Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sophos Free A-V For Mac May Kill Time Machine Backups

Posted by timothy on from the mysteriouser-enough-already dept.

kdawson writes "Herewith the tale of the instantaneous loss of 19 months of Time Machine backup data, with the possible involvement of a fresh install of Sophos's new free Mac A-V package. Sophos support has been contacted but has not responded as of this writing."

10 of 133 comments (clear)

  1. Only if you tell it to delete them by Anonymous Coward · · Score: 1, Insightful

    As he apparently did. Perhaps it wasn't clear enough, but it's not like it just randomly did it.

    Also, backups are backups. He can just create new ones.

  2. Assuming this is true.... by 8127972 · · Score: 3, Insightful

    ... Then this is a serious hit to Sophos as they have a very good reputation. Having said that, AFAIK this is their first Mac app. So perhaps it needed more QA before release. Until more reports of this phenomenon appear, I'd reserve judgment. However it might be wise for Sophos to get out front of this issue before the spin gets out of control.

    --
    This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
    1. Re:Assuming this is true.... by baddaybeav · · Score: 3, Insightful

      we've used the business side of it for over a year, major performance headaches... as to the time machine part, if my memory serves, time machine creates one large file (like tar, but a lot more advanced) it saw the "virus" in the one large file, didn't differentiate that and deleted what it saw as the "file containing the bad stuff" now that he's written data to the drive he's lost any good chance at recovery... I guess we'll need a time machine time machine soon.

    2. Re:Assuming this is true.... by uglyduckling · · Score: 3, Insightful

      Blame Sophos. Sparse bundles are a key feature of the Apple filing system and really, really useful. Sophos should know all about them. This would be akin to a Linux AV that could look inside .tar.gz files but would nuke the whole archive if one file inside was questionable, without making that absoluely clear to the user.

  3. Re:combo of bad apple, bad sophos, and stupid user by Anonymous Coward · · Score: 1, Insightful

    Well, it was in a way, AV software is a braindead solution to a problem that shouldn't exist. Use only properly signed software from trusted sources in a secure platform, that's a real solution.

    So.. You are never allowed to download something and try it out, unless it's from a trusted source. Exactly how are normal people supposed to get their programs into said trusted sources? Should we perhaps have an "app store" for all software, putting a few large entities in control of what is acceptable or not?

    I also enjoy your naive belief that virus can only spread by downloading and running infected code. This is not 1989. Comprimosed web pages, exploitng holes in browsers and browser add-ons, infected non-executable files exploitng holes in applications, and autonomous worms exploiting holes in networked applications and operating systems, are by far the biggest infection vector, for all platforms.

    You probably consider running OpenBSD with the minimum number of activated services, pf configured for maximum security, and an external firewall between your system and the internet a good and acceptable solution for everyone, but most people would disagree.

    Your solution is not a solution, any more than building customized computers that can only run a specific set of pre-installed and custom made software would be a solution.

    It is possible to go without AV software and still have a very low risk of infection, even on Windows, if you are careful. But the problem it is there to solve is a real one.

  4. Re:How does Sophos do this? by am+2k · · Score: 2, Insightful

    That's also why for quite some time my company policy has been at least two CPU cores per computer - one for the virus scanner and the OS/apps can have the rest.

    That doesn't make sense. When the scanner kicks in, the application is blocked on the open() call until the scanner is finished analyzing the file, so your second CPU does nothing, and vice versa.

  5. Re:Sophos by webmistressrachel · · Score: 2, Insightful

    If you're a government, educational institution, or a large corporation, you've definitely heard of them.

    If you're a troll on /. with no real experience working in IT, then of course you haven't heard of them.

    --
    This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
  6. Timothy by metrix007 · · Score: 1, Insightful

    Please never refer to yourself as an editor. Ever.

    --
    If you ignore ACs because they are anonymous - you're an idiot.
  7. Re:SOME GUY LOST SOME FILES by david_thornley · · Score: 2, Insightful

    It's the media effect. If we invade another country and accidentally kill a few tens of thousands of civilians, and suffer hundreds of casualties, it won't be presented as effectively as the death of the single journalist who got shot in all of this.

    Mess up a few hundred random computer dudes, and nobody may hear of it. Don't even in the slightest mess with a /. editor, or lots of people will know.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  8. It's key to read the instructions by Anonymous Coward · · Score: 1, Insightful

    If you're using Time Machine and you think it'll keep files you've deleted from your original drive around forever, you're mistaken. Time Machine focuses on staying current; if you run out of space on your Time Machine volume, it starts deleting old backups to make room for the new ones. It assumes that since you deleted it, you don't want it anymore. It'll keep it around for a while as a side effect of how it works and as a convenience, but it's not the priority.

    It also defeats the whole purpose of backing up: redundancy.

    * If something isn't in two or more places, it's not backed up.
    * If something is irreplaceable and it's not backed up, you're an idiot.
    * If you're an idiot and you lose data, too bad so sad.