Joe Bagodonuts

Q: Operation not permitted” (NSPOSIXErrorDomain:1)

When opening the Safari 5.0.5 browser, I get the following prompt, and Safari is thereby completely useless, no matter what homepage is entered:

 

================================================================

 

Safari can’t open the page.

Safari can’t open the page “http://www.apple.com/support/switch101/”. The error is: “The operation couldn’t be completed. Operation not permitted” (NSPOSIXErrorDomain:1) Please choose Safari > Report Bugs to Apple, note the error number, and describe what you did before you saw this message.

 

================================================================

CONFIG:  MBP 2007;  Mac OS X 10.6.7; Intego VIrusBarrier X6;

I've reported the bug through the Safari pulldown menu, "Report Bugs to Apple". 

Note that Firefox 4.0.1, Firefox 3.6.17 (w/ current NoScript & Abine Extensions), Google Chrome 12.0.742.100, and Opera 11.11 each perfom very well.  Regardless of whether Safari is set as the default browser, or any of the other three set as the default browser, the same <Operation not permitted” (NSPOSIXErrorDomain:1)> response appears when opening Safari 5.0.5.

 

Thanks!

 

Joe Bagodonuts

MacBook Pro, Mac OS X (10.6.7)

Posted on Jun 19, 2011 4:15 PM

Close

Q: Operation not permitted” (NSPOSIXErrorDomain:1)

  • All replies
  • Helpful answers

  • by ~Bee,

    ~Bee ~Bee Jun 19, 2011 5:49 PM in response to Joe Bagodonuts
    Level 7 (31,792 points)
    Mac OS X
    Jun 19, 2011 5:49 PM in response to Joe Bagodonuts

    Joe --

     

    When did you put your Intego on there?

    And why did you put it on there?

    Is it up to date? 

  • by Joe Bagodonuts,

    Joe Bagodonuts Joe Bagodonuts Jun 19, 2011 6:00 PM in response to ~Bee
    Level 1 (0 points)
    Jun 19, 2011 6:00 PM in response to ~Bee

    Bee,

    See Preston Gralla's article in ComputerWorld 16May11;  I needed to ensure no malware attacks on my MBP due to an important work project--and did not want to take any chances.  Note the economics of malware study done-- that as the installed Mac OSX base approaches 16 percent, that malware for Macs becomes profitable to the cyber Dark Side .  Apple was both recalcitrant and late to offer a solution when attacks happened in mid May 2011.

     

    The Trojan construction kit for Mac OS X "is the first of its kind to hit the Mac OS platform;  see:

    ==================================

    http://blogs.computerworld.com/18296/as_the_mac_gets_targeted_by_malware_the_pc_ gets_safer

    ==================================

     

    Cheers,

     

    Joe Bag

  • by Klaus1,

    Klaus1 Klaus1 Jun 19, 2011 6:08 PM in response to Joe Bagodonuts
    Level 8 (48,878 points)
    Jun 19, 2011 6:08 PM in response to Joe Bagodonuts

    You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:

     

    https://discussions.apple.com/docs/DOC-1848

     

    Regarding MacScan, First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - macsec@securemac.com

     

    Security of OS X generally:

     

    http://www.apple.com/macosx/security/

     

    http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf

     

    Security Configuration for Version 10.5 Leopard:

     

    http://images.apple.com/server/macosx/docs/Leopard_Security_Config_2nd_Ed.pdf

     

    This Blog entry is also worth a read:

     

    http://blog.damballa.com/?p=1055

     

    UPDATES:

    Another source of malware, apart from sites like Facebook and Hotmail, is the Android Marketplace:

    More than 50 applications available via the official Android Marketplace have been found to contain a virus.

    Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times. The apps are also known to be available on unofficial Android stores too. Once a booby-trapped application is installed and run, the virus lurking within, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server. It also checks to see if a phone has already been infected and, if not, uses known exploits to bypass security controls and give its creator access to the handset. This bestows the ability to install any code on a phone or steal any information from it.

    Remote removal of the booby-trapped apps may not solve all the security problems they pose. The remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection.

    Moreover, more than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.

     

    http://www.bbc.co.uk/news/technology-13422308

    The data being leaked is typically used to get at web-based services such as Google Calendar.

    The open nature of the Android platform was a boon and a danger, and as Facebook have already discovered it is also a very attractive criminal playground.

    http://www.bbc.co.uk/news/technology-12633923

    How safe is your smartphone?

    Smartphones and social networking sites are likely to become the next big target for cyber criminals, according to a security industry report.

    Symantec's annual threat analysis warns that the technologies are increasingly being used to spread malicious code.

    Users of Facebook, Twitter and Google's mobile operating system, Android, are said to be particularly vulnerable.

    In several cases, the security holes were exploited and used to install harmful software on Android handsets - suggesting that criminals now view smartphone hacking as a potentially lucrative area.

    At least six different varieties of malware were discovered hidden in applications that were distributed through a Chinese download service.

    Several pieces of malware were also found on iPhones, however only devices that had been "jailbroken" to bypass Apple's security were affected.

    The company's process of pre-vetting all new applications is believed to have spared its devices from a major attack.

    The company estimates that one in six links posted on Facebook pages are connected to malicious software.

    http://www.bbc.co.uk/news/technology-12967254

     

    to which Facebook has responded:

     

    "Facebook and Internet security company Web of Trust (WOT) will provide Facebook users with a feature that protects them against dubious Web links, the companies said this week.

