crsud process with security update 2013-001

WZZZ wrote:

OK, you've both convinced me. I'm setting Little Snitch back again to deny ask until I know more.

Just wondering why you would use Little Snitch to do this rather than simply de-selecting the "Automatically install important security updates"?

MadMacs0 wrote:

WZZZ wrote:

OK, you've both convinced me. I'm setting Little Snitch back again to deny ask until I know more.

Just wondering why you would use Little Snitch to do this rather than simply de-selecting the "Automatically install important security updates"?

Because I don't know yet if that would disable silent Xprotect updates. That's where the XProtect toggling used to be, and this replaced it. Lots of questions still to be ansered.

WZZZ wrote:

I don't know yet if that would disable silent Xprotect updates. That's where the XProtect toggling used to be, and this replaced it.

I know, but if you don't uncheck it you may never find out.

In the past I've checked every evening to see if XProtect has been updated in order to alert some colleaques who need to track this stuff. Now that I have a personal interest in it with my Intel mac, I check it more often using a couple of different methods:

How to monitor XProtect updates in OS X

XProtect Plugin Checker

So, if you want to uncheck the box I promise that I will post here as soon as I know about the next XProtect update and we'll all learn something?

According to the little AppleScript I wrote, the defs are at version 60, last updated 21 Mar 13—Snow Leopard.

When disabled, (knowing your actual version) you can check for available XProtect updates here:

Snow Leopard:

http://configuration.apple.com/configurations/macosx/xprotect/1/clientConfigurat ion.plist

(just 8 lines under : ----- END SIGNATURE -----)

<key>Version</key>

<integer>60</integer>

<key>PlugInBlacklist</key>

Mountain Lion:

http://configuration.apple.com/configurations/macosx/xprotect/3/clientConfigurat ion.plist

I know how to get XProtect going from the command line. OK, I'll try unchecking and we'll see. We'll also find out it that stops crsud from asking. But if these new "critical" security updates are silent, who's going to know when one happens? Xprotect I can see, but how will this new stuff manifest itself? It's really something else that Apple hasn't yet said a word.

baltwo wrote:

According to the little AppleScript I wrote, the defs are at version 60, last updated 21 Mar 13—Snow Leopard.

For any Lion users, same date with time of 22:50:01 GMT and version 1044

and for ML version 2034.

WZZZ wrote:

if these new "critical" security updates are silent, who's going to know when one happens?

I guess I'll just have to watch my install log more closely.

But you're on ML, no? I wouldn't assume they'll be released simultaneously. This whole thing is just nuts.

WZZZ wrote:

But you're on ML, no? I wouldn't assume they'll be released simultaneously.

I haven't checked exact times, but the announcements I've been getting have been simultaneous. I would not expect a SL update to be posted without a companion for Lion and/or ML even though they would contain somewhat different contents.

That's why Apple so carefully documented everything. NOT!

And then another question. If you skip one, will it stay available the next time you let crsud run? I suppose so, but nothing about this is guaranteed. I really have to call Apple tomorrow and see if someone knows anything.

I'm quite prepared to get a senior tech who offers nothing more than that crsud is for critical security updates. Duh!

>>Because I don't know yet if that would disable silent Xprotect updates.

toggling it off disables both com.apple.xprotectupdater and com.apple.crsud

OK. I just got off the phone with a so called senior tech. This was one of the most mind boggling conversations I have ever had. This clown kept on telling me gibberish (I can't begin to give the details, but this was mind blowing) until I finally got him to admit that he had no idea what crsud was or how it worked and Apple had told him nothing. The killer was at the end when he told me that if I were to delete any of the .plists associated with crsud, they would automatically be recreated. This buffoon didn't know the difference between an ordinary preference file and a LaunchDaemon property list. This was a senior tech. Maybe it was just my bad luck to fall on this moron. Perhaps someone else wouldn't have tried to pretend they knew something they didn't.

Anyway, I got him to write down the paths of the locations of all the crsud files, including the executable, and he said he would ask engineering and get back to me. Bottom line, I asked him to make sure he finds out if this installs updates silently. (Based on knowing absolutely nothing, which he admitted, he assured me it didn't.)

I think the next step is for anyone reading this thread who may be concerned, to submit a request for some proper documentation about this. Right now there is absolutely zilch and the techs have nothing. I'm not exactly holding my breath for a useful answer--or an answer of any kind.

https://ssl.apple.com/support/feedback/

I'm beginning to think we're never going to find out what this ****** thing really does. What worries me is if I keep denying crsud through LS, and at one point it isn't crying wolf--meaning there really is some critical security patch (not necessarily a full update) being issued, then I'm going to miss it.