11 Replies Latest reply: May 6, 2013 1:27 PM by jacobcdietz
jacobcdietz Level 1 Level 1 (0 points)

My MacBook Pro running 10.8.3 has been having some random shut downs and lock ups lately, the latest of which took the internal boot drive totally offline. I was able to recover it after booting to my external recovery drive and running DiskWarrior 4 as Disk Utility simply said I needed to repair the drive before mounting it, but then said it was unrepairable after attempting to do so.

 

After the DiskWarrior repair, the Mac booted from it's internal drive like there was nothing wrong, but an hour or so later, I had another lock up where everything froze up and was unresponsive and then after a restart I got another hour or so before it shut itself down and then restarted itself, so I'm obviously less than thrilled with the situation.

 

This is the factory drive which came with the MacBook Pro when purchased new in January of this year, so I have a hard time believing the drive is physically bad, though I guess anything is possible. Another thing that has me thinking it's not the hardware is that the machine runs fine when booted to the external recovery drive and has no errors or any of the symptoms I've been experiencing.

 

Anyway, I've been looking at the panic reports, but I'm honestly not well versed in what any of this means, so I'm hoping one of the experts can chime in and maybe point me in the right direction as I'm running out of ideas :/

 

 

 

 

Interval Since Last Panic Report:  2467 sec

Panics Since Last Report:          1

Anonymous UUID:                    BBC20339-6AE8-82EA-4368-DCBBCC912FF4

 

 

Anonymous UUID:                    BBC20339-6AE8-82EA-4368-DCBBCC912FF4

 

 

Thu May  2 13:44:42 2013

panic(cpu 6 caller 0xffffff8025cb7e95): Kernel trap at 0xffffff7fa741c064, type 14=page fault, registers:

CR0: 0x0000000080010033, CR2: 0x0000000000000010, CR3: 0x00000000443ae021, CR4: 0x00000000001606e0

RAX: 0x0000000000000001, RBX: 0xffffff81c60a6000, RCX: 0xffffff8048c44000, RDX: 0xffffff81f7773a38

RSP: 0xffffff81f7773b60, RBP: 0xffffff81f7773b60, RSI: 0x0000000000000000, RDI: 0x0000000000000000

R8:  0x0000000000000000, R9:  0x00000000000003ff, R10: 0xffffffffffffffff, R11: 0x00000000ffffffff

R12: 0xffffff81c60a6000, R13: 0x0000000000000000, R14: 0x0000000000000002, R15: 0x0000000000000000

RFL: 0x0000000000010246, RIP: 0xffffff7fa741c064, CS:  0x0000000000000008, SS:  0x0000000000000010

Fault CR2: 0x0000000000000010, Error code: 0x0000000000000000, Fault CPU: 0x6

 

 

Backtrace (CPU 6), Frame : Return Address

0xffffff81f7773800 : 0xffffff8025c1d626

0xffffff81f7773870 : 0xffffff8025cb7e95

0xffffff81f7773a40 : 0xffffff8025ccd4dd

0xffffff81f7773a60 : 0xffffff7fa741c064

0xffffff81f7773b60 : 0xffffff7fa7405d64

0xffffff81f7773bb0 : 0xffffff7fa7405cba

0xffffff81f7773bd0 : 0xffffff7fa73e17ae

0xffffff81f7773c00 : 0xffffff7fa62b03a0

0xffffff81f7773c40 : 0xffffff7fa62b030f

0xffffff81f7773c60 : 0xffffff7fa62b575c

0xffffff81f7773cf0 : 0xffffff7fa62ade50

0xffffff81f7773d20 : 0xffffff7fa62feb8b

0xffffff81f7773d70 : 0xffffff8026032e7b

0xffffff81f7773dc0 : 0xffffff80260634f7

0xffffff81f7773e30 : 0xffffff8025c97fef

0xffffff81f7773e80 : 0xffffff8025c20aed

0xffffff81f7773eb0 : 0xffffff8025c10448

0xffffff81f7773f00 : 0xffffff8025c1961b

0xffffff81f7773f70 : 0xffffff8025ca5dd6

0xffffff81f7773fb0 : 0xffffff8025ccdd43

      Kernel Extensions in backtrace:

         com.apple.iokit.IOGraphicsFamily(2.3.7)[74E3E50F-E50A-3073-8C96-06F854292A91]@0 xffffff7fa62a4000->0xffffff7fa62dbfff

            dependency: com.apple.iokit.IOPCIFamily(2.7.3)[1D668879-BEF8-3C58-ABFE-FAC6B3E9A292]@0xffff ff7fa6266000

