Want to highlight a helpful answer? Upvote!
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.
<Subject Edited by Host>
iMac, Mac OS X (10.6.8)
That's normal. Ignore it.
(65670)
The pass word was OK. The wrong email was used,Ichanged it some time
ago, but the old one popped up and I put the right one up and the updated loaded.
Thanks Henry Seegers
Thank you for responding, Camelot, let me explain what I meant when I said, "Clearly, we should not be telling users that something related to 'remote management' has been modified and is in need of repair.'"
It would help if I explain my perspective just a bit. I'm a professional software developer, web developer, and server admin. I get to see the ugly side of the internet and deal with security issues and constant hack attempts. Every day my company's web server receives numerous hack attempts from around the world, home and abroad. This has made me acutely aware of the fact that we are not in Kansas anymore, and never will be again. So perhaps certain things seem clear to me, but are maybe not clear to most people.
So if you would please allow me, I'd like to make an analogy that I think will help you understand.
Connecting your computer to the internet is like moving from a house in the countryside on a private ranch, to a duplex apartment in a very bad neighborhood. Now imagine you know nothing about how lock mechanisms work, or how security systems work, or anything technical about houses or apartments beyond how to change a lightbulb—but you know crime is rampant in your neighborhood, and the criminals are very sophisticated indeed. Also imagine that, every few weeks, someone who has manufactured some part of your house, like the door locks, the windows, the vents, or the electrical system, etc., has to come out and update the security systems in light of some new vulnerability that was recently discovered, and they constantly recommend you to change the locks just in case someone got your key somehow.
Lastly, imagine that in the past few years, it was revealed to you that:
• government agents could break into your house and monitor everything you did without a warrant, without your consent, and without your knowledge, at any time, and you'd have no way to know if they had done so or were currently doing so;
• every bit of communication and activity that you have had inside your house could very well be stored on a government server somewhere;
• and the privacy blinds on your windows had multiple major security flaws that had existed for many years, which could have enabled anyone that felt like it, to eavesdrop on your communication and possibly gather copies of the keys to your locks, install secret monitoring equipment in your house, etc.
Most importantly these revelations proved beyond a doubt that you were, possibly intentionally, misled into believing that the systems and methods of security you were using were very secure indeed, and it would take even a motivated criminal a long time to break in—while all along, in fact, quite the opposite was true, unless you (being a very astute and maybe a paranoid person) took lengthy additional secondary security measures of your own, like keeping everything in your house inside of a good safe, speaking in an unknown dialect similar to Navajo in your house and on the phone, etc.
Now you're probably thinking, "Wow this guy is a paranoid tin-foil hat-wearer for sure!" But please, bear with me on this one, because I think you'll find that I'm a totally reasonable, rational person, and my concerns are not only more than justified, but also, Apple shares my concerns.
So now lets returning to our house/apartment analogy. To summarize, it was revealed to you that the security and privacy afforded to you by your apartment was largely an illusion because, dating back many years before you even moved into the place, huge vulnerabilities existed in the door locks and window blinds. You could have been violated at any time. When you moved in, you thought your apartment would be the most secure type of apartment in the city, and that you had such good locks and window blinds that even the most advanced thief would have trouble getting in. On a positive note, you know that it was still very unlikely that you were actually violated because, well, everyone else had these same vulnerabilities, too, and most people had way more. Plus, there was nothing special about you that would make you a target, right?
But still, there is a very bad taste lingering in your mouth. Your trust has been shaken, because the vulnerabilities that were recently discovered had been there for many years, and not only did none of the people responsible for your security even notice the whole time, but some of them were secretly violating everyone's privacy on a massive scale.
That being the case, you have no choice but to continue living in your apartment after these revelations, even though you still know very little to nothing about the inner workings of locks and windows and vents and blinds, and have no way to diagnose or repair them, except for a few self-diagnostic tools provided from the manufacturer.
Now imagine you are running one of those diagnostic tools one day, because you've noticed some things malfunctioning in your house. Your phone isn't working right, the sink won't turn on, and it takes forever to open your bedroom door. So you run a general scan to make sure that the security permissions are set correctly on everything, and a warning comes up that a file related to the remote monitoring of your house has been modified, may be damaged, and cannot be repaired. The equipment manufacturer tells you, "this is nothing to worry about."
