Currently Being ModeratedJan 28, 2012 2:52 AM (in response to thomas_r.)
Thomas A Reed wrote:
The OP claims this is malware, and that this "malicious code" is going to spam all his contacts. That is not true.
My apologies Thomas, I didn't realize that at that point you had misunderstood the purpose of the thread. The OP was never concerned about whether it is technically correct to call a persistent cookie "malware" or not; he just wanted to know how to deal with it.
I see from your subsequent posts you've caught on.
Currently Being ModeratedJan 28, 2012 10:34 AM (in response to MAC ATTACKED)
Thomas is on the mark here. You would do well to heed his very informed and accurate information.
If you're going to go digging into the innards of Mac OS X without understaning or *beginning* with accepting that histrionics help no-one then you will continue to pursue alarmist approaches to misinterpeting the operation of the OS. You must being by learning what you do not know, and appreciating that OS X is *NOT* Windows - when you say "I feel with Mac OS you about to experience a storm of attacks that you are unprepared for" that is playing into the pile-one PC journalists and their "I told you so" attempts that are misguided at best.
OS X is part BSD-based Unix/Unices and pieces of the Next operating system, and anyone who asserts that OS X is "just waiting" to have all of the weaknesses of MS Window is being wilfully ignorant or sadly misguided.
This is not some "just different" GUI on top of the same underpinnings. Before Windows there was Unix, in fact before LINUX there was Unix.
It is foolhardy to maintain that Mac OS X is "invulnerable" but to maintain the above - that it is merely waiting for the same nature and volume of problems that Windows faces is not based on sound logic or fact.
The fact that you had multiple windows open up in your browser reflects how browser technology works. Follow Thomas' advice and use Firefox and the NoScript extension. For Safari, you might want to use the AdBlock extension, and the Web of Trust extension. https://extensions.apple.com/
There is malware for Mac OS X based on social engineering, but no matter what OS you are on, if you go to (or wind up) at a nefarious site, download an installer, decompress (.zip) or mount (.dmg) the item, and run the installer, and put in your credentials - well, all bets are off. Education is the best defense in such cases.
But that's NOT a virus. It is a lie when anyone asserts that there is software that can install without a user's consent - or direct action - and then propagate itself without user action from one Mac to another.
Oh yes, it's Mac not MAC :-)
MAC is commonly used as an abbreviated for Media Access Control, http://en.wikipedia.org/wiki/MAC_address
Currently Being ModeratedJan 28, 2012 1:32 PM (in response to davidh)
Sorry for all my typos there, a tired typist is not an accurate one ;-)
I did mean: "You" - as in *one* must being by learning (or, acknowledging) all that one does not know,
- to start out with/at the beginning of seeking to understand the security mechanisms and OS architecture of any new OS.
You're diving in deep with approaches such as exploring the content of sqlite databases,
but they're used extensively for purposes of efficient storage (vs. simple flat-files for some types of data, even though sqlite dbs are effectively self-contained and can be treated externally "like" flat files *when* the db is not in operation).
You can - very most probably - rest assured that your OS has not been compromised in any way.
Contents of browser caches in Mac OS are not executables and cannot impact your OS, in any way.
Currently Being ModeratedJan 28, 2012 3:10 PM (in response to MAC ATTACKED)
Unfortunately Lion indicated when erasing that certain files cannot be erased.
That shouldn't at all be possible. However, I should state that I'm not using Lion daily, so bear with me if I'm blundering around a bit. When I purchased Lion, I did it through the download method and didn't let it install over Snow Leopard. I then created my own bootable Lion flash drive from the downloaded installer and installed Lion on an erased drive.
May I presume you started up to the hidden emergency Lion partition to erase and reinstall on the main drive? If so, there shouldn't have been any way you couldn't erase that partition. Nothing on it is active since it's not the startup drive.
I have no investment in this. I'm just reporting my experience trying to get someone who knows about Mac's to help me get to the bottom of it.
Me neither. Just trying to understand your situation.
I agree. There is something somewhere that is reintroducing the files contained in the apple.safari.com/cache.db.
And that's the really weird part. If you did boot to the emergency partition to erase the main drive with Disk Utility, there shouldn't be anything preventing you from erasing the drive.
Currently Being ModeratedJan 28, 2012 3:35 PM (in response to Kurt Lang)
If you're restoring your Safari bookmarks from backup (eg: Time Machine), doube-check your RSS Feeds.
Bookmarks menu -> Show All Bookmarks
All RSS Feeds will be in the left-hand column.