User profile for user: Balveda
Balveda Author
User level: Level 1
0 points

Can I disable/delete CarbonCore, Perl, Python and Ruby...

without causing any issues to my mbp (early 2011)? I'm not a developer so I'm not sure why I'd need them but if they're vital to running SL 10.6.8 then I won't disable them. Reason I'm asking is that MacScan is picking up multiple issues in my /usr/share/emacs/22.1/etc location. I just learned what an emac was today and I'm not sure why this is on my mbp. All of my sharing is turned off in system preferences but when I click on xgrid a drop down message appears that say "unable to locate xgrid agent. Screen sharing is turned on." One file in particular is labeled condom.1 and was created back in 2006. The file is written as follows:


CONDOM(1) EUNUCH Programmer's Manual CONDOM(1)


NAME

condom - Protection against viruses and prevention of child

processes



SYNOPSIS

condom [options] [processid]



DESCRIPTION

_condom_ provides protection against System Transmitted

Viruses (STVs) that may invade your system. Although the spread of

such viruses across a network can only be abated by aware and cautious

users, _condom_ is the only highly-effective means of preventing

viruses from entering your system (see celibacy(1)). Any data passed

to _condom_ by the protected process will be blocked, as specified by

the value of the -s option (see OPTIONS below). _condom_ is known to

defend against the following viruses and other malicious

afflictions...



o AIDS

o Herpes Simplex (genital varieties)

o Syphilis

o Crabs

o Genital warts

o Gonorrhea

o Chlamydia

o Michelangelo

o Jerusalem



When used alone or in conjunction with pill(1), sponge(1),

foam(1), and/or setiud(3), _condom_ also prevents the conception of a

child process. If invoked from within a synchronous process, _condom_

has, by default, an 80% chance of preventing the external processes

from becoming parent processes (see the -s option below). When other

process contraceptives are used, the chance of preventing a child

process from being forked becomes much greater. See pill(1),

sponge(1), foam(1), and setiud(3) for more information.

If no options are given, the current user's login process (as

determined by the environment variable USER) is protected with a

Trojan rough-cut latex condom without a reservoir tip. The optional

'processid' argument is an integer specifying the process to protect.

NOTE: _condom_ may only be used with a hard disk. _condom_

will terminate abnormally with exit code -1 if used with a floppy

disk (see DIAGNOSTICS below).



OPTIONS

The following options may be given to _condom_...



-b BRAND BRANDs are as follows...



trojan (default)

ramses

sheik

goldcoin

fourex



-m MATERIAL The valid MATERIALs are...



latex (default)

saranwrap

membrane -- WARNING! The membrane option is _not_

endorsed by the System Administrator General as an

effective barrier against certain viruses. It is

supported only for the sake of tradition.



-f FLAVOR The following FLAVORs are currently supported...



plain (default)

apple

banana

cherry

cinnamon

licorice

orange

peppermint

raspberry

spearmint

strawberry



-r Toggle reservoir tip (default is no reservoir tip)



-s STRENGTH STRENGTH is an integer between 20 and 100 specifying

the resilience of _condom_ against data passed to

_condom_ by the protected process. Using a larger

value of STRENGTH increases _condom_'s protective

abilities, but also reduces interprocess communication.

A smaller value of STRENGTH increases interprocess

communication, but also increases the likelihood of a

security breach. An extremely vigorous process or

one passing an enormous amount of data to _condom_

will increase the chance of _condom_'s failure. The

default STRENGTH is 80%.



-t TEXTURE Valid TEXTUREs are...



rough (default)

ribbed

bumps

lubricated (provides smoother interaction between

processes)



WARNING: The use of an external application to _condom_ in

order to reduce friction between processes has been proven in

benchmark tests to decrease _condom_'s strength factor! If execution

speed is important to your process, use the '-t lubricated' option.



DIAGNOSTICS

_condom_ terminates with one of the following exit codes...



-1 An attempt was made to use _condom_ on a floppy disk.



0 _condom_ exited successfully (no data was passed to

the synchronous process).



1 _condom_ failed and data was allowed through. The

danger of transmission of an STV or the forking of a child

process is inversely proportional to the number of other

protections employed and is directly proportional to

the ages of the processes involved.



BUGS

_condom_ is NOT 100% effective at preventing a child process

from being forked or at deterring the invasion of a virus (although

the System Administrator General has deemed that _condom_ is the most

effective means of preventing the spread of system transmitted

viruses). See celibacy(1) for information on a 100% effective program

for preventing these problems.

Remember... the use of sex(1) and other related routines

should only occur between mature, consenting processes. If you must

use sex(1), please employ _condom_ to protect your process and your

synchronous process. If we are all responsible, we can stop the

spread of STVs.



AUTHORS and HISTORY

The original version of _condom_ was released in Roman times

and was only marginally effective. With the advent of modern

technology, _condom_ now supports many more options and is much more

effective.

The current release of _condom_ was written by Ken Maupin at

the University of Washington (maupin@cs.washington.edu) and was last

updated on 10/7/92.



SEE ALSO

celibacy(1), sex(1), pill(1), sponge(1), foam(1), and

setiud(3)

___________________________________________________________________


Is this some sort of opensource coding joke? Thanks in advance for any help!

MacBook Pro, Mac OS X (10.6.8), Early 2011 edition

Posted on Jul 25, 2011 6:03 PM

Reply
6 replies
User profile for user: Balveda
Balveda Author
User level: Level 1
0 points

Jul 25, 2011 8:37 PM in response to AussieDJ

umm yeah. I'm fully aware it's not a Window's based PC although technically it is my Personal Computer. It's odd that you're asking what MacScan is when you apparently have already decided it's "rubbish" without knowing what it is in the first place. A somewhat pessimistic view of something you claim to know nothing about in my humble opinion.