Don't you think that would be unnerving? Clearly?
...
I am, of course, talking about the NSA and the revelations of Snowden, and the "Heartbleed" and "Shellshock" vulnerabilities, among many others, including OS X specific ones, that were revealed last year. Israeli cybersecurity expert Michael Mumcuoglu put it best in his blog, which I will quote directly from:
Anything with a CPU and an internet connection was most likely directly affected one of these vulnerabilities. Just to clarify – yes, we did write "anything with a CPU and an internet connection.”
- Heartbleed – affects over 66% of web servers
- Shellshock – affects any UNIX/Linux server
- Winshock – affects any Windows workstation
- Kerberos Checksum – affects any Windows-based network
What this means is that anyone that knew about these vulnerabilities could have simply:
- Accessed any web server’s private certificate, which would allow eavesdropping on encrypted web traffic or man-in-the-middle (MITM) attacks
- Remotely executed code on any UNIX/Linux internet servers, which would let them do essentially whatever they want
- Run code with highest privilege on any Windows workstation once it surfs to a specially-crafted web page (known as a “drive-by attack”)
- Taken Domain Admin privileges over managed corporate networks
Ancient Age
Malware and other recent and complex cyber attacks are downright fetal compared to our Four. Some of the four vulnerabilities were in existence when many of today’s high-powered cybercrime experts were literally still sleeping in cribs.
- Shellshock – 25 years old
- Winshock – 19 years old
- Kerberos Checksum Vulnerability – 14 years old
- Heartbleed – the “baby” of the group, only 2 years old
So yeah, I think it's clearly Apple's responsibility to remove innocuous error messages concerning the permissions of the Remote Desktop Agent, the specific purpose of which is the remote monitoring and control of the computer itself. What indeed is the point of error messages that are not actually errors and should be ignored? If the file has not been modified and is not damaged, then don't say it is. If it is modified and damaged, then why is that not a problem? After all that has happened and the erosion of trust that has occurred, the least they could do is make it seem like there aren't ongoing, untreated vulnerabilities.
Because while I do trust Apple more than any other tech company, and I would be very surprised if indeed this ARD error represented an actual vulnerability, on the other hand, I think it's just common sense that little details like this should be cleaned up. Apple cares so much about all the little details being perfect in its hardware design and interface, yet leaves little niggling annoyances like this behind to throw us for a loop when we start having some problems. I would really like, just once, to be able to run a Disk Permissions repair and have it report no problems whatsoever. Why is that too much to ask, and doesn't it seem clear that it would be a more user friendly experience?
Probably the best explanation I've read so far:
DaddieMac... I agree with every part of your post up until the last two paragraphs. The fact of the matter is this ARD error could mean a completely compromised system with root access from an external source , albeit unlikely. Allowing extremely advanced computer technicians to recognize the possible vulnerabilities and continue to dig for evidence of them (such as Dai Zovi's recently disclosed proof-of-concept rootkit "Machiavelli"), enables open source discussion and troubleshooting relating to security holes in the system. I prefer disclosure of even the smallest possibility of a compromised system over blissful ignorance.
Technically, it is currently the "Snowden-era". (1) He is still alive. (2) Cops just removed a statue of him from the NYU campus in Manhattan.
Post-Snowden era would imply he is deceased.
Just a clarification.
CORRECT. It is banal or possibly disingenuous to say, "There is no problem. Nothing to worry about." Anyone worth their techie salt knows this could be a MASSIVE problem.
Some of the self-proclaimed experts on this thread have outed themselves as plants (or imbeciles) by saying, "Nothing to see here. Nothing to worry about."
At the very least, the error / warning in question is notifying you of a PAST security risk.
Nothing Beats Due Diligence.
I think that this whole situation is ridiculous bordering on the big brother syndrome adding a sprinkle of paranoia and conspiracy. How is it that the whole thread is from 2012 and Lion or Snow Leopard and I'm running Yosemite 10.10.3 and yet still getting the same message of irrepairability. If I owned the garage, I would have fired the mechanic a long time ago. How's that for an analogy?
Just thought I'd chime in here for a tick...
I installed Windows 8 into a VM in VMWare Fusion Thursday evening. I went to bed and let the installation run it's course. When I woke up on Friday I found I could not wake my iMac. It took forever but it eventually did. I then logged in found it took over 5 minutes to go from password entry to seeing my desktop.
Fortunately I installed it onto an external HDD so I deleted VMWare, removed the external hard drive and followed online instructions to remove all of VMWare fusions files in all the various locations. Still I found the option to open some files via Windows apps when I right clicked in finder so I followed some more instructions to clear this from the command line and restart finder.
My entire system worked perfectly and was a 1 month old clean install until I installed Win8... Now, with the VM app removed and the virtual hard discs unattached via the external drive USB cables being removed from my system and having cleared out all references to VMWare from my system, I still find that the first 3 apps I open on login load so fast one would swear they were open all the time... everything else takes minutes. Even opening system preferences takes a few minutes.
Much worse than that, each time I alt-tab between apps, or click on a drop down box, or even as I am busy typing this very message... Each time MonoDevelop starts up the code AutoComplete box or I hit the up arrow into an existing code block.... every time I cut a piece of code or try to paste text.... every time I open up a tab in Safari or click on the next item in my RSS reader's feed... or even if I just leave my system unattended for 3 to 5 minutes my system would hang for between 10 and 60 seconds. Some times it would hang so hard that even the mouse stops moving on screen and the spinner stops spinning....
As you can imagine nobody could be expected to use a computer that stalls for up to a minute each time you hit a button or clicked your mouse so I had to do something desperately. I found that VMWare had installed DiscDefender into my startup items and removed that, but restart helped nothing. I also noticed some or other system app taking up 99% of my CPU every now and then and forced quit that. Since my reboot I have not see that app or such high usage again... but still the problem remained (as I said, even while typing this text) except a LOT less frequent. I still have to work up the nerve to try and code, though...
Then it suddenly struck me that I haven't verified dic permissions yet. I ran it and it came up with all of those errors you said I can safely ignore. Even had one the opposite of what you said... it said my permissions were -rwxrwrwx but should be lrwxrwxrwx. The only two that concerned me were the permissions on my mail server NEEDING to be fixed and something to do with external monitoring of my system being changed and will NOT be fixed... THAT had me worried...
My mail server permissions were wrong and an app for monitoring my system from outside my network got modified and will not be changed back. Yeah! That had me worried! But, being a clever little programmer me, I arrived at a very simple solution to the latter problem... I just had a look at the file in Finder, looked at when it was last modified, went into TimeMachine and restored a version from 2 days before then. Ran Verify Permissions and still I get all those warnings you say I can ignore....but no longer the warning about THAT app. That issue was laid to rest.
I can now, in all certainty tell you... my system is still royally screwed up and I now have no other bleeding clues as to how to get it to stop being so bleeding unusable!!! ...but fixing that warning... that didn't help one bleeding bit. So I am joining the ranks of those who say "Ignore".
In fact, I just opened up sharing and turned off Remote Login since I never do anyway, and now the app no longer even appears in activity monitor... nor anything else that takes up more than 4% of my CPU... so I guess my hunt for that bug continues... 😟
This is a very old thread. Many people ignore them. Suggest you re-post it as a new thread and it may get up to date attention.
Your problem may not be exactly the same as that detailed in this older thread, and it can be very confusing for everybody if we try to answer more than one question in each thread.
In order for us to give your problem our undivided attention to try to solve it, would you kindly start your own thread, describing the trouble you are having in the fullest detail, including completing your details to show what Mac or iDevice you are using, what operating system, and what version of the application in question. Please remember to post in the forum relevant to your hardware or version of OS X.
Great minds? 😉
So if this is not an issue, why is it reported. And in particular not reported in detail, or at least an ignore this message message.
If folks on this here site say to ignore it, then it's worthless and unnecessary geekish.
Thanks for providing a common sense work-around.
And, No, Apple. I cannot 'Ignore that man behind the Curtain!"
Go to Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore - Apple Support and see what Apple has to say.
Warning: SUID file "System/Library/CoreServices" has been modified and will not be repaired.