         com.apple.NVDAResman(8.1)[A26D2A3D-C06F-3A0F-BCFF-901A98C93C3D]@0xffffff7fa62fb 000->0xffffff7fa6608fff

            dependency: com.apple.iokit.IOPCIFamily(2.7.3)[1D668879-BEF8-3C58-ABFE-FAC6B3E9A292]@0xffff ff7fa6266000

            dependency: com.apple.iokit.IONDRVSupport(2.3.7)[38C214C0-83C8-3594-8A4C-DC6AC3FEC163]@0xff ffff7fa62e7000

            dependency: com.apple.iokit.IOGraphicsFamily(2.3.7)[74E3E50F-E50A-3073-8C96-06F854292A91]@0 xffffff7fa62a4000

         com.apple.GeForce(8.1)[A15BB65E-3501-340F-87CB-2FD2BAD33E35]@0xffffff7fa73de000 ->0xffffff7fa74aafff

            dependency: com.apple.NVDAResman(8.1.0)[A26D2A3D-C06F-3A0F-BCFF-901A98C93C3D]@0xffffff7fa62 fb000

            dependency: com.apple.iokit.IONDRVSupport(2.3.7)[38C214C0-83C8-3594-8A4C-DC6AC3FEC163]@0xff ffff7fa62e7000

            dependency: com.apple.iokit.IOPCIFamily(2.7.3)[1D668879-BEF8-3C58-ABFE-FAC6B3E9A292]@0xffff ff7fa6266000

            dependency: com.apple.iokit.IOGraphicsFamily(2.3.7)[74E3E50F-E50A-3073-8C96-06F854292A91]@0 xffffff7fa62a4000

 

 

BSD process name corresponding to current thread: WindowServer

 

 

Mac OS version:

12D78

 

 

Kernel version:

Darwin Kernel Version 12.3.0: Sun Jan  6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64

Kernel UUID: 3EB7D8A7-C2D3-32EC-80F4-AB37D61492C6

Kernel slide:     0x0000000025a00000

Kernel text base: 0xffffff8025c00000

System model name: MacBookPro9,1 (Mac-4B7AC7E43945597E)

 

 

System uptime in nanoseconds: 187720354206

last loaded kext at 185678984299: com.apple.driver.AudioAUUC          1.60 (addr 0xffffff7fa768f000, size 32768)

loaded kexts:

com.kaspersky.nke          1.0.1d41

com.kaspersky.kext.klif          3.0.0d23

com.apple.driver.AudioAUUC          1.60

com.apple.iokit.IOBluetoothSerialManager          4.1.3f3

com.apple.filesystems.autofs          3.0

com.apple.driver.AGPM          100.12.87

com.apple.driver.ApplePlatformEnabler          2.0.6d1

com.apple.driver.X86PlatformShim          1.0.0

com.apple.driver.AppleMikeyHIDDriver          122

com.apple.driver.AppleHDAHardwareConfigDriver          2.3.7fc4

com.apple.driver.AppleHDA          2.3.7fc4

com.apple.GeForce          8.1.0

com.apple.iokit.IOBluetoothUSBDFU          4.1.3f3

com.apple.driver.AppleUpstreamUserClient          3.5.10

com.apple.driver.ACPI_SMC_PlatformPlugin          1.0.0

com.apple.iokit.BroadcomBluetoothHCIControllerUSBTransport          4.1.3f3

com.apple.driver.AppleMikeyDriver          2.3.7fc4

com.apple.nvidia.NVDAStartup          8.1.0

com.apple.driver.SMCMotionSensor          3.0.3d1

com.apple.driver.AppleSMCLMU          2.0.3d0

com.apple.driver.AppleIntelHD4000Graphics          8.1.0

com.apple.driver.AppleIntelFramebufferCapri          8.1.0

com.apple.iokit.IOUserEthernet          1.0.0d1

com.apple.Dont_Steal_Mac_OS_X          7.0.0

com.apple.driver.ApplePolicyControl          3.3.0

com.apple.driver.AppleSMCPDRC          1.0.0

com.apple.driver.AppleLPC          1.6.0

com.apple.driver.AppleMuxControl          3.3.0

com.apple.driver.AppleBacklight          170.2.5

com.apple.driver.AppleMCCSControl          1.1.11

com.apple.driver.AppleUSBTCButtons          237.1

com.apple.driver.AppleIRController          320.15

com.apple.driver.AppleUSBTCKeyEventDriver          237.1

com.apple.driver.AppleUSBTCKeyboard          237.1

com.apple.driver.AppleFileSystemDriver          3.0.1

com.apple.AppleFSCompression.AppleFSCompressionTypeDataless          1.0.0d1

com.apple.AppleFSCompression.AppleFSCompressionTypeZlib          1.0.0d1

com.apple.BootCache          34

com.apple.iokit.SCSITaskUserClient          3.5.5

com.apple.driver.XsanFilter          404

com.apple.iokit.IOAHCIBlockStorage          2.3.1

com.apple.driver.AppleUSBHub          5.5.5

com.apple.driver.AppleSDXC          1.4.0

com.apple.iokit.AppleBCM5701Ethernet          3.6.0b1

com.apple.driver.AirPort.Brcm4331          614.20.16

com.apple.driver.AppleFWOHCI          4.9.6

com.apple.driver.AppleAHCIPort          2.5.1

com.apple.driver.AppleUSBEHCI          5.5.0

com.apple.driver.AppleUSBXHCI          5.5.5

com.apple.driver.AppleEFINVRAM          1.7

com.apple.driver.AppleSmartBatteryManager          161.0.0

com.apple.driver.AppleACPIButtons          1.7

com.apple.driver.AppleRTC          1.5

com.apple.driver.AppleHPET          1.8

com.apple.driver.AppleSMBIOS          1.9

com.apple.driver.AppleACPIEC          1.7

com.apple.driver.AppleAPIC          1.6

com.apple.driver.AppleIntelCPUPowerManagementClient          196.0.0

com.apple.nke.applicationfirewall          4.0.39

com.apple.security.quarantine          2

com.apple.driver.AppleIntelCPUPowerManagement          196.0.0

com.apple.iokit.IOSerialFamily          10.0.6

com.apple.kext.triggers          1.0

com.apple.driver.DspFuncLib          2.3.7fc4

com.apple.iokit.IOAudioFamily          1.8.9fc11

com.apple.kext.OSvKernDSPLib          1.6

com.apple.nvidia.gk100hal          8.1.0

com.apple.NVDAResman          8.1.0

com.apple.iokit.IOFireWireIP          2.2.5

com.apple.driver.IOPlatformPluginLegacy          1.0.0

com.apple.iokit.AppleBluetoothHCIControllerUSBTransport          4.1.3f3

com.apple.driver.AppleThunderboltEDMSink          1.1.8

com.apple.driver.AppleThunderboltEDMSource          1.1.8

com.apple.driver.AppleThunderboltDPOutAdapter          1.8.9

com.apple.driver.X86PlatformPlugin          1.0.0

com.apple.driver.AppleHDAController          2.3.7fc4

com.apple.iokit.IOHDAFamily          2.3.7fc4

com.apple.iokit.IOAcceleratorFamily          30.14

com.apple.iokit.IOSurface          86.0.4

com.apple.iokit.IOBluetoothFamily          4.1.3f3

com.apple.driver.AppleSMC          3.1.4d2

com.apple.driver.IOPlatformPluginFamily          5.3.0d51

com.apple.driver.AppleSMBusPCI          1.0.11d0

com.apple.driver.AppleGraphicsControl          3.3.0

com.apple.driver.AppleBacklightExpert          1.0.4

com.apple.iokit.IONDRVSupport          2.3.7

com.apple.driver.AppleSMBusController          1.0.11d0

com.apple.iokit.IOGraphicsFamily          2.3.7

com.apple.driver.AppleThunderboltDPInAdapter          1.8.9

com.apple.driver.AppleThunderboltDPAdapterFamily          1.8.9

