Malware reappearing in apple.safari.com cache.db

I'm not overlooking that, it just makes no difference to the point, which is that cookies CANNOT contain code that is executed independently. Cookies are DATA ONLY. If someone uses cookies to track you across multiple sites, there are obvious privacy implications, but that does not change the fact that they are not malware.

As to the privacy issues with cookies, that is outside the scope of this discussion, and would be better debated elsewhere.

You might be getting stuck by Lion which always re-load the last window configuration. Launch Safari again. This time, hold down the option key when you to to Safari > Quit Safari.

Oh do stop playing semantics to save face, Thomas.

The point is that these kind of persistent cookies are a problem and are undesirable. I'm not sure how to get rid of them apart from the link I suggested earlier. Or is that "off-topic" too? 😁

I am not playing semantics, I'm answering the question. The OP claims this is malware, and that this "malicious code" is going to spam all his contacts. That is not true. Period, end of story. Unless you wish to discuss that particular issue, we're done here. You can debate the danger these cookies pose to privacy with yourself if you wish.

I completely erased the harddrive and reinstalled Mac OS X Lion.

Then it is completely impossible for any unwanted cookies to return unless you revisit the offending site where you got it in the first place, or restore the rest of your Time Machine data, which will of course reintroduce the offending files.

There is no software of any kind anywhere in the world that can survive an erasure of the file table and then magically reappear in the newly installed OS. You have to be reintroducing somehow.

Killing the evercookie in Safari.

The thing is, all that you've said is just anecdotal... you haven't provided any real details, so we just have to accept your word that your interpretation of events is correct. And it doesn't sound like you have much technical knowledge when it comes to the Mac. (Not meaning that as an insult, just a statement.) That means that your interpretation of events is very questionable.

How we can explain what you have seen, I don't know, because of the lack of details. I don't know what error you're referring to with regard to media being unable to be erased, but it seems obvious that the reinstall did not go off without a hitch, so it cannot be claimed to be clean. The Mac OS certainly does not log passwords to log files, but you may have had some bad software installed that did.

Regarding the "two armed guards" on Windows, it's important that you understand that they're more like myopic ninjas. When they see something bad, they come down hard on it... but they don't always see it. Modern AV software recognizes at best 90% of all malware. I've got two trojans in my collection that are recognized by only 36% and 50% of the AV engines VirusTotal tests with, despite having been first spotted in early fall of last year.

Also, it's important to understand that the Mac OS has built-in anti-malware protection! And, though it has its own limitations, like all anti-malware, it at least recognizes all the malware in my collection. You could easily do far worse.

The Mac OS is actually quite secure out of the box. It is, after all, a Unix system, and Unix has been resisting attacks for a very long time. The biggest security issue for any Mac is between the chair and keyboard. If you are interested in learning more about security and your Mac, there are many people here who can help, if you let us. If you choose not to, well... good luck maintaining security with Windows!

Start by reading the Mac Malware Guide I referred to earlier. I wrote it, so I'm tooting my own horn a bit, but I think it's a pretty good reference. I've worked very hard on it.

Regarding things like malicious JavaScripts (which also encompasses the mechanism that makes evercookies work), note that there's really not much they can actually do. Some people get bothered by the potential privacy issues that these things make possible, others don't. If you're in the former category, either turn off JavaScript in Safari, or use Firefox along with the NoScript plugin for more granular control over which sites are allowed to run JavaScripts.

As for other issues, many people will recommend a firewall, but chances are good you don't need one. See Do I need a firewall? (Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.) You should also make sure not to open up any network services by turning them on in System Preferences -> Sharing unless you need to. If you need to, they pose no security risk at all on your own home network (provided it's locked down with a password) and can be pretty easily secured on open networks.

To protect your data against an attacker with physical access to the machine (such as a thief or a dishonest friend or co-worker), encrypt any data that is sensitive. Your account password can be reset and any data accessed fairly easily. You can encrypt groups of files using encrypted sparse disk images made with Disk Utility, or you can encrypt the entire hard drive with FileVault (in Mac OS X 10.7). The keychain is a secure place to keep stuff as well, as long as you don't leave the computer unattended with the account logged in and the keychain unlocked. Resetting your account password will NOT reset the keychain password, regardless of what some people will tell you. (I've tested it.)

Beyond that, just keep in mind good general security practices... use good passwords, don't use the same password for everything, don't click links in e-mails, don't trust any web site that says it has "scanned your hard drive" and found viruses, be cautious what you do on open wireless networks, etc.

If there's something left unanswered after all that, please ask!

I'm not sure what the netbiosd stuff is, but those stealth mode connection attempts sound a lot scarier than they actually are. Stealth mode connection attempts usually occur when a packet has taken too long to return and the computer has stopped listening for it.

But, I really think using a firewall on a Mac is serious overkill except in very specific uses - like a Mac server that is constantly exposed to direct access from the internet and has a lot of services open. There's no currently known way for a hacker without physical access to get access to your Mac out of the box, with no services open in System Preferences -> Sharing and with the firewall off. And if you open up a service, you've got to poke a hole in the firewall anyway, or it won't work. Really, just turn off the firewall, it's not helping you.

Thomas A Reed wrote:

The OP claims this is malware, and that this "malicious code" is going to spam all his contacts. That is not true.

My apologies Thomas, I didn't realize that at that point you had misunderstood the purpose of the thread. The OP was never concerned about whether it is technically correct to call a persistent cookie "malware" or not; he just wanted to know how to deal with it.

I see from your subsequent posts you've caught on. 🙂