Apple Event: May 7th at 7 am PT
Today Little Snitch said there was a new suggested rule for start up. The rule said XProtectUpdate was trying to contact 23.60.78.224. A Whois check showed its net name as AKAMAI (Akamai Technologies, Inc.)
I believe XProtectUpdate is part of Apple's security program.
Any reason it would be trying to connect to AKAMAI (Akamai Technologies, Inc.) instead of Apple?
Thanks
iMac, OS X Mountain Lion (10.8.2), 2GB RAM
Akamai is a download management program, often associated with Adobe products and Adobe's updater (you got Photoshop, Illustrator, InDesign or anything like that?). It basically allows your mac to download large files in a relatively timely fashion. In short, it's legit' and not something to worry about.
More worrisome is Little Snitch. False positives and constant notifications about normal behaviour cause this program to be a PITA. Unless you actually have particular security issues and need to monitor who's communicating with your computer, I'd recommend uninstalling this program. For most ordinary users, it's a waste of time and CPU resources.
Be sure to uninstall it properly according to the developer's instructions. Just trashing it won't get rid of the launch processes that kick in on start up.
When I state that a post contains "dangerous misinformation" about computer security, that's the equivalent of a medical doctor stating that there is dangerous misinformation in an anti-vaccine post.
That's an interesting statement. Seems you have a very high opinion of your beliefs.
I am surprised that you feel there are potentially serious disadvantages to running Little Snitch now. Would you care to elaborate on them?
First, there is nothing to prevent malware that achieves root privileges from completely disabling Little Snitch. This has actually been seen in malware in the wild, albeit very rarely, and this means that Little Snitch could give a false sense of security.
Secondly, many people misinterpret Little Snitch notifications. The average user is usually not capable of making an accurate determination of whether a particular connection attempt on behalf of a particular process is legit or not. I have personally seen a number of people who have spiraled down into a pit of paranoia thanks to perfectly normal things they found with Little Snitch.
It can be a useful tool, but just like a gun, it should not be put into untrained hands without any education at all.
thomas_r. wrote:
When I state that a post contains "dangerous misinformation" about computer security, that's the equivalent of a medical doctor stating that there is dangerous misinformation in an anti-vaccine post.
That's an interesting statement. Seems you have a very high opinion of your beliefs.
That's because my beliefs are based on a lot of professional expertise and training in computer security. If this were a discussion about baking cookies or repairing carbon fiber yachts, I'd not be so confident -- neither is an area where I have any expertise, professional or otherwise.
thomas_r. wrote:
First, there is nothing to prevent malware that achieves root privileges from completely disabling Little Snitch. This has actually been seen in malware in the wild, albeit very rarely, and this means that Little Snitch could give a false sense of security.
I'm of the mindset that it's better to use a prophylactic device that might fail than it is to not use one so as to avoid a false sense of security. Did I mention that I have no kids? 🙂
thomas_r. wrote:
Secondly, many people misinterpret Little Snitch notifications. The average user is usually not capable of making an accurate determination of whether a particular connection attempt on behalf of a particular process is legit or not. I have personally seen a number of people who have spiraled down into a pit of paranoia thanks to perfectly normal things they found with Little Snitch.
It can be a useful tool, but just like a gun, it should not be put into untrained hands without any education at all.
I generally agree. But Google can provide a wealth of information for such neophytes; there are many sites that provide information about what processes are doing and where they communicate. My wife, a freelance writer and editor, has done fine with Little Snitch for a couple of years now.
The very user who is least able to interpret Little Snitch notifications is probably also the one least able to protect themselves from malware without such a tool. I'd rather that they be scared witless than than to have their identity stolen or their machine turned into part of some botnet (that would then spend the next three days attacking the mail servers and FTP servers on the domains that I run).
And, with that, I'll sign off and give you the last word if you want it. You're a bright guy with a lot of knowledge and I appreciate what you do for the Mac community, so the floor is yours.
Don't mean to steal the last word, because I'm not as smart as the last two conversants about computer security. However when I came looking for information on LS's inquiry about "XProtectUpdater", this is what I found. As of my reading today, this web site shows almost 13,000 views. That is a lot of people helped by this question, which was started by someone interested in what Little Snitch was telling them.
What I'm saying is that the fact that someone had LS installed on their machine and that compelled them to ask the question has helped thousands of people with the same question. I'd say Little Snitch has MORE than done its job via educating that many people, and we have people like everyone who responded to the original question to thank. So, thank all of you. Seriously— you guys, knowledgeable and willing to share your knowledge, are what got me interested in computer use to begin with (and you are what I believe to be the single most powerful use of the technology). You guys are great.
Opinion. I wonder what would cause one to find Little Snitch "worrysome"?
Of all the entities that might be trying to be in charge of my computer, I'd like to be one of them. LS is not a PITA, it is POM (Peace of mind).
Why is XProtectUpdater contacting AKAMAI on startup?
