crsud process with security update 2013-001

I doubt that it's at all connected with XProtect....

(And congratulations on the new computer.)

What do you make of this then, from strings /usr/libexec/crsud (the "errors" appear because it wasn't actually executing.)

com.apple.xprotectupdater

com.apple.crsud

TRUE

xProtect = %@, crsud = %@

Syncing up xprotect and codeginger preferences...

com.apple.ServiceManagement.daemons.modify

Error obtaining right to modify launch prefs: %@

Disabling crsud service - xprotect was found disabled...

Thanks baltwo. What system does that one come from. Looks to be identical to mine from ML.

WZZZ and I have just been continuing to speculate on how the new system works, specifically whether the crsud process also updates XProtect and does toggling the "Automatically install important security updates" will accelerate a check of XProtect the way the old "...safe downloads" preference did.

A side issue was whether the StartInterval represents real time or computer up time and if that is different for SL users.

Xprotect and crsud have two different processes, connections/servers/times etc. on 10.6.8

They are two different processes, but from strings, above, it looks like they are meant somehow to work together or in sync at times. The full output of strings is in my post on the previous page; I may have missed some other references to XProtect.

MadMacs0 wrote:

Thanks baltwo. What system does that one come from. Looks to be identical to mine from ML.

This is from SL. I've disabled crsud on it. Can't remember why, but it shouldn't affect anything.

Can't remember why, but it shouldn't affect anything.

I don't think crsud is harmful or privacy invading. If anything, it's meant to enhance security...somehow. Personally, I wouldn't have disabled it.

>>somehow

by allowing certain updates regardless of who is using the computer, no?

>>Hard to imagine it silently installing a security update

but isn't that exactly what it did, albeit a simple script & .emptypayload ?

btw - ...index-cr-lion[snowleopard]-1.sucatalog seems unavailable now - test completed, perhaps.

>>somehow

by allowing certain updates regardless of who is using the computer, no?

But please explain. Why would it matter for this who is using the computer? Is it that you think this is vulnerable to being compromised by some kind of exploit and needs an informed user to prevent that?

WZZZ wrote:

I don't think crsud is harmful or privacy invading. If anything, it's meant to enhance security...somehow.

Too much mommy Apple for me. I let Xprotect do its thing and that should be sufficient. I've disabled all autoupdaters on my machines on all OSs. I'm responsible enough to provide for my own security.

>>Is it that you think this is vulnerable to being compromised by some kind of exploit

No

>>Why would it matter for this who is using the computer?

As I see it, the change allows 'critical' updates w/o confirmation or admin approval. They don't pop up in sw update where they can be dismissed, and will occur regardless of software update automatic checks being disabled.

I'm responsible enough to provide for my own security.

But you can't write your own security patches.

andyBall_uk wrote:

>>Is it that you think this is vulnerable to being compromised by some kind of exploit

No

>>Why would it matter for this who is using the computer?

As I see it, the change allows 'critical' updates w/o confirmation or admin approval. They don't pop up in sw update where they can be dismissed, and will occur regardless of software update automatic checks being disabled.

I see what you're saying, but what if this is the only way going forward that Snow will be getting security updates? I guess we need to know more. I agree, I always like to wait a few days to see what trouble a security update might be causing. Set up this way, that will no longer be possible.

Message was edited by: WZZZ

WZZZ wrote:

…but what if this is the only way going forward that Snow will be getting security updates?

Then, Apple should be shot. Autoupdates w/o user intervention is beyond nuts.

>>what if this is the only way going forward that Snow will be getting security updates...I guess we need to know more.

Yes indeed - I'd hope that Apple would say something if that became so.

OK, you've both convinced me. I'm setting Little Snitch back again to deny ask until I know more. I really should call Apple while I still have a few days left on my AC to ask about this...if anyone there even knows.

Message was edited by: WZZZ