com.apple.driver.AppleThunderboltPCIDownAdapter          1.2.6

com.apple.driver.AppleUSBMultitouch          237.3

com.apple.iokit.IOUSBHIDDriver          5.2.5

com.apple.driver.AppleUSBMergeNub          5.5.5

com.apple.driver.AppleUSBComposite          5.2.5

com.apple.iokit.IOSCSIMultimediaCommandsDevice          3.5.5

com.apple.iokit.IOBDStorageFamily          1.7

com.apple.iokit.IODVDStorageFamily          1.7.1

com.apple.iokit.IOCDStorageFamily          1.7.1

com.apple.iokit.IOAHCISerialATAPI          2.5.1

com.apple.iokit.IOSCSIArchitectureModelFamily          3.5.5

com.apple.driver.AppleThunderboltNHI          1.6.3

com.apple.iokit.IOThunderboltFamily          2.2.6

com.apple.iokit.IOUSBUserClient          5.5.5

com.apple.iokit.IOEthernetAVBController          1.0.2b1

com.apple.iokit.IO80211Family          522.4

com.apple.iokit.IONetworkingFamily          3.0

com.apple.iokit.IOFireWireFamily          4.5.5

com.apple.iokit.IOAHCIFamily          2.3.1

com.apple.iokit.IOUSBFamily          5.5.5

com.apple.driver.AppleEFIRuntime          1.7

com.apple.iokit.IOHIDFamily          1.8.1

com.apple.iokit.IOSMBusFamily          1.1

com.apple.security.sandbox          220.2

com.apple.kext.AppleMatch          1.0.0d1

com.apple.security.TMSafetyNet          7

com.apple.driver.DiskImages          345

com.apple.iokit.IOStorageFamily          1.8

com.apple.driver.AppleKeyStore          28.21

com.apple.driver.AppleACPIPlatform          1.7

com.apple.iokit.IOPCIFamily          2.7.3

com.apple.iokit.IOACPIFamily          1.4

com.apple.kec.corecrypto          1.0

System Profile:

Model: MacBookPro9,1, BootROM MBP91.00D3.B08, 4 processors, Intel Core i7, 2.6 GHz, 16 GB, SMC 2.1f173

Graphics: Intel HD Graphics 4000, Intel HD Graphics 4000, Built-In, 384 MB

Graphics: NVIDIA GeForce GT 650M, NVIDIA GeForce GT 650M, PCIe, 1024 MB

Memory Module: BANK 0/DIMM0, 8 GB, DDR3, 1600 MHz, 0x0000, 0x4B4238475F44335F534F31363030434C3130

Memory Module: BANK 1/DIMM0, 8 GB, DDR3, 1600 MHz, 0x0000, 0x4B4238475F44335F534F31363030434C3130

AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0xF5), Broadcom BCM43xx 1.0 (5.106.98.100.16)

Bluetooth: Version 4.1.3f3 11349, 2 service, 11 devices, 1 incoming serial ports

Network Service: Ethernet, Ethernet, en0

Serial ATA Device: APPLE HDD TOSHIBA MK7559GSXF, 750.16 GB

Serial ATA Device: HL-DT-ST DVDRW  GS31N

USB Device: hub_device, 0x8087  (Intel Corporation), 0x0024, 0x1a100000 / 2

USB Device: FaceTime HD Camera (Built-in), apple_vendor_id, 0x8509, 0x1a110000 / 3

USB Device: hub_device, 0x8087  (Intel Corporation), 0x0024, 0x1d100000 / 2

USB Device: hub_device, 0x0424  (SMSC), 0x2513, 0x1d180000 / 3

USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x0252, 0x1d183000 / 6

USB Device: IR Receiver, apple_vendor_id, 0x8242, 0x1d182000 / 5

USB Device: BRCM20702 Hub, 0x0a5c  (Broadcom Corp.), 0x4500, 0x1d181000 / 4

USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x821d, 0x1d181300 / 8

Model: MacBookPro9,1, BootROM MBP91.00D3.B08, 4 processors, Intel Core i7, 2.6 GHz, 16 GB, SMC 2.1f173

Graphics: Intel HD Graphics 4000, Intel HD Graphics 4000, Built-In, 384 MB

Graphics: NVIDIA GeForce GT 650M, NVIDIA GeForce GT 650M, PCIe, 1024 MB

Memory Module: BANK 0/DIMM0, 8 GB, DDR3, 1600 MHz, 0x0000, 0x4B4238475F44335F534F31363030434C3130

Memory Module: BANK 1/DIMM0, 8 GB, DDR3, 1600 MHz, 0x0000, 0x4B4238475F44335F534F31363030434C3130

AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0xF5), Broadcom BCM43xx 1.0 (5.106.98.100.16)

Bluetooth: Version 4.1.3f3 11349, 2 service, 11 devices, 1 incoming serial ports

Network Service: Ethernet, Ethernet, en0

Serial ATA Device: APPLE HDD TOSHIBA MK7559GSXF, 750.16 GB

Serial ATA Device: HL-DT-ST DVDRW  GS31N

USB Device: hub_device, 0x8087  (Intel Corporation), 0x0024, 0x1a100000 / 2

USB Device: FaceTime HD Camera (Built-in), apple_vendor_id, 0x8509, 0x1a110000 / 3

USB Device: hub_device, 0x8087  (Intel Corporation), 0x0024, 0x1d100000 / 2

USB Device: hub_device, 0x0424  (SMSC), 0x2513, 0x1d180000 / 3

USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x0252, 0x1d183000 / 6

USB Device: IR Receiver, apple_vendor_id, 0x8242, 0x1d182000 / 5

USB Device: BRCM20702 Hub, 0x0a5c  (Broadcom Corp.), 0x4500, 0x1d181000 / 4

USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x821d, 0x1d181300 / 8


MacBook Pro, Mac OS X (10.7.2)
  • 1. Re: Multiple Panics, Lock Ups and Freezes
    osx86er Level 1 Level 1 (55 points)

    I'm in a rush, so poke around on the support site for info on troubleshooting startup/drive/panic issues etc.

