Why We Need Anti-Virus Software for Mac

I recently wrote a review of the excellent antivirus utility, ClamXav. I also read constant articles and hear constant debate about whether or not you need virus protection on the Mac. I used to be in the camp that says, "There are no viruses for Mac, so why use antivirus software?" But nowadays, I find myself in the other camp, the one that says, "Of course we need virus protection on the Mac, you idiot."

To be honest, I was never as cavalier as to suggest that no virus protection was ever needed on Macs. But we Mac folk are in an interesting predicament (though not as interesting as our Windows-using pals): Currently no viruses directly affect us, and antivirus software for Mac is, by and large, abhorrent. In fact, it is far more likely that your system will be adversly affected by antivirus software than it will by a virus. To wit, Norton Anti-Virus has frequently caused numerous problems on client Macintoshes I manage in my freelance duties. Moreover, many antivirus software packages install kernel extensions, which is the surest way to hose a system. Even Apple recommends against it to developers, citing kernel extensions as a last resort. I frankly don't understand why antivirus software would have need of kernel extensions, given that all it really needs to do is scan files and compare them against a list of known viruses, but apparently the Norton folks think this is important. And it's been wrecking people's systems.

So, the state of things being what they are, it's no surprise that Mac users just go, "Fuck this," and ignore the problem, or worse, deny it. I mean, what else is a poor Mac gal or fella to do?

Let me back up here and explain why I've switched camps. There are two reasons, actually. One, I work in a very heterogenous network, and I see the effect Windows viruses can have on our systems. And on our Windows admin. It's hellish. And it's a problem that, while I don't personally suffer from it, I certainly don't want to contribute to. Macs can and do spread viruses to other computers. I've seen it happen. At this point I could launch into a whole number about how we're all citizens of the internet, and how it's our responsibility to be good ones. But I won't. Instead I'll tell you my second reason for switching camps: I got a virus. Yep. Sure did. This virus (actually, I think it was a worm, but we'll treat all such programs as "viruses" for the purpose of this article) was passed to me, I believe, by a Windows user inside a Word document. Unfortunately, I needed this document, and I needed to send it back out to other Windows users. Fortunately, I had a trusty old copy of Norton Anti-Virus and an OS9-bootable system from which to do the repairs. But if I hadn't, I would not have been able to use the document. If my job had been dependent upon that document... Well, you can extrapolate. Unless you're planning on never sharing files with anyone other than Mac users -- ones who also only share files with other Mac users, by the way -- you do have to worry about viruses. Just not as much as Windows users. Here I like to paraphrase the AIDS prevention folks: When you're sharing files with someone, you're sharing files with everyone they've ever shared files with. And the internet is, like, one big, giant file-sharing orgy. Do you really want to be running around out there without a condom?

Me neither.

I don't want to get too much into the options. This is more an explaination of why we Mac kids do actually need some form of virus protection. But I will quickly tell you what I do, and why I've settled on my method. My method is the ounce of prevention method. I use ClamXav on my systems and do weekly scans. Also, using ClamXav's new "Sentry" feature, I have a few watch folders: my mail, my downloads folder, and any folder I might be sharing on my LAN. (Keep in mind here that ClamXav does not scan subfolders, for performance reasons.) This pretty much covers most of the bases. If you get ClamXav set up right, you should be in real good shape when it comes to detecting viruses. Unfortunately, ClamXav does not repair viruses. So if you already have one, or if, God forbid, one should squeak by, you'll need something to fix it. I'm lucky. I have my old OS9-Norton system. But these are becoming almost as rare as Mac viruses themselves. If you have a virus now, you should quarantine all instances of that puppy, go do some research, and find the least invasive, non-kernel extension installing antivirus repair software you can. If you can run it off the CD without installing anything, all the better. Otherwise, just wait. Yeah, you heard me. Wait. The chance that you'll get a virus is pretty slim, and it's quite likely that, by the time you do, any virus software you buy today will be out of date, obsolete, or just plain useless. So wait, and if a virus ever rears its ugly head on your system, then go buy something to fix it. Oh, I might also suggest that if the antivirus software does have to be installed on the system, you might want to use a spare firewire drive for the install, provided you have one, of course. I like to have a lean, bootable OSX system on a small firewire drive, install the antivirus software there, and boot from this drive when I have a problem. That keeps my primary boot drive clean of antivirus cruft.

So that's what I do. And that's what I think. And so far, it's worked pretty well. The only thing that kind of breaks my flow is when freelance clients freak out and install Norton AV on their systems without asking me about it first. Ever try to remove that shit? Holy Hell. Thank my lucky stars for this uninstall script, but until I found it, it was murder.

Okay, kids. Time to go put a helmet on that soldier.

Wow! Safari Update Actually Fixes Stuff

I'm not positive, but I think the latest Safari (v.2.0.1) update has fixed a truly annoying problem I noted earlier: the problem wherein Safari's main browser window would change locations after restarting the application, particularly if any secondary windows had been stacked upon it during the session. I am a stickler for my window positions, so this bugged the shit out of me. To the point where I almost switched to Firefox (which I definitely use more now, and which I always use to compose my blog posts).

Again, this appears to be fixed. In fact, not only is it fixed, but to my tastes, it's improved: the first window seems to remember where it was even after you've stacked other Safari windows upon it and then quit. The default before was to remember the last window posistion, and use that when opening the browser anew. I find the new behavior preferable because I always want my first window to be in the same place.

I'm just now trying this, so I may have to update this post in a bit with corrections. But I'm so excited about it, I couldn't wait to post. This bug's been driving me nuts.

If it's true that these fixes have been made, and if there are any Safari developer types who happen to read this, I offer you my heartiest, most sincere, big-wet-sloppy kiss.

Wonderful.

UPDATE 1: The new version of Safari also seems to have fixed the annoying scrolling bug. I'm so happy I could pee.

UPDATE 2: Now this is odd. On my Panther install, on which the Safari window placement bug was not too bad, the Safari update (v. 1.3.1) seems to have aggravated the problem. It's still not as bad as it was in the pre-update Tiger version, but opening a new window will often (though not always) cause this new Panther version of Safari to remember the second window position. Also, in both versions, the scrolling bug is not entirely fixed, but it is a lot better. I'm still, overall, quite happy with the updates, but not to the point where I don't feel the urge to suck that little bit o' pee back up into my body cavity.

Mmmm... ClamXav...

All I can say is, wow.

When I originally downloaded and installed ClamXav, I used it entirely from the command-line. Which is funny, because it's whole reason for being was to lend a GUI hand to the command-line, open source clamav engine. But ClamXav has made immense strides in the short year since its first appearance, and in it's latest incarnation, the GUI has features that totally and completely rock. Namely: Sentry.

Okay, let me back up and explain just what ClamXav is. ClamXav is virus detection software for your Mac, and it's free. That's right, free. Though the author will take donations, which I highly suggest we all go give him, so that he keeps providing this wonderful software. For free. ClamXav is basically a GUI wrapper for the open source clamav virus detection software for other UNIX systems, which has been around for some time now. ClamXav installs that engine, and provides a lovely (well, it's not the most beautiful software, but it's quite functional and easy to understand) GUI frontend that allows you to schdule virus scans, and create watch folders, among other things. One nice thing about ClamXav is that it uses standard UNIX goodness to accomplish its goals. So, for instance, when you set up the scheduler, it's just editing your user crontab. Nice. I might suggest to the author, for multi-user environments, a way to schedule scans via the global crontab as well. For now, if you want to do that, you'll have to edit /etc/crontab yourself.

I must stress here that, despite its free-ness, ClamXav, in my experience, is also the most accurate of the virus scanners. I've tried Norton, Virex, and Sophos, and they all failed to catch viruses that ClamXav was able to find. ClamXav even flagged that mp3 trojan that was floating around awhile ago. Pretty cool that it can catch viruses on a platform that hardly has any, where other software fails. In fact, it's so good, Apple now includes the clamav engine as part of the mail server In Tiger Server. If that's not a ringing endorsement, I don't know what is.

One of my major beefs with ClamXav in the past was the lack of folder watching, which to me seems pretty necessary. But the latest version has what's called a "Sentry" feature, which watches any folder you tell it to, and scans it for viruses whenever something is added to the folder. Nice. Using this to scan your mail can be tricky to set up, but it's do-able for IMAP mail in Panther (but not POP mail), and in Tiger, should be possible for all your mail (including POP, which Tiger now breaks up into individual files, instead of using one big mbox file). So that's great.

The one thing ClamXav lacks -- and will probably always lack -- that Norton AntiVirus has, is the ability to repair viruses. If you've ever had a Word file with a virus -- and God knows I have -- you know they're intractable. And what do you do if you really need that file? ClamXav cannot repair the file for you. Norton can. And that's importatnt.

My method is to use ClamXav for scanning, and NAV for repairs. I never install Norton as it always seems to break something, and is impossible to uninstall. But I keep it handy, just in case I actually do get a virus I need to cure. Hopefully, with ClamXav's new sentry feature, I'll be getting fewer and fewer viruses anyway, so it shouldn't be a big deal. You know, an ounce of prevention, and all that, right?

If you haven't tried ClamXav, I highly recommend you do so. Now. And don't give me any of that "There are no viruses for the Mac" crap. If that's your attitude towards virus protection, then please don't read this article.

Ooops. Too late.

On Another Topic Entirely...

Hey, so here's a post that has absolutely nothing to do with operating systems whatsoever. I'm so psyched.

(And yes, this will be a rant.)

First off, let me say, I'm a huge Final Cut Pro fan. I use it in my work, I teach a class in it, and I use it for personal projects. I've been using and loving it since version 1. In the school where I've worked for five years, I've managed to evangelize so effectively on the part of Final Cut, that when I started working in my department, Media 100 was the dominant editing software in my department, and now it's Final Cut across the board. I love it like an old friend. I feel that level familiarity with it. And I'm proud to be a Final Cut user.

That said, there's a feature I've been longing for in Final Cut Pro for quite some time now. I know I'm not the only one: I took a survey at some online FCP forum, god-knows-how-long ago, and it was among the top feature requests. I also spoke to someone who is a beta tester for FCP, and he also said it was a very popular feature request, and that, "It's coming." I was pretty sure that version 5 would include my feature. But after downloading a crack of the latest version (my department still has not received any software, which will be a perennial theme on this blog) I found that this feature had again managed to be excluded. What's the feature, you ask? Simple: Per-project scratch disks.

I'll explain.

When you first open Final Cut, you are prompted to choose the location of your scratch disk. The scratch disk, in case you don't know, is the place where, most importantly, all your captured media, among other things, goes. Anytime you capture from tape and digitize footage into Quicktime movie files, they go into the folder you've chosen as your scratch disk, into a subfolder named after your project. Now this is all fine and good, but file management in Final Cut -- and in video projects in general -- can be a real bitch. You've got all your project files, and you've got all these media files, and they're all over the place. This is actually true in all sorts of workflows -- graphics, web, audio, you name it. And many applications include utilities for managing media. Quark's "Collect for Output" is a good example: It takes all the media needed for a given project and puts it all into one folder for easy transport to a printer or client or wherever you may need to take it. Final Cut itself has a similar feature, the Media Manager, that allows you to do much the same thing. In fact, most programs that rely on multiple media files spread across the hard drive have some sort of media management tool. Great. I like this.

Now back to my feature request, again: per-project scratch disks. This seems to me an obvious solution to at least part of the media management problem. I tend to keep all my projects in seperate locations. Makes sense, right? You want to look at items that have something to do with your "Great Big Humongous Boil" project, say, so you go to the folder "Great Big Humongous Boil," and there it all is. But if you're using Final Cut, it's not. In fact, a significant portion of it -- perhaps the main ingredient, the video clips -- are not there. They're in the scratch folder. Now for some people this is fine. I understand the desire to keep this media seperate from the projects themselves. There's a logic to that, and it's justified. But there's also a logic to wanting to keep the media together with the project. This is clearly something Apple is aware of, that's why they give you the option to consolidate all your media using the Media Manager. But if you know you want all your media and project files stored together before you even start a project -- and I know a lot of people who do -- it would be much simpler and smarter if we had the option to decide this at the outset of any new project, and it would save a whole lot of error-prone media management after the fact. Seems to me like managing your media from the get-go is usually the best way to go if you can swing it. And, by the way, Media 100 had this option.

So Final Cut 5 is out now, and still no per-project scratch disk setting. We've got all the new, admittedly great, productivity features. The real-time capabilties alone are simply phenomenal. But it's this one, tiny, little feature that would really mean the world to me. And I can't, for the life of me, figure why, after all this time, it's been ignored. As a user I would consider it a huge boon, and as a teacher of the software it would dramatically simplify explaining the scratch disk concept. (Do you have any idea the sort of confused-puppy stares I get when I tell students, "Your Quicktime movies will get stored in this arbitrarily determined folder on such-and-such a drive, but you should store all your projects in another place?") I suppose the obvious solution is to keep your projects all in the same Final Cut Pro Documents folder that the scratch disk is set to. But what if you have projects on multiple drives? Or what if you just plain want to organize things in a way that makes sense to you, rather than in the way that Apple has deemed it best you do? Since FCP 4, I could set the key command for wiggling my big toe, but I still can't set scratch disks on a per-project basis. This level of customizability just seems so basic that I'm left scratching my head over its exclusion.

I'm no programmer, but this seems like a very simple thing to implement on Apple's part. Way easier than multiple angles and intgrated LiveType. A ten minute job. And yet, it continues to fall by the wayside.

I'm bummed.

Stupid Fucking Safari

I don't know about you, but I've had some real beefs of late with the current incarnations of Safari. One pesky problem is the fact that both the Panther and Tiger versions often have trouble loading pages: I type in a url, or open a bunch of bookmarks in tabs, and some fail to load. Safari says it can't find the site. A simple reload generally rectifies the problem, but still, it's just fucking annoying that Apple can't quite seem to get their own browser to actually load all pages every time they're requested.

The other problem I continually have, though this seems to be only in the Tiger version of Safari, is that my browser window placement is often changed after quitting and restarting the application. People who know me well know that I am a total freak about my window placement and sizing. I have window placement set up in certain ways that work very well for me, and I don't move my windows around. Ever. Having them in consistent locations with consistent sizes makes me a far more efficicient, far less bitchy, computer user. I find the moving of windows pointless and unfathomable -- you want it out of the way, hide the application or, if you must, minimize the window (though, if you've set your windows up properly, you should never, ever need to do the latter). Quit moving the windows around. It's stupid and inefficient. Can't you see that? Find a good place for them and leave them. Do you know how many times I've had users tell me that the Timeline Window in Final Cut had simply disappeared and would not come back? Guess what. They'd moved it off screen. Cut it out. There's no reason for it.

As I already said, I am a total freak. But I'm right.

In any case, as much as it pisses me off when users move their windows around, it pisses me off ten times more when they move my windows around. And as much as that pisses me off, it pisses me off a thousand times more when an application randomly and arbitrarily repositions its windows for no apparent reason. Tiger's version of Safari does this on a fairly regular basis. So much so that I'm really this close to switching to Firefox or Camino as my primary browser. And to add insult to injury, getting back your custom window position setting requires not only that you reposistion the main Safari window (which used to do the trick), but that you resize it as well.

What.

The.

Fuck?

And one last thing: What the Hell happened to the "Bookmark This Group of Tabs" feature? About a year ago, everyone was asking for this, and, I believe, the Safari developers were claiming it was just around the bend. But lately, all's been quiet on the "Bookmark This Group of Tabs" front. This is another missing feature that has me eyeing (and trying) other browsers. I'd put out a call right here right now to go bug the Safari devs to add this feature, and I'd go bug them myself, but I'll be damned if I can find a place to request a feature. Maybe it's this damn migraine that's mucking me up. Anyone know where/how to do this?

Okay. All done.