This page is a wiki. Please login or create an account to begin editing.


5 posts / 0 new
Last post
SkyCapt's picture
Offline
Joined: 2017 Jan 11
P.S.A. OSX Tiger Security Updates apple-download Fixes

Maybe it all worked as Automatic updates when they were new, but there are so many issues when Manually installing Tiger Security Updates, this post will be a long one. To begin with, there are 4 kinds of Tiger OSX 10.4 ~ the PowerPC client kind, the intel-x86 client, the PowerPC Server, and the Universal Binary Server. Many of apple-dotcom's downloads are labeled wrong, don't fully describe their requirements, and/or can be applied to more than one kind of the Tiger OS.

TIGER PowerPC client has (at least) these 29 updates:
. 2005-006 > 10.4.1
. 2005-007 > 10.4.2
. 2005-008 > 10.4.2 delta
. 2005-009 > 10.4.3
. 2006-001 > 10.4.5
. 2006-002 > 10.4.5 combined
. 2006-003 > 10.4.6
. 2006-004 > 10.4.7
. 2006-007 > 10.4.8
. 2006-008 > 10.4.8 delta
. 2007-001 > 10.4.8 delta > QuickTime v7.1.3
. 2007-002 > 10.4.8 delta
. 2007-005 > 10.4.9
. 2007-006 > 10.4.9 delta or 10.4.10
. 2007-007 > 10.4.10
. 2007-009 > 10.4.11
. 2008-001 > 10.4.11 combined
. 2008-002 > 10.4.11 combined
. 2008-003 > 10.4.11 combined
. 2008-004 > 10.4.11 combined
. 2008-005 > 10.4.11 combined
. 2008-006 > 10.4.11 combined
. 2008-007 > 10.4.11 combined
. 2008-008 > 10.4.11 combined
. 2009-001 > 10.4.11 combined
. 2009-002 > 10.4.11 combined
. 2009-003 > 10.4.11 combined
. 2009-004 > 10.4.11 combined
. 2009-005 > 10.4.11 combined

Delta means that they have to be installed independent of one another for everything to take effect. Combined means for that particular point version of OSX, the update includes previous update(s). OSX 10.4.8 - the best of both worlds in reliability and performance - has 4 deltas but you'll probably only ever use 3 of them because 2007-001 can only be applied on QuickTime v7.1.3 and since 10.4.8 runs QT 7.1.5 which looks better than QT 7.1.3 then 2007-001 won't be needed. 2007-006 seems like malware to me, it slowed down my performance while later updates which should incorporate this one do not slow down, and 2007-006 is the only security update I've ever found which can install on more than one OSX point version, I think there's something not right with 2007-006 and it turns out the intel-x86 version of 2007-006 is now a broken dL-link on apple dotcom. And 2007-006 no longer can install on OSX 10.4.10 once 2007-007 is applied, so even more unusual behavior. OSX 10.4.11 only has to receive one (or none) security updates, that being however high you wish to take it : 2009-005 is the final update and it's required to get HTML5 support in Safari v4.

TIGER PowerPC Server has (at least) these 17 downloads:
2005-007, 2005-009, 2006-003, 2006-007, 2007-007, 2008-002, 2008-003, 2008-004, 2008-005, 2008-006, 2008-007, 2008-008, 2009-001, 2009-002, 2009-003, 2009-004, 2009-005

Almost half the updates are missing and that it because the client Security Updates with names not found here do in fact also apply to the Server OS. This isn't explicitly stated! There are 12 PowerPC client updates you should Duplicate and rename them for showing they can be applied to PPC Server :

2005-006, 2005-008, 2006-001, 2006-002, 2006-004, 2006-008, 2007-001, 2007-002, 2007-005, 2007-006, 2007-009, 2008-001

TIGER intel-x86 client has (at least) these 22 downloads:
2006-002, 2006-003, 2006-004, 2006-007, 2006-008, 2007-002, 2007-005, 2007-007, 2007-009, 2008-001, 2008-002, 2008-003, 2008-004, 2008-005, 2008-006, 2008-007, 2008-008, 2009-001, 2009-002, 2009-003, 2009-004, 2009-005

2007-001 the PowerPC download also runs on intel-x86 client and Universal Binary Server OSes, it is the only Security Update that I've found which can be installed on ALL FOUR KINDS of Tiger OSX (10.4.8) ~ and again it requires QuickTime be v7.1.3 - this update will never be needed if you don't use QT 7.1.3

Seven x86 security updates 2006-008 thru 2008-002 are poorly named "Univ" (without "Server" and) not "Intel", and for sanity sake you could rename them Intel. They do not install on PowerPC-only OSes like "Univ" means. 2007-007 is outright named wrong because when you run it its window says "Intel", and 2008-002 is named wrong too because it cannot install on Universal Server, only on x86 client. 2007-006 for Intel has gone missing/presently a broken dL-link on apple dotcom and might have been malware anyway, see above.

TIGER Universal Binary Server has (at least) these 15 updates:
2006-004, 2006-007, 2007-007, 2008-002, 2008-003, 2008-004, 2008-005, 2008-006, 2008-007, 2008-008, 2009-001, 2009-002, 2009-003, 2009-004, 2009-005

UBS started with OSX 10.4.7 so it has fewer Tiger updates. 2006-004 is completely named wrong, it is a pkg 2746788 bytes big and is missing both Server and Univ from its supplied name. 2007-001 when taken from the PowerPC set can also run here on UBS 10.4.8 as long as there's QuickTime 7.1.3 ~ the update 2007-006 is still missing so be it, and the following 5 Security Updates when copied/renamed from the x86 client set also run on Universal Binary Server :

2006-008, 2007-002, 2007-005, 2007-009, 2008-001

-----

Have A Cheerful Festivus. //skycapt

Comments

SkyCapt's picture
Offline
Joined: 2017 Jan 11

Tiger Client-PPC edition is BROKEN throughout versions 10.4.9 thru 10.4.11 all. It has a fatal kernel panic system freeze brought about by playing DVD Player on any VIDEO_TS folder from a volume formatted with HFS+ filesystem rather than the 'Hollywood' disc filesystem. But the crash can happen hours after DVD Player was used, thus disguising the cause of trouble. I've investigated this more than ten years now using my PowerMac G4 model Mirror Door 2003, there is no mistake. Apple took a giant shit on PowerPC shortly after their switch to intel. Only the Client-PPC flavor crashes in this manner, so the much needed fix for PowerPC is to use the Tiger *Server* edition for OSX 10.4.11 (or keep the Client-PPC edition at exactly 10.4.8).

-----

There is a bug in OS X ScreenSaver engine, in which some savers slow the computer's performance even when the saver activity is offline, it simply has been selected as the active saver. The fix is to 'park' your active screensaver on a particular one which stays fast. The default Client saver is Flurry, a fast one. But the default Server saver is "Computer Name", a slow one. A good way to install/use Server is to change the selected saver to Flurry in System Preferences.

-----

more: some of the apple-dotcom Security Update downloads have their name with period instead of dash, e.g. "2001.001" instead of "2001-001", so to locate a download there you might try both syntaxes.

And, while most OSX (Tiger) updates can run when removed from their .dmg wrappers, as .pkg or .mpkg files stored anywhere, there is a big set which Must remain in their .dmg wrappers : PowerPC Server OSX Updates 10.4.4 thru 10.4.11 both the Delta and the Combo .dmgs must stay wrapped to run.

SkyCapt's picture
Offline
Joined: 2017 Jan 11

ClamAV the Anti Virus scanner
Tiger SERVER has built-in Apple-approved anti-virus named "ClamAV".
probably is short for ... Command Line Anti Malware Anti Virus.
Early versions of Clam were small and had bad bugs too.
To see your Clam engine version, type "clamscan -V" in Terminal (it's a capital V).
To see the size of your virus profile database, type "clamscan xyz" in which xyz is an UNrecognized nonsense filename.

Clam versions can be Different! depending on whether you have: Tiger Server the PPC edition vs Tiger Server the Universal Binary edition. Apple had expected everyone to sync via network to routinely get the latest updates.

OSX Server 10.4.7 thru 10.4.11+SU2008-001 all first come supplied with "clamscan" v0.88.x which has "29761 known viruses" in its PPC database but has "53123 known viruses" in its Universal Binary database, due to PPC installing from a 10.4.0 disc whereas Universal begins from its 10.4.7 disc. In this range of Server OS for PPC, the simplest upgrade you might do is copy the Universal 53123 database overwriting your 29761 database. See example below.

OSX Server 10.4.11+SU2008-002 thru SU2009-005, Universal Binary edition. The Clam engine is in sync, but here Apple froze the published database at 53000 known viruses. You might copy the corresponding larger PPC version database overwriting the supplied database. See example below.

Older Clam engines got a bad bug which falsely reports an occasional .zip file as being "infected" with "Oversized" (e.g. try the games Prey, American McGee's Alice, and OpenArena). Overcoming this bug is one major motivation to upgrade the Clam if you don't run the absolute latest Tiger OS.

Updates to clamscan come in the final series of Security Updates for OSX Server 10.4.11 PPC (but NOT Universal!), the very first update delivers almost 10 times the number of known viruses but still hasn't fixed that .zip bug. Security Update 2008-006 or higher fixes the clamscan .zip bug, and, it is fixed a little sooner when updating an Intel Mac.

===PowerPC===
SU 2007-009 : clamscan v0.88.5 / 29761 known viruses, bug
SU 2008-001 : clamscan v0.88.5 / 29761 known viruses, bug
SU 2008-002 : clamscan v0.92.1 / 208929 known viruses, bug
SU 2008-003 : clamscan v0.92.1 / 208929 known viruses, bug
SU 2008-004 : clamscan v0.92.1 / 208929 known viruses, bug
SU 2008-005 : clamscan v0.92.1 / 208929 known viruses, bug
SU 2008-006 : clamscan v0.93.3 / 344241 known viruses, bug-fixed
SU 2008-007 : clamscan v0.94.0 / 407205 known viruses
SU 2008-008 : clamscan v0.94.0 / 407205 known viruses
SU 2009-001 : clamscan v0.94.2 / 465915 known viruses
SU 2009-002 : clamscan v0.94.2 / 465915 known viruses
SU 2009-003 : clamscan v0.94.2 / 465915 known viruses
SU 2009-004 : clamscan v0.94.2 / 465915 known viruses
SU 2009-005 : clamscan v0.94.2 / 465915 known viruses

===Universal===
SU 2007-009 : clamscan v0.88.5 / 53123 known viruses, bug
SU 2008-001 : clamscan v0.88.5 / 53123 known viruses, bug
SU 2008-002 : clamscan v0.92.1 / 53123 known viruses, bug-fixed
SU 2008-003 : clamscan v0.92.1 / 53123 known viruses
SU 2008-004 : clamscan v0.92.1 / 53123 known viruses
SU 2008-005 : clamscan v0.92.1 / 53123 known viruses
SU 2008-006 : clamscan v0.93.3 / 53121 known viruses
SU 2008-007 : clamscan v0.94.0 / 53121 known viruses
SU 2008-008 : clamscan v0.94.0 / 53121 known viruses
SU 2009-001 : clamscan v0.94.2 / 53121 known viruses
SU 2009-002 : clamscan v0.94.2 / 53121 known viruses
SU 2009-003 : clamscan v0.94.2 / 53121 known viruses
SU 2009-004 : clamscan v0.94.2 / 53121 known viruses
SU 2009-005 : clamscan v0.94.2 / 53121 known viruses

Example: upgrading the antivirus database-only
The virus profile database is 2 files, a fast "daily" db and a larger "main" db. They're in this folder (Terminal command)
"cd /private/var/clamav/" then type "ls -l" and you should see them with their bytesizes:
daily.cvd ??? bytes
main.cvd ??? bytes

Notice that these two database files have "clamav:clamav" ownership permissions.

Obtain your replacement ClamAV DATABASE:
Get database 0.96.0 the highest for Tiger Server (for use with clamscan engines 0.94.0 / 0.94.2) found here:
http://macintoshgarden.org/apps/clamav-command-line-tiger-version
... or find all ranges of clamav virus databases here:
www.clamav.net
{Download their source packages they offer, unpack them, each has a "database" folder with the pair of files ready there.}

How To Install a new database-only:
"cd /private/var/clamav/"
"sudo rm daily.cvd main.cvd" erases the old files.
Copy your new pair of desired files to here using Terminal or Finder.
Type "ls -l" and you should see the two new files having larger bytesizes but the ownership tags will be wrong. Ownership had been "clamav:clamav".
Type "sudo chown clamav:clamav daily.cvd main.cvd" to repair ownership.
Type "ls -l" again to verify the now correct ownerships.
Type "clamscan xyz" = to see the new number of known viruses.

Database number 0.96.0 for over 750000 known viruses, is protection in Tiger up until Feb-Mar 2010. Great. To try taking it further, you can go the later route named "ClamXAV" suite, or some other antivirus title.

In Tiger, I strongly recommend Classic mode's "Virex 6.1" and its "2007-10-01" database as a supplement to clamscan. Command-line OS X clamscan ignores the resource forks of everything it reads, whereas Virex inspects those resource forks thoroughly.

-----

OSX 10.4.11 ~ Security Updates 2008-008 thru 2009-005 (the highest) all overhaul every "framework" in OS X. When setting up any new bootable OS X volume, you should apply the Security Update before customizing things like QuartzCore/CoreVideo frameworks, etc. So the good news is I am now running the HIGHEST in Tiger OS X Server 10.4.11 with Security Update 2009-005 (and Safari 4.1.3 with HTML5) at my top speed, and with Tiger's best clamav added on.
750616 known viruses to clamscan.

SkyCapt's picture
Offline
Joined: 2017 Jan 11

System/Library/CoreServices/loginwindow.app
Another security flaw in ol' Tiger.

On my PowerPC MDD2003 when I disable the Ethernet port extension to speed up RAM (and I don't think any Earlier model will speed up) plus on my Intel Mac when I introduce Tiger OS but the minimum recommended OS ala Apple was "Leopard", both computers begin to experience the same flaw, this happens with all Tigers, client, server ppc, server universal binary :

Computer wakes from sleep without asking for password. Telling "System Preferences > Security" to require password on waking gets ignored. Computer leaves screensaver without asking for password too, it is the same bit switch. But also, the screensaver will start after twenty default minutes even if you want Never, it is another thing, the "idle time" for the screensaver, who's preference is ignored too.

The module responsible for fault is "loginwindow.app" all versions v4.6.6 (OSX 10.4.9-10.4.11) + v4.7.0 (Security Update 2008-007) and v4.7.5 (Security Update 2009-005 the highest).

Both my PPC/Intel Macs become repaired when I rewind "loginwindow.app" back to v4.6.1 that came with OSX Tiger 10.4.8. If you aren't having wakeup errors in the first place then you might choose Not to fool with loginwindow.app

SkyCapt's picture
Offline
Joined: 2017 Jan 11

Remove the example malware file from Tiger Server?
All versions of Tiger Server come with an example malware file named "/usr/share/mailman/tests/msgs/nimda.txt" which can be erased OR ignored, not that important, and this file has no resource fork.

To see how clamscan reacts to the file:
"clamscan /usr/share/mailman/tests/msgs/nimda.txt"
... then wait many seconds for clam to finish.

Clam anti-virus calls this file a "Exploit.IFrame.Gen", the malware is just some bad HTML tags that can crash some bad HTML readers and it exists in Server mailman's "tests" folder as a particular example for testing purposes. By erasing "nimda.txt" you can start scanning the whole OS software volume for viruses without resulting in this mysterious lone reported infection.

To erase the sample malware from your computer:
"sudo rm /usr/share/mailman/tests/msgs/nimda.txt"