     

    However, one thing that does stick out right away, is you have some non-apple Kernel Extensions, the "Kaspersky" AV product.

     

    While this may not be it at all, can you think back to when you installed it? Was it just prior to the crashes? Was it way before but crashes started after your last OSX update? Etc. Etc.

     

    Then have you tried booting in safe mod (no extensions loaded) and will it sit and run happily if so?

     

    If so, you could try removing/disabling the Kaspersky, especially since it's an easy trail.

     

    Ok, gottta go, but good luck.

     

    HTH

  • 2. Re: Multiple Panics, Lock Ups and Freezes
    Linc Davis Level 10 Level 10 (117,920 points)

    I doubt that Kaspersky is causing this problem, but you should remove it anyway because it's useless and your system is unmaintainable as long as it's installed.

     

    Remove the Kaspersky product by following the instructions on this page:

    How to uninstall Kaspersky Security for Mac

    If you have a different version of the product, the procedure may be different.

    Back up all data before making any changes.

  • 3. Re: Multiple Panics, Lock Ups and Freezes
    jacobcdietz Level 1 Level 1 (0 points)

    I've been running Kaspersky for a couple of years now, so it's certainly nothing new, but just for kicks I did uninstall it and still had a panic occur. It does run ok in safe mode and after creating a new 'clean' user and logging in under that account I can say that the issue is obviously something in my user account and not at the system level as I am going on 24 hours with now issues. I guess my next step is trying figure out which system extension is causing the problem.

  • 4. Re: Multiple Panics, Lock Ups and Freezes
    jacobcdietz Level 1 Level 1 (0 points)

    Linc, can you explain your "it's useless and your system is unmaintainable as long as it's installed" comment regarding Kaspersky? I'm just curious as I haven't heard this before.

  • 5. Re: Multiple Panics, Lock Ups and Freezes
    Eric Root Level 6 Level 6 (16,195 points)

    It sounds like your problem may be caused by 3rd party software since it works okay in the Safe Mode and in another user account. Anti-virus programs, MacKeeper installed? System Preferences/User & Groups - try removing any 3rd party software that is set to load on boot.

  • 6. Re: Multiple Panics, Lock Ups and Freezes
    Linc Davis Level 10 Level 10 (117,920 points)

    Triple-click anywhere in the line below to select it:

     

    kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' | open -f -a TextEdit

     

    Copy the selected text to the Clipboard (command-C).

     

    Launch the Terminal application in any of the following ways:

     

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

     

    ☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

     

    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.

     

    Paste into the Terminal window (command-V).

     

    A TextEdit window will open with the output of the command. Post the contents of that window, if any — the text, please, not a screenshot.

  • 7. Re: Multiple Panics, Lock Ups and Freezes
    jacobcdietz Level 1 Level 1 (0 points)

    I just got a blank TextEdit document - no text at all.

  • 8. Re: Multiple Panics, Lock Ups and Freezes
    Linc Davis Level 10 Level 10 (117,920 points)

    It's a hardware fault. Make a "Genius" appointment at an Apple Store. You may have to leave the machine there for several days.

    Print the first page of the panic report and bring it with you.

    Back up all data on the internal drive(s) before you hand over your computer to anyone. If privacy is a concern, erase the data partition(s) with the option to write zeros* (do this only if you have at least two complete, independent backups, and you know how to restore to an empty drive from any of them.) Don’t erase the recovery partition, if present.

    Keeping your confidential data secure during hardware repair

    *An SSD doesn't need to be zeroed.

  • 9. Re: Multiple Panics, Lock Ups and Freezes
    Linc Davis Level 10 Level 10 (117,920 points)

    1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
      
    OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.

    2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
       
    The following caveats apply to XProtect:
    • It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
    • It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
    3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
       
    Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
    • It can easily be disabled or overridden by the user.
    • A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to bypass Apple's oversight, or the oversight could fail in a particular case due to human error.
    For most purposes, applications recognized by Gatekeeper as signed, including App Store products, can be considered safe. Note, however, that at least one trojan for iOS (not for OS X) was briefly distributed by a developer in Russia through the iTunes App Store. That store is under the same oversight by Apple as the Mac App Store, so the protection shouldn't be considered absolute. App Store products may prompt for access to private data, such as your contacts. Think before granting that access. OS X security is based on user input. Never click anything reflexively.
           
    4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
     
    5. Beyond XProtect, Gatekeeper, and MRT, there’s no evidence of any benefit from other automated protection against malware. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
        
    That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
    • Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
    • A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
    • Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
    • Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
    • Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
    • Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
    • Even signed applications should not be trusted if they do something unexpected, such as asking for permission to access your contacts or your location for no apparent reason.
    6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
      
    Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
       
    Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable itnot JavaScript — in your browsers.
       
    Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

    Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.

    7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software  ClamXav — nothing else.
      
    Why shouldn't you use commercial "anti-virus" products?
    • Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
    • In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
    • By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
    8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
        
    ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
        
    A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
      
    ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
       
    ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
        
    9. The greatest harm done by security software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but if they get a false sense of security from it, they may feel free to do things that expose them to higher risk. Nothing can lessen the need for safe computing practices.
      
    10. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

  • 10. Re: Multiple Panics, Lock Ups and Freezes
    osx86er Level 1 Level 1 (55 points)

    I'm glad that helped (for now), I've seen several things that look like hardware issues and they end up being a corrupt user account/profile/prefs etc. (especially pre X, course way different ball game), but with X, I've seen take downs from a simple Kext as well (even when not evident in panic logs, especially if missed). - Think Windows BSOD's and going crazy pulling sound cards, NIC's etc. and it's a bad driver rev.

     

    That's one thing I truly loved about the old pre X extension manager (could build custom extenion lists) and load them easily for troubleshooting 3rd party drivers etc.

     

    Regarding Linc's comments, (IMHO) they are spot on, very very close to my point of views, I don't have Java, Flash, Acrobat Reader etc. loaded, and I only use Java/Flash from Linux VM's for specific tasks etc. This can be painful, but no matter how vigilant and educated you are, there are always ways into someone's system/network, if someone / or some nation state is dedicated enough etc.

     

    The only thing I do have to say about additional layers (Defense in Depth is hardly ever bad), in this case, I actually DO use AV on my Mac. There's a window of opportunity in every piece of software in existence, there's always a way to exploit/traverse something. The type that is very hard to defend against, is drive by / cross site etc. attacks where even 100% legit sites have been exploited and the possibility of something being able to exploit and inject code (course getting through the barriers mentioned by Linc, and the human barrier...you) and taking advantage of your system in order to inject bad things has to all come together. However, (and I think this is where Linc's points bring it home), these type of exploits/code aren't usually known by the AV vendors for some time anyway and the damage may already be done, but, the other side of that, is depending on the AV company, their engine, heuristic settings/effectiveness, and if they are providing a HIPS as well, you may just get that protection after all.

     

    Honestly, if you follow what Linc is stating about Java (and IMHO add Flash, Shockwave, Acrobat Reader to that pool) and anything else you can cut back on that's just not needed, use a non-admin account, limit your software base, and so forth, your more than likely gonna stay out of harms way.

     

    The other piece I would add here, is enable Filevault2, and even encrypt your timemachine backups, while this does absolutely nothing for protection while logged in and running etc., it does protect from other things, especially theft of a system.

     

    Also, use unique username/passwords on an account by account basis, do not repeat passwords, try to stick with systems that allow dual/2 factor auth etc. and so on.

     

    Obviously, this is way off topic, but good info for anyone to apply to their daily use of the interwebs.

     

    The other point I would stongly suggest doing as Linc suggested too, ensure you understand what your doing if you leave your system with the Apple techs, and understand, as part of their process, they are known to wipe your drive and load a fresh OS. So, I would personally image/timemachine everything, and hand them a fresh formated/loaded OS system to troubleshoot from. This way, you know you have your most current data, and no matter what they do (new drive etc.) you can just run migration assistant, and you'll also know that they won't be snooping anywhere they shouldn't be. (especially if your drive was Filevaulted before blowing away) 

     

    Anyway, HTH

  • 11. Re: Multiple Panics, Lock Ups and Freezes
    jacobcdietz Level 1 Level 1 (0 points)

    The Apple Store may very well be my next move, though over the past 72 hours, I've had no panics. Well, other than the one I just had which prompted me to pop back in. It's really quite maddening, but we'll see what the geniuses have to say. For anyone who is interested, latest crash report included below:

     

     

     

