On 12/04/2022 00:32, Snit wrote:
> On Apr 11, 2022 at 3:32:30 PM MST, "David Brooks" wrote
> <3025K.72189$Xa1.39569@fx10.ams1>:
>
>> On 11/04/2022 20:56, Snit wrote:
>>> On Apr 11, 2022 at 11:16:12 AM MST, "David Brooks" wrote
>>> <Pf_4K.71547$Xa1.14461@fx10.ams1>:
>>>
>>>> On 11/04/2022 11:41, Apd wrote:
>>>>> "David Brooks" wrote:
>>>>>> On 11/04/2022 01:20, Mike Easter wrote:
>>>>>>> David Brooks wrote:
>>>>>>>> I've just run another check using EasyFing and there are STILL items
>>>>>>>> from Etrecheck left active on my machine.
>>>>>>>
>>>>>>> So far, I don't think etresoft.com.etrecheck4 is a file which belongs
>>>>>>> to etrecheck.
>>>>
>>>> First, thank you for your comprehensive response.
>>>>
>>>>> IMO, these files are generated by OS components as a result of being
>>>>> used by the app. Some may be, or ought to be, cleaned up by the system
>>>>> but others are likely left in case the app is re-installed, when
>>>>> earlier data and/or settings might be wanted again.
>>>>
>>>> I don't accept that premise. Data and settings can be renewed on a
>>>> re-installation.
>>>
>>> Here is some more info on it:
>>>
>>> https://discussions.apple.com/thread/2807981
>>
>> Thanks for sharing the thread. It's good to know that you are now
>> becoming familiar with the ASC forums! :-)
>
> I did a quick search on Google and it pointed me there.
>
> I have looked there in the past. Keep in mind many of the comments are not
> from Apple and might not be accurate.

The ASC are 'users' forums.

The employed staff of Apple hardly ever comment.

Individuals can, and do, log-in and post there WITHOUT using their own
specific, personal, Apple ID. It is not a 'safe' environment and a great
source of 'fresh meat' for any baddies!

>>> It is common to leave behind files. Apps like AppCleaner seek those out, but I
>>> am not sure of their method. What you have found is AppCleaner is not perfect
>>> at doing what it seeks to do -- remove those remnants. The fact the app
>>> exists, though, is a sign that such files are left behind.
>>>
>>> If it helps, such files are more common on Windows and Linux.
>>
>> I'm not quite sure how you have got this situation topsy-turvy! :-(
>>
>> AppCleaner *DID* find the hidden files. I'd never have found them
>> without its help.
>
> Aren't some of them ones you found with EasyFind? If AppCleaner did find them
> all it seems it is doing its job well, at least in this case.

AppCleaner DID find/identify them AND remove them! My computer is
working just fine without those files which were hidden.

Let me reiterate:-

If one simply follows the recommendation of the developer, JD, and drag
EtreCheck to the trash (now known as 'Bin'!) files are left behind -
files which are hidden away from sight. Their purpose is unclear.

Do you know of anyone who could do a forensic examination of a computer?

Have you seriously considered whether or not your own iMac might have
been rendered unusable by a malicious hacker?

Something to ponder upon my friend!

--
Kind regards,
David

On 12/04/2022 08:40, David Brooks wrote:
> Individuals can, and do, log-in and post there WITHOUT using their own
> specific, personal, Apple ID.

This is one such fellow!
https://discussions.apple.com/profile/deggie/participation

But I think HE is a good guy! :-D

On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:

(snip)

> If one simply follows the recommendation of the developer, JD, and drag
> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
> files which are hidden away from sight. Their purpose is unclear.

People have explained this to you already (Apd, for one). As to "hidden
from sight", how many files on your computer does that apply to? Do you
know the "purpose" of all of them? What percentage, do you figure, could
you ascertain the "purpose" of if you bothered to check? With what is
left over, are they all automatically 'bad' because you can't understand
them? See your problem with your bogus agenda that's ridiculously easy
to spot? Your beef is your ego was wounded because you pissed the guy
off with your bullsh*t. Pretending you 'don't know why' is goofy,
Glasser-level goofy.

On 12/04/2022 15:36, Steve Carroll wrote:
> On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:
>
> (snip)
>
>> If one simply follows the recommendation of the developer, JD, and drag
>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>> files which are hidden away from sight. Their purpose is unclear.
>
> People have explained this to you already (Apd, for one). As to "hidden
> from sight", how many files on your computer does that apply to? Do you
> know the "purpose" of all of them? What percentage, do you figure, could
> you ascertain the "purpose" of if you bothered to check? With what is
> left over, are they all automatically 'bad' because you can't understand
> them? See your problem with your bogus agenda that's ridiculously easy
> to spot? Your beef is your ego was wounded because you pissed the guy
> off with your bullsh*t. Pretending you 'don't know why' is goofy,
> Glasser-level goofy.

You don't appear to recognise the danger I've tried to spell out.

Or do you? You will not, personally, download EtreCheck and run it.

On Tue, 12 Apr 2022 15:43:09 +0100, David Brooks <BDB@invalid.invalid>
wrote:

>On 12/04/2022 15:36, Steve Carroll wrote:
>> On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:
>>
>> (snip)
>>
>>> If one simply follows the recommendation of the developer, JD, and drag
>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>> files which are hidden away from sight. Their purpose is unclear.
>>
>> People have explained this to you already (Apd, for one). As to "hidden
>> from sight", how many files on your computer does that apply to? Do you
>> know the "purpose" of all of them? What percentage, do you figure, could
>> you ascertain the "purpose" of if you bothered to check? With what is
>> left over, are they all automatically 'bad' because you can't understand
>> them? See your problem with your bogus agenda that's ridiculously easy
>> to spot? Your beef is your ego was wounded because you pissed the guy
>> off with your bullsh*t. Pretending you 'don't know why' is goofy,
>> Glasser-level goofy.
>
>
>You don't appear to recognise the danger I've tried to spell out.

You don't appear to have read the post to which you replied.

On Apr 12, 2022 at 12:40:58 AM MST, "David Brooks" wrote
<e2a5K.32381$4c1.11008@fx13.ams1>:

> On 12/04/2022 00:32, Snit wrote:
>> On Apr 11, 2022 at 3:32:30 PM MST, "David Brooks" wrote
>> <3025K.72189$Xa1.39569@fx10.ams1>:
>>
>>> On 11/04/2022 20:56, Snit wrote:
>>>> On Apr 11, 2022 at 11:16:12 AM MST, "David Brooks" wrote
>>>> <Pf_4K.71547$Xa1.14461@fx10.ams1>:
>>>>
>>>>> On 11/04/2022 11:41, Apd wrote:
>>>>>> "David Brooks" wrote:
>>>>>>> On 11/04/2022 01:20, Mike Easter wrote:
>>>>>>>> David Brooks wrote:
>>>>>>>>> I've just run another check using EasyFing and there are STILL items
>>>>>>>>> from Etrecheck left active on my machine.
>>>>>>>>
>>>>>>>> So far, I don't think etresoft.com.etrecheck4 is a file which belongs
>>>>>>>> to etrecheck.
>>>>>
>>>>> First, thank you for your comprehensive response.
>>>>>
>>>>>> IMO, these files are generated by OS components as a result of being
>>>>>> used by the app. Some may be, or ought to be, cleaned up by the system
>>>>>> but others are likely left in case the app is re-installed, when
>>>>>> earlier data and/or settings might be wanted again.
>>>>>
>>>>> I don't accept that premise. Data and settings can be renewed on a
>>>>> re-installation.
>>>>
>>>> Here is some more info on it:
>>>>
>>>> https://discussions.apple.com/thread/2807981
>>>
>>> Thanks for sharing the thread. It's good to know that you are now
>>> becoming familiar with the ASC forums! :-)
>>
>> I did a quick search on Google and it pointed me there.
>>
>> I have looked there in the past. Keep in mind many of the comments are not
>> from Apple and might not be accurate.
>
> The ASC are 'users' forums.
>
> The employed staff of Apple hardly ever comment.
>
> Individuals can, and do, log-in and post there WITHOUT using their own
> specific, personal, Apple ID. It is not a 'safe' environment and a great
> source of 'fresh meat' for any baddies!

Why do you use an environment you do not consider to be safe?

>
>>>> It is common to leave behind files. Apps like AppCleaner seek those out, but I
>>>> am not sure of their method. What you have found is AppCleaner is not perfect
>>>> at doing what it seeks to do -- remove those remnants. The fact the app
>>>> exists, though, is a sign that such files are left behind.
>>>>
>>>> If it helps, such files are more common on Windows and Linux.
>>>
>>> I'm not quite sure how you have got this situation topsy-turvy! :-(
>>>
>>> AppCleaner *DID* find the hidden files. I'd never have found them
>>> without its help.
>>
>> Aren't some of them ones you found with EasyFind? If AppCleaner did find them
>> all it seems it is doing its job well, at least in this case.
>
> AppCleaner DID find/identify them AND remove them! My computer is
> working just fine without those files which were hidden.

Was it working poorly with the hidden files there?

> Let me reiterate:-
>
> If one simply follows the recommendation of the developer, JD, and drag
> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
> files which are hidden away from sight. Their purpose is unclear.

This is true of pretty much any app. The exception are ones called "Portable
apps" which are designed to be placed on thumb drives and the like and used on
any Mac. Windows and Linux have those, too.

> Do you know of anyone who could do a forensic examination of a computer?

No. And not sure what you are looking for with such an examination.

> Have you seriously considered whether or not your own iMac might have
> been rendered unusable by a malicious hacker?

I am not really concerned about that. I do run malware checks from time to
time. But not sure what this has to do with the idea of almost all apps
leaving some files behind when you remove them from the Applications folder.
>
> Something to ponder upon my friend!

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On Apr 12, 2022 at 7:43:09 AM MST, "David Brooks" wrote
<1eg5K.394224$F_q1.237911@fx01.ams1>:

> On 12/04/2022 15:36, Steve Carroll wrote:
>> On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:
>>
>> (snip)
>>
>>> If one simply follows the recommendation of the developer, JD, and drag
>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>> files which are hidden away from sight. Their purpose is unclear.
>>
>> People have explained this to you already (Apd, for one). As to "hidden
>> from sight", how many files on your computer does that apply to? Do you
>> know the "purpose" of all of them? What percentage, do you figure, could
>> you ascertain the "purpose" of if you bothered to check? With what is
>> left over, are they all automatically 'bad' because you can't understand
>> them? See your problem with your bogus agenda that's ridiculously easy
>> to spot? Your beef is your ego was wounded because you pissed the guy
>> off with your bullsh*t. Pretending you 'don't know why' is goofy,
>> Glasser-level goofy.
>
>
> You don't appear to recognise the danger I've tried to spell out.
>
> Or do you? You will not, personally, download EtreCheck and run it.

I do not understand what you see as dangerous. You seem to be focused on the
fact that EtreCheck, like pretty much all applications, leaves files behind
when you drag its application icon (application package) to the trash. But if
leaving files behind is considered a sign it is dangerous then what makes it
more dangerous than other apps that do that... which includes pretty much all
of them?

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On Tue, 12 Apr 2022 08:40:58 +0100, David Brooks <BDB@invalid.invalid>
wrote:

>The ASC are 'users' forums.
>
>The employed staff of Apple hardly ever comment.
>
>Individuals can, and do, log-in and post there WITHOUT using their own
>specific, personal, Apple ID. It is not a 'safe' environment and a great
>source of 'fresh meat' for any baddies!

Baddies...is that a technical term? I once knew an old lady who spoke
that way.

>Have you seriously considered whether or not your own iMac might have
>been rendered unusable by a malicious hacker?

Unusable would mean you're unable to use it, right? Are you thick enough
that your computer could become unusable and somehow you wouldn't know
it?

>Something to ponder upon my friend!

Sounds like you should ponder it yourself.

On 12/04/2022 17:20, Kelly Phillips wrote:
> On Tue, 12 Apr 2022 08:40:58 +0100, David Brooks <BDB@invalid.invalid>
> wrote:
>
>> The ASC are 'users' forums.
>>
>> The employed staff of Apple hardly ever comment.
>>
>> Individuals can, and do, log-in and post there WITHOUT using their own
>> specific, personal, Apple ID. It is not a 'safe' environment and a great
>> source of 'fresh meat' for any baddies!
>
> Baddies...is that a technical term? I once knew an old lady who spoke
> that way.

No, it is not a technical term.

>> Have you seriously considered whether or not your own iMac might have
>> been rendered unusable by a malicious hacker?
>
> Unusable would mean you're unable to use it, right?

That is correct.

Snit's Apple iMac is 'out of service'. It has been bricked!

> Are you thick enough
> that your computer could become unusable and somehow you wouldn't know
> it?

No. Not at all. I always persist until I have fixed things; all manner
of things, including computers.

>> Something to ponder upon my friend!
>
> Sounds like you should ponder it yourself.

Ditto! :-P

On 12/04/2022 17:20, Snit wrote:
> On Apr 12, 2022 at 7:43:09 AM MST, "David Brooks" wrote
> <1eg5K.394224$F_q1.237911@fx01.ams1>:
>
>> On 12/04/2022 15:36, Steve Carroll wrote:
>>> On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:
>>>
>>> (snip)
>>>
>>>> If one simply follows the recommendation of the developer, JD, and drag
>>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>>> files which are hidden away from sight. Their purpose is unclear.
>>>
>>> People have explained this to you already (Apd, for one). As to "hidden
>>> from sight", how many files on your computer does that apply to? Do you
>>> know the "purpose" of all of them? What percentage, do you figure, could
>>> you ascertain the "purpose" of if you bothered to check? With what is
>>> left over, are they all automatically 'bad' because you can't understand
>>> them? See your problem with your bogus agenda that's ridiculously easy
>>> to spot? Your beef is your ego was wounded because you pissed the guy
>>> off with your bullsh*t. Pretending you 'don't know why' is goofy,
>>> Glasser-level goofy.
>>
>>
>> You don't appear to recognise the danger I've tried to spell out.
>>
>> Or do you? You will not, personally, download EtreCheck and run it.
>
> I do not understand what you see as dangerous. You seem to be focused on the
> fact that EtreCheck, like pretty much all applications, leaves files behind
> when you drag its application icon (application package) to the trash. But if
> leaving files behind is considered a sign it is dangerous then what makes it
> more dangerous than other apps that do that... which includes pretty much all
> of them?

Steve Carroll has asked me more or less the same question.

I suspect that most people who download (and install?) EtreCheck LEAVE
it installed after using it.

What if ....... it thereafter provides a 'back-door' and communications
avenue for surreptitious purposes?

