone/ Joe, great info.

Interesting. I never thought of using TM before as an OS backup, but if my Mac HD went sour, but was still working, you would then erase it, from the recovery drive, and then use migration assistant and bring in the last copy of the Mac HD from TM, correct flow chart?

And if the HD needed to be replaced, ( I just hired someone to put a new SSD in my laptop 2 weeks ago).. they put in a new OS, and then I did a migration from the old hardrive, but if the hardrive was fried, I would migrate from TM as well. If TM was fried for some reason or did not have recent Mac HD backups for a long time for some reason, then I would migrate from the SD clone, treating it as the "new computer", and then be able to get the recovery partition later installed by the 3rd party links listed above?

This is nice, in the past I just used TM in a limited way as I only had a 700 GB external, and exuded so much including the OS. But in this latest overhaul, I bought a new 8TB drive to replace that which has everything covered, so for first time I'll think of TM , and not SD as the emergency go to replacement for the fried Mac HD, right? not the SD external.

I'm open to CCC, but have been with SD for a long time and am ok with it.

How do you all even know that SD did not do the recovery partition? I guess I don't read the forums here enough, just out of the loop, is some newsletter you all get to let you know about these arcane things?

But this is a nice mind shifter about TM.


First, I had previously read about SD not backing up/cloning the Recovery HD partition, but that Carbon Copy Cloner did. Also, when I have needed to do a restore from the SD clone, I could see that the Recovery HD partition was not there.

Secondly, if one really needs the Recovery HD partition, and have it restored "automatically", then Carbon Copy Cloner is the way to go. On the other had, I myself would not need to rely on the Recovery HD partition, as 1) I have the superior disk cleanup/maintenance/repair products Tech Tool Pro and Disk Warrior, 2) I have the "Install OS X El Capitan" in at least two places on my system (and thus on my backup/clone), and 3) I can easily re-create the Recovery HD partition using the utility Recovery Partition Creator.

Third, I insure that my system (on both machines) is "lean and clean", and thus tend to rarely have issues. Of course, no matter how much care one takes for any drive (internal or external, SSD or HDD), they will eventually go bad. But, one can get prepared for that.

Last edited by honestone; 05/08/16 07:21 PM.
Re: Antivirus and copy conflict
honestone #40379 05/08/16 07:58 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Thanks Honestone, I have not used Tech Tool or Discwarrior for 8 years or so. It just seems that Mac OS has gotten much better and they are irrelevant. I have not missed them at all. Should I get one/ other or both still? I think Discwarrior was the stronger solution for Mac Hard drive issues. Discwarrior I remember not having a recovery disk, whereas I remember an "e" disc from tech tool. You need both?

That said. IF I use SD, and don't have either of those, then I'm screwed? or There is that option of booting online, but you can't do that right at crisis time?

Also, even it TM is not bootable, it can become the replacement Mac OS of choice still right? So even the SD clone does not need to be the first in the line of restoration?

Final question: I currently don't bother to save the last OS. Should I? You just go to the apple store and find El Capitan and download it and keep it on the Mac HD? Or couldn't I just do that in a crisis anyway?

Re: Antivirus and copy conflict
kevs #40380 05/08/16 09:49 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: kevs
I never had a Trojan as they implied in the email? Again, I keep thinking they are saying a Trojan was on my local computer and that created the window to hack the password... (I've never had a thorough discussion about it with them, they don't seem to want to waste time on past issues)


Correct. You never had a Trojan on your local computer.

Originally Posted By: kevs
I assume Tacit you don't bother with AV either...


Right. I do use antivirus on my Windows machines, but not on my Macs.

Originally Posted By: kevs
So the only reason to have an AV is if I"m so lame as to accidentally double click an email attachment or someone comes into my house and installs something sinister...? But in short, no one it seems who is very Mac savvy recommends bothering with AV. My web hoster would probably would still insist Sophos would have prevented it...even if I explained all this, my guess.


Yep, exactly. Having AV on your computer would not have prevented that hack, from the sound of it.

WordPress is popular because it's easy to use, but it's also the Windows 98 of Web security. There are a lot of ways to hack it, and the bad guys don't even target specific sites--they use totally automated tools that just scan thousands of sites an hour looking for weak WordPress installs and automatically hacking them. If you fail to install WordPress security updates or you use weak passwords, you will be hacked. It's only a matter of time.

Originally Posted By: kevs
BTW for wordpress, I don't remember doing security updates. I have some type of AV there I think-- some spam plugin, and I update that, and I update Wordpress, or I think it updates itself now..[/spam]

The Akismet anti-spam plugin will protect you from spam comments, also the bane of WordPress sites, but will not in any way deter hackers. For that, I recommend a three-pronged approach: use strong passwords, check for and install updates regularly, and use the free WordFence security plugin, which will make your site far more difficult to hack.

[quote=kevs]CCC- SD, So if I stay with SD, and my MacHD goes haywire, and I clone back with my SD clone, the recovery partition is not there? Why not-- SD seems to be pretty robust, how could they miss what the competitor could do? Will they fix that later? And isn't that a Mac thing embedded into the OS? And couldn't one add it on later anyway or you would never ever have that again?


I use Carbon Copy Cloner and Time Machine, myself. (I have three backup drives: two rotating backups that I make with Carbon Copy Cloner, and one large Time Machine backup. I also have a Mac server running in a remote location that I backup to using a program called CrashPlan, in case a fire burns down the house. I am paranoid about backups because I make my living with my laptop, and if I lose the data on it I'm in big trouble.)

SD doesn't seem to be as on top of operating system changes as CCC. I don't know how it handles drive recovery partitions, but I do know that since about OS X 10.7 or so, SD has steadily been getting less reliable.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Page 1 of 6 1 2 3 4 5 6

Moderated by  alternaut, dianne, dkmarsh 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.495s Queries: 65 (0.024s) Memory: 0.7500 MB (Peak: 0.9672 MB) Data Comp: Zlib Server Time: 2024-03-28 19:25:38 UTC
Valid HTML 5 and Valid CSS