    Interval Since Last Panic Report:  137542 sec

    Panics Since Last Report:          1

    Anonymous UUID:                    BBC20339-6AE8-82EA-4368-DCBBCC912FF4

     

     

    Mon May  6 13:18:07 2013

    panic(cpu 4 caller 0xffffff802e843dae): "a freed zone element has been modified in zone: VM map entries"@/SourceCache/xnu/xnu-2050.22.13/osfmk/kern/zalloc.c:219

    Backtrace (CPU 4), Frame : Return Address

    0xffffff822f0eb980 : 0xffffff802e81d626

    0xffffff822f0eb9f0 : 0xffffff802e843dae

    0xffffff822f0eba30 : 0xffffff802e8435f2

    0xffffff822f0ebb10 : 0xffffff802e8670ac

    0xffffff822f0ebb30 : 0xffffff802e867cf3

    0xffffff822f0ebc80 : 0xffffff802e86891c

    0xffffff822f0ebd30 : 0xffffff802eb5a99e

    0xffffff822f0ebf60 : 0xffffff802ebe0343

    0xffffff822f0ebfb0 : 0xffffff802e8cda0d

     

     

    BSD process name corresponding to current thread: Google Chrome

     

     

    Mac OS version:

    12D78

     

     

    Kernel version:

    Darwin Kernel Version 12.3.0: Sun Jan  6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64

    Kernel UUID: 3EB7D8A7-C2D3-32EC-80F4-AB37D61492C6

    Kernel slide:     0x000000002e600000

    Kernel text base: 0xffffff802e800000

    System model name: MacBookPro9,1 (Mac-4B7AC7E43945597E)

     

     

    System uptime in nanoseconds: 774868958698

    last loaded kext at 28543540316: com.apple.driver.AppleHWSensor          1.9.5d0 (addr 0xffffff7fb08aa000, size 36864)

    last unloaded kext at 192364746872: com.apple.driver.AppleFileSystemDriver          3.0.1 (addr 0xffffff7fb0b06000, size 8192)

    loaded kexts:

    com.apple.driver.AppleHWSensor          1.9.5d0

    com.apple.driver.AudioAUUC          1.60

    com.apple.driver.AGPM          100.12.87

    com.apple.driver.X86PlatformShim          1.0.0

    com.apple.filesystems.autofs          3.0

    com.apple.driver.AppleMikeyHIDDriver          122

    com.apple.driver.AppleHDA          2.3.7fc4

    com.apple.GeForce          8.1.0

    com.apple.driver.AppleUpstreamUserClient          3.5.10

    com.apple.driver.AppleMikeyDriver          2.3.7fc4

    com.apple.driver.AppleSMCPDRC          1.0.0

    com.apple.iokit.IOUserEthernet          1.0.0d1

    com.apple.driver.AppleLPC          1.6.0

    com.apple.driver.AppleIntelHD4000Graphics          8.1.0

    com.apple.driver.AppleIntelFramebufferCapri          8.1.0

    com.apple.driver.SMCMotionSensor          3.0.3d1

    com.apple.iokit.BroadcomBluetoothHCIControllerUSBTransport          4.1.3f3

    com.apple.iokit.IOBluetoothSerialManager          4.1.3f3

    com.apple.Dont_Steal_Mac_OS_X          7.0.0

    com.apple.driver.ApplePolicyControl          3.3.0

    com.apple.driver.AppleSMCLMU          2.0.3d0

    com.apple.driver.AppleMuxControl          3.3.0

    com.apple.driver.AppleMCCSControl          1.1.11

    com.apple.driver.AppleUSBTCButtons          237.1

    com.apple.driver.AppleUSBTCKeyboard          237.1

    com.apple.driver.AppleIRController          320.15

    com.apple.AppleFSCompression.AppleFSCompressionTypeDataless          1.0.0d1

    com.apple.AppleFSCompression.AppleFSCompressionTypeZlib          1.0.0d1

    com.apple.BootCache          34

    com.apple.iokit.SCSITaskUserClient          3.5.5

    com.apple.driver.XsanFilter          404

    com.apple.iokit.IOAHCIBlockStorage          2.3.1

    com.apple.driver.AppleSDXC          1.4.0

    com.apple.driver.AppleUSBHub          5.5.5

    com.apple.iokit.AppleBCM5701Ethernet          3.6.0b1

    com.apple.driver.AirPort.Brcm4331          614.20.16

    com.apple.driver.AppleFWOHCI          4.9.6

    com.apple.driver.AppleAHCIPort          2.5.1

    com.apple.driver.AppleUSBEHCI          5.5.0

    com.apple.driver.AppleUSBXHCI          5.5.5

    com.apple.driver.AppleEFINVRAM          1.7

    com.apple.driver.AppleSmartBatteryManager          161.0.0

    com.apple.driver.AppleACPIButtons          1.7

    com.apple.driver.AppleRTC          1.5

    com.apple.driver.AppleHPET          1.8

    com.apple.driver.AppleSMBIOS          1.9

    com.apple.driver.AppleACPIEC          1.7

    com.apple.driver.AppleAPIC          1.6

    com.apple.driver.AppleIntelCPUPowerManagementClient          196.0.0

    com.apple.nke.applicationfirewall          4.0.39

    com.apple.security.quarantine          2

    com.apple.driver.AppleIntelCPUPowerManagement          196.0.0

    com.apple.kext.triggers          1.0

    com.apple.driver.DspFuncLib          2.3.7fc4

    com.apple.iokit.IOAudioFamily          1.8.9fc11

    com.apple.kext.OSvKernDSPLib          1.6

    com.apple.nvidia.gk100hal          8.1.0

    com.apple.NVDAResman          8.1.0

    com.apple.driver.X86PlatformPlugin          1.0.0

    com.apple.driver.IOPlatformPluginFamily          5.3.0d51

    com.apple.iokit.IOAcceleratorFamily          30.14

    com.apple.iokit.IOFireWireIP          2.2.5

    com.apple.iokit.AppleBluetoothHCIControllerUSBTransport          4.1.3f3

    com.apple.driver.AppleSMBusPCI          1.0.11d0

    com.apple.driver.AppleHDAController          2.3.7fc4

    com.apple.iokit.IOHDAFamily          2.3.7fc4

    com.apple.iokit.IOSurface          86.0.4

    com.apple.iokit.IOSerialFamily          10.0.6

    com.apple.iokit.IOBluetoothFamily          4.1.3f3

    com.apple.driver.AppleSMC          3.1.4d2

    com.apple.driver.AppleGraphicsControl          3.3.0

    com.apple.driver.AppleBacklightExpert          1.0.4

    com.apple.iokit.IONDRVSupport          2.3.7

    com.apple.driver.AppleSMBusController          1.0.11d0

    com.apple.iokit.IOGraphicsFamily          2.3.7

    com.apple.driver.AppleUSBMultitouch          237.3

    com.apple.iokit.IOUSBHIDDriver          5.2.5

    com.apple.driver.AppleThunderboltDPInAdapter          1.8.9

    com.apple.driver.AppleThunderboltDPAdapterFamily          1.8.9

    com.apple.driver.AppleThunderboltPCIDownAdapter          1.2.6

    com.apple.driver.AppleUSBMergeNub          5.5.5

    com.apple.driver.AppleUSBComposite          5.2.5

    com.apple.iokit.IOSCSIMultimediaCommandsDevice          3.5.5

    com.apple.iokit.IOBDStorageFamily          1.7

    com.apple.iokit.IODVDStorageFamily          1.7.1

    com.apple.iokit.IOCDStorageFamily          1.7.1

    com.apple.iokit.IOAHCISerialATAPI          2.5.1

    com.apple.iokit.IOSCSIArchitectureModelFamily          3.5.5

    com.apple.driver.AppleThunderboltNHI          1.6.3

    com.apple.iokit.IOThunderboltFamily          2.2.6

    com.apple.iokit.IOEthernetAVBController          1.0.2b1

    com.apple.iokit.IO80211Family          522.4

    com.apple.iokit.IONetworkingFamily          3.0

    com.apple.iokit.IOUSBUserClient          5.5.5

    com.apple.iokit.IOFireWireFamily          4.5.5

    com.apple.iokit.IOAHCIFamily          2.3.1

    com.apple.iokit.IOUSBFamily          5.5.5

    com.apple.driver.AppleEFIRuntime          1.7

    com.apple.iokit.IOHIDFamily          1.8.1

    com.apple.iokit.IOSMBusFamily          1.1

    com.apple.security.sandbox          220.2

    com.apple.kext.AppleMatch          1.0.0d1

    com.apple.security.TMSafetyNet          7

    com.apple.driver.DiskImages          345

    com.apple.iokit.IOStorageFamily          1.8

    com.apple.driver.AppleKeyStore          28.21

    com.apple.driver.AppleACPIPlatform          1.7

    com.apple.iokit.IOPCIFamily          2.7.3

    com.apple.iokit.IOACPIFamily          1.4

    com.apple.kec.corecrypto          1.0