Welcome back to Ask TUAW, our weekly troubleshooting Q&A column. This week we've got questions about VOIP apps on the iPhone, auto-tagging music, Boot Camp, replacing a hard drive and more.

As always, your suggestions and questions are welcome. Leave your questions for next week in the comments section at the end of this post. When asking a question, please include which machine you're using and what version of Mac OS X is installed on it (we'll assume you're running Snow Leopard on an Intel Mac if you don't specify). And now, on to the questions.

We usually look at news updates and blog posts from antivirus vendor Intego with a bit of a gimlet eye, since the company has been known to spread a little bit of that good old FUD when it comes to the everyday risk of malware faced by most Mac users (that is to say, pretty much none). Today, however, the Intego blog pointed out an unheralded feature of the forthcoming Mac OS X 10.6 Snow Leopard update: some basic malware checking built into the operating system, reported by users of the beta version.

As the post notes (and sites such as The Register and ZDnet corroborate), when a problematic DMG is downloaded or mounted -- containing one of two known malware components -- the Finder throws the alert pictured above, warning the user not to install the software in question and to throw away the disk image. While this is a nice touch for the two security risks in question, The Register notes that the filter appears to only catch files downloaded through some of the more common apps (Mail.app, Entourage, Safari, Firefox and iChat among them) but not files copied over from removable media. It doesn't cover the wider gamut of threats out there, nor would it detect or block Windows malware that a Mac user could unwittingly transmit; for all of those scenarios, a true AV app (paid or free) is what the doctor ordered.

You can keep up with all the latest Snow Leopard news via our category page.

According to Macworld, Apple removed a Knowledge Base article about antivirus software compatible with Mac OS X.

The article received "a lot of attention" because it seemingly contradicted Apple's marketing messages about malware for Mac. Our own Michael Rose tried to take the kettle off the stove, noting that the article had been around for years before the Washington Post noticed it this week.

Macworld's Jim Dalrymple spoke with Apple spokesman Bill Evans, who said "We have removed the Knowledge Base article because it was old and inaccurate. The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box."

Even so, Evans admitted, "Since no system can be 100% immune from every threat, running anti-virus software may offer additional protection."

Thanks to everyone who sent this in!

Update: The KB article referenced is now offline. You can see the archived version here.

Update 2: On Tuesday evening, Apple told Macworld that the KB article was removed because it was outdated and inaccurate; Mac OS X includes adequate security protection out of the box. The BBC has also rolled back the story, and has a more detailed post on the issue. Not sure I'm completely in agreement with this approach from Apple.... --MR

When the concepts of "antivirus" and "Mac OS X" approach each other in the blogosphere, the usual outcome is more heat than light. The current example of keyboards outpacing brainwaves has emerged from a storm of posts on various sites, mostly tracing back to security analyst/Washington Post writer Brian Krebs and AppleInsider's Aidan Malley. Both pointed to a "recently published" Apple KB article that listed a trio of AV applications available for Mac OS X.

More shocking to this pair of pundits: the KB article actually went so far as to encourage Mac users to buy, install and use antivirus software -- even "multiple antivirus utilities" to prevent the spread of malware, which was trumpeted by a ZDnet headline. What now? Is Apple's security story on the marketing front now undermined by the quiet truthtelling of the support site? Should Justin Long apologize to John Hodgman? Are cats and dogs now living together? Is the BBC picking up the story (yes, unfortunately, it is)?

The relevant quote from the shiny new KB article that has caused such commotion:

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one program to circumvent, thus making the whole virus writing process more difficult.

Let's be fair: Apple's prose isn't helping matters, because while we all know that "widespread use of multiple antivirus utilities" doesn't mean you should be installing multiple AV tools on your one, single Mac -- the point is that the ecosystem should have variation, making it harder for malware writers to attack the entire population with one well-crafted exploit -- that fine distinction appears to have been lost on some of those who encountered this "new" KB article.

This, of course, brings us to point #2: a careful reading (or really, any reading at all) of the KB item shows the "Old article: 4454" legend at the top right. Yes, Apple does sometimes update KB articles, and in this case the same exact "multiple utilities" copy has been on the support site for a while -- the article was originally publishedpresent on Apple's site in June of 2007, and was updated simply to reflect current versioning on the Intego and Symantec AV products.

[Correspondents have pointed out that the sequence number of the KB article places the original version of it back in 1992. That version clearly dealt with Mac OS Classic antivirus apps, and isn't really on the same narrative track as the once-but-current Mac OS X incarnation -- but it's a valid point that Apple has had a public notice of available security tools for many years (who remembers Disinfectant and Vaccine?). Records of the KB4454 URL on archive.org indicate that there was something at that address as far back as September 2001, but cached copies are not available.]

So, to sum up, Apple's recommendations have changed not a whit in 18 months. Everyone who is decrying the sad state of security on the Mac -- or, conversely, crediting Apple for waking up and smelling the coffee -- is chasing his or her cybertail with a great deal of enthusiasm. Malware on the Mac, such as there is, is still almost exclusively delivered via social engineering, so please don't install random video codecs downloaded from porn sites. That said, the commercial and free AV options for the Mac are pretty stable, and they're certainly worth exploring if you want to be a good computing citizen who doesn't relay Windows malware from friend to friend unknowingly. Read on for my top five tips when/if installing AV tools on your Mac.

Hat tip to MacDailyNews for linking the original KB article from the Internet Archive.

With the recent trojan scare PC Tools' timing for the beta release of iAntiVirus for Mac could hardly be better. While there are a variety of anti-virus applications for the Mac, iAntiVirus seems to be especially designed to reduce resource usage by simply ignoring virus signatures for Windows. The idea is that your Mac is immune to Windows viruses so why waste memory, etc. scanning for them? Otherwise iAntiVirus is pretty conventional with a menubar interface and real-time scanning.

In some ways I'm of two minds about this approach. It's true that I don't allow any Windows boxes on my home network so having a Mac-only solution makes sense. However, by not scanning for non-Mac viruses it's possible that your Mac might unwittingly pass along a virus or trojan by email, etc. I run an Enterprise version of Sophos provided by my University and I've been surprised by how many Windows virus signatures it has picked up on my machine from various downloads.

iAntiVirus is a free download, but virus definitions and updates are $29.95 for one year.

[via Macworld]

NPR hits up the issue of Mac hacking (the bad malware kind, not the good kind), and suggests that Macs are supposedly becoming a bigger target for exploitative folk.

While this is a topic that could easily (and does often) degenerate into complete misinformation and FUD, NPR basically acknowledges that Macs are showing up in more and more places (and that includes the iPhone, where even Apple is concerned about security), and that means that they're becoming a juicier target for malware developers. Fortunately, however, a familiar voice shows up later in the report (dig those dulcet tones!) to remind everyone that throughout five iterations of OS X, the malware problems have been hard to find. Malware developers may be trying, but it ain't working.

Of course, we can't let this go without noting that this story was inspired in the first place by a PR report released by... you guessed it: an antivirus company. The people who profit off of programs that supposedly prevent malware are claiming that malware is a bigger threat than ever before? Go figure.

ZDNet reports that AVG, known for its free Windows antivirus tool, is busy developing an OS X version. Possibly. The company isn't sure whether the product will ever launch. Larry Bridwell of AVG's parent company Grisoft said "[W]e have done the [Linux] BSD version, which makes it a little bit easier to port to the Mac. It is in research and development right now to see if it is going to come out."

At this time, OS X remains pretty secure and virus free but one can never tell what time, patience, dedication and a really bad attitude can do to spoil things for everybody.

Symantec is aware of the flaw that is in almost all of their software (that's gotta hurt) and the most recent virus definitions include a 'heuristic detection for potential exploits of the Symantec decomposer RAR archive vulnerability.'

What the heck does that mean? The vulnerability can only be exploited if your copy of Norton scans a RAR file that has been crafted in such a way as to trigger a buffer overload. The update makes sure that your copy of Norton can detect these naughty files without falling prey to their naughtiness, for lack of a better word.

They have also posted instructions on how to setup your anti-virus software to skip over scanning .rar files. Definitely worth checking out if you are running any Symantec anti-virus products.