Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

You are in a maze of little twisting passages, all different.


aus+uk / uk.comp.sys.mac / Re: AppCleaner result for further study.

SubjectAuthor
* AppCleaner result for further study.David Brooks
`* AppCleaner result for further study.Snit
 `* AppCleaner result for further study.David Brooks
  `* AppCleaner result for further study.Snit
   `* AppCleaner result for further study.David Brooks
    `* AppCleaner result for further study.Snit
     `* AppCleaner result for further study.David Brooks
      `* AppCleaner result for further study.Snit
       `* AppCleaner result for further study.David Brooks
        `* AppCleaner result for further study.Snit
         `* AppCleaner result for further study.David Brooks
          `- AppCleaner result for further study.Snit

1
AppCleaner result for further study.

<sjP6K.83763$F4h.8033@fx07.ams1>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8075&group=uk.comp.sys.mac#8075

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!fx07.ams1.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.8.0
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
Content-Language: en-GB
From: BDB...@invalid.invalid (David Brooks)
Subject: AppCleaner result for further study.
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 8
Message-ID: <sjP6K.83763$F4h.8033@fx07.ams1>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sun, 17 Apr 2022 07:27:20 UTC
Organization: blocknews - www.blocknews.net
Date: Sun, 17 Apr 2022 08:27:19 +0100
X-Received-Bytes: 807
 by: David Brooks - Sun, 17 Apr 2022 07:27 UTC

Snit asked me to let him know IIRC!

https://imgur.com/gallery/TaZ0SZD

Does /anyone/ reading here use this product?

--
HAPPY EASTER! :-D

Re: AppCleaner result for further study.

<5uP6K.747095$oF2.496759@fx10.iad>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8076&group=uk.comp.sys.mac#8076

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!2.eu.feeder.erje.net!feeder.erje.net!news.uzoreto.com!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!peer02.ams4!peer.am4.highwinds-media.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx10.iad.POSTED!not-for-mail
From: brock.mc...@gmail.com (Snit)
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
Subject: Re: AppCleaner result for further study.
Organization: Southern Nevada Institute of Technology
References: <sjP6K.83763$F4h.8033@fx07.ams1>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
User-Agent: Usenapp for MacOS
X-Usenapp: v1.19/l - Full License
Lines: 15
Message-ID: <5uP6K.747095$oF2.496759@fx10.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sun, 17 Apr 2022 07:38:41 UTC
Date: Sun, 17 Apr 2022 07:38:41 GMT
X-Received-Bytes: 1316
 by: Snit - Sun, 17 Apr 2022 07:38 UTC

On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
<sjP6K.83763$F4h.8033@fx07.ams1>:

> Snit asked me to let him know IIRC!
>
> https://imgur.com/gallery/TaZ0SZD
>
> Does /anyone/ reading here use this product?

I did not ask about that product specifically, but to check different apps.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

Re: AppCleaner result for further study.

<OSP6K.90932$sMg.44269@fx06.ams1>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8077&group=uk.comp.sys.mac#8077

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!fx06.ams1.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.8.0
Subject: Re: AppCleaner result for further study.
Content-Language: en-GB
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
References: <sjP6K.83763$F4h.8033@fx07.ams1>
<5uP6K.747095$oF2.496759@fx10.iad>
From: BDB...@invalid.invalid (David Brooks)
In-Reply-To: <5uP6K.747095$oF2.496759@fx10.iad>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 15
Message-ID: <OSP6K.90932$sMg.44269@fx06.ams1>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sun, 17 Apr 2022 08:05:02 UTC
Organization: blocknews - www.blocknews.net
Date: Sun, 17 Apr 2022 09:05:02 +0100
X-Received-Bytes: 1247
 by: David Brooks - Sun, 17 Apr 2022 08:05 UTC

On 17/04/2022 08:38, Snit wrote:
> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
> <sjP6K.83763$F4h.8033@fx07.ams1>:
>
>> Snit asked me to let him know IIRC!
>>
>> https://imgur.com/gallery/TaZ0SZD
>>
>> Does /anyone/ reading here use this product?
>
> I did not ask about that product specifically, but to check different apps.

Indeed! I expect you too are a bit surprised by how many files and
folders are involved!

Re: AppCleaner result for further study.

<Z5Q6K.86959$Kdf.58239@fx96.iad>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8078&group=uk.comp.sys.mac#8078

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!news.freedyn.de!newsreader4.netcologne.de!news.netcologne.de!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx96.iad.POSTED!not-for-mail
From: brock.mc...@gmail.com (Snit)
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
Subject: Re: AppCleaner result for further study.
Organization: Southern Nevada Institute of Technology
References: <sjP6K.83763$F4h.8033@fx07.ams1> <5uP6K.747095$oF2.496759@fx10.iad> <OSP6K.90932$sMg.44269@fx06.ams1>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
User-Agent: Usenapp for MacOS
X-Usenapp: v1.19/l - Full License
Lines: 27
Message-ID: <Z5Q6K.86959$Kdf.58239@fx96.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sun, 17 Apr 2022 08:21:13 UTC
Date: Sun, 17 Apr 2022 08:21:13 GMT
X-Received-Bytes: 1897
 by: Snit - Sun, 17 Apr 2022 08:21 UTC

On Apr 17, 2022 at 1:05:02 AM MST, "David Brooks" wrote
<OSP6K.90932$sMg.44269@fx06.ams1>:

> On 17/04/2022 08:38, Snit wrote:
>> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
>> <sjP6K.83763$F4h.8033@fx07.ams1>:
>>
>>> Snit asked me to let him know IIRC!
>>>
>>> https://imgur.com/gallery/TaZ0SZD
>>>
>>> Does /anyone/ reading here use this product?
>>
>> I did not ask about that product specifically, but to check different apps.
>
> Indeed! I expect you too are a bit surprised by how many files and
> folders are involved!