On 12/04/2022 17:12, Snit wrote:
> On Apr 12, 2022 at 12:40:58 AM MST, "David Brooks" wrote
> <e2a5K.32381$4c1.11008@fx13.ams1>:
>
>> On 12/04/2022 00:32, Snit wrote:
>>> On Apr 11, 2022 at 3:32:30 PM MST, "David Brooks" wrote
>>> <3025K.72189$Xa1.39569@fx10.ams1>:
>>>
>>>> On 11/04/2022 20:56, Snit wrote:
>>>>> On Apr 11, 2022 at 11:16:12 AM MST, "David Brooks" wrote
>>>>> <Pf_4K.71547$Xa1.14461@fx10.ams1>:
>>>>>
>>>>>> On 11/04/2022 11:41, Apd wrote:
>>>>>>> "David Brooks" wrote:
>>>>>>>> On 11/04/2022 01:20, Mike Easter wrote:
>>>>>>>>> David Brooks wrote:
>>>>>>>>>> I've just run another check using EasyFing and there are STILL items
>>>>>>>>>> from Etrecheck left active on my machine.
>>>>>>>>>
>>>>>>>>> So far, I don't think etresoft.com.etrecheck4 is a file which belongs
>>>>>>>>> to etrecheck.
>>>>>>
>>>>>> First, thank you for your comprehensive response.
>>>>>>
>>>>>>> IMO, these files are generated by OS components as a result of being
>>>>>>> used by the app. Some may be, or ought to be, cleaned up by the system
>>>>>>> but others are likely left in case the app is re-installed, when
>>>>>>> earlier data and/or settings might be wanted again.
>>>>>>
>>>>>> I don't accept that premise. Data and settings can be renewed on a
>>>>>> re-installation.
>>>>>
>>>>> Here is some more info on it:
>>>>>
>>>>> https://discussions.apple.com/thread/2807981
>>>>
>>>> Thanks for sharing the thread. It's good to know that you are now
>>>> becoming familiar with the ASC forums! :-)
>>>
>>> I did a quick search on Google and it pointed me there.
>>>
>>> I have looked there in the past. Keep in mind many of the comments are not
>>> from Apple and might not be accurate.
>>
>> The ASC are 'users' forums.
>>
>> The employed staff of Apple hardly ever comment.
>>
>> Individuals can, and do, log-in and post there WITHOUT using their own
>> specific, personal, Apple ID. It is not a 'safe' environment and a great
>> source of 'fresh meat' for any baddies!
>
> Why do you use an environment you do not consider to be safe?

What makes you think I DO use it?

I *DID* use it ..... looking under each and every stone!

>>>>> It is common to leave behind files. Apps like AppCleaner seek those out, but I
>>>>> am not sure of their method. What you have found is AppCleaner is not perfect
>>>>> at doing what it seeks to do -- remove those remnants. The fact the app
>>>>> exists, though, is a sign that such files are left behind.
>>>>>
>>>>> If it helps, such files are more common on Windows and Linux.
>>>>
>>>> I'm not quite sure how you have got this situation topsy-turvy! :-(
>>>>
>>>> AppCleaner *DID* find the hidden files. I'd never have found them
>>>> without its help.
>>>
>>> Aren't some of them ones you found with EasyFind? If AppCleaner did find them
>>> all it seems it is doing its job well, at least in this case.
>>
>> AppCleaner DID find/identify them AND remove them! My computer is
>> working just fine without those files which were hidden.
>
> Was it working poorly with the hidden files there?

There's no difference as far as I can tell.

>> Let me reiterate:-
>>
>> If one simply follows the recommendation of the developer, JD, and drag
>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>> files which are hidden away from sight. Their purpose is unclear.
>
> This is true of pretty much any app. The exception are ones called "Portable
> apps" which are designed to be placed on thumb drives and the like and used on
> any Mac. Windows and Linux have those, too.

You are probably right. I have no way of knowing.

>> Do you know of anyone who could do a forensic examination of a computer?
>
> No. And not sure what you are looking for with such an examination.

OK - no worries.

>> Have you seriously considered whether or not your own iMac might have
>> been rendered unusable by a malicious hacker?
>
> I am not really concerned about that. I do run malware checks from time to
> time. But not sure what this has to do with the idea of almost all apps
> leaving some files behind when you remove them from the Applications folder.

<sigh> You do *NOT* run any kind of check on your out-of-service iMac!

It *MAY* have been turned into a brick deliberately! Why not check it out?

On Apr 12, 2022 at 12:21:14 PM MST, "David Brooks" wrote
<Kik5K.57948$3b1.41612@fx14.ams1>:

> On 12/04/2022 17:20, Snit wrote:
>> On Apr 12, 2022 at 7:43:09 AM MST, "David Brooks" wrote
>> <1eg5K.394224$F_q1.237911@fx01.ams1>:
>>
>>> On 12/04/2022 15:36, Steve Carroll wrote:
>>>> On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:
>>>>
>>>> (snip)
>>>>
>>>>> If one simply follows the recommendation of the developer, JD, and drag
>>>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>>>> files which are hidden away from sight. Their purpose is unclear.
>>>>
>>>> People have explained this to you already (Apd, for one). As to "hidden
>>>> from sight", how many files on your computer does that apply to? Do you
>>>> know the "purpose" of all of them? What percentage, do you figure, could
>>>> you ascertain the "purpose" of if you bothered to check? With what is
>>>> left over, are they all automatically 'bad' because you can't understand
>>>> them? See your problem with your bogus agenda that's ridiculously easy
>>>> to spot? Your beef is your ego was wounded because you pissed the guy
>>>> off with your bullsh*t. Pretending you 'don't know why' is goofy,
>>>> Glasser-level goofy.
>>>
>>>
>>> You don't appear to recognise the danger I've tried to spell out.
>>>
>>> Or do you? You will not, personally, download EtreCheck and run it.
>>
>> I do not understand what you see as dangerous. You seem to be focused on the
>> fact that EtreCheck, like pretty much all applications, leaves files behind
>> when you drag its application icon (application package) to the trash. But if
>> leaving files behind is considered a sign it is dangerous then what makes it
>> more dangerous than other apps that do that... which includes pretty much all
>> of them?
>
> Steve Carroll has asked me more or less the same question.
>
> I suspect that most people who download (and install?) EtreCheck LEAVE
> it installed after using it.

Likely true with most apps. Ok.

> What if ....... it thereafter provides a 'back-door' and communications
> avenue for surreptitious purposes?

What if any app did that? If they did then those who use "sniffers" to see
what who computer is communicating with in the background would almost sure
find it.

But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
files it scatters about?

https://jmp.sh/qIlnlSo

Not that different then EtreCheck.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On Apr 12, 2022 at 12:29:10 PM MST, "David Brooks" wrote
<aqk5K.32383$4c1.6016@fx13.ams1>:

>>>>>>
>>>>>> Here is some more info on it:
>>>>>>
>>>>>> https://discussions.apple.com/thread/2807981
>>>>>
>>>>> Thanks for sharing the thread. It's good to know that you are now
>>>>> becoming familiar with the ASC forums! :-)
>>>>
>>>> I did a quick search on Google and it pointed me there.
>>>>
>>>> I have looked there in the past. Keep in mind many of the comments are not
>>>> from Apple and might not be accurate.
>>>
>>> The ASC are 'users' forums.
>>>
>>> The employed staff of Apple hardly ever comment.
>>>
>>> Individuals can, and do, log-in and post there WITHOUT using their own
>>> specific, personal, Apple ID. It is not a 'safe' environment and a great
>>> source of 'fresh meat' for any baddies!
>>
>> Why do you use an environment you do not consider to be safe?
>
> What makes you think I DO use it?
>
> I *DID* use it ..... looking under each and every stone!

You have even recently posted links to it. At the very least you view it
still.

>>>>>> It is common to leave behind files. Apps like AppCleaner seek those out, but I
>>>>>> am not sure of their method. What you have found is AppCleaner is not perfect
>>>>>> at doing what it seeks to do -- remove those remnants. The fact the app
>>>>>> exists, though, is a sign that such files are left behind.
>>>>>>
>>>>>> If it helps, such files are more common on Windows and Linux.
>>>>>
>>>>> I'm not quite sure how you have got this situation topsy-turvy! :-(
>>>>>
>>>>> AppCleaner *DID* find the hidden files. I'd never have found them
>>>>> without its help.
>>>>
>>>> Aren't some of them ones you found with EasyFind? If AppCleaner did find them
>>>> all it seems it is doing its job well, at least in this case.
>>>
>>> AppCleaner DID find/identify them AND remove them! My computer is
>>> working just fine without those files which were hidden.
>>
>> Was it working poorly with the hidden files there?
>
> There's no difference as far as I can tell.

Meaning no reason to think they caused any harm.

>
>>> Let me reiterate:-
>>>
>>> If one simply follows the recommendation of the developer, JD, and drag
>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>> files which are hidden away from sight. Their purpose is unclear.
>>
>> This is true of pretty much any app. The exception are ones called "Portable
>> apps" which are designed to be placed on thumb drives and the like and used on
>> any Mac. Windows and Linux have those, too.
>
> You are probably right. I have no way of knowing.

I showed this elsewhere, but this is AppCleaner's findings on itself:

https://jmp.sh/6560qrM
>
>>> Do you know of anyone who could do a forensic examination of a computer?
>>
>> No. And not sure what you are looking for with such an examination.
>
> OK - no worries.
>
>>> Have you seriously considered whether or not your own iMac might have
>>> been rendered unusable by a malicious hacker?
>>
>> I am not really concerned about that. I do run malware checks from time to
>> time. But not sure what this has to do with the idea of almost all apps
>> leaving some files behind when you remove them from the Applications folder.
>
> <sigh> You do *NOT* run any kind of check on your out-of-service iMac!

Not sure what you mean. Are you thinking of running checks on computers I do
not use and do not even boot?

> It *MAY* have been turned into a brick deliberately! Why not check it out?

Given that it does not boot what type check are you even thinking of? I have
no interest in taking it to an Apple authorized store to have it checked out
(unless they will do so for free).

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On 12/04/2022 20:36, Snit wrote:
> On Apr 12, 2022 at 12:21:14 PM MST, "David Brooks" wrote
> <Kik5K.57948$3b1.41612@fx14.ams1>:
>
>> On 12/04/2022 17:20, Snit wrote:
>>> On Apr 12, 2022 at 7:43:09 AM MST, "David Brooks" wrote
>>> <1eg5K.394224$F_q1.237911@fx01.ams1>:
>>>
>>>> On 12/04/2022 15:36, Steve Carroll wrote:
>>>>> On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:
>>>>>
>>>>> (snip)
>>>>>
>>>>>> If one simply follows the recommendation of the developer, JD, and drag
>>>>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>>>>> files which are hidden away from sight. Their purpose is unclear.
>>>>>
>>>>> People have explained this to you already (Apd, for one). As to "hidden
>>>>> from sight", how many files on your computer does that apply to? Do you
>>>>> know the "purpose" of all of them? What percentage, do you figure, could
>>>>> you ascertain the "purpose" of if you bothered to check? With what is
>>>>> left over, are they all automatically 'bad' because you can't understand
>>>>> them? See your problem with your bogus agenda that's ridiculously easy
>>>>> to spot? Your beef is your ego was wounded because you pissed the guy
>>>>> off with your bullsh*t. Pretending you 'don't know why' is goofy,
>>>>> Glasser-level goofy.
>>>>
>>>>
>>>> You don't appear to recognise the danger I've tried to spell out.
>>>>
>>>> Or do you? You will not, personally, download EtreCheck and run it.
>>>
>>> I do not understand what you see as dangerous. You seem to be focused on the
>>> fact that EtreCheck, like pretty much all applications, leaves files behind
>>> when you drag its application icon (application package) to the trash. But if
>>> leaving files behind is considered a sign it is dangerous then what makes it
>>> more dangerous than other apps that do that... which includes pretty much all
>>> of them?
>>
>> Steve Carroll has asked me more or less the same question.
>>
>> I suspect that most people who download (and install?) EtreCheck LEAVE
>> it installed after using it.
>
> Likely true with most apps. Ok.

✅

>> What if ....... it thereafter provides a 'back-door' and communications
>> avenue for surreptitious purposes?
>
> What if any app did that? If they did then those who use "sniffers" to see
> what who computer is communicating with in the background would almost sure
> find it.

I accept your point ....... but which of the naive folk asking questions
on the ASC forums, and who are recommended to install and run EtreCheck,
would have the nous to run a packet sniffer afterwards?

> But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
> files it scatters about?
>
> https://jmp.sh/qIlnlSo
>
> Not that different then EtreCheck.

Wow! That DID surprise me!

On Apr 12, 2022 at 1:02:07 PM MST, "David Brooks" wrote
<4Vk5K.32384$4c1.28120@fx13.ams1>:

> On 12/04/2022 20:36, Snit wrote:
>> On Apr 12, 2022 at 12:21:14 PM MST, "David Brooks" wrote
>> <Kik5K.57948$3b1.41612@fx14.ams1>:
>>
>>> On 12/04/2022 17:20, Snit wrote:
>>>> On Apr 12, 2022 at 7:43:09 AM MST, "David Brooks" wrote
>>>> <1eg5K.394224$F_q1.237911@fx01.ams1>:
>>>>
>>>>> On 12/04/2022 15:36, Steve Carroll wrote:
>>>>>> On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:
>>>>>>
>>>>>> (snip)
>>>>>>
>>>>>>> If one simply follows the recommendation of the developer, JD, and drag
>>>>>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>>>>>> files which are hidden away from sight. Their purpose is unclear.
>>>>>>
>>>>>> People have explained this to you already (Apd, for one). As to "hidden
>>>>>> from sight", how many files on your computer does that apply to? Do you
>>>>>> know the "purpose" of all of them? What percentage, do you figure, could
>>>>>> you ascertain the "purpose" of if you bothered to check? With what is
>>>>>> left over, are they all automatically 'bad' because you can't understand
>>>>>> them? See your problem with your bogus agenda that's ridiculously easy
>>>>>> to spot? Your beef is your ego was wounded because you pissed the guy
>>>>>> off with your bullsh*t. Pretending you 'don't know why' is goofy,
>>>>>> Glasser-level goofy.
>>>>>
>>>>>
>>>>> You don't appear to recognise the danger I've tried to spell out.
>>>>>
>>>>> Or do you? You will not, personally, download EtreCheck and run it.
>>>>
>>>> I do not understand what you see as dangerous. You seem to be focused on the
>>>> fact that EtreCheck, like pretty much all applications, leaves files behind
>>>> when you drag its application icon (application package) to the trash. But if
>>>> leaving files behind is considered a sign it is dangerous then what makes it
>>>> more dangerous than other apps that do that... which includes pretty much all
>>>> of them?
>>>
>>> Steve Carroll has asked me more or less the same question.
>>>
>>> I suspect that most people who download (and install?) EtreCheck LEAVE
>>> it installed after using it.
>>
>> Likely true with most apps. Ok.
>
> ✅
>
>>> What if ....... it thereafter provides a 'back-door' and communications
>>> avenue for surreptitious purposes?
>>
>> What if any app did that? If they did then those who use "sniffers" to see
>> what who computer is communicating with in the background would almost sure
>> find it.
>
> I accept your point ....... but which of the naive folk asking questions
> on the ASC forums, and who are recommended to install and run EtreCheck,
> would have the nous to run a packet sniffer afterwards?

I know almost nothing of the folks who use the ASC forums. Why would you
expect it to be one of the people there? I would expect it to be security
researchers and the like.

>
>> But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
>> files it scatters about?
>>
>> https://jmp.sh/qIlnlSo
>>
>> Not that different then EtreCheck.
>
> Wow! That DID surprise me!

Was not surprising to me. Try it with different apps... you will find similar
results. Here, a few examples:

Audacity: https://jmp.sh/hSkaGaA

BBEdit: https://jmp.sh/xwhzFIJ

EasyFind: https://jmp.sh/x8Z44UH

And here is an "application" I wrote. The full code, in AppleScript, is this:

https://jmp.sh/v1S510z

And what AppCleaner finds: https://jmp.sh/pF2iTef

What would be really bizarre is if an app somehow prevented such files from
being created. I do not know of any that do so, other than portable apps. To
be fair I have not looked, but given how it is the norm for macOS I would
expect exceptions to be very rare.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On 12/04/2022 20:42, Snit wrote:
> On Apr 12, 2022 at 12:29:10 PM MST, "David Brooks" wrote
> <aqk5K.32383$4c1.6016@fx13.ams1>:
>
>>>>>>>
>>>>>>> Here is some more info on it:
>>>>>>>
>>>>>>> https://discussions.apple.com/thread/2807981
>>>>>>
>>>>>> Thanks for sharing the thread. It's good to know that you are now
>>>>>> becoming familiar with the ASC forums! :-)
>>>>>
>>>>> I did a quick search on Google and it pointed me there.
>>>>>
>>>>> I have looked there in the past. Keep in mind many of the comments are not
>>>>> from Apple and might not be accurate.
>>>>
>>>> The ASC are 'users' forums.
>>>>
>>>> The employed staff of Apple hardly ever comment.
>>>>
>>>> Individuals can, and do, log-in and post there WITHOUT using their own
>>>> specific, personal, Apple ID. It is not a 'safe' environment and a great
>>>> source of 'fresh meat' for any baddies!
>>>
>>> Why do you use an environment you do not consider to be safe?
>>
>> What makes you think I DO use it?
>>
>> I *DID* use it ..... looking under each and every stone!
>
> You have even recently posted links to it. At the very least you view it
> still.

I view it daily! :-D

>>>>>>> It is common to leave behind files. Apps like AppCleaner seek those out, but I
>>>>>>> am not sure of their method. What you have found is AppCleaner is not perfect
>>>>>>> at doing what it seeks to do -- remove those remnants. The fact the app
>>>>>>> exists, though, is a sign that such files are left behind.
>>>>>>>
>>>>>>> If it helps, such files are more common on Windows and Linux.
>>>>>>
>>>>>> I'm not quite sure how you have got this situation topsy-turvy! :-(
>>>>>>
>>>>>> AppCleaner *DID* find the hidden files. I'd never have found them
>>>>>> without its help.
>>>>>
>>>>> Aren't some of them ones you found with EasyFind? If AppCleaner did find them
>>>>> all it seems it is doing its job well, at least in this case.
>>>>
>>>> AppCleaner DID find/identify them AND remove them! My computer is
>>>> working just fine without those files which were hidden.
>>>
>>> Was it working poorly with the hidden files there?
>>
>> There's no difference as far as I can tell.
>
> Meaning no reason to think they caused any harm.

No reason at all.

>>>> Let me reiterate:-
>>>>
>>>> If one simply follows the recommendation of the developer, JD, and drag
>>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>>> files which are hidden away from sight. Their purpose is unclear.
>>>
>>> This is true of pretty much any app. The exception are ones called "Portable
>>> apps" which are designed to be placed on thumb drives and the like and used on
>>> any Mac. Windows and Linux have those, too.
>>
>> You are probably right. I have no way of knowing.
>
> I showed this elsewhere, but this is AppCleaner's findings on itself:
>
> https://jmp.sh/6560qrM

I had no idea you/one could do that!

>>>> Do you know of anyone who could do a forensic examination of a computer?
>>>
>>> No. And not sure what you are looking for with such an examination.
>>
>> OK - no worries.
>>
>>>> Have you seriously considered whether or not your own iMac might have
>>>> been rendered unusable by a malicious hacker?
>>>
>>> I am not really concerned about that. I do run malware checks from time to
>>> time. But not sure what this has to do with the idea of almost all apps
>>> leaving some files behind when you remove them from the Applications folder.
>>
>> <sigh> You do *NOT* run any kind of check on your out-of-service iMac!
>
> Not sure what you mean. Are you thinking of running checks on computers I do
> not use and do not even boot?

Yes. Have the hard-drive examined for any instances of foul play.

>> It *MAY* have been turned into a brick deliberately! Why not check it out?
>
> Given that it does not boot what type check are you even thinking of? I have
> no interest in taking it to an Apple authorized store to have it checked out
> (unless they will do so for free).

Maybe they /would/ check it for free if you spin them a story that an
ex-blackhat hacker called Dustin Cook is thought to have bricked your
machine!

On Apr 12, 2022 at 1:22:26 PM MST, "David Brooks" wrote
<7cl5K.32385$4c1.24373@fx13.ams1>:

> On 12/04/2022 20:42, Snit wrote:
>> On Apr 12, 2022 at 12:29:10 PM MST, "David Brooks" wrote
>> <aqk5K.32383$4c1.6016@fx13.ams1>:
>>
>>>>>>>>
>>>>>>>> Here is some more info on it:
>>>>>>>>
>>>>>>>> https://discussions.apple.com/thread/2807981
>>>>>>>
>>>>>>> Thanks for sharing the thread. It's good to know that you are now
>>>>>>> becoming familiar with the ASC forums! :-)
>>>>>>
>>>>>> I did a quick search on Google and it pointed me there.
>>>>>>
>>>>>> I have looked there in the past. Keep in mind many of the comments are not
>>>>>> from Apple and might not be accurate.
>>>>>
>>>>> The ASC are 'users' forums.
>>>>>
>>>>> The employed staff of Apple hardly ever comment.
>>>>>
>>>>> Individuals can, and do, log-in and post there WITHOUT using their own
>>>>> specific, personal, Apple ID. It is not a 'safe' environment and a great
>>>>> source of 'fresh meat' for any baddies!
>>>>
>>>> Why do you use an environment you do not consider to be safe?
>>>
>>> What makes you think I DO use it?
>>>
>>> I *DID* use it ..... looking under each and every stone!
>>
>> You have even recently posted links to it. At the very least you view it
>> still.
>
> I view it daily! :-D

So you do use it, even if you do not post.

>
>>>>>>>> It is common to leave behind files. Apps like AppCleaner seek those out, but I
>>>>>>>> am not sure of their method. What you have found is AppCleaner is not perfect
>>>>>>>> at doing what it seeks to do -- remove those remnants. The fact the app
>>>>>>>> exists, though, is a sign that such files are left behind.
>>>>>>>>
>>>>>>>> If it helps, such files are more common on Windows and Linux.
>>>>>>>
>>>>>>> I'm not quite sure how you have got this situation topsy-turvy! :-(
>>>>>>>
>>>>>>> AppCleaner *DID* find the hidden files. I'd never have found them
>>>>>>> without its help.
>>>>>>
>>>>>> Aren't some of them ones you found with EasyFind? If AppCleaner did find them
>>>>>> all it seems it is doing its job well, at least in this case.
>>>>>
>>>>> AppCleaner DID find/identify them AND remove them! My computer is
>>>>> working just fine without those files which were hidden.
>>>>
>>>> Was it working poorly with the hidden files there?
>>>
>>> There's no difference as far as I can tell.
>>
>> Meaning no reason to think they caused any harm.
>
> No reason at all.

Fair enough.

>
>>>>> Let me reiterate:-
>>>>>
>>>>> If one simply follows the recommendation of the developer, JD, and drag
>>>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>>>> files which are hidden away from sight. Their purpose is unclear.
>>>>
>>>> This is true of pretty much any app. The exception are ones called "Portable
>>>> apps" which are designed to be placed on thumb drives and the like and used on
>>>> any Mac. Windows and Linux have those, too.
>>>
>>> You are probably right. I have no way of knowing.
>>
>> I showed this elsewhere, but this is AppCleaner's findings on itself:
>>
>> https://jmp.sh/6560qrM
>
> I had no idea you/one could do that!

I had to turn off the "protection" for running apps, since of course
AppCleaner was running when I ran it on itself. :)

>
>>>>> Do you know of anyone who could do a forensic examination of a computer?
>>>>
>>>> No. And not sure what you are looking for with such an examination.
>>>
>>> OK - no worries.
>>>
>>>>> Have you seriously considered whether or not your own iMac might have
>>>>> been rendered unusable by a malicious hacker?
>>>>
>>>> I am not really concerned about that. I do run malware checks from time to
>>>> time. But not sure what this has to do with the idea of almost all apps
>>>> leaving some files behind when you remove them from the Applications folder.
>>>
>>> <sigh> You do *NOT* run any kind of check on your out-of-service iMac!
>>
>> Not sure what you mean. Are you thinking of running checks on computers I do
>> not use and do not even boot?
>
> Yes. Have the hard-drive examined for any instances of foul play.

Examined in what way?

>
>>> It *MAY* have been turned into a brick deliberately! Why not check it out?
>>
>> Given that it does not boot what type check are you even thinking of? I have
>> no interest in taking it to an Apple authorized store to have it checked out
>> (unless they will do so for free).
>
> Maybe they /would/ check it for free if you spin them a story that an
> ex-blackhat hacker called Dustin Cook is thought to have bricked your
> machine!

He did no such thing, nor did his imaginary friends, and even if he had done
so why would they care about some guy on the 'net who makes a bunch of insane
claims and brags a lot?

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On 12/04/2022 21:19, Snit wrote:
> On Apr 12, 2022 at 1:02:07 PM MST, "David Brooks" wrote
> <4Vk5K.32384$4c1.28120@fx13.ams1>:
>
>> On 12/04/2022 20:36, Snit wrote:
>>> On Apr 12, 2022 at 12:21:14 PM MST, "David Brooks" wrote
>>> <Kik5K.57948$3b1.41612@fx14.ams1>:
>>>
>>>> On 12/04/2022 17:20, Snit wrote:
>>>>> On Apr 12, 2022 at 7:43:09 AM MST, "David Brooks" wrote
>>>>> <1eg5K.394224$F_q1.237911@fx01.ams1>:
>>>>>
>>>>>> On 12/04/2022 15:36, Steve Carroll wrote:
>>>>>>> On 2022-04-12, David Brooks <BDB@invalid.invalid> wrote:
>>>>>>>
>>>>>>> (snip)
>>>>>>>
>>>>>>>> If one simply follows the recommendation of the developer, JD, and drag
>>>>>>>> EtreCheck to the trash (now known as 'Bin'!) files are left behind -
>>>>>>>> files which are hidden away from sight. Their purpose is unclear.
>>>>>>>
>>>>>>> People have explained this to you already (Apd, for one). As to "hidden
>>>>>>> from sight", how many files on your computer does that apply to? Do you
>>>>>>> know the "purpose" of all of them? What percentage, do you figure, could
>>>>>>> you ascertain the "purpose" of if you bothered to check? With what is
>>>>>>> left over, are they all automatically 'bad' because you can't understand
>>>>>>> them? See your problem with your bogus agenda that's ridiculously easy
>>>>>>> to spot? Your beef is your ego was wounded because you pissed the guy
>>>>>>> off with your bullsh*t. Pretending you 'don't know why' is goofy,
>>>>>>> Glasser-level goofy.
>>>>>>
>>>>>>
>>>>>> You don't appear to recognise the danger I've tried to spell out.
>>>>>>
>>>>>> Or do you? You will not, personally, download EtreCheck and run it.
>>>>>
>>>>> I do not understand what you see as dangerous. You seem to be focused on the
>>>>> fact that EtreCheck, like pretty much all applications, leaves files behind
>>>>> when you drag its application icon (application package) to the trash. But if
>>>>> leaving files behind is considered a sign it is dangerous then what makes it
>>>>> more dangerous than other apps that do that... which includes pretty much all
>>>>> of them?
>>>>
>>>> Steve Carroll has asked me more or less the same question.
>>>>
>>>> I suspect that most people who download (and install?) EtreCheck LEAVE
>>>> it installed after using it.
>>>
>>> Likely true with most apps. Ok.
>>
>> ✅
>>
>>>> What if ....... it thereafter provides a 'back-door' and communications
>>>> avenue for surreptitious purposes?
>>>
>>> What if any app did that? If they did then those who use "sniffers" to see
>>> what who computer is communicating with in the background would almost sure
>>> find it.
>>
>> I accept your point ....... but which of the naive folk asking questions
>> on the ASC forums, and who are recommended to install and run EtreCheck,
>> would have the nous to run a packet sniffer afterwards?
>
> I know almost nothing of the folks who use the ASC forums. Why would you
> expect it to be one of the people there? I would expect it to be security
> researchers and the like.

The ONLY place I have EVER seen the EtreCheck software recommended for
use is on the ASC forums.

Security researchers are unlikely to download and use EtreCheck!

>>> But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
>>> files it scatters about?
>>>
>>> https://jmp.sh/qIlnlSo
>>>
>>> Not that different then EtreCheck.
>>
>> Wow! That DID surprise me!
>
> Was not surprising to me. Try it with different apps... you will find similar
> results. Here, a few examples:
>
> Audacity: https://jmp.sh/hSkaGaA
>
> BBEdit: https://jmp.sh/xwhzFIJ
>
> EasyFind: https://jmp.sh/x8Z44UH
>
> And here is an "application" I wrote. The full code, in AppleScript, is this:
>
> https://jmp.sh/v1S510z
>
> And what AppCleaner finds: https://jmp.sh/pF2iTef

Thanks for sharing. :-)

> What would be really bizarre is if an app somehow prevented such files from
> being created. I do not know of any that do so, other than portable apps. To
> be fair I have not looked, but given how it is the norm for macOS I would
> expect exceptions to be very rare.

OK

On Apr 12, 2022 at 1:29:08 PM MST, "David Brooks" wrote
<oil5K.65896$f91.31876@fx09.ams1>:

>>>
>>> I accept your point ....... but which of the naive folk asking questions
>>> on the ASC forums, and who are recommended to install and run EtreCheck,
>>> would have the nous to run a packet sniffer afterwards?
>>
>> I know almost nothing of the folks who use the ASC forums. Why would you
>> expect it to be one of the people there? I would expect it to be security
>> researchers and the like.
>
> The ONLY place I have EVER seen the EtreCheck software recommended for
> use is on the ASC forums.

Where else have you looked where they suggest competitors?

> Security researchers are unlikely to download and use EtreCheck!

There are folks who have "sniffers" running and looking at all the apps they
use.
>
>>>> But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
>>>> files it scatters about?
>>>>
>>>> https://jmp.sh/qIlnlSo
>>>>
>>>> Not that different then EtreCheck.
>>>
>>> Wow! That DID surprise me!
>>
>> Was not surprising to me. Try it with different apps... you will find similar
>> results. Here, a few examples:
>>
>> Audacity: https://jmp.sh/hSkaGaA
>>
>> BBEdit: https://jmp.sh/xwhzFIJ
>>
>> EasyFind: https://jmp.sh/x8Z44UH
>>
>> And here is an "application" I wrote. The full code, in AppleScript, is this:
>>
>> https://jmp.sh/v1S510z
>>
>> And what AppCleaner finds: https://jmp.sh/pF2iTef
>
> Thanks for sharing. :-)

You are welcome. I encourage you to experiment with this -- try other apps.
See if you can find any that do not have such files. And keep in mind none of
those files are deleted when you just drag a file to the trash (bin). You can
look at Apple's own apps... they do the same thing.

This is where I think folks are getting confused by your concern. You keep
looking at EtreCheck and pointing to these files as if that is uncommon or a
concern, but there seems no reason to think it is doing anything odd.

>> What would be really bizarre is if an app somehow prevented such files from
>> being created. I do not know of any that do so, other than portable apps. To
>> be fair I have not looked, but given how it is the norm for macOS I would
>> expect exceptions to be very rare.
>
> OK

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On 12/04/2022 21:36, Snit wrote:
> On Apr 12, 2022 at 1:29:08 PM MST, "David Brooks" wrote
> <oil5K.65896$f91.31876@fx09.ams1>:
>
>>>>
>>>> I accept your point ....... but which of the naive folk asking questions
>>>> on the ASC forums, and who are recommended to install and run EtreCheck,
>>>> would have the nous to run a packet sniffer afterwards?
>>>
>>> I know almost nothing of the folks who use the ASC forums. Why would you
>>> expect it to be one of the people there? I would expect it to be security
>>> researchers and the like.
>>
>> The ONLY place I have EVER seen the EtreCheck software recommended for
>> use is on the ASC forums.
>
> Where else have you looked where they suggest competitors?

I thought EtreCheck unique so haven't looked elsewhere

>> Security researchers are unlikely to download and use EtreCheck!
>
> There are folks who have "sniffers" running and looking at all the apps they
> use.

I suggest that those folk using "sniffers" will not install EtreCheck.

>>>>> But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
>>>>> files it scatters about?
>>>>>
>>>>> https://jmp.sh/qIlnlSo
>>>>>
>>>>> Not that different then EtreCheck.
>>>>
>>>> Wow! That DID surprise me!
>>>
>>> Was not surprising to me. Try it with different apps... you will find similar
>>> results. Here, a few examples:
>>>
>>> Audacity: https://jmp.sh/hSkaGaA
>>>
>>> BBEdit: https://jmp.sh/xwhzFIJ
>>>
>>> EasyFind: https://jmp.sh/x8Z44UH
>>>
>>> And here is an "application" I wrote. The full code, in AppleScript, is this:
>>>
>>> https://jmp.sh/v1S510z
>>>
>>> And what AppCleaner finds: https://jmp.sh/pF2iTef
>>
>> Thanks for sharing. :-)
>
> You are welcome. I encourage you to experiment with this -- try other apps.
> See if you can find any that do not have such files. And keep in mind none of
> those files are deleted when you just drag a file to the trash (bin). You can
> look at Apple's own apps... they do the same thing.

All noted.

> This is where I think folks are getting confused by your concern. You keep
> looking at EtreCheck and pointing to these files as if that is uncommon or a
> concern, but there seems no reason to think it is doing anything odd.

Phew! That's all right then.

>>> What would be really bizarre is if an app somehow prevented such files from
>>> being created. I do not know of any that do so, other than portable apps. To
>>> be fair I have not looked, but given how it is the norm for macOS I would
>>> expect exceptions to be very rare.
>>
>> OK
>
>

On Apr 12, 2022 at 2:11:33 PM MST, "David Brooks" wrote
<9Wl5K.552498$sb1.30468@fx11.ams1>:

> On 12/04/2022 21:36, Snit wrote:
>> On Apr 12, 2022 at 1:29:08 PM MST, "David Brooks" wrote
>> <oil5K.65896$f91.31876@fx09.ams1>:
>>
>>>>>
>>>>> I accept your point ....... but which of the naive folk asking questions
>>>>> on the ASC forums, and who are recommended to install and run EtreCheck,
>>>>> would have the nous to run a packet sniffer afterwards?
>>>>
>>>> I know almost nothing of the folks who use the ASC forums. Why would you
>>>> expect it to be one of the people there? I would expect it to be security
>>>> researchers and the like.
>>>
>>> The ONLY place I have EVER seen the EtreCheck software recommended for
>>> use is on the ASC forums.
>>
>> Where else have you looked where they suggest competitors?
>
> I thought EtreCheck unique so haven't looked elsewhere

Not sure what else there is. Never used EtreCheck until you pointed me to it.

>
>>> Security researchers are unlikely to download and use EtreCheck!
>>
>> There are folks who have "sniffers" running and looking at all the apps they
>> use.
>
> I suggest that those folk using "sniffers" will not install EtreCheck.

If they had reason to think they could find something why wouldn't they?

You can run one yourself. I have not used it much, but there is one built into
macOS.

1) Option+Click the WiFi icon
2) Select Open Wireless Diagnostics (do not run that tool)
3) From the Windows menu select "Sniffer"

You do have to select a channel to sniff... then let it run. It does ask for
an Admin password, but it is from Apple. Cannot imagine it would not be safe.

There are third party ones which might be more user friendly.
>
>>>>>> But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
>>>>>> files it scatters about?
>>>>>>
>>>>>> https://jmp.sh/qIlnlSo
>>>>>>
>>>>>> Not that different then EtreCheck.
>>>>>
>>>>> Wow! That DID surprise me!
>>>>
>>>> Was not surprising to me. Try it with different apps... you will find similar
>>>> results. Here, a few examples:
>>>>
>>>> Audacity: https://jmp.sh/hSkaGaA
>>>>
>>>> BBEdit: https://jmp.sh/xwhzFIJ
>>>>
>>>> EasyFind: https://jmp.sh/x8Z44UH
>>>>
>>>> And here is an "application" I wrote. The full code, in AppleScript, is this:
>>>>
>>>> https://jmp.sh/v1S510z
>>>>
>>>> And what AppCleaner finds: https://jmp.sh/pF2iTef
>>>
>>> Thanks for sharing. :-)
>>
>> You are welcome. I encourage you to experiment with this -- try other apps.
>> See if you can find any that do not have such files. And keep in mind none of
>> those files are deleted when you just drag a file to the trash (bin). You can
>> look at Apple's own apps... they do the same thing.
>
> All noted.
>
>> This is where I think folks are getting confused by your concern. You keep
>> looking at EtreCheck and pointing to these files as if that is uncommon or a
>> concern, but there seems no reason to think it is doing anything odd.
>
> Phew! That's all right then.

:)

If you do look at different apps I would be interested in what you find. Any
that do not have such files?

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On 2022-04-12, Snit <brock.mcnuggets@gmail.com> wrote:

(snip)

>> I suggest that those folk using "sniffers" will not install EtreCheck.
>
> If they had reason to think they could find something why wouldn't they?

If they talked to DB they're still running it ;)

> You can run one yourself. I have not used it much, but there is one built into
> macOS.
>
> 1) Option+Click the WiFi icon
> 2) Select Open Wireless Diagnostics (do not run that tool)
> 3) From the Windows menu select "Sniffer"
>
> You do have to select a channel to sniff... then let it run. It does ask for
> an Admin password, but it is from Apple. Cannot imagine it would not be safe.

That file is not gonna say: this is 'good', that is 'bad' ;)

Besides, I highly doubt Mr. paranoia uses WiFi.

On 12/04/2022 22:20, Snit wrote:
> On Apr 12, 2022 at 2:11:33 PM MST, "David Brooks" wrote
> <9Wl5K.552498$sb1.30468@fx11.ams1>:
>
>> On 12/04/2022 21:36, Snit wrote:
>>> On Apr 12, 2022 at 1:29:08 PM MST, "David Brooks" wrote
>>> <oil5K.65896$f91.31876@fx09.ams1>:
>>>
>>>>>>
>>>>>> I accept your point ....... but which of the naive folk asking questions
>>>>>> on the ASC forums, and who are recommended to install and run EtreCheck,
>>>>>> would have the nous to run a packet sniffer afterwards?
>>>>>
>>>>> I know almost nothing of the folks who use the ASC forums. Why would you
>>>>> expect it to be one of the people there? I would expect it to be security
>>>>> researchers and the like.
>>>>
>>>> The ONLY place I have EVER seen the EtreCheck software recommended for
>>>> use is on the ASC forums.
>>>
>>> Where else have you looked where they suggest competitors?
>>
>> I thought EtreCheck unique so haven't looked elsewhere
>
> Not sure what else there is. Never used EtreCheck until you pointed me to it.

That's a bit surprising with your very long history in 'computing'!

>>>> Security researchers are unlikely to download and use EtreCheck!
>>>
>>> There are folks who have "sniffers" running and looking at all the apps they
>>> use.
>>
>> I suggest that those folk using "sniffers" will not install EtreCheck.
>
> If they had reason to think they could find something why wouldn't they?

I'm not explaining myself very well, obviously.

The people who install EtreCheck are the naive and uninformed folk who
visit the ASC forums for help. Often they are then told to install and
run EtreCheck.

