Previous 1 4 5 6 7 8 Next 168 Replies Latest reply: Sep 8, 2013 9:10 AM by MadMacs0 Go to original post
  • baltwo Level 9 Level 9 (61,945 points)

    Start interval is daily:

     

    cat /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist


    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <plist version="1.0">

    <dict>

              <key>StartInterval</key>

              <integer>86400</integer>

              <key>Label</key>

              <string>com.apple.xprotectupdater</string>

              <key>ProgramArguments</key>

              <array>

                        <string>/usr/libexec/XProtectUpdater</string>

              </array>

              <key>RunAtLoad</key>

              <true/>

    </dict>

    </plist>

  • WZZZ Level 6 Level 6 (12,660 points)

    I doubt that it's at all connected with XProtect....

    (And congratulations on the new computer.)

     

    What do you make of this then, from strings /usr/libexec/crsud (the "errors" appear because it wasn't actually executing.)

     

    com.apple.xprotectupdater

     

    com.apple.crsud

     

    TRUE

     

    xProtect = %@, crsud = %@

     

    Syncing up xprotect and codeginger preferences...

     

    com.apple.ServiceManagement.daemons.modify

     

    Error obtaining right to modify launch prefs: %@

     

    Disabling crsud service - xprotect was found disabled...

  • MadMacs0 Level 5 Level 5 (4,500 points)

    Thanks baltwo. What system does that one come from. Looks to be identical to mine from ML.

     

    WZZZ and I have just been continuing to speculate on how the new system works, specifically whether the crsud process also updates XProtect and does toggling the "Automatically install important security updates" will accelerate a check of XProtect the way the old "...safe downloads" preference did.

     

    A side issue was whether the StartInterval represents real time or computer up time and if that is different for SL users.

  • ds store Level 7 Level 7 (30,315 points)

    Xprotect and crsud have two different processes, connections/servers/times etc. on 10.6.8

     

    Screen shot 2013-04-09 at 7.16.08 AM.jpg

  • WZZZ Level 6 Level 6 (12,660 points)

    They are two different processes, but from strings, above, it looks like they are meant somehow to work together or in sync at times. The full output of strings is in my post on the previous page; I may have missed some other references to XProtect.

  • baltwo Level 9 Level 9 (61,945 points)

    MadMacs0 wrote:

    Thanks baltwo. What system does that one come from. Looks to be identical to mine from ML.

    This is from SL. I've disabled crsud on it. Can't remember why, but it shouldn't affect anything.

  • WZZZ Level 6 Level 6 (12,660 points)

    Can't remember why, but it shouldn't affect anything.

    I don't think crsud is harmful or privacy invading. If anything, it's meant to enhance security...somehow. Personally, I wouldn't have disabled it.

  • andyBall_uk Level 7 Level 7 (20,495 points)

    >>somehow

    by allowing certain updates regardless of who is using the computer, no?

     

    >>Hard to imagine it silently installing a security update

    but isn't that exactly what it did, albeit a simple script & .emptypayload ?

     

    btw - ...index-cr-lion[snowleopard]-1.sucatalog seems unavailable now - test completed, perhaps.

  • WZZZ Level 6 Level 6 (12,660 points)

    >>somehow

     

    by allowing certain updates regardless of who is using the computer, no?

    But please explain. Why would it matter for this who is using the computer? Is it that you think this is vulnerable to being compromised by some kind of exploit and needs an informed user to prevent that?

  • baltwo Level 9 Level 9 (61,945 points)

    WZZZ wrote:

    I don't think crsud is harmful or privacy invading. If anything, it's meant to enhance security...somehow.

    Too much mommy Apple for me. I let Xprotect do its thing and that should be sufficