This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New user several questions

First, for the automatic update interval, how is the time calculated? Is it ordinary chronological time, or is it actual computer running time. For example, if I select automatic updating for daily, with the last update having occurred at 9 AM Tuesday, will the next update happen at 9 AM Wednesday, provided the computer is not sleeping at that moment. Or will it need 24 hours of actual computer running time, which might not happen if the computer is sleeping for extended periods perhaps until several days later?

Second, I ran Sophos (9.0.8) yesterday booted from a 10.6.8 partition on an external drive. It calculated something like 1,900,000 files/folders to scan. The 10.6.8 boot volume was only around 701,000. The other volume on that drive, a 10.8.5, is around 607,000, which, if Sophos was scanning both, still comes nowhere near close to the total Sophos calculated. If I add in the internal 10.6.8 volume, the total is a figure around 2,001,000, still not the 1,900,000 I saw, but more plausible. Was it scanning all three volumes? I am very puzzled about the number of files Sophos calculated. Naturally, this scan took far longer than intended.

Finally, although I logged in to my admin user in order to run the scan, I am normally running out of a standard account for security. So, of course, there I could see that my admin user was out of bounds. But from the standard user, I ran a shell script which opened Sophos with root privileges (do shell script "/Applications/'Sophos Anti-Virus.app'/Contents/MacOS/'Sophos Anti-Virus' > /dev/null 2>&1 &" with administrator privileges) When I opened Sophos that way, I was able to see the other user, but I still got the notice that I was running using "current privileges." Not sure why that didn't disappear when opened as root, but what I wonder is, since that notice didn't disappear, if running as root will have the necessary privileges needed to scan all system files, and if anything is found, will I be able to "clean" that infection--should it really need to be cleaned? I would not like to have to log in to my admin account in order to do either of those, completely scan all system files, and clean, when necessary.

This thread was automatically locked due to age.

Parents

0 brvx over 11 years ago

"The terminology "current privileges" means that the scan runs with the same user identity and priviliges as the user who launched the GUI app. If you are running as user "Annabelle" and run the GUI, your scan would only be able to read the same files that the user "Annabelle" would be able to read. Doesn't really matter too much if "Annabelle" is a standard user or an admin user, there will be portions of the disk that "Annabelle" won't be able to read. A good example is the home directory of other users on the same machine. The permissions on a user's home directory excludes other users (even admin users) from reading their files by default."

Thanks for the much more detailed reply. (Btw, I have a reasonably good understanding of the superuser, OSX permissions and privileges to view accounts. But all that may be helpful to others reading this.) What I am trying to understand and where my confusion remains is what is the difference, if any, between running with the elevated privileges of the shell script out of my standard user and running from sudo? What you seem to be saying is that, running out of any given account, whether standard or admin, regardless of running with the elevated privileges of that shell script, will involve some limitation as to what can be scanned, and, I suppose, cleaned, as well. But note that when I run out of the shell script I am able to view and scan the other user(s), including the admin--they are no longer off limits--and that when, for example, I open Terminal from that same script I am given the same root# prompt that appears in single user mode, which is effectively as if running out of sudo.
So, again, pardon me for perhaps not getting this, what exactly are the current privileges when running from the shell script? Is that Scan with current privileges button there simply because I'm still logged in to the standard user and the UI in some dumb mannner isn't able to recognize that that button is no longer necessary, or are there any real limitations on those privileges from the shell script? I would have thought that shell script would be the equivalent of running from sudo/root. Just a different way of doing that.
Again, if you haven't done so, perhaps you may want to run that script in AppleScript (not from Terminal) from a standard account to see exactly what I'm tallking about. (If you're interested, here's a Technical Note from Apple on that https://developer.apple.com/library/mac/technotes/tn2065/_index.html)
I don't understand everything in that article, but it may give you some more insight into what Sophos does with with that script. From that article: "Bear in mind that administrator privileges allow you to change any file anywhere in the system." Seems to mean it's equivalent to running as root.
"It's the same as what will happen when you choose to elevate your priviliges with the "Authenticate and Scan All" option."
What do I do to get that option? Haven't yet seen that.
"The GUI says "Scan This Mac" and we are serious about it. That option will scan all non-network volumes. Not sure if the terminology is too confusing though."

Yeah, I think that might be confusing. It might be helpful to add a quick line there about just what it will scan, and how to scan only the boot volume, and no attached volumes, if that's all that is desired. I think most people will take This Mac to mean just the boot volume. I know I did.
I only suggested carrying this on by email if that was more convenient for you. I'm quite happy to let it remain public.
:1016087
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 brvx over 11 years ago

"The terminology "current privileges" means that the scan runs with the same user identity and priviliges as the user who launched the GUI app. If you are running as user "Annabelle" and run the GUI, your scan would only be able to read the same files that the user "Annabelle" would be able to read. Doesn't really matter too much if "Annabelle" is a standard user or an admin user, there will be portions of the disk that "Annabelle" won't be able to read. A good example is the home directory of other users on the same machine. The permissions on a user's home directory excludes other users (even admin users) from reading their files by default."

Thanks for the much more detailed reply. (Btw, I have a reasonably good understanding of the superuser, OSX permissions and privileges to view accounts. But all that may be helpful to others reading this.) What I am trying to understand and where my confusion remains is what is the difference, if any, between running with the elevated privileges of the shell script out of my standard user and running from sudo? What you seem to be saying is that, running out of any given account, whether standard or admin, regardless of running with the elevated privileges of that shell script, will involve some limitation as to what can be scanned, and, I suppose, cleaned, as well. But note that when I run out of the shell script I am able to view and scan the other user(s), including the admin--they are no longer off limits--and that when, for example, I open Terminal from that same script I am given the same root# prompt that appears in single user mode, which is effectively as if running out of sudo.
So, again, pardon me for perhaps not getting this, what exactly are the current privileges when running from the shell script? Is that Scan with current privileges button there simply because I'm still logged in to the standard user and the UI in some dumb mannner isn't able to recognize that that button is no longer necessary, or are there any real limitations on those privileges from the shell script? I would have thought that shell script would be the equivalent of running from sudo/root. Just a different way of doing that.
Again, if you haven't done so, perhaps you may want to run that script in AppleScript (not from Terminal) from a standard account to see exactly what I'm tallking about. (If you're interested, here's a Technical Note from Apple on that https://developer.apple.com/library/mac/technotes/tn2065/_index.html)
I don't understand everything in that article, but it may give you some more insight into what Sophos does with with that script. From that article: "Bear in mind that administrator privileges allow you to change any file anywhere in the system." Seems to mean it's equivalent to running as root.
"It's the same as what will happen when you choose to elevate your priviliges with the "Authenticate and Scan All" option."
What do I do to get that option? Haven't yet seen that.
"The GUI says "Scan This Mac" and we are serious about it. That option will scan all non-network volumes. Not sure if the terminology is too confusing though."

Yeah, I think that might be confusing. It might be helpful to add a quick line there about just what it will scan, and how to scan only the boot volume, and no attached volumes, if that's all that is desired. I think most people will take This Mac to mean just the boot volume. I know I did.
I only suggested carrying this on by email if that was more convenient for you. I'm quite happy to let it remain public.
:1016087
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data