Dr. Mac's OS X Tip-of-the-Day  

MICROSOFT announced the need for a Network Security Update last week for users of Microsoft Office v.X. If you use Office v.X, listen carefully because this probably affects you. It affected me, big time.

The official Microsoft announcement says: "This update allows you to run Microsoft Office v. X files and any standalone programs of Office v. X for Mac more securely on a network. For more information about this update, see Microsoft Security Bulletin MS02-002."

The official Dr. Mac tip says: "Because Office v. X uses a lame-brained, invasive, and 1984-ish network anti-piracy mechanism, you need to update Office (with the UPDATER FROM HELL--see below) or face dire consequences:

"An attacker could use this vulnerability to cause other users' Office applications to fail, with the loss of any unsaved data. An attacker could craft and send this packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines."

-- from Security Bulletin MS02-002: --

http://www.microsoft.com/technet/security/bulletin/MS02-002.asp

Yum. That's just what I want to happen to my beloved G4. Thanks for nothing, Microsoft!

Like a good little VOB (Victim-of-Bill), I dutifully downloaded the updater:

http://www.microsoft.com/mac/DOWNLOAD/OFFICEX/NetworkUpdater.asp

Only to discover that I need to apply the Entourage X - Hotmail Updater first.

So I dutifully downloaded that updater as well:

http://www.microsoft.com/mac/download/officex/Hotmail_forX.asp

(Never mind that a Microsoft rep told me I didn't need that particular patch when it came out in December since I don't use Microsoft Hotmail; that's neither here nor there.)

I proceeded to apply the Entourage update I didn't need before but do now. That procedure went fine. I applied the Network Security Update. Or should I say I tried to. The updater ran for a while, and then displayed a windoid that said, "one moment please." Five minutes later, nothing had happened and I was still waiting so I forced the installer to quit and tried again. Same result. Tried one more time. Same result. Opened my browser and surfed the net for info. Found a few things that shed light on the subject at Microsoft, MacFixIt, and MacInTouch.

I determined that the One Moment Please Plague was due to a program or process not being quit automatically by the updater, so I fired up Process Viewer and found several user processes still running. I killed three or four of the little buggers (FruitMenu, StuffIt Magic Menu, Process Wizard, SuperGetInfo, and probably one or two more) and then tried again.

Bingo.

So today's tip (at long last) is:

If you want to install this update and One Moment Please lasts more than two or three moments, force-quit the updater (Command-Option-Esc), then fire up good old Process Viewer, and look for user processes that belong to you (as opposed to OS X ones like the Finder, Dock, loginwindow, etc.), kill them, and then run the updater again. It should work. If not, go back to Process Viewer and make sure all non-essential processes are dead.

Note that you should not see any entries called "LaunchCFMApp" in the Process Listing window of Process Viewer. Those would be Carbon apps that are still open and the updater will cough up the One Moment Please windoid forever if you leave them running. So if you see them, you'll have to kill them as well.

RANT ON

So thanks for nothing, Microsoft. What the heck is the matter with you? What were you thinking? It's bad enough that your nosy little network spy scheme opens my Mac up to catastrophic loss, but forcing me to kill stuff manually to fix it? That is the straw that broke this camel's back.

Can't you test your darned installers before foisting them on the world? Most freeware authors test their installers more thoroughly (and on a much smaller budget, I might add). DO YOU THINK MY MOTHER is going to enjoy firing up Process Viewer and killing off innocent processes and programs because of your ineptitude?

I think not.

Come on, Microsoft Mac Business Unit... I've defended you publicly. I've called you, "real Mac people." And now you make me look bad by pulling this Windows-like crap on Mac users.

I have just one word to the wise: Don't let it happen again.

RANT OFF

One last thing: If you're hesitant about running Microsoft's updater on your Mac (and I don't blame you - if I knew then what I know now I might not have run the damn thing myself), a MacInTouch reader may have another solution:

"I've attached a simple shell script that blocks port 2222 UDP and 3464 TCP. It will solve the Microsoft security problem on an individual machine without the use of a firewall. It simply shuts down their Network PID Checker. When the folder is place in /Library/StartupItems, it will take care of things at startup."

I don't want to abuse the fair use doctrine (and this tip is plenty long already), so I'm going to ask you to visit our friends at MacInTouch if you want to copy the script:

http://www.macintouch.com/officevx3.html#feb08

To discuss this tip (or anything you like) in Dr. Mac's OSXFAQ Forum, click here:

Bob LeVitus is a leading authority on Mac OS and the author of 37 books, including Mac OS X For Dummies and The Little iTunes Book