To answer your second question, an Apple Care rep recommended the MacScan utility app to detect the trojan on my system. You are aware that there are over twenty active trojans out in the wild currently that are specifically designed to exploit Mac's...right? And no, you don't have to download a third party app that prompts you for an admin password, although trojans like that do exist. This isn't a virus, as there are no Mac viruses, but a trojan that exploited the firmware chip in my battery and coded it's way into the next upper layer of the system by using a fake booter to point the com.apple.stackshot file at the root to a prelinked fake boot-kernel that also contained a fake extension.


It's now cloning itself as actual processes such as fontd, configd and launchd and fseventd as well as a few others. After eight erase (NSA 7 swipe and the 35 swipe as well) and re-installs of the OS it's still there but now seems to be writing files via Carbon, Perl, Python, and Ruby. They are filling up my hard drive at an accelerated pace but then again I had a lot of space to begin with. Not causing any other issues though but it appears they're sending well over 10,000 message out of mulitple ports per day. I have, as always, my firewall set to block all incoming connections except for DHCP and IPSEC. I know that someone at Apple will eventually issue a permanent seal patch for the battery firmware issue that contains a factory default password that has been exploited.


So, back to my original question that I hope someone in this friendly community can shed light on. Can I disable these (Carbon, CarbonCore, Perl, Python and Ruby) without causing any issues to my system or are they vital to 10.6.8? Once I have the answer to my question, I'm quite certain I can resolve the remainder of this issue on my own.


Once again, thanks in advance for an answer to my orginal question. Your help is truly appreciated.

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,739 points

Jul 25, 2011 9:02 PM in response to Balveda

...an Apple Care rep recommended the MacScan utility app to detect the trojan on my system.


Then the rep is incompetent. MacScan, like all commercial "anti-virus" products for the Mac, is worse than useless, as this thread demonstrates.


You are aware that there are over twenty active trojans out in the wild currently that are specifically designed to exploit Mac's...right?


I don't know about the number, but there are some trojans, yes. All of them are detected by the built-in malware protection in the Mac OS. There will be more trojans in the future, including some that neither MacScan nor any other anti-virus software will be able to detect. Just don't install them.


...a trojan that exploited the firmware chip in my battery and coded it's way into the next upper layer of the system by using a fake booter to point the com.apple.stackshot file at the root to a prelinked fake boot-kernel that also contained a fake extension.


You saw that in an Ars Technica article today, and now you're the first person ever to detect the exploit? Congratulations.


It's now cloning itself as actual processes such as fontd, configd and launchd and fseventd as well as a few others.


Kewl.


So, back to my original question that I hope someone in this friendly community can shed light on. Can I disable these (Carbon, CarbonCore, Perl, Python and Ruby) without causing any issues to my system...?


No.

Reply
User profile for user: Balveda
Balveda Author
User level: Level 1
0 points

Jul 25, 2011 10:15 PM in response to Linc Davis

The first Apple Care rep didn't seem incompetent but not exactly up to speed on lower level system issues. The second AppleCare rep suggested ESET CyberSecurity for Mac and I purchased it while on the phone with this AppleCare rep. That didn't solve the issue either. I also used ClamXav which is Apple endorsed since it's available and free in the App Store. No dice on the results though. I then also purchased Intego Virus Barrier, also in the App Store but to no avail since, as I later discovered, I don't actually have a virus, since Mac viruses don't exist. I then was instructed by another AppleCare rep to reset the PRAM as well as doing an SMC reset but still the issue remains.


MacScan doesn't detect viruses. Only malware and trojans and it didn't even detect this trojan but alerted me to some odd messages alerts in the Console utility specifically in regards to the usr/share section . That's how I discovered something must be wrong and I contacted Apple once again and they asked me to ship my mbp to them in California and they shipped me a new replacement direct from Shanghai. And once again after 10+ Express Lane cases and one emailed system shot from a data gatherer application sent to me by a Senior Technical Advisor from Worldwide AppleCare and returned to him, I'm still having the same issue and no, I'm not the only one to have experienced this issue so thanks for the congratulations but I'll share the congrats with the other unfortunate users who are experiencing the same frustrating issue but not all carried out in the same manner as mine. I thought instead of trying to only work with AppleCare, who've been stellar btw in terms of customer service, I'd go ahead and give the community a shot at possible solving the problem in hopes of answering my question. Unfortnately the previous hostile responses from the community act as though I'm being sarcastic or something. I assure you I'm not.


No, apparently not all trojans are detected by the built in malware protection in SL. I'm not trying to make this some outdated Mac vs. PC battle, which is juvenile in my opinion and accomplishes nothing. I'm a big fan of all things Apple and always have been.


There are quite a few trojans written everyday and so far I haven't noticed daily security updates from Apple b/c there's no realistic way to keep up with an ultra fast response to new ones until they're actually discovered however, I get the security updates every few weeks or so for SL and I'm grateful for that. Maybe now all active trojans are detected by Lion but I haven't upgraded yet so I wouldn't know but I hope to upgrade soon. Seems like a kewl OS and hopefully impregnable.


No, I didn't read an article an Ars Techinca but I did read an article on the battery firmware password exploit on slashdot which was linked to a threatpost.com article. If I recall correctly it didn't mention much other than the default password issue for the battery firmware but I believe it had to do with some guy trying to kill the battery or blow up the machine which apparenty didn't work. Nothing about the way the exploit can be carried out to alter your OS.


Anyway, thanks for your answer to my question. Much appreciated and best regards.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Can I disable/delete CarbonCore, Perl, Python and Ruby...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up