    When a Facebook user clicks on a link that leads to a page with a poor reputation rating given by the WOT community, the user will receive a warning message. Typically, the sites with a poor reputation are known for phishing, untrustworthy content, fraudulent services or other scams."

     

    http://www.macworld.co.uk/news/index.cfm?olo=email&NewsID=3279603

    Newly discovered malicious software dubbed "MACDefender" takes aim at users of the Mac OS X operating system by automatically downloading a file through JavaScript. But users must also agree to install the software, leaving the potential threat limited.

     

    The new MACDefender malware was first noted on April 30, 2011 by users of the Apple Support Communities, and was highlighted by antivirus company Intego. If the right settings are enabled in Apple's Safari browser, MACDefender can be downloaded to a system after a user clicks a link while searching the Internet.

     

    "When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open."

     

    However, users must still agree to install the malware after it downloads. After the ZIP file is extracted, users are presented with the "MACDefender Setup Installer," at which point they must agree to continue and provide an administrator password.

     

    Because of the fact that users must agree to install the software and provide a password, Intego categorized the threat with MACDefender as "low."

     

    Users on Apple's support forums advise killing active processes from the application using the Mac OS X Activity Monitor. MACDefender can then be deleted from the Applications folder by dragging it into the trash.

     

    The malware is not to be confused with MacDefender, the maker of geocaching software including GCStatistic and DTmatrix. The company noted on its site it is not affiliated with the malware.

     

    Malware spreads through search engines like Google via a method known as "SEO poisoning." The sites are designed to game search engine algorithms and show up when users search for certain topics.

     

    The latest threat to  the Mac OS is the Weyland-Yutani BOT, which is described as a DIY crimewave kit that supports web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow.  'Form grabbing' is a way of collecting passwords:

     

    http://www.csis.dk/en/csis/blog/3195/

     

    Additional reading:

     

    "Antivirus Software On Your Mac: Yes or No?"

     

    http://gigaom.com/apple/antivirus-software-on-your-mac-yes-or-no/

  • by Joe Bagodonuts,

    Joe Bagodonuts Joe Bagodonuts Jun 19, 2011 7:16 PM in response to Klaus1
    Level 1 (0 points)
    Jun 19, 2011 7:16 PM in response to Klaus1

    Klaus 1,

     

    Thanks much for all the leads on the state-of-the-art Mac secuity, which I will research.  Yet, do you have any insight on the Safari 5.0.5 problem: “The operation couldn’t be completed. Operation not permitted” (NSPOSIXErrorDomain:1)" ?? I've reloaded Safari 5.0.5, reloaded Java for Mac (3Mar11 security update file with with Java 6_24), unchecked ALL Safari Java and JavaScript boxes--and still no Safari response.  Latest of all other main-stream browsers funtion normally.

     

    Thanks,

     

    Joe

  • by ~Bee,

    ~Bee ~Bee Jun 19, 2011 7:49 PM in response to Joe Bagodonuts
    Level 7 (31,792 points)
    Mac OS X
    Jun 19, 2011 7:49 PM in response to Joe Bagodonuts

    Joe --

    I've been using Macs exclusively for oer 20 years.

    I have never had any AV junk on my Mac.

    Also, no malware.

    Mostly because I don't open anything I'm not sure of.

     

    Your problem is Intego, IMHO.

  • by Joe Bagodonuts,

    Joe Bagodonuts Joe Bagodonuts Jun 19, 2011 8:32 PM in response to ~Bee
    Level 1 (0 points)
    Jun 19, 2011 8:32 PM in response to ~Bee

    Yes, Bee--

     

    But Safari 5.0.5 was working normally on my 2007 MBP 10.6.7 until 5Jun11, with Intego VirusBarrier X6 installed.  The Intego A/V successfully scanned all my downloads with Safari AND the 3 other browsers.  Perhaps it was an Intego Update which killed it.  In any regard, Safari does not have an effective sandbox programmed into it to isolate maliciious code like Googel Chrome--so I heartily advise against using Safari for online banking or other financial transactions. I needed Safari to watch the Steve Jobs presentation to the Mac WWDC last week--but had to watch it on my Windows 7 PC (with Quicktime)  until I solve this problem.

     

    No doubt, for 30+ years the Mac Community did not need A/V.  Period.  But like all disruptive technologies, the malware threat may soon cause the ground to shift.  Complacency may be to all of our Mac-using peril.

     

    Cheers,

     

    Joe Bag

  • by Klaus1,

    Klaus1 Klaus1 Jun 20, 2011 1:53 AM in response to Joe Bagodonuts
    Level 8 (48,878 points)
    Jun 20, 2011 1:53 AM in response to Joe Bagodonuts

    The link http://www.apple.com/support/switch101/ opens fine for me (once you delete the period at the end!).

     

    The last time this question arose, the cause was found to be Net Nanny. have a look at David Lee's post dated 12 July 2010 in this thread:

     

    https://discussions.apple.com/thread/2296455?start=15&tstart=0

     

    Another reason for the problem was Intego's Contentbarrier which also required deletion, as mentioned by jhaley on 6 April 2011 in the same thread.

     

    Problems like these are nearly always caused by third party applications.

     

    So, malware is not the cause, just poor programming.