Currently Being ModeratedMay 29, 2011 12:05 PM (in response to noondaywitch)
I have the same org.python.python.app in my cache folder. What's strange is it was never there before. It shows up in "System Profiler", "Applications". It just lists a "last modified date" and no version number. And the date does not coincide with any software updates that I did. So, how did it get there? Is it malware? And what happens if I delete it? It seems very odd to me.
Thanks in advance for the help!
well, I have scanned that with my AV software and it seems fine. I have googled it a couple times, and does not seem to be related to anything malicious. As it is in cache, I am not too worried..yet..
Currently Being ModeratedMay 30, 2011 9:14 AM (in response to powerbook1701)
Thanks much for the reply. Well, I'm getting more concerned.
Looks like the 10.6.7 update was released on March 21st, 2011 and I did the update on March 22nd, 2011. However, the org.python.python.app shows up in "System Profiler" under the date of May 13th, 2011 (Friday, the 13th ). So, I am really confused.
The file is in my Cache, which is good but....
What type of AV software are you using? Do you get any performance hits when running it? This is my first Mac and have always been a MS Windows guy using North AV software. But I have been told repeatedly that Mac's are immune to viruses and malware. Which I never really believed. Especially now, since the number of Mac computers being used these days has grown considerably.
So, it looks like a good AV software is in order. I've seen a few mentioned that also have a "2 way" firewall (Little Snitch, VirusBarrier X6, Norton IS).
I would definitely appreciate any recommendations regarding the AV software. And any other thoughts you may have on the python.app. I guess if I had the AV software I could scan it, like you did, which would ease my mind considerably.
Thanks again for the reply and I look forward to hearing back from you!
mine corresponds exactly to when I ran the combo updater. If you didn't use the combo, maybe that is why you are seeing a different date.
I use ClamXav. Just be sure to read through the directions on the webpage. It hogs no CPU time. I do, however, only use it as a passive scanner (but I could use it as an active scanner if I wanted to).
Everyone has their own opinion on Mac AV scanners. So far, all I have needed is the FREE ClamXav software. They have good support forums too. You can check it all out at the link above. You can search for each of these software apps in the forums here, rank by date, and read what people are saying. My own advice is to stay away from Norton. For me caution is always in order. Turn your auto open Safari downloads preference to OFF. That will help in this latest MacDefender malware thing..
I have different versions of that phyton thing and just from poking around, I don't think it's anything to worry about. I have scanned it repeatedly to be sure. The next time I find myself at a Best Buy or Apple retail store, I'll check there systems to see if it is there..
I find this to be useful:
Currently Being ModeratedMay 30, 2011 9:46 AM (in response to powerbook1701)
Thanks powerbook1701 for the excellent reply!
I'm pretty sure I did the combo update but..
I will definitely check out ClamXav. I would also prefer to use it as a passive scanner and it's good to know that it isn't a CPU hog. Also, thanks for the suggestion on the Safari downloads perference, I had it selected to ON.
Another weird thing about the python is another family member has a MacBook, and I have the MacBook Pro. Both were purchased at the same time and I've run software update on the same days for both. But her MacBook doesn't list the org.python.python.app, at all. So, I'm going to get the ClamXav and do a thorough scan.
Thanks again for the very helpful reply!
Oh, btw. I'm not sure I used "System Profiler" correctly to see the install date of the 10.6.7 combo update. How/where did you check for the date of install?
ClamX AV will do all the job you need. Steer away from the other AV software, especially Norton. Most of them do more harm than good.
Little Snitch is not AV; it monitors for outgoing connection requests from all applications on your Mac and flags them up for you to allow or deny, temporarily or permanently.
In my opinion it's one of the most useful third-party applications available and I've been using it for nearly eight years now. You'll be surprised what some applications are doing behind your back!
Your router firewall complements this for incoming traffic.
As far as the trojans we're currently finding tailored to Mac users, the only real defence there is the grey matter between your ears. If something pops up out of nowhere that you didn't actively initiate yourself, you can be sure it's a scam. In those cases, don't respond to any messages; just quit (force Quit if necessary) the browser and check for unwanted downloads.
First, I have two MBP's, used the combo on both. The python thing only appears on once also. I am guessing that the software that came with one MBP (default install from factory DVD), had it built in. So, the combo update finds it and updates it. I have seen it before where if you don't have something already installed, the combo updater won't add it. I found this out with flash player one time. I removed it, the combo updater said it updated the flash to a new version...BUT, only if it already finds it. The python thing is there, and I can find no evidence search google that it is an issue (like the MacDender thing..).