Looking through it nothing seems surprising. There are a number of launch
agents -- you can check those to see what is launched, but given the type of
software (and my ignorance of what would be expected with other similar
products) I am not surprised.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

Re: AppCleaner result for further study.

<4O07K.80424$4c1.13739@fx13.ams1>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8087&group=uk.comp.sys.mac#8087

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!newsreader4.netcologne.de!news.netcologne.de!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!fx13.ams1.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.8.0
Subject: Re: AppCleaner result for further study.
Content-Language: en-GB
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
References: <sjP6K.83763$F4h.8033@fx07.ams1>
<5uP6K.747095$oF2.496759@fx10.iad> <OSP6K.90932$sMg.44269@fx06.ams1>
<Z5Q6K.86959$Kdf.58239@fx96.iad>
From: BDB...@invalid.invalid (David Brooks)
In-Reply-To: <Z5Q6K.86959$Kdf.58239@fx96.iad>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 49
Message-ID: <4O07K.80424$4c1.13739@fx13.ams1>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sun, 17 Apr 2022 22:47:28 UTC
Organization: blocknews - www.blocknews.net
Date: Sun, 17 Apr 2022 23:47:27 +0100
X-Received-Bytes: 2733
 by: David Brooks - Sun, 17 Apr 2022 22:47 UTC

On 17/04/2022 09:21, Snit wrote:
> On Apr 17, 2022 at 1:05:02 AM MST, "David Brooks" wrote
> <OSP6K.90932$sMg.44269@fx06.ams1>:
>
>> On 17/04/2022 08:38, Snit wrote:
>>> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
>>> <sjP6K.83763$F4h.8033@fx07.ams1>:
>>>
>>>> Snit asked me to let him know IIRC!
>>>>
>>>> https://imgur.com/gallery/TaZ0SZD
>>>>
>>>> Does /anyone/ reading here use this product?
>>>
>>> I did not ask about that product specifically, but to check different apps.
>>
>> Indeed! I expect you too are a bit surprised by how many files and
>> folders are involved!
>
> Looking through it nothing seems surprising. There are a number of launch
> agents -- you can check those to see what is launched, but given the type of
> software (and my ignorance of what would be expected with other similar
> products) I am not surprised.

What are Priviliged Helper Tools?

You can spot that for sure!

I FOUND THIS WHEN I SEARCHED!

"As we saw in previous posts, macOS privilege escalation typically
occurs by manipulating the user rather than exploiting zero days or
unpatched vulnerabilities. Looking at it from from the perspective of a
red team engagement, one native tool that can be useful in this regard
is AppleScript, which has the ability to quickly and easily produce fake
authorization requests that can appear quite convincing to the user.
Although this in itself is not a new technique, in this post I will
explore some novel ways we can (ab)use the abilities of AppleScript to
spoof privileged processes the user already trusts on the local system."

https://www.sentinelone.com/blog/macos-red-team-spoofing-privileged-helpers-and-others-to-gain-root/

--

Well worth a read.

Why does ClamXav need to use this?

Will anyone be sufficiently brave to ask Canimaan Software Ltd?

Re: AppCleaner result for further study.

<QS07K.369443$f2a5.184449@fx48.iad>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8088&group=uk.comp.sys.mac#8088

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.uzoreto.com!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx48.iad.POSTED!not-for-mail
From: brock.mc...@gmail.com (Snit)
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
Subject: Re: AppCleaner result for further study.
Organization: Southern Nevada Institute of Technology
References: <sjP6K.83763$F4h.8033@fx07.ams1> <5uP6K.747095$oF2.496759@fx10.iad> <OSP6K.90932$sMg.44269@fx06.ams1> <Z5Q6K.86959$Kdf.58239@fx96.iad> <4O07K.80424$4c1.13739@fx13.ams1>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
User-Agent: Usenapp for MacOS
X-Usenapp: v1.19/l - Full License
Lines: 70
Message-ID: <QS07K.369443$f2a5.184449@fx48.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sun, 17 Apr 2022 22:52:32 UTC
Date: Sun, 17 Apr 2022 22:52:32 GMT
X-Received-Bytes: 3716
 by: Snit - Sun, 17 Apr 2022 22:52 UTC

On Apr 17, 2022 at 3:47:27 PM MST, "David Brooks" wrote
<4O07K.80424$4c1.13739@fx13.ams1>:

> On 17/04/2022 09:21, Snit wrote:
>> On Apr 17, 2022 at 1:05:02 AM MST, "David Brooks" wrote
>> <OSP6K.90932$sMg.44269@fx06.ams1>:
>>
>>> On 17/04/2022 08:38, Snit wrote:
>>>> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
>>>> <sjP6K.83763$F4h.8033@fx07.ams1>:
>>>>
>>>>> Snit asked me to let him know IIRC!
>>>>>
>>>>> https://imgur.com/gallery/TaZ0SZD
>>>>>
>>>>> Does /anyone/ reading here use this product?
>>>>
>>>> I did not ask about that product specifically, but to check different apps.
>>>
>>> Indeed! I expect you too are a bit surprised by how many files and
>>> folders are involved!
>>
>> Looking through it nothing seems surprising. There are a number of launch
>> agents -- you can check those to see what is launched, but given the type of
>> software (and my ignorance of what would be expected with other similar
>> products) I am not surprised.
>
> What are Priviliged Helper Tools?

I do not know the exact details but they are a place for tools that need to
have permissions beyond what is usually allowed in "user space". This might
include tools needed for malware detection, auto-updates, access for things
like Zoom, etc. I think Apple has depreciated this and there are newer ways,
but not all apps have moved to those newer ways (and I could be wrong about
that).

> You can spot that for sure!
>
> I FOUND THIS WHEN I SEARCHED!
>
> "As we saw in previous posts, macOS privilege escalation typically
> occurs by manipulating the user rather than exploiting zero days or
> unpatched vulnerabilities. Looking at it from from the perspective of a
> red team engagement, one native tool that can be useful in this regard
> is AppleScript, which has the ability to quickly and easily produce fake
> authorization requests that can appear quite convincing to the user.
> Although this in itself is not a new technique, in this post I will
> explore some novel ways we can (ab)use the abilities of AppleScript to
> spoof privileged processes the user already trusts on the local system."
>
> https://www.sentinelone.com/blog/macos-red-team-spoofing-privileged-helpers-and-others-to-gain-root/
>
> --
>
> Well worth a read.
>
> Why does ClamXav need to use this?

It is looking for malware any thus needs more access than most apps. All
general purpose malware tools do.

>
> Will anyone be sufficiently brave to ask Canimaan Software Ltd?

What would I ask them?

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

Re: AppCleaner result for further study.

<IG17K.84035$F4h.81976@fx07.ams1>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8089&group=uk.comp.sys.mac#8089

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!feeder.usenetexpress.com!tr3.eu1.usenetexpress.com!feeder1.feed.usenet.farm!feed.usenet.farm!peer02.ams4!peer.am4.highwinds-media.com!news.highwinds-media.com!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!fx07.ams1.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.8.0
Subject: Re: AppCleaner result for further study.
Content-Language: en-GB
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
References: <sjP6K.83763$F4h.8033@fx07.ams1> <5uP6K.747095$oF2.496759@fx10.iad> <OSP6K.90932$sMg.44269@fx06.ams1> <Z5Q6K.86959$Kdf.58239@fx96.iad> <4O07K.80424$4c1.13739@fx13.ams1> <QS07K.369443$f2a5.184449@fx48.iad>
From: BDB...@invalid.invalid (David Brooks)
In-Reply-To: <QS07K.369443$f2a5.184449@fx48.iad>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 79
Message-ID: <IG17K.84035$F4h.81976@fx07.ams1>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sun, 17 Apr 2022 23:47:52 UTC
Organization: blocknews - www.blocknews.net
Date: Mon, 18 Apr 2022 00:47:51 +0100
X-Received-Bytes: 4146
 by: David Brooks - Sun, 17 Apr 2022 23:47 UTC

On 17/04/2022 23:52, Snit wrote:
> On Apr 17, 2022 at 3:47:27 PM MST, "David Brooks" wrote
> <4O07K.80424$4c1.13739@fx13.ams1>:
>
>> On 17/04/2022 09:21, Snit wrote:
>>> On Apr 17, 2022 at 1:05:02 AM MST, "David Brooks" wrote
>>> <OSP6K.90932$sMg.44269@fx06.ams1>:
>>>
>>>> On 17/04/2022 08:38, Snit wrote:
>>>>> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
>>>>> <sjP6K.83763$F4h.8033@fx07.ams1>:
>>>>>
>>>>>> Snit asked me to let him know IIRC!
>>>>>>
>>>>>> https://imgur.com/gallery/TaZ0SZD
>>>>>>
>>>>>> Does /anyone/ reading here use this product?
>>>>>
>>>>> I did not ask about that product specifically, but to check different apps.
>>>>
>>>> Indeed! I expect you too are a bit surprised by how many files and
>>>> folders are involved!
>>>
>>> Looking through it nothing seems surprising. There are a number of launch
>>> agents -- you can check those to see what is launched, but given the type of
>>> software (and my ignorance of what would be expected with other similar
>>> products) I am not surprised.
>>
>> What are Priviliged Helper Tools?
>
> I do not know the exact details but they are a place for tools that need to
> have permissions beyond what is usually allowed in "user space". This might
> include tools needed for malware detection, auto-updates, access for things
> like Zoom, etc. I think Apple has depreciated this and there are newer ways,
> but not all apps have moved to those newer ways (and I could be wrong about
> that).
>
>> You can spot that for sure!
>>
>> I FOUND THIS WHEN I SEARCHED!
>>
>> "As we saw in previous posts, macOS privilege escalation typically
>> occurs by manipulating the user rather than exploiting zero days or
>> unpatched vulnerabilities. Looking at it from from the perspective of a
>> red team engagement, one native tool that can be useful in this regard
>> is AppleScript, which has the ability to quickly and easily produce fake
>> authorization requests that can appear quite convincing to the user.
>> Although this in itself is not a new technique, in this post I will
>> explore some novel ways we can (ab)use the abilities of AppleScript to
>> spoof privileged processes the user already trusts on the local system."
>>
>> https://www.sentinelone.com/blog/macos-red-team-spoofing-privileged-helpers-and-others-to-gain-root/
>>
>> --
>>
>> Well worth a read.
>>
>> Why does ClamXav need to use this?
>
> It is looking for malware any thus needs more access than most apps. All
> general purpose malware tools do.

That isn't so! Here's the result of removing Bitdefender in the same
manner:- https://imgur.com/a/Gq5PaC6

Can you show me another one which has Privileged Helper Tools show up
when removing it with AppCleaner?

>> Will anyone be sufficiently brave to ask Canimaan Software Ltd?
>
> What would I ask them?

Perhaps Steve Carroll could help formulate a question about this.

I'd be interested to know why they - ClamXav - provide their product
*free of charge*
in the first instance without knowing /anything/ about their potential
new customer.

Re: AppCleaner result for further study.

