ARDAgent
Whenever repairing disk permissions, this irritates me:
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.
Found this from 2009
http://support.apple.com/kb/TS1448
Now is 2011, ahem...
Found this scaring:
http://forums.macrumors.com/showthread.php?t=375608&page=4:
IMHO, there should be a way to get a verified good copy of this package directly from Apple, have it installed with the correct permissions that will pass Repair Disk Permissions with flying colors. Ignoring these kinds of messages is leading us down the path to MicroS**t levels of insecurity! Crying "paranoia" to those who show concern is compounding the potential for insecurity. Apple has a responsibility to resolve this.
Here's an example of how this could be VERY bad: You accidentally visit some nefarious web site by clicking on the wrong place in a google page with "ads" (probably you were clicking Save in a TextEdit document and Apple changed focus to S*fari which caused you to click on IloveRussianPorno - please Apple STOP changing focus on us!). The nefarious web site uses Javascript to install a new ARDA package which includes a trojan horse, giving all of Russia and China FULL REMOTE ACCESS to your computer. Some Bad Guy then watches your computer remotely, and when he notices some idle time he takes full control of your Mac, downloads your personal data (which, of course, you haven't encrypted and closed down because this is your "secure Macintosh"). Then he goes on a spending spree with your credit cards and checking accounts, and then he reformats your hard drive... or worse, leaves no trace and comes back occasionally to get more of your personal data.
Whats up, Apple?
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.
Found this from 2009
http://support.apple.com/kb/TS1448
Now is 2011, ahem...
Found this scaring:
http://forums.macrumors.com/showthread.php?t=375608&page=4:
IMHO, there should be a way to get a verified good copy of this package directly from Apple, have it installed with the correct permissions that will pass Repair Disk Permissions with flying colors. Ignoring these kinds of messages is leading us down the path to MicroS**t levels of insecurity! Crying "paranoia" to those who show concern is compounding the potential for insecurity. Apple has a responsibility to resolve this.
Here's an example of how this could be VERY bad: You accidentally visit some nefarious web site by clicking on the wrong place in a google page with "ads" (probably you were clicking Save in a TextEdit document and Apple changed focus to S*fari which caused you to click on IloveRussianPorno - please Apple STOP changing focus on us!). The nefarious web site uses Javascript to install a new ARDA package which includes a trojan horse, giving all of Russia and China FULL REMOTE ACCESS to your computer. Some Bad Guy then watches your computer remotely, and when he notices some idle time he takes full control of your Mac, downloads your personal data (which, of course, you haven't encrypted and closed down because this is your "secure Macintosh"). Then he goes on a spending spree with your credit cards and checking accounts, and then he reformats your hard drive... or worse, leaves no trace and comes back occasionally to get more of your personal data.
Whats up, Apple?
MacBook Pro i7 17 2,8GHZ, Mac OS X (10.6.5), 8 GB RAM, 30 ACD