1.) Keeping your safari "auto open safe downloads" off will always give you the option to expand it. In the case of the MacDefender and it's variats, this will at least give you a stop gap option to delete it from your downloads folder. NOTE: be sure that you have Safari set to goto the downloads folder. This way, it is contained there. Just be sure NOT to open files there you didn't put there and delete them asap.
2.) When you first install ClamXav, it installs as a passive app. If you wan't it to be more, read through the website pages for help. If you were wanting it to scan email, be sure to read how to do that first! Be sure to use the ClamXav link I previously posted, as there are a few scammer out there using similar names.
3.) For right now, use ClamXav to scan your home folder first. Don't use it to scan entire disk yet, there is an update coming out that fixes a hang on certain machines.
Check out their support forum too and ask questions.
Currently Being ModeratedMay 31, 2011 10:40 AM (in response to powerbook1701)
Hello powerbook1701 and noondaywitch,
Thanks much for the replies!
@powerbook1701 - thanks for the extra checks on the python.app. I got onto other things yesterday and didn't download ClamXav but will do today. Definitely will use the link you provided and you also answered another question I had about whether to scan the entire disk or just home folder. So, I will do home folder first. Also, got Safari setup as you suggested.
@noondaywitch - Thanks for the info on Little Snitch, I will definitely get it.
Also, another question for you guys that is probably appropriate for this forum. I've read that I shouldn't be using my Admin account for normal day to day stuff. It was noted that one should create another user account (w/out Admin privileges).
So first, is that the correct way to go? And if so, how do I set certain things up?
I know how to create a new account. But I already have iTunes and iPhoto (two apps I use the most) setup in my Admin account. I don't want to have another iTunes or iPhoto directory in the new account. So, is there a way to enable sharing between the Admin and new account? And if there is, will I be compromising security?
Please let me know what is the best way to set this up.
I also have a bunch of questions regarding security setup for my Airport Extreme but I think there is another forum for that. I wish I had been smarter when I first bought these MacBook's in Dec. 2010 and researched, setup things correctly from the get go. I just hope nothing has been compromised and also that my wireless network is secure. At least, I can get comfort in knowing that the Mac OS is much more safer than MS Windoze. But with the wild west internet, it's always best to err on the side of caution.
Look forward to your replies and thanks again for the excellent help!
Once the next version of ClamXav comes out, you can scan the entire HD if you would like. There is a slight glitch that throws it into a loop for some users.
In this article, it is mentioned how to convert accounts (down in the middle):
Be sure to password protect BOTH your wifi network and your AEBS itself. During the setup process, you will be asked if you want to do this.
Keeping the "open safe files" in Safari OFF will not prevent you from having any of the MacDefender variants out there from downloading (if you land on a posioned site), but it WILL allow you to notice that you downloaded the installer into your downloads folder and then you can delete it from there. End of story at that point. If you would have left that option on, then it would try to go through the instal process.
Regarding ClamXav, be sure to take a look at the documentation on the main website (as it is NOT in the Help menu in the app itself). As with any software, understand it before you start using it. But, when you download and install, it is already in passive mode as is and good to go for "on demand" scanning (meaning you tell it what and when to do it).
Last, for new mac users, I recommend "Mac OS X Snow Leoaprd: The Missing Manaul" as good book. There is also one called "switching to the Mac" in the same series, both by David Pogue.
As far as the second account controversy is concerned, I prefer to keep it simple and have always used just the one (admin) account.
I understand the argument that it's more difficult to install something accidentally because you'll always be asked for an admin password, but then you are when logged in as admin anyway.
Also it won't stop the likes of MacGuard from installing itself in the Applications folder as no authentication is asked for that.
Leaving the 'open safe files' option unchecked is better protection for both scenarios.
A second account may prevent you from accidentally doing something silly with system files, but that only requires common sense too.
You will of course, hear the other view quite soon, I'm sure. Ultimately it's down to you.
For WiFi, ensure you use WPA2 Personal for the encryption and use a long password with a mix of characters and numbers and preferably some none-alphanumeric characters as well.
I endorse powerbook's recommendation of the Pogue books. In fact the Missing Manual series has good titles for the iLife and iWork apps, too, as well as for a good range of third-party software.