<l727K.78711$001.56243@fx34.iad>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8090&group=uk.comp.sys.mac#8090

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!news.freedyn.de!newsreader4.netcologne.de!news.netcologne.de!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx34.iad.POSTED!not-for-mail
From: brock.mc...@gmail.com (Snit)
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
Subject: Re: AppCleaner result for further study.
Organization: Southern Nevada Institute of Technology
References: <sjP6K.83763$F4h.8033@fx07.ams1> <4O07K.80424$4c1.13739@fx13.ams1> <QS07K.369443$f2a5.184449@fx48.iad> <IG17K.84035$F4h.81976@fx07.ams1>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
User-Agent: Usenapp for MacOS
X-Usenapp: v1.19/l - Full License
Lines: 117
Message-ID: <l727K.78711$001.56243@fx34.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Mon, 18 Apr 2022 00:18:25 UTC
Date: Mon, 18 Apr 2022 00:18:25 GMT
X-Received-Bytes: 5547
 by: Snit - Mon, 18 Apr 2022 00:18 UTC

On Apr 17, 2022 at 4:47:51 PM MST, "David Brooks" wrote
<IG17K.84035$F4h.81976@fx07.ams1>:

> On 17/04/2022 23:52, Snit wrote:
>> On Apr 17, 2022 at 3:47:27 PM MST, "David Brooks" wrote
>> <4O07K.80424$4c1.13739@fx13.ams1>:
>>
>>> On 17/04/2022 09:21, Snit wrote:
>>>> On Apr 17, 2022 at 1:05:02 AM MST, "David Brooks" wrote
>>>> <OSP6K.90932$sMg.44269@fx06.ams1>:
>>>>
>>>>> On 17/04/2022 08:38, Snit wrote:
>>>>>> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
>>>>>> <sjP6K.83763$F4h.8033@fx07.ams1>:
>>>>>>
>>>>>>> Snit asked me to let him know IIRC!
>>>>>>>
>>>>>>> https://imgur.com/gallery/TaZ0SZD
>>>>>>>
>>>>>>> Does /anyone/ reading here use this product?
>>>>>>
>>>>>> I did not ask about that product specifically, but to check different apps.
>>>>>
>>>>> Indeed! I expect you too are a bit surprised by how many files and
>>>>> folders are involved!
>>>>
>>>> Looking through it nothing seems surprising. There are a number of launch
>>>> agents -- you can check those to see what is launched, but given the type of
>>>> software (and my ignorance of what would be expected with other similar
>>>> products) I am not surprised.
>>>
>>> What are Priviliged Helper Tools?
>>
>> I do not know the exact details but they are a place for tools that need to
>> have permissions beyond what is usually allowed in "user space". This might
>> include tools needed for malware detection, auto-updates, access for things
>> like Zoom, etc. I think Apple has depreciated this and there are newer ways,
>> but not all apps have moved to those newer ways (and I could be wrong about
>> that).
>>
>>> You can spot that for sure!
>>>
>>> I FOUND THIS WHEN I SEARCHED!
>>>
>>> "As we saw in previous posts, macOS privilege escalation typically
>>> occurs by manipulating the user rather than exploiting zero days or
>>> unpatched vulnerabilities. Looking at it from from the perspective of a
>>> red team engagement, one native tool that can be useful in this regard
>>> is AppleScript, which has the ability to quickly and easily produce fake
>>> authorization requests that can appear quite convincing to the user.
>>> Although this in itself is not a new technique, in this post I will
>>> explore some novel ways we can (ab)use the abilities of AppleScript to
>>> spoof privileged processes the user already trusts on the local system."
>>>
>>> https://www.sentinelone.com/blog/macos-red-team-spoofing-privileged-helpers-and-others-to-gain-root/
>>>
>>> --
>>>
>>> Well worth a read.
>>>
>>> Why does ClamXav need to use this?
>>
>> It is looking for malware any thus needs more access than most apps. All
>> general purpose malware tools do.
>
> That isn't so! Here's the result of removing Bitdefender in the same
> manner:- https://imgur.com/a/Gq5PaC6

Could be from this:

I think Apple has depreciated this and there are newer ways, but
not all apps have moved to those newer ways (and I could be wrong
about that).

Then again, maybe using the Privileged Helper *is* the newer way. I did find
this:

https://developer.apple.com/library/archive/samplecode/EvenBetterAuthorizationSample/Listings/Read_Me_About_EvenBetterAuthorizationSample_txt.html#//apple_ref/doc/uid/DTS40013768-Read_Me_About_EvenBetterAuthorizationSample_txt-DontLinkElementID_17

EvenBetterAuthorizationSample shows how to factor privileged
operations out of your application and into a privileged helper
tool that is run by launchd.

That speaks of the benefits of using the PrivilegedHelper way.
>
> Can you show me another one which has Privileged Helper Tools show up
> when removing it with AppCleaner?

Sure.

https://jmp.sh/evqZdSN

You can find other apps from your system by checking out this folder:

/Library/PrivilegedHelperTools

You likely have a number of apps with files in that folder. Some might be old
but most will show that file when you use AppCleaner on the apps.

>
>>> Will anyone be sufficiently brave to ask Canimaan Software Ltd?
>>
>> What would I ask them?
>
> Perhaps Steve Carroll could help formulate a question about this.
>
> I'd be interested to know why they - ClamXav - provide their product
> *free of charge*
> in the first instance without knowing /anything/ about their potential
> new customer.

Lots of software is free or has a demo.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

Re: AppCleaner result for further study.

<RYa7K.396341$F_q1.236557@fx01.ams1>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8091&group=uk.comp.sys.mac#8091

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!npeer.as286.net!npeer-ng0.as286.net!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!fx01.ams1.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.8.0
Subject: Re: AppCleaner result for further study.
Content-Language: en-GB
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
References: <sjP6K.83763$F4h.8033@fx07.ams1> <4O07K.80424$4c1.13739@fx13.ams1>
<QS07K.369443$f2a5.184449@fx48.iad> <IG17K.84035$F4h.81976@fx07.ams1>
<l727K.78711$001.56243@fx34.iad>
From: BDB...@invalid.invalid (David Brooks)
In-Reply-To: <l727K.78711$001.56243@fx34.iad>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 129
Message-ID: <RYa7K.396341$F_q1.236557@fx01.ams1>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Mon, 18 Apr 2022 10:21:37 UTC
Organization: blocknews - www.blocknews.net
Date: Mon, 18 Apr 2022 11:21:37 +0100
X-Received-Bytes: 5725
 by: David Brooks - Mon, 18 Apr 2022 10:21 UTC

On 18/04/2022 01:18, Snit wrote:
> On Apr 17, 2022 at 4:47:51 PM MST, "David Brooks" wrote
> <IG17K.84035$F4h.81976@fx07.ams1>:
>
>> On 17/04/2022 23:52, Snit wrote:
>>> On Apr 17, 2022 at 3:47:27 PM MST, "David Brooks" wrote
>>> <4O07K.80424$4c1.13739@fx13.ams1>:
>>>
>>>> On 17/04/2022 09:21, Snit wrote:
>>>>> On Apr 17, 2022 at 1:05:02 AM MST, "David Brooks" wrote
>>>>> <OSP6K.90932$sMg.44269@fx06.ams1>:
>>>>>
>>>>>> On 17/04/2022 08:38, Snit wrote:
>>>>>>> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
>>>>>>> <sjP6K.83763$F4h.8033@fx07.ams1>:
>>>>>>>
>>>>>>>> Snit asked me to let him know IIRC!
>>>>>>>>
>>>>>>>> https://imgur.com/gallery/TaZ0SZD
>>>>>>>>
>>>>>>>> Does /anyone/ reading here use this product?
>>>>>>>
>>>>>>> I did not ask about that product specifically, but to check different apps.
>>>>>>
>>>>>> Indeed! I expect you too are a bit surprised by how many files and
>>>>>> folders are involved!
>>>>>
>>>>> Looking through it nothing seems surprising. There are a number of launch
>>>>> agents -- you can check those to see what is launched, but given the type of
>>>>> software (and my ignorance of what would be expected with other similar
>>>>> products) I am not surprised.
>>>>
>>>> What are Priviliged Helper Tools?
>>>
>>> I do not know the exact details but they are a place for tools that need to
>>> have permissions beyond what is usually allowed in "user space". This might
>>> include tools needed for malware detection, auto-updates, access for things
>>> like Zoom, etc. I think Apple has depreciated this and there are newer ways,
>>> but not all apps have moved to those newer ways (and I could be wrong about
>>> that).
>>>
>>>> You can spot that for sure!
>>>>
>>>> I FOUND THIS WHEN I SEARCHED!
>>>>
>>>> "As we saw in previous posts, macOS privilege escalation typically
>>>> occurs by manipulating the user rather than exploiting zero days or
>>>> unpatched vulnerabilities. Looking at it from from the perspective of a
>>>> red team engagement, one native tool that can be useful in this regard
>>>> is AppleScript, which has the ability to quickly and easily produce fake
>>>> authorization requests that can appear quite convincing to the user.
>>>> Although this in itself is not a new technique, in this post I will
>>>> explore some novel ways we can (ab)use the abilities of AppleScript to
>>>> spoof privileged processes the user already trusts on the local system."
>>>>
>>>> https://www.sentinelone.com/blog/macos-red-team-spoofing-privileged-helpers-and-others-to-gain-root/
>>>>
>>>> --
>>>>
>>>> Well worth a read.
>>>>
>>>> Why does ClamXav need to use this?
>>>
>>> It is looking for malware any thus needs more access than most apps. All
>>> general purpose malware tools do.
>>
>> That isn't so! Here's the result of removing Bitdefender in the same
>> manner:- https://imgur.com/a/Gq5PaC6
>
> Could be from this:
>
> I think Apple has depreciated this and there are newer ways, but
> not all apps have moved to those newer ways (and I could be wrong
> about that).
>
> Then again, maybe using the Privileged Helper *is* the newer way. I did find
> this:
>
> https://developer.apple.com/library/archive/samplecode/EvenBetterAuthorizationSample/Listings/Read_Me_About_EvenBetterAuthorizationSample_txt.html#//apple_ref/doc/uid/DTS40013768-Read_Me_About_EvenBetterAuthorizationSample_txt-DontLinkElementID_17
>
> EvenBetterAuthorizationSample shows how to factor privileged
> operations out of your application and into a privileged helper
> tool that is run by launchd.
>
> That speaks of the benefits of using the PrivilegedHelper way.

I'm going to read there now. Thank you.

>> Can you show me another one which has Privileged Helper Tools show up
>> when removing it with AppCleaner?
>
> Sure.
>
> https://jmp.sh/evqZdSN

Thanks.

> You can find other apps from your system by checking out this folder:
>
> /Library/PrivilegedHelperTools
>
> You likely have a number of apps with files in that folder. Some might be old
> but most will show that file when you use AppCleaner on the apps.

Strange. I don't have any.

This is what I see:- https://imgur.com/a/ObKDJYh

>>>> Will anyone be sufficiently brave to ask Canimaan Software Ltd?
>>>
>>> What would I ask them?
>>
>> Perhaps Steve Carroll could help formulate a question about this.
>>
>> I'd be interested to know why they - ClamXav - provide their product
>> *free of charge*
>> in the first instance without knowing /anything/ about their potential
>> new customer.
>
> Lots of software is free or has a demo.

Without asking for a contact address?

I'd be VERY wary of such software!

--
David

Re: AppCleaner result for further study.

<cFg7K.423155$iK66.184450@fx46.iad>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8098&group=uk.comp.sys.mac#8098

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!peer01.ams4!peer.am4.highwinds-media.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx46.iad.POSTED!not-for-mail
From: brock.mc...@gmail.com (Snit)
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
Subject: Re: AppCleaner result for further study.
Organization: Southern Nevada Institute of Technology
References: <sjP6K.83763$F4h.8033@fx07.ams1> <IG17K.84035$F4h.81976@fx07.ams1> <l727K.78711$001.56243@fx34.iad> <RYa7K.396341$F_q1.236557@fx01.ams1>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
User-Agent: Usenapp for MacOS
X-Usenapp: v1.19/l - Full License
Lines: 140
Message-ID: <cFg7K.423155$iK66.184450@fx46.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Mon, 18 Apr 2022 16:50:16 UTC
Date: Mon, 18 Apr 2022 16:50:16 GMT
X-Received-Bytes: 6321
 by: Snit - Mon, 18 Apr 2022 16:50 UTC

On Apr 18, 2022 at 3:21:37 AM MST, "David Brooks" wrote
<RYa7K.396341$F_q1.236557@fx01.ams1>:

> On 18/04/2022 01:18, Snit wrote:
>> On Apr 17, 2022 at 4:47:51 PM MST, "David Brooks" wrote
>> <IG17K.84035$F4h.81976@fx07.ams1>:
>>
>>> On 17/04/2022 23:52, Snit wrote:
>>>> On Apr 17, 2022 at 3:47:27 PM MST, "David Brooks" wrote
>>>> <4O07K.80424$4c1.13739@fx13.ams1>:
>>>>
>>>>> On 17/04/2022 09:21, Snit wrote:
>>>>>> On Apr 17, 2022 at 1:05:02 AM MST, "David Brooks" wrote
>>>>>> <OSP6K.90932$sMg.44269@fx06.ams1>:
>>>>>>
>>>>>>> On 17/04/2022 08:38, Snit wrote:
>>>>>>>> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
>>>>>>>> <sjP6K.83763$F4h.8033@fx07.ams1>:
>>>>>>>>
>>>>>>>>> Snit asked me to let him know IIRC!
>>>>>>>>>
>>>>>>>>> https://imgur.com/gallery/TaZ0SZD
>>>>>>>>>
>>>>>>>>> Does /anyone/ reading here use this product?
>>>>>>>>
>>>>>>>> I did not ask about that product specifically, but to check different apps.
>>>>>>>
>>>>>>> Indeed! I expect you too are a bit surprised by how many files and
>>>>>>> folders are involved!
>>>>>>
>>>>>> Looking through it nothing seems surprising. There are a number of launch
>>>>>> agents -- you can check those to see what is launched, but given the type of
>>>>>> software (and my ignorance of what would be expected with other similar
>>>>>> products) I am not surprised.
>>>>>
>>>>> What are Priviliged Helper Tools?
>>>>
>>>> I do not know the exact details but they are a place for tools that need to
>>>> have permissions beyond what is usually allowed in "user space". This might
>>>> include tools needed for malware detection, auto-updates, access for things
>>>> like Zoom, etc. I think Apple has depreciated this and there are newer ways,
>>>> but not all apps have moved to those newer ways (and I could be wrong about
>>>> that).
>>>>
>>>>> You can spot that for sure!
>>>>>
>>>>> I FOUND THIS WHEN I SEARCHED!
>>>>>
>>>>> "As we saw in previous posts, macOS privilege escalation typically
>>>>> occurs by manipulating the user rather than exploiting zero days or
>>>>> unpatched vulnerabilities. Looking at it from from the perspective of a
>>>>> red team engagement, one native tool that can be useful in this regard
>>>>> is AppleScript, which has the ability to quickly and easily produce fake
>>>>> authorization requests that can appear quite convincing to the user.
>>>>> Although this in itself is not a new technique, in this post I will
>>>>> explore some novel ways we can (ab)use the abilities of AppleScript to
>>>>> spoof privileged processes the user already trusts on the local system."
>>>>>
>>>>> https://www.sentinelone.com/blog/macos-red-team-spoofing-privileged-helpers-and-others-to-gain-root/
>>>>>
>>>>> --
>>>>>
>>>>> Well worth a read.
>>>>>
>>>>> Why does ClamXav need to use this?
>>>>
>>>> It is looking for malware any thus needs more access than most apps. All
>>>> general purpose malware tools do.
>>>
>>> That isn't so! Here's the result of removing Bitdefender in the same
>>> manner:- https://imgur.com/a/Gq5PaC6
>>
>> Could be from this:
>>
>> I think Apple has depreciated this and there are newer ways, but
>> not all apps have moved to those newer ways (and I could be wrong
>> about that).
>>
>> Then again, maybe using the Privileged Helper *is* the newer way. I did find
>> this:
>>
>> https://developer.apple.com/library/archive/samplecode/EvenBetterAuthorizationSample/Listings/Read_Me_About_EvenBetterAuthorizationSample_txt.html#//apple_ref/doc/uid/DTS40013768-Read_Me_About_EvenBetterAuthorizationSample_txt-DontLinkElementID_17
>>
>> EvenBetterAuthorizationSample shows how to factor privileged
>> operations out of your application and into a privileged helper
>> tool that is run by launchd.
>>
>> That speaks of the benefits of using the PrivilegedHelper way.
>
> I'm going to read there now. Thank you.
>
>>> Can you show me another one which has Privileged Helper Tools show up
>>> when removing it with AppCleaner?
>>
>> Sure.
>>
>> https://jmp.sh/evqZdSN
>
> Thanks.
>
>> You can find other apps from your system by checking out this folder:
>>
>> /Library/PrivilegedHelperTools
>>
>> You likely have a number of apps with files in that folder. Some might be old
>> but most will show that file when you use AppCleaner on the apps.
>
> Strange. I don't have any.
>
> This is what I see:- https://imgur.com/a/ObKDJYh

You do not have Zoom?

>
>>>>> Will anyone be sufficiently brave to ask Canimaan Software Ltd?
>>>>
>>>> What would I ask them?
>>>
>>> Perhaps Steve Carroll could help formulate a question about this.
>>>
>>> I'd be interested to know why they - ClamXav - provide their product
>>> *free of charge*
>>> in the first instance without knowing /anything/ about their potential
>>> new customer.
>>
>> Lots of software is free or has a demo.
>
> Without asking for a contact address?

