Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Sophos Free A-V For Mac May Kill Time Machine Backups

Comments Filter:
  • you sometimes get what you pay for.

    • We had Enterprise Sophos and it broke everything and it let every virus threw. They just make a bad Anti Virus payed or unpayed.
  • by Anonymous Coward

    As he apparently did. Perhaps it wasn't clear enough, but it's not like it just randomly did it.

    Also, backups are backups. He can just create new ones.

    • by Ecuador (740021)

      Also, backups are backups. He can just create new ones.

      Exactly, that is what I don't understand. I have to use a Mac at work, but I've never tried Time Machine since I use rsync on everything - even Windows machines. But in any case, if TM "backs up" your data, you end up with your original data + a backup with the point being you can lose one of the two and still have your data. So what happened here? He lost his backup, then what about his original data? How did he lose all his work when only the backup is gone?
      Also, he probably messed things up by killing pr

      • Exactly, that is what I don't understand. I have to use a Mac at work, but I've never tried Time Machine since I use rsync on everything

        That's why you don't understand. Time Machine keeps historical data around, so you can have say a laptop with a 250 GB drive, a 2 TB backup drive, and everything that was ever on your laptop drive will be on your backup drive. Like the OP said: 19 months of historical data. Time Machine is basically backup for the current state, plus history.

        • by Sockatume (732728)

          If you need that historical data, it should be kept on some kind of permanent storage, which is backed up. Relying on old backups to keep it around after you deleted it is not a valid approach, any more than filing your old records in the trashcan is.

        • by Ecuador (740021)

          Hmm... So it would be a bit like me using rsync without the --delete option so that data that gets deleted is not erased from the backup and then I go and ERASE data that I NEED from my working copy, since, you know, it is "backed up" ???
          Hate to break it to the OP if that is the case, but keeping a single copy of your data cannot be called "backup" in any way. The whole situation sounds idiotic, as a historical backup that can get corrupted in various ways used as your single data store is LESS safe than no

          • Not just that, it includes snapshots.

            Say you want to go back and look at your resume as it was 4 months ago. Or you're working on a project and you want to see what it looked like before you made a big change.

            • by Ecuador (740021)

              Yes, I get it, I was using Amanda over a decade ago. And it is exactly the reason I said it is more liable to corruption than just having your files somewhere. So it provides more functionality than just a backup copy PROVIDED THAT you don't go deleting your original files - otherwise you have the extra historical functionality but at a great risk.

      • by Altus (1034)

        That's all well and good as long as you notice it deleted your backups before your hard drive crashes. And it assumes that you don't realize the next day that you need to revert some file to a previous version, or you deleted some file by mistake 4 weeks ago that you really needed.

        Backups are there to protect against the unexpected, so while these might be low probability events, they are exactly what your backups are there for.

    • by Sockatume (732728)

      He says that it was "irreplacable data". The whole point of a backup is that the data is trivially replacable, because it has been duplicated. I suspect his backup routine is rather like this one [penny-arcade.com].

      • He says that it was "irreplacable data". The whole point of a backup is that the data is trivially replacable, because it has been duplicated. I suspect his backup routine is rather like this one [penny-arcade.com].

        You really don't get it do you? Time machine is not just a backup, it is a lot like a repository such as SVN. It lets you find a previous revision of a file or project and save it out somewhere else to do a comparison or undo changes you decide that you don't want. It is an incremental backup.

  • With a little sophostry installed from Sophos, backups are a thing of the past. You will now never lose a file either due to virus, trojan, or simple human error. Want to revert to how your essay looked 12 hour ago? You no longer need to! Sophos magically takes care of all errors and mistakes for you ahead of time, freeing you up to work effortlessly and error-free on your gorgeous Mac without the constant file churning that Time Machine used.

  • by Anonymous Coward on Tuesday November 09, 2010 @11:33PM (#34182628)

    Sounds like a virus, you should install AV

  • Compared to Norton, Symantec, and the other system-strangling solutions available for virus detection, Sophos is definitely the leading provider. When I was at college (10 years ago), their software scanned everything coming in and going out, and yet hardly slowed the systems down at all (yes, if you had a local machine Admin account you could end the process and prove this!)

    I would be surprised if this turned out to be true.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Norton is made by Symantec, they are not separate entities. Sophos is a leading provider? Never even heard of them.

      • by scdeimos (632778)
        You obviously don't move in corporate circles.
      • Re: (Score:2, Insightful)

        If you're a government, educational institution, or a large corporation, you've definitely heard of them.

        If you're a troll on /. with no real experience working in IT, then of course you haven't heard of them.

  • RTFA First (Score:3, Informative)

    by Caraig (186934) * on Tuesday November 09, 2010 @11:37PM (#34182650)

    After looking through the article, while the user seems to have erred in taking Sophos and Time Machine both at their word -- I need to re-read the part he was talking about VMs, something there didn't sound right but I'm not sure what -- and been a little too quick with the OK button, it does strike me as odd that Sophos didn't drop some kind of error when it tried to write to the backup file.

  • by MarchHare (82901) on Tuesday November 09, 2010 @11:44PM (#34182692)

    He tried to open a quarantined file, once with the 'cat' command
    and once with vi, as root, and both times Sophos warned him and
    prevented him from proceeding. Now, the code for the 'cat'
    command is quite simple, it basically just does a open(2)
    of the file and then issues a series of read(2). My question
    is: Does Sophos actually intercept the system calls in order
    to make sure no application opens an infected file? If so,
    wouldn't that introduce a HUGE performance penalty on the
    everything happening on the machine, since these system calls
    are so crucial?

    • by 0123456 (636235) on Tuesday November 09, 2010 @11:53PM (#34182752)

      If so, wouldn't that introduce a HUGE performance penalty on the everything happening on the machine, since these system calls are so crucial?

      Uh, it's anti-virus software: of course it introduces a huge performance penalty when accessing files. Otherwise, how would you know that it was doing anything?

      • by duguk (589689)

        If so, wouldn't that introduce a HUGE performance penalty on the everything happening on the machine, since these system calls are so crucial?

        Uh, it's anti-virus software: of course it introduces a huge performance penalty when accessing files. Otherwise, how would you know that it was doing anything?

        What I've never understood, is why? Why not just check on writing; and reading on removable drives?

        • by bjb (3050) *

          What I've never understood, is why? Why not just check on writing; and reading on removable drives?

          When virus definitions are updated, it is possible that a file that was written in the past is now considered infected. As well, the file could have been written to the disk without the antivirus software's knowledge (could have not been loaded, killed/crashed, etc).

          Still, I agree with you that most of the time we have already scanned the darn file..

        • by exomondo (1725132)

          What I've never understood, is why? Why not just check on writing; and reading on removable drives?

          2 things:

          firstly they may keep track of which files have been scanned with the current up-to-date DB and not re-scan them on read, though it may be slower to do the lookup than to just do the scan.

          secondly think about the situation described in TFA, he went to open a scanned, identified and infected file.

    • by bill_mcgonigle (4333) * on Wednesday November 10, 2010 @12:02AM (#34182808) Homepage Journal

      Yes.

      Really, though, on a Mac, it should have a mode that makes it noop unless it's a Microsoft Office app running.

    • by scdeimos (632778)
      I'd always thought that most AV's hook into file system drivers so that their operation is hidden from the application layer. On Windoze at least they're called "file system filter drivers."
    • Re: (Score:3, Interesting)

      by goombah99 (560566)

      Mac extended attributes tell the OS when not to open a file. For example com.apple.quarentine get's tagged onto every file you download from the internet unless it's of a set of known safe file types. If you have os 10.6 try typing ls -loe@ in your downloads folder. When you edit a file the mac file system also tags it as changed so it knows it will need to back it up without having to go checksum compare every file like rsync checksums do. Thus it's perfectly possible that the virus software could int

      • by Chelloveck (14643)

        Mac extended attributes tell the OS when not to open a file. For example com.apple.quarentine get's tagged onto every file you download from the internet unless it's of a set of known safe file types.

        Yes, but it's not something that's done by intercepting system calls. The com.apple.quarantine attribute is only respected by apps like Finder which are specifically looking for it. If you just use something like 'cat' in a terminal window you can still view the file without getting the "ZOMG! This is from teh

        • by goombah99 (560566)

          Mac extended attributes tell the OS when not to open a file. For example com.apple.quarentine get's tagged onto every file you download from the internet unless it's of a set of known safe file types.

          Yes, but it's not something that's done by intercepting system calls. The com.apple.quarantine attribute is only respected by apps like Finder which are specifically looking for it.

          No this is not true. While the finder does a pop-up for these the system does check this attribute. You can see this for example when you launch code you compiled yourself, even from the bash command line. Look in the 10.6 OS system.log and behold there is a warning that the code is not signed. No finder involved; the finder is simply more vocal, but it's the system that is checking things.

      • by exomondo (1725132)

        What I don't like about this is that when I compile code, every time I run it, a waring message gets written to the system log unless I also code sign it before I run it.

        You don't like that unsigned code gives you a warning?

    • by Trogre (513942)

      Well... yes. That's how every single real-time virus protection suite works. Files are scanned for viruses (using lookup tables and/or heuristics) before being passed back to the application.

      That's also why for quite some time my company policy has been at least two CPU cores per computer - one for the virus scanner and the OS/apps can have the rest.

      • Re: (Score:3, Insightful)

        by am 2k (217885)

        That's also why for quite some time my company policy has been at least two CPU cores per computer - one for the virus scanner and the OS/apps can have the rest.

        That doesn't make sense. When the scanner kicks in, the application is blocked on the open() call until the scanner is finished analyzing the file, so your second CPU does nothing, and vice versa.

        • Maybe they run background scans?

          I won't pretend to understand core coherency under Windows, but if they have one of those network traffic interceptors, conceivably every other thread in a multi-connection webpage load could get scheduled to a different core and get interleaved between scanning and transferring.

          Probably smarter just to benchmark it than reason it out.

          Or, if they do the standard corporate thing and keep RAM low and swap like mad, the second core can run the memory manager. ;)

        • by Trogre (513942)

          I think you misunderstood. More CPU cores won't make that application, or more correctly that thread, any faster per se. They will, however allow other threads to continue running while the first CPU core is tied up with CPU-intensive virus scanning.

    • by flonker (526111)

      Yes, and yes. That is why all AV software sucks.

      What do you suggest as an alternative? Remember, people have grown to expect real-time protection.

      • by vtcodger (957785)

        ***What do you suggest as an alternative? Remember, people have grown to expect real-time protection.***

        Good question. In this case a disable network-virus scan-backup-re-enable network scheme without real-time protection might have worked better, but it is hardly bulletproof. It's a little late to point out that it would have been better to have alternating external backup drives -- more to protect against hardware failure than software issues. And that won't work if you don't know the backup drive has

      • by sjames (1099)

        It's a bit of a problem in Windows since anything could potentially be an executable including an email or a Word document (gee, thanks MS!).

  • by wampus (1932) on Tuesday November 09, 2010 @11:45PM (#34182702)

    Not sure why, film at 11.

    • by gmhowell (26755)

      Because that 'some guy' is the infamous kdawson.

    • by jonbryce (703250)

      Time machine had backed up a virus, so Sophos killed the entire Time machine backup image to get rid of it.

      • "Time machine had backed up a virus, so Sophos killed the entire Time machine backup image to get rid of it."

        Not quite what happened, according to the article.

        Time machine had backed up a virus, so Sophos blocked the user from meddling with it and stated it could not automatically remove the virus. The user then attempted to work around both Sophos and Time machine and discovered that not only did he remove the virus, he corrupted his TM plist, which meant that it lost the record of what files belonged in

    • Re: (Score:3, Insightful)

      It's the media effect. If we invade another country and accidentally kill a few tens of thousands of civilians, and suffer hundreds of casualties, it won't be presented as effectively as the death of the single journalist who got shot in all of this.

      Mess up a few hundred random computer dudes, and nobody may hear of it. Don't even in the slightest mess with a /. editor, or lots of people will know.

  • by 8127972 (73495) on Tuesday November 09, 2010 @11:52PM (#34182742)

    ... Then this is a serious hit to Sophos as they have a very good reputation. Having said that, AFAIK this is their first Mac app. So perhaps it needed more QA before release. Until more reports of this phenomenon appear, I'd reserve judgment. However it might be wise for Sophos to get out front of this issue before the spin gets out of control.

    • by osssmkatz (734824) on Wednesday November 10, 2010 @12:06AM (#34182830) Journal
      It isn't their first Mac app. They've been selling it to businesses before now, but businesses don't generally use Time machine, and would never execute a deletion command using an antivirus on a backup archive while it was running. Not sure whether this is an OS bug, or a sophos bug, or whether if he had allowed the command to finish, it would have worked fine. (Maybe it was just taking a long time.) --Sam
    • Re: (Score:3, Insightful)

      by baddaybeav (1937670)
      we've used the business side of it for over a year, major performance headaches... as to the time machine part, if my memory serves, time machine creates one large file (like tar, but a lot more advanced) it saw the "virus" in the one large file, didn't differentiate that and deleted what it saw as the "file containing the bad stuff" now that he's written data to the drive he's lost any good chance at recovery... I guess we'll need a time machine time machine soon.
      • by Yjerkle (610052)

        No, each time machine backup is a folder that mirrors the root of your hard drive. Each file is separate on the time machine drive. Space is shared for unchanged files and folders between backups using hard links.

        • Really, really - no. Time Machine backups are sparse bundles, which looks like a file unless you mount it as a volume. Just like those 'dmg' files you download to install an application. It's possible that you're using a really old version or have some options set to use a folder, but sparse bundles are the default on a new Snow Leopard backup schedule.
        • Actually, we might be both right - I've seen another post that suggests that TM uses folders on a directly connected drive, although I'm pretty sure that before I moved to a DIY Time Capsule (USB external connected to Airport Extreme) I still had sparse bundles. YMMV.
          • If your backup drive is a locally accessible drive, Time Machine stores your HD data to the backup drive as files, folders, and (I think) lots of hardlinks. That's how time machine is designed to work. You don't have direct file system access to a volume when you access it over a network, so Time Machine fakes it by creating a sparse bundle on the destination volume, mounts THAT as a 'local' hard drive, and chugs along.

        • by jonbryce (703250)

          That's how it presents itself to the user, but it does this magic inside a Sparsebundle image file.

      • by zippthorne (748122) on Wednesday November 10, 2010 @12:35AM (#34182976) Journal

        No, it's separate files. You can browse it using finder or terminal.

        Unless you're backing up a filevault protected home directory. Then it handles it in just about the stupidest way possible: it saves the whole honking encrypted image as one big file.* And despite the fact that it doesn't decrypt the image, it still only works if you're logged in and the image is open.

        *If you're set up as sparse images, then you do a little better. But still, no incremental backups for you. If a file changes, you have to copy the *whole* thing, because good encryption won't make it obvious which bits of the file are different. Also, I'm not sure it can tell which files are, say, disk cache for the browser....

        • by kdawson (3715) Works for Slashdot on Wednesday November 10, 2010 @01:08AM (#34183132) Homepage

          FYI, I'm not using filevault, just individual files to be backed up... but TM uses sparsebundles in ways I don't begin to understand. One respondent via Twitter suggested that Sophos may have simply been in the process of deleting the entire sparsebundle -- i.e. the entire lot of backups -- when I killed its process. No idea if this is correct. I hope Sophos eventually provides some insight.

          • Re: (Score:2, Interesting)

            by Anonymous Coward

            Have you double checked to make sure that you can't still see the backup history using the native Time Machine browser app? In my experience with TM failure, one symptom included a sudden change in the amount of free/used space reported - not unlike your experience - see below for more details.

            One of the reasons I switched to Mac was because I liked the Time Machine concept. I use a Seagate USB drive plugged into a Macbook Pro. A few weeks in, Time Machine reports that it is unable to complete a backup. Mul

            • by Rosyna (80334) on Wednesday November 10, 2010 @02:32AM (#34183518) Homepage

              One thing. directly connected hard drives do not use sparse bundles if FileVault is not on,.

              • You guys are explaining the behavior on 10.5, 10.6 is more intelligent about it. FileVault home directories will get backup as sparesbundles instead of sparesdisks . The different is the former uses mutiple 8 meg files. Up date only cache, only the files that contain that data will be updated.
              • by kdawson (3715) Works for Slashdot

                My backup disk is a Time Capsule, whose internal disk is connected only wirelessly. Probably doesn't count as direct-connected. Does it therefore use sparse bundles?

        • No, it's separate files. You can browse it using finder or terminal.

          Yeah, that's what I see here on 10.5 as well - at one point I had my rsnapshot backing up a Mac's Time Machine 'latest' tree.

          From the other comments here it sounds like 10.6 might have gone with sparse bundles for all of its backups? Maybe to enable encryption?

          I dunno, Apple has abandoned my wife's Apple hardware. Her Mini will get turned into a mythfronend when Lion is shipped. Too bad the iLife analogs on Linux are terrible (quite feat

        • by tlhIngan (30335)

          Unless you're backing up a filevault protected home directory. Then it handles it in just about the stupidest way possible: it saves the whole honking encrypted image as one big file.* And despite the fact that it doesn't decrypt the image, it still only works if you're logged in and the image is open.

          *If you're set up as sparse images, then you do a little better. But still, no incremental backups for you. If a file changes, you have to copy the *whole* thing, because good encryption won't make it obvious

          • Here is what I would expect:

            If it does it without decrypting the contents, then the user shouldn't need to actually be logged in in order to get the benefit of the backup. It should back them up if it's changed since the last backup regardless of whether the user is logged at the precise moment backup begins.

            OR,

            It could require the user to be logged in, because it needs access to the unencrypted files. Obviously, it would encrypt the backup itself. The benefit here would that a logged-in filevault user w

      • yes, one large file which is actually a sparse disk image.
        • by Rosyna (80334) on Wednesday November 10, 2010 @02:10AM (#34183418) Homepage

          yes, one large file which is actually a sparse disk image.

          it's a sparse disk image bundle thingy. Which uses a bunch of 8MB files, not one file. from the hdiutil man page [apple.com]:

            By default, UDSP images grow one megabyte at a time.
                                                              Introduced in 10.5, UDSB images use 8 MB band files
                                                              which grow as they are written to.. -imagekey
                                                              sparse-band-size=size can be used to specify the
                                                              number of 512-byte sectors that will be added each
                                                              time the image grows. Valid values for SPARSEBUNDLE
                                                              range from 2048 to 262144 sectors (1 MB to 128 MB).

                                                              The maximum size of a SPARSE image is 128 petabytes;
                                                              the maximum for SPARSEBUNDLE is just under 8
                                                              exabytes (2^63 - 512 bytes minus 1 byte). The
                                                              amount of data that can be stored in either type of
                                                              sparse image is additionally bounded by the filesys-
                                                              tem in the image and by any partition map. compact
                                                              can reclaim unused bands in sparse images backing
                                                              HFS+ filesystems. resize will only change the vir-
                                                              tual size of a sparse image. See also USING PERSIS-
                                                              TENT SPARSE IMAGES below.

    • by mug funky (910186)

      TM had the privileges to stop Sophos fucking this guy's shit up. Sophos should probably have been aware of the existence of Time Machine and perhaps had a specific behavior or at least prompt for it (as TM comes with the OS IIRC - i'm not a mac guy and never use TM when i'm on one).

      blame sophos?

      blame apple?

      let the shitstorm begin.

    • It's not their first Mac app - we've been running Sophos AV (corporate, non-free) for over 3 years. It supports Windows, Mac OS, and Linux. -ted
  • ...data all the time. I thought this was a feature. Even my non-techie wife knows what a "corrupt sparsebundle" is....
    • by tibit (1762298)

      Something must be broken then in your setup somewhere, because I use a Time Capsule, recently upgraded from 500GB to WD Green 2TB, and never had a single data loss/corruption issue. I'm using it with a MBP and an iMac, and have used it with OS X 10.5, and now 10.6. Not a single problem, apart from running out of room on the 500GB drive and having to upgrade.

      • by gmhowell (26755)

        How did you get data from the old drive to the new one? I have the 1 TB model, but that won't last forever.

        • by tibit (1762298)

          I didn't. Simply reinitialized the time machines on the new drive.

          Transferring data would have been trivial. All you need is SATA-USB or SATA-Firewire adapter. Procedure I'd use:

          1. Format the new drive with same format as the one in time capsule (remove it, check whether it's HFS+ journaled or not, put it back).

          2. Hook up time capsule via gigabit ethernet, hook up new drive via USB/Firewire.

          3. Disable time machine.

          4. Mount both drives.

          5. Copy all files over using a *recent* rsync, with xattrs/acls and whatn

    • Re: (Score:2, Funny)

      by mug funky (910186)

      Trash your preferences!

      flash the P-ROM!

      buy more RAM!

      i can't help you! ...well, that's the usual order of responses i get from mac techies.

  • The closest I've ever come to AV software has been running clamav on a Slackware machine acting as a mail server, but I do understand how they work. It doesn't look like it was the AV's fault.

    Well, it was in a way, AV software is a braindead solution to a problem that shouldn't exist. Use only properly signed software from trusted sources in a secure platform, that's a real solution.

    Anyway, this guy killed both Sophos and the Time Machine process in the middle of a backup, while they were both trying to acc

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Well, it was in a way, AV software is a braindead solution to a problem that shouldn't exist. Use only properly signed software from trusted sources in a secure platform, that's a real solution.

      So.. You are never allowed to download something and try it out, unless it's from a trusted source. Exactly how are normal people supposed to get their programs into said trusted sources? Should we perhaps have an "app store" for all software, putting a few large entities in control of what is acceptable or not?

      I also enjoy your naive belief that virus can only spread by downloading and running infected code. This is not 1989. Comprimosed web pages, exploitng holes in browsers and browser add-ons, infected

      • I don't run active antivirus at all, the trick is never to touch the internet explorer browser. Another tip is don't download a bunch of pirated program and run them without scanning them first. I suggest malwarebytes [malwarebytes.org].

        I also keep a copy of combofix [bleepingcomputer.com] on a usb drive just in case.
      • Come on dude.

        Use a modern, secure operating system. Use only free software that has been reviewed by the community. Peer-reviewing works, you know?

        I only use Free Software. We review everything that goes in those repositories. It's simple, and it works.

        Don't use privative software, don't download from untrustworthy sources. Easy.

        • by idontgno (624372)

          Also, don't ever accidentally subject yourself to zero-day exploits in your browser, which means never browse any valid website compromised by malware pushers without the knowledge or consent of the website owner.

          In other words, connect your computer only to a fantasy Internet powered by the carbon-offsetting power of unicorn farts and good wishes.

          Yes, the world is out to get you. Not you personally, of course; you're not that interesting. Just you as part of the entire gamut of possible malware victims. Th

          • My browser runs as a non-privileged user on a secure Unix system. The process itself doesn't have write permission on any executable file, not even itself.

            That user is != to my actual user, so it won't even get to my docs or other information. It'll only affect my browser, which can write nowhere but it's own home directory. If something like that happened, restarting my browser and killing any process it might have spawn would be enough.

    • by vtcodger (957785)

      ***Well, it was in a way, AV software is a braindead solution to a problem that shouldn't exist. Use only properly signed software from trusted sources in a secure platform, that's a real solution.***

      Uh, Yeah. ... Of Course.

      Now that you have solved that problem for us, what are you going to tackle next? World Peace? Finding economists who understand economics? Keeping sociopaths out of political office?

      You do understand that the trusted sources solution is utterly impractical once you allow access outsid

      • Not true. I use Free Software. I was a Slackware user for ages (version 3 through 12, then I switched to Ubuntu). I trust the community. I've never gotten malware into my machine. Security bugs? Sure. They were all promptly fixed.

        So, don't say that something that has been a reality for 20 years isn't possible, you sound stupid.

  • AV on a UNIX machine is a bad idea in more ways than one. By definition, AV programs go about deleting files. Obviously this can corrupt a system. So the risk of incurring virus damage must significantly outweigh the risk of incurring antivirus damage. On any UNIX system, it it is still best not to have AV.
  • if there are no viruses on OSX, why use an antivirus program? don't we have to wait for OSX to be compromised first?

  • by fluch (126140) on Wednesday November 10, 2010 @05:23AM (#34184110)

    The time machine stores the back up files on an external hard drive in a specific way such that can perform the backup task and the possible restore task effectively. In order to this to work noone should modify or delete any data stored in the backup location. This will most likely corrupt the backup.

    The author of the article told Sophos AV to delete files from within the time machnien backup location ... well, of course one can expect that it messes things up.

  • First, we get an article that consists of one idiot posting on a blog who openly admits that he clicked delete himself on the popup and thus caused the problem in the first place. If it had been a critical set of Windows backups, the same thing would have happened, or even the System Restore folders.

    Then, I realise it's an article by kdawson who I have deliberately blocked because all their submissions have glaring errors and omissions or are nothing more than rumour, but they've handed it off to another p

  • and the other 95% (Score:1, Flamebait)

    by Anarchduke (1551707)
    of computer users don't care about macs
  • Lost what, exactly? (Score:2, Interesting)

    by lga (172042)

    kdawson complains about having lost nineteen months of 'mac life' but what was there to lose? These were backups. They weren't the only location of the files in question, and if there were files stored only in Time Machine, are you also one of those people that keep important files in the trash can?

    I'm not saying there isn't a problem if Sophos deleted the backups, just that it isn't that big a deal.

  • Timothy (Score:1, Insightful)

    by metrix007 (200091)

    Please never refer to yourself as an editor. Ever.

  • The guys sounds like a complete douche and fanboi - drooling on about it being Unix, and having root, and having the 'cat' command. You bent over for Steve Jobs buddy, and not you're finding Macs are just computers too. Sorry for the loss of your innocence.

  • IMHO a backup of something important should be done with the simplest method possible. Put it on a medium (optical, HD, ...) and put the medium in a cupboard to never touch anymore. Why trust a program of which you don't know exactly what it does and that can be influenced by other programs as turns out now?

  • by Anonymous Coward

    If you're using Time Machine and you think it'll keep files you've deleted from your original drive around forever, you're mistaken. Time Machine focuses on staying current; if you run out of space on your Time Machine volume, it starts deleting old backups to make room for the new ones. It assumes that since you deleted it, you don't want it anymore. It'll keep it around for a while as a side effect of how it works and as a convenience, but it's not the priority.

    It also defeats the whole purpose of backing

    • by joh (27088)

      Time Machine is too easy to use. Many users even use it for archiving deleted files or older versions of files. This is madness. A Backup is not an archive. As soon as you start to rely on parts of your backup as a source of data that is not elsewhere anymore you deserve everything that may happen to you. But you'll never get this into the brains of users. Give them a backup system that is easy to use and they will use it for letting it archive stuff.

      Used just as a plain silly backup system TM is great. Set

  • The virus scanner asked him whether to delete the files, he clicked "yes" and thats it? So what would should the program have done?

  • I've added a comment from Sophos's Graham Cluley to the end of the blog post [recoveringphysicist.com]. He/they have been quite responsive, especially given that the free A-V product comes without official support. Apparently I am the only one ever to have reported such a problem with Time Machine.

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA

Working...