Q: Suspicious processes in activity monitor

What makes you think there's something suspicious? I think you're looking for a problem that doesn't exist, as there are so many processes running at an given time, unless you' have smething specific to look for, you're wasting your time.

There are no viruses for Mac OS X, so you don't need anti-virus software. It will only feed your fear of a virus by giving you false-positive warnings, and slow down your system considerably. You don't need it.

Free ClamXav, highly recommended and, unlike many others, is fully compatible with Macs. Can be set to scan discrete areas of your drive, such as Applications or Mail, for example. Looking for suspicious processes is not the way to go, unless you already think you may have allowed something in and know what to look for.

http://www.clamxav.com/download.php

There are no viruses, but there is malware and there are browser exploits. That's why I use Firefox with the Add-on NoScript.

Don't fall for the line, "you have a Mac; there are no viruses for Macs, so you don't need to concerned."

Also some suggested reading on malware.

http://www.reedcorner.net/guides/macvirus/

Macs are not invulnerable. Best AV is to be 150% certain anything you are downloading is from a trusted source. Don't open unknown attachments in Mail.

There are no viruses, but there is malware and there are browser exploits. That's why I use Firefox with the Add-on NoScript.

Yes, there are a handful of malware items, but they can't be installed unless you (the user) provide your Admin password. Browser exploits are few and far between, and are quickly fixed when discovered.

Macs are not invulnerable. Best AV is to be 150% certain anything you are downloading is from a trusted source. Don't open unknown attachments in Mail.

I've never suggested Macs are invulnerable, but there are no viruses, so antivirus software cannot protect your from something that doesn't exist. You can make your Mac invulnerable to viruses very easily: stay off the Internet and never put any files or programs on it unless they came from the software developer. Of course, you'll lose the benefit of the Web, email, chat, etc., so that might be a little extreme for most people.

Yes, there are a handful of malware items, but they can't be installed unless you (the user) provide your Admin password. Browser exploits are few and far between, and are quickly fixed when discovered.

So what? Trojans, by definition, will trick a user into installing them. Just have a look at the numerous posts in these forums around the time of the MacDefender episode.

Here's a "handful" of OS X exploits. From the ClamX catalog:

daily.cvd      not-OSX.Tored                               

daily.cvd      OSX.Flashback-1                             

daily.cvd      OSX.Flashback-3                             

daily.cvd      OSX.Flashback-2                             

daily.cvd      OSX.Flashback-4                             

daily.cvd      Trojan.OSX.Miner                            

daily.cvd      OSX.Defma                                   

daily.cvd      MacOSX.Revir-1                              

daily.cvd      OSX.BlackHol                                

daily.cvd      OSX.BlackHol-1                              

daily.cvd      MacOSX.iMuler-1                             

daily.cvd      Trojan.OSX.FlashBack.A                      

daily.cvd      OSX.DevilRobber                             

main.cvd       OSX.RSPlug                                  

main.cvd       Trojan.OSX.iservices.A                      

main.cvd       Trojan.OSX.iservices.B                      

main.cvd       OSX.DNSChanger.dmg                          

main.cvd       OSX.DNSChanger.dmg-1                        

main.cvd       Trojan.OSX.RSPlug.F.dmg                     

main.cvd       Trojan.OSX.RSPlug.F.dmg-1                   

main.cvd       Trojan.OSX.RSPlug.F.dmg-2                   

main.cvd       Trojan.OSX.RSPlug.F.dmg-3                   

main.cvd       Trojan.OSX.RSPlug.F.dmg-4                   

main.cvd       Trojan.OSX.RSPlug.F.dmg-5                   

main.cvd       Trojan.OSX.RSPlug.G.dmg                     

main.cvd       Trojan.OSX.RSPlug.G                         

main.cvd       Exploit.OSX.Safari                          

main.cvd       Trojan.OSX.Cowhand                          

main.cvd       Backdoor.OSX.BlackHole                      

main.cvd       Trojan.Downloader.OSX                       

main.cvd       OSX.Flashback                               

main.cvd       Trojan.Downloader.OSX-1                     

main.cvd       OSX.DNSChanger                              

main.cvd       OSX.Trojan-2                                

main.cvd       Trojan.OSX.Opener                           

main.cvd       Trojan.OSX.RSPlug.C                         

main.cvd       Trojan.OSX.RSPlug.D                         

main.cvd       OSX.Tored                                   

main.cvd       OSX.RSPlug-2                                

main.cvd       Trojan.OSX.OpinionSpy.B                     

main.cvd       Trojan.OSX.OpinionSpy.A                     

main.cvd       Trojan.OSX.MacDefender                      

main.cvd       Trojan.OSX.MacDefender.B                    

main.cvd       Trojan.OSX.MacDefender.C                    

main.cvd       OSX.Defma-1                                 

main.cvd       OSX.Defma-2                                 

main.cvd       Trojan.OSX.MacBack                          

main.cvd       Trojan-Downloader.OSX.Fav.A                 

main.cvd       Trojan-Downloader.OSX.Fav.B                 

 

49 hits for 'OSX'

 

Browser exploits?

There are numerous exploits via JavaScript, Flash, Reader and Java or other Plug-ins: XSS, clickjacking, drive-by, ClearClick, Clickjacking, malicious pdfs.

Security and usage

NoScript blocks JavaScript, Java, Flash, Silverlight, and other "active" content by default in Firefox. This is based on the assumption that malicious web sites can use these technologies in harmful ways. Users can allow active content to execute on trusted web sites, by giving explicit permission, on a temporary or a more permanent basis. If "Temporarily allow" is selected, then scripts are enabled for that site until the browser session is closed.

Because many web browser attacks require scripting, configuring the browser to have scripting disabled by default reduces the chances of exploitation. Blocking plug-in content as well helps to mitigate any vulnerabilities in plug-in technologies, such as Java, Flash, Acrobat and so on. NoScript will replace these blocked elements with a placeholder icon. Clicking on this icon enables the element.^{http://en.wikipedia.org/wiki/NoScript#cite_note-cert-3}

http://en.wikipedia.org/wiki/NoScript

If you want to be complacent, that's fine by me. Just don't advise everyone else to adopt that attitude and stick their heads in the sand. There are reasonable precautions to take. It may be fine to tell someone they won't install something without their admin pword, but they first need to be educated when not to give that. You are not always dealing here with people who have the benefit of your "vast" experience. And you might, in general, stop patronizing people who come here for advice, with your often rapid fire, ill-considered information.

If you want to be complacent, that's fine by me. Just don't advise everyone else to adopt that attitude and stick their heads in the sand. There are reasonable precautions to take.

Accusing others of being complacent is a rather broad bushstroke for someone who doens't have nearly the experience I do with computers. If you want to believe that people are sticking their heads in the sand, that's your issue, so don't project it onto others.

If the Internet was actually as dangerous as you choose to believe, and wish others to believe, than it's you who is being foolish and sticking your head in the sand. I've never come been affected by any malware or browser exploits on my system, and I visit far more web sites per day than you do. Multiply that by a few decades and it becomes clear that evil-doers are not around every corner.

Therefore, encouraging others to fear the unknown is an indication of your own paranoia.

Your "vast" experience nothwithstanding, we only have your information with which to judge the quality of your posts. If your information has merit, then it's worthwhile, otherwise it should be disregarded or qualified. That's all that counts. Fifty years experience doesn't cut it if you supply mediocre information and advice.

I visit far more web sites per day than you do.

And you know how many sites I visit? And how is that?

Your attitude again is typically patronizing and arrogant. You shouldn't take yourself so seriously as an "expert." I have a few other people around here to compare you to, and you are very far from being who you think you are.

You could start making much more worthwhile contributions here if you really stopped to think about your replies a little more, or if you did some research before quickly blowing them out based on your seeming assumption that whatever you say has merit. Maybe a little self doubt once in a while would do you some good.

By the way, do you or do you not have Snow Leopard in front of you? I have heard you say you have never owned an Intel computer, which would make that impossible. I'm curious to know why, if you aren't running SL, you spend so much time here.

Message was edited by: WZZZ

WZZZ wrote:

 

Free ClamXav […] Looking for suspicious processes is not the way to go, unless you already think you may have allowed something in and know what to look for.

FWIW, I subscribe to WZZZ's advice.

And think of this: Even if Mac OS X were impervious to any and all threats, you would still not want to pass along to Win users among your family, friends, or co-workers malware which wouldn't affect you, but would affect them. Some call this being a good neighbour, some call it having good manners. Perhaps it's just being a decent human being.

And you know how many sites I visit?

Indeed, kurt188. How do you know how many sites WZZZ visits per day?