[Mugge]

Hi guys.

I have tried out the firewall Brickhouse on my iBook, but since I didn't really knew what it was doing I tried to remove it. And forgive me for only having windows experience, but without the uninstall programs function, I fear that I have screwed something up. I simply tried to drag all the Brickhouse stuff I could find to the thash bin, but in system settings it still claims that I am using a third party firewall extension. So I can't change the settings in OS X

Does anyone know how to help. Please

[Kickaha]

Basic advice: if you use an installer to install, uninstall the same way. If no uninstall is provided, there's a sneaky way you can find out what the list of files installed was. See below.

Generally, if you dragged the file to your hard drive, you can drag it to the trash to get rid of it, but sometimes some files will still be hanging around (prefs and such). Try the following: In the Finder, go the File menu, then down to Find (or hit Cmd-F). Select 'Local disks' from the pop up at the top, then in the search region select 'Name' from the pop up there. Make sure the second pop up says 'contains' and type the name of your app in the text box. Hit return. You'll get a new window with a list of hits. Select the ones you want to get rid of, and drag them to the Trash. They won't disappear from that window, but their paths will now show them to be in the Trash. This is a fast way to find a bunch of files.

Sneaky way: The global Library on your machine (top level of your drive) has a folder in it named Receipts. Every time you install an app using the Apple Installer, a new entry is made in that folder that holds information about what was installed, where, when, and by who. Look in there and find the receipt for what you just installed. It has the same name as the package you installed. Right-click or ctrl-click on the receipt, and select 'Show package contents...' from the contextual menu.
There will be a folder named Contents, and inside that, one named Resources. In there, you'll see a file named Archive.bom. That's the list of all files. It's in a gobbeldy-gook format though. Open a Terminal window and type 'lsbom -s' without quotes, then drop the Archive.bom file onto the window. Hit return after the full path to the archive file gets entered. A list of files will flash by, those were all the ones installed. Proceed to delete them.

Or, you can use Pacifist, an app that inspects these receipts for you and provides a nice GUI. I find my way is faster though, but I'm a command line monkey from way back.

[ast3r3x]

REALLY dirty way...

Have you tried restarting? If you trashed some of the files, you could restart and it might not be able to start up the firewall.

[Paul]

I would re-download brickhouse and remove any rules you have for the app and make sure that it is disabled for every network interface on your machine (all the "tabs" at the top of the window below the toolbar). You should then be able to use the built-in firewall without any trouble

[SonOfSylvanus]

Thanks for the tips on using Pacifist Kickaha. That lil app looks useful

[Mugge]

Thanks Kickaha!

The reciepts folder wasn't a succes. But it led me to look in the startup items folder, and see there it was that bugger

Now I can control my firewall settings again. But about this firewall stuff. Can I make do with the built in, or does anyone have some recommendations on third party firewalls.

And now we are at it. What about spyware ?

[morningstarrising]

Mac spyware? never heard of it. lol

[ast3r3x]

Just get a nice router.

[SonOfSylvanus]

In MacLand we live in a state of perpetual complacency, yet when we deign to think of such WinWorld mainstays as firewalls *snort*, we're usually pretty happy maintaining the one built-in to OSX.

[Mugge]

Ah yes. I've encountered this attitude elsewhere in Macland too.

But my stand point is that NO system is perfectly safe. I have AV from .mac and the built-in firewall from OS X, but I'd like something a little more definitive, and some way of scanning my iBook from possible malware. I do, however, have a router. But that only helps me at home.

My windows PC might be an easy target for malware. But because I've got the right tools to guard it, no harm ever comes to it.

I'd like to think the same for my iBook.

[Paul]

well, aside from temporarily checking your activity monitor for weird apps that take up a lot of cpu %age, download and install apps directly from the developer, and lurk on mac-centric forums such as these... you are as safe as you can get right now...

read this http://daringfireball.net/2004/06/broken_windows for more info on why...

basically... "the mac web" is your spyware detection software... when there is an app that will do it, we will be going crazy over it... I can guarantee that!

[Brad]

You do realize how most malware/spyware scanners for Windows work, right? They include a list of known programs and where they keep their files and then scan your drive, searching for those specific files.

Since there are zero known spyware programs for Mac OS X, it is only fitting that there are no utilities that scan for it.

Now, if you'd be interested in buying a bridge, I've got a deal that can't be beat!

edit: curses! Paul basically beat me to the punch.

[Mugge]

@ Brad & Paul

Daring fireball makes a good point regarding "crapware". Ok. I'll stay calm about this till I get hit the first time.

Not even a tiny li'll virus? Well, Virex is quite vexing. It allways shows up on my desktop at startup, instead of just running in hiding. Should I hurl it? It really goes against my instincts, and Virex was one of my main reasons for getting a .mac subsciption.

I'll consider the firewall issue a little further...

Damn! Windows has either made me paranoid, or you guys are complacent like hell

But I trust my Amiga. Cause it dosen't have a modem

[Brad]

Virex currently serves three purposes at the moment:

1. Protect you from the 50 or so old "Classic Mac OS" viruses.
2. Make you a "good neighbor" on the network.
3. Give you a warm fuzzy feeling of security.

1. There were a handful of viruses created for the older systems before Mac OS X. Many of them were benign and non-destructive, but they were viruses nonetheless. Before you get too worried, now, compare this to the tens of thousands of viruses currently in circulation for Windows. These old Mac viruses are very rare today and would only affect old-school Mac users who still use the Classic environment.

2. Virex doesn't just check for Mac viruses; it checks for Windows viruses too! Say you're on a network where you pass files back and forth between Windows users. If you get a file that's infected by a Windows virus, it won't do anything to you. However, Virex can clean it up so you won't spread the infection when you send the file back out to someone else.

3. Nuf said.

This is, of course, not to say that Mac users are forever immune. There have been two (that I can recall) vulnerabilities discovered with Mac OS X. One dealt with cookies in Safari and one dealt with the system's handling of special URLs. Both of them were promptly patched up in the next update and neither were exploited (to the best of my knowledge). Bugs and holes are probably still out there. Macs just aren't a big enough target yet to warrant the effort of finding them.

I'm far from complacent. I'm actually one of those folks that perform voodoo rituals around system updates to make sure everything goes smoothly. I'm the guy that runs NAV, spybot, and Ad-aware on all of my PCs routinely. I am realistic, though, when it comes to issues like this on my Macs.

What do I do to "protect" myself?

I think about what I download. In Windowsland, my experience is that malware is usually attached to the software titles that have a shady purpose or are too good to be true. Kazaa ring a bell? Big "Duh!" right there. While I've never actually encountered malware on my Macs, this is still a pretty obvious commonsense preventative tactic for anyone anywhere.

If I ever come across software in a package (which is exceedingly rare these days), I pull it apart with Pacifist first to see what's going where. Most of the time the whole package deal is an unnecessary step the developer took to make installing "easier" (what's not easy enough about drag and drop, though? I don't know).

For the ultra-paranoid, there's a program called Little Snitch that acts like Zone Alarm Pro on Windows. It can monitor and alert you when any application attempts to access the network. This can be good for blocking apps that "phone home" or poll a server for version checking.

[Mugge]

@Brad

1. Yeah. I guess that need to be done.

2. Good point! I didn't know it bothered with windows vira.

3. Just wanted to extend that fuzzy feeling to regarding hackers and malware authors aswell. But I think that you guys have managed to calm me down now. Pacifist and Little Snitch looks like great apps. I've got them bookmarked.

I don't use shady software such as Kazaa, and I can see we use the same measures to protect our windows machines too

So now, I'd just like to thank all you guys for answering all my questions so nicely Thanks!

[morningstarrising]

Yeah, don't worry about that stuff till Apple has 10% of the market share..

[Franz Josef]

Thanks Brad. Found your comments on Virex helpful.

[thuh Freak]

Quote:

Originally Posted by morningstarrising Yeah, don't worry about that stuff till Apple has 10% of the market share..

i'm not so sure that market share is the only reason we're safe on the mac side. apache is the most popular web server, but its not exploited as often or as severely as IIS (microsoft's web server). i think MS just produces insecure software.

[Mugge]

I've just read somewhere. I can't remember where. Here follows a short summary by my memory of the article:

That a reason also could be that windows used to be a single user system. Hence all users where assumed to have admin permissions. Then lazy programmers assumed the same, and now many apps only run on admin accounts. Wich is what most Windows users have, so generally it's not a problem. Exept for the malware creeping in.

When MS tried to do a little to help this issue in SP2 for XP, many apps didn't work anymore, and people blamed MS. Most cooperate Windows environments don't allow their users to be admins, hence they don't have this problem. Guess they don't use the admin only apps in question.

UNIX systems on the other hand allways had a permissions system, so installing spyware by accident, or by a it self. Can hardy happen without permission from the admin. And that should be why OS X is more safe. Marketshare doesn't have any importance in this explaination.

I think it sounds like a nice explaination

[thuh Freak]

Yep, Mugge, you got that much right. Though its not the only reason for the failure of MS' software, it is one of the many. My point was only that lack of market share doesn't relate, in and of itself, to safety. Having a tiny market share can't hurt (since less volume of users probably correlates to less volume of black hats), and big market share doesn't necessarily scale up to large amount of security problems as one might expect.