Once their computer has been 'fixed' those same people are highly
unlikely to use a packet sniffer to see if their computer has been
compromised in the process.

> You can run one yourself. I have not used it much, but there is one built into
> macOS.
>
> 1) Option+Click the WiFi icon
> 2) Select Open Wireless Diagnostics (do not run that tool)
> 3) From the Windows menu select "Sniffer"
>
> You do have to select a channel to sniff... then let it run. It does ask for
> an Admin password, but it is from Apple. Cannot imagine it would not be safe.
>
> There are third party ones which might be more user friendly.
>>
>>>>>>> But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
>>>>>>> files it scatters about?
>>>>>>>
>>>>>>> https://jmp.sh/qIlnlSo
>>>>>>>
>>>>>>> Not that different then EtreCheck.
>>>>>>
>>>>>> Wow! That DID surprise me!
>>>>>
>>>>> Was not surprising to me. Try it with different apps... you will find similar
>>>>> results. Here, a few examples:
>>>>>
>>>>> Audacity: https://jmp.sh/hSkaGaA
>>>>>
>>>>> BBEdit: https://jmp.sh/xwhzFIJ
>>>>>
>>>>> EasyFind: https://jmp.sh/x8Z44UH
>>>>>
>>>>> And here is an "application" I wrote. The full code, in AppleScript, is this:
>>>>>
>>>>> https://jmp.sh/v1S510z
>>>>>
>>>>> And what AppCleaner finds: https://jmp.sh/pF2iTef
>>>>
>>>> Thanks for sharing. :-)
>>>
>>> You are welcome. I encourage you to experiment with this -- try other apps.
>>> See if you can find any that do not have such files. And keep in mind none of
>>> those files are deleted when you just drag a file to the trash (bin). You can
>>> look at Apple's own apps... they do the same thing.
>>
>> All noted.
>>
>>> This is where I think folks are getting confused by your concern. You keep
>>> looking at EtreCheck and pointing to these files as if that is uncommon or a
>>> concern, but there seems no reason to think it is doing anything odd.
>>
>> Phew! That's all right then.
>
> :)
>
> If you do look at different apps I would be interested in what you find. Any
> that do not have such files?

I will, of course, let you know.

D.

On Apr 12, 2022 at 2:45:08 PM MST, "Steve Carroll" wrote
<t34rt4$qga$7@fretwizzer.eternal-september.org>:

> On 2022-04-12, Snit <brock.mcnuggets@gmail.com> wrote:
>
> (snip)
>
>>> I suggest that those folk using "sniffers" will not install EtreCheck.
>>
>> If they had reason to think they could find something why wouldn't they?
>
> If they talked to DB they're still running it ;)

Don't understand what drama you are pushing here.
>
>> You can run one yourself. I have not used it much, but there is one built into
>> macOS.
>>
>> 1) Option+Click the WiFi icon
>> 2) Select Open Wireless Diagnostics (do not run that tool)
>> 3) From the Windows menu select "Sniffer"
>>
>> You do have to select a channel to sniff... then let it run. It does ask for
>> an Admin password, but it is from Apple. Cannot imagine it would not be safe.
>
> That file is not gonna say: this is 'good', that is 'bad' ;)

hat is not what sniffers do. But you are just pushing drama.

> Besides, I highly doubt Mr. paranoia uses WiFi.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

On Apr 12, 2022 at 3:08:22 PM MST, "David Brooks" wrote
<rLm5K.392837$Lc1.316494@fx12.ams1>:

> On 12/04/2022 22:20, Snit wrote:
>> On Apr 12, 2022 at 2:11:33 PM MST, "David Brooks" wrote
>> <9Wl5K.552498$sb1.30468@fx11.ams1>:
>>
>>> On 12/04/2022 21:36, Snit wrote:
>>>> On Apr 12, 2022 at 1:29:08 PM MST, "David Brooks" wrote
>>>> <oil5K.65896$f91.31876@fx09.ams1>:
>>>>
>>>>>>>
>>>>>>> I accept your point ....... but which of the naive folk asking questions
>>>>>>> on the ASC forums, and who are recommended to install and run EtreCheck,
>>>>>>> would have the nous to run a packet sniffer afterwards?
>>>>>>
>>>>>> I know almost nothing of the folks who use the ASC forums. Why would you
>>>>>> expect it to be one of the people there? I would expect it to be security
>>>>>> researchers and the like.
>>>>>
>>>>> The ONLY place I have EVER seen the EtreCheck software recommended for
>>>>> use is on the ASC forums.
>>>>
>>>> Where else have you looked where they suggest competitors?
>>>
>>> I thought EtreCheck unique so haven't looked elsewhere
>>
>> Not sure what else there is. Never used EtreCheck until you pointed me to it.
>
> That's a bit surprising with your very long history in 'computing'!

It is not a common app as far as I can tell. I rarely run stuff to check and
fix Macs... they mostly "just work".

>
>>>>> Security researchers are unlikely to download and use EtreCheck!
>>>>
>>>> There are folks who have "sniffers" running and looking at all the apps they
>>>> use.
>>>
>>> I suggest that those folk using "sniffers" will not install EtreCheck.
>>
>> If they had reason to think they could find something why wouldn't they?
>
> I'm not explaining myself very well, obviously.
>
> The people who install EtreCheck are the naive and uninformed folk who
> visit the ASC forums for help. Often they are then told to install and
> run EtreCheck.
>
> Once their computer has been 'fixed' those same people are highly
> unlikely to use a packet sniffer to see if their computer has been
> compromised in the process.
>
>> You can run one yourself. I have not used it much, but there is one built into
>> macOS.
>>
>> 1) Option+Click the WiFi icon
>> 2) Select Open Wireless Diagnostics (do not run that tool)
>> 3) From the Windows menu select "Sniffer"
>>
>> You do have to select a channel to sniff... then let it run. It does ask for
>> an Admin password, but it is from Apple. Cannot imagine it would not be safe.
>>
>> There are third party ones which might be more user friendly.
>>>
>>>>>>>> But you ask about EtreCheck. Why not AppCleaner? Have you looked to see the
>>>>>>>> files it scatters about?
>>>>>>>>
>>>>>>>> https://jmp.sh/qIlnlSo
>>>>>>>>
>>>>>>>> Not that different then EtreCheck.
>>>>>>>
>>>>>>> Wow! That DID surprise me!
>>>>>>
>>>>>> Was not surprising to me. Try it with different apps... you will find similar
>>>>>> results. Here, a few examples:
>>>>>>
>>>>>> Audacity: https://jmp.sh/hSkaGaA
>>>>>>
>>>>>> BBEdit: https://jmp.sh/xwhzFIJ
>>>>>>
>>>>>> EasyFind: https://jmp.sh/x8Z44UH
>>>>>>
>>>>>> And here is an "application" I wrote. The full code, in AppleScript, is this:
>>>>>>
>>>>>> https://jmp.sh/v1S510z
>>>>>>
>>>>>> And what AppCleaner finds: https://jmp.sh/pF2iTef
>>>>>
>>>>> Thanks for sharing. :-)
>>>>
>>>> You are welcome. I encourage you to experiment with this -- try other apps.
>>>> See if you can find any that do not have such files. And keep in mind none of
>>>> those files are deleted when you just drag a file to the trash (bin). You can
>>>> look at Apple's own apps... they do the same thing.
>>>
>>> All noted.
>>>
>>>> This is where I think folks are getting confused by your concern. You keep
>>>> looking at EtreCheck and pointing to these files as if that is uncommon or a
>>>> concern, but there seems no reason to think it is doing anything odd.
>>>
>>> Phew! That's all right then.
>>
>> :)
>>
>> If you do look at different apps I would be interested in what you find. Any
>> that do not have such files?
>
> I will, of course, let you know.

Thanks.
>
> D.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.