Absolutely.

> I'd be VERY wary of such software!

You are using AppCleaner. It is freeware and does not ask for any address as
far as I can recall.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

Re: AppCleaner result for further study.

<7zh7K.138661$Mih.112839@fx05.ams1>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8101&group=uk.comp.sys.mac#8101

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!ecngs!feeder2.ecngs.de!178.20.174.213.MISMATCH!feeder1.feed.usenet.farm!feed.usenet.farm!peer01.ams4!peer.am4.highwinds-media.com!news.highwinds-media.com!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!fx05.ams1.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.8.0
Subject: Re: AppCleaner result for further study.
Content-Language: en-GB
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
References: <sjP6K.83763$F4h.8033@fx07.ams1> <IG17K.84035$F4h.81976@fx07.ams1>
<l727K.78711$001.56243@fx34.iad> <RYa7K.396341$F_q1.236557@fx01.ams1>
<cFg7K.423155$iK66.184450@fx46.iad>
From: BDB...@invalid.invalid (David Brooks)
In-Reply-To: <cFg7K.423155$iK66.184450@fx46.iad>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 144
Message-ID: <7zh7K.138661$Mih.112839@fx05.ams1>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Mon, 18 Apr 2022 17:52:03 UTC
Organization: blocknews - www.blocknews.net
Date: Mon, 18 Apr 2022 18:52:03 +0100
X-Received-Bytes: 6517
 by: David Brooks - Mon, 18 Apr 2022 17:52 UTC

On 18/04/2022 17:50, Snit wrote:
> On Apr 18, 2022 at 3:21:37 AM MST, "David Brooks" wrote
> <RYa7K.396341$F_q1.236557@fx01.ams1>:
>
>> On 18/04/2022 01:18, Snit wrote:
>>> On Apr 17, 2022 at 4:47:51 PM MST, "David Brooks" wrote
>>> <IG17K.84035$F4h.81976@fx07.ams1>:
>>>
>>>> On 17/04/2022 23:52, Snit wrote:
>>>>> On Apr 17, 2022 at 3:47:27 PM MST, "David Brooks" wrote
>>>>> <4O07K.80424$4c1.13739@fx13.ams1>:
>>>>>
>>>>>> On 17/04/2022 09:21, Snit wrote:
>>>>>>> On Apr 17, 2022 at 1:05:02 AM MST, "David Brooks" wrote
>>>>>>> <OSP6K.90932$sMg.44269@fx06.ams1>:
>>>>>>>
>>>>>>>> On 17/04/2022 08:38, Snit wrote:
>>>>>>>>> On Apr 17, 2022 at 12:27:19 AM MST, "David Brooks" wrote
>>>>>>>>> <sjP6K.83763$F4h.8033@fx07.ams1>:
>>>>>>>>>
>>>>>>>>>> Snit asked me to let him know IIRC!
>>>>>>>>>>
>>>>>>>>>> https://imgur.com/gallery/TaZ0SZD
>>>>>>>>>>
>>>>>>>>>> Does /anyone/ reading here use this product?
>>>>>>>>>
>>>>>>>>> I did not ask about that product specifically, but to check different apps.
>>>>>>>>
>>>>>>>> Indeed! I expect you too are a bit surprised by how many files and
>>>>>>>> folders are involved!
>>>>>>>
>>>>>>> Looking through it nothing seems surprising. There are a number of launch
>>>>>>> agents -- you can check those to see what is launched, but given the type of
>>>>>>> software (and my ignorance of what would be expected with other similar
>>>>>>> products) I am not surprised.
>>>>>>
>>>>>> What are Priviliged Helper Tools?
>>>>>
>>>>> I do not know the exact details but they are a place for tools that need to
>>>>> have permissions beyond what is usually allowed in "user space". This might
>>>>> include tools needed for malware detection, auto-updates, access for things
>>>>> like Zoom, etc. I think Apple has depreciated this and there are newer ways,
>>>>> but not all apps have moved to those newer ways (and I could be wrong about
>>>>> that).
>>>>>
>>>>>> You can spot that for sure!
>>>>>>
>>>>>> I FOUND THIS WHEN I SEARCHED!
>>>>>>
>>>>>> "As we saw in previous posts, macOS privilege escalation typically
>>>>>> occurs by manipulating the user rather than exploiting zero days or
>>>>>> unpatched vulnerabilities. Looking at it from from the perspective of a
>>>>>> red team engagement, one native tool that can be useful in this regard
>>>>>> is AppleScript, which has the ability to quickly and easily produce fake
>>>>>> authorization requests that can appear quite convincing to the user.
>>>>>> Although this in itself is not a new technique, in this post I will
>>>>>> explore some novel ways we can (ab)use the abilities of AppleScript to
>>>>>> spoof privileged processes the user already trusts on the local system."
>>>>>>
>>>>>> https://www.sentinelone.com/blog/macos-red-team-spoofing-privileged-helpers-and-others-to-gain-root/
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Well worth a read.
>>>>>>
>>>>>> Why does ClamXav need to use this?
>>>>>
>>>>> It is looking for malware any thus needs more access than most apps. All
>>>>> general purpose malware tools do.
>>>>
>>>> That isn't so! Here's the result of removing Bitdefender in the same
>>>> manner:- https://imgur.com/a/Gq5PaC6
>>>
>>> Could be from this:
>>>
>>> I think Apple has depreciated this and there are newer ways, but
>>> not all apps have moved to those newer ways (and I could be wrong
>>> about that).
>>>
>>> Then again, maybe using the Privileged Helper *is* the newer way. I did find
>>> this:
>>>
>>> https://developer.apple.com/library/archive/samplecode/EvenBetterAuthorizationSample/Listings/Read_Me_About_EvenBetterAuthorizationSample_txt.html#//apple_ref/doc/uid/DTS40013768-Read_Me_About_EvenBetterAuthorizationSample_txt-DontLinkElementID_17
>>>
>>> EvenBetterAuthorizationSample shows how to factor privileged
>>> operations out of your application and into a privileged helper
>>> tool that is run by launchd.
>>>
>>> That speaks of the benefits of using the PrivilegedHelper way.
>>
>> I'm going to read there now. Thank you.
>>
>>>> Can you show me another one which has Privileged Helper Tools show up
>>>> when removing it with AppCleaner?
>>>
>>> Sure.
>>>
>>> https://jmp.sh/evqZdSN
>>
>> Thanks.
>>
>>> You can find other apps from your system by checking out this folder:
>>>
>>> /Library/PrivilegedHelperTools
>>>
>>> You likely have a number of apps with files in that folder. Some might be old
>>> but most will show that file when you use AppCleaner on the apps.
>>
>> Strange. I don't have any.
>>
>> This is what I see:- https://imgur.com/a/ObKDJYh
>
> You do not have Zoom?

No, not at present. I wiped my hard drives recently.

>>>>>> Will anyone be sufficiently brave to ask Canimaan Software Ltd?
>>>>>
>>>>> What would I ask them?
>>>>
>>>> Perhaps Steve Carroll could help formulate a question about this.
>>>>
>>>> I'd be interested to know why they - ClamXav - provide their product
>>>> *free of charge*
>>>> in the first instance without knowing /anything/ about their potential
>>>> new customer.
>>>
>>> Lots of software is free or has a demo.
>>
>> Without asking for a contact address?
>
> Absolutely.

How naive I am!

>> I'd be VERY wary of such software!
>
> You are using AppCleaner. It is freeware and does not ask for any address as
> far as I can recall.

You're right! I hadn't thought about it because YOU had recommended it!

Do you have ANY qualms about ClamXav?

Re: AppCleaner result for further study.

<0%h7K.337881$Lbb6.36964@fx45.iad>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=8102&group=uk.comp.sys.mac#8102

 copy link   Newsgroups: alt.computer.workshop uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!newsreader4.netcologne.de!news.netcologne.de!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx45.iad.POSTED!not-for-mail
From: brock.mc...@gmail.com (Snit)
Newsgroups: alt.computer.workshop,uk.comp.sys.mac
Subject: Re: AppCleaner result for further study.
Organization: Southern Nevada Institute of Technology
References: <sjP6K.83763$F4h.8033@fx07.ams1> <RYa7K.396341$F_q1.236557@fx01.ams1> <cFg7K.423155$iK66.184450@fx46.iad> <7zh7K.138661$Mih.112839@fx05.ams1>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
User-Agent: Usenapp for MacOS
X-Usenapp: v1.19/l - Full License
Lines: 75
Message-ID: <0%h7K.337881$Lbb6.36964@fx45.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Mon, 18 Apr 2022 18:21:48 UTC
Date: Mon, 18 Apr 2022 18:21:48 GMT
X-Received-Bytes: 3840
 by: Snit - Mon, 18 Apr 2022 18:21 UTC

On Apr 18, 2022 at 10:52:03 AM MST, "David Brooks" wrote
<7zh7K.138661$Mih.112839@fx05.ams1>:
....
>>>
>>>> You can find other apps from your system by checking out this folder:
>>>>
>>>> /Library/PrivilegedHelperTools
>>>>
>>>> You likely have a number of apps with files in that folder. Some might be old
>>>> but most will show that file when you use AppCleaner on the apps.
>>>
>>> Strange. I don't have any.
>>>
>>> This is what I see:- https://imgur.com/a/ObKDJYh
>>
>> You do not have Zoom?
>
> No, not at present. I wiped my hard drives recently.

Makes sense. Try Zoom and even MS products. Not sure which one(s) but there is
something from them there, too. And the others I showed.

>
>>>>>>> Will anyone be sufficiently brave to ask Canimaan Software Ltd?
>>>>>>
>>>>>> What would I ask them?
>>>>>
>>>>> Perhaps Steve Carroll could help formulate a question about this.
>>>>>
>>>>> I'd be interested to know why they - ClamXav - provide their product
>>>>> *free of charge*
>>>>> in the first instance without knowing /anything/ about their potential
>>>>> new customer.
>>>>
>>>> Lots of software is free or has a demo.
>>>
>>> Without asking for a contact address?
>>
>> Absolutely.
>
> How naive I am!

Most free software does not ask for such. I would be more wary if they did.
Look at AppCleaner. Did they ask for that? Paparazzi? Pretty much any free
software you get from the App Store. Apple of course has your info, but the
developer does not get generally get it. I currently have AVG installed -- I
do not think they asked for anything (they ask to upsell, of course, but they
have no info from me other than perhaps my IP and other system info if it
phones home). Install FireFox and Chrome. They ask for no such info. I use
Hidden Bar -- no such info. I have LibreOffice and MacTracker. No such info
asked for. Same with VLC and more. What apps do ask for such info?

>
>>> I'd be VERY wary of such software!
>>
>> You are using AppCleaner. It is freeware and does not ask for any address as
>> far as I can recall.
>
> You're right! I hadn't thought about it because YOU had recommended it!

Hey, I can be wrong and be "fooled" by folks... not going to deny it.

> Do you have ANY qualms about ClamXav?

It asks me to pay for what others give me for free, and yet does not seem to
do anything beyond what they do. I have no interest in paying. They also do
not seem to advertise what they do very well, and I find few reviews. I do not
think the application is dangerous. It is a developer putting a wrapper around
the ClamAV engine, but not sure what he offers that https://www.clamav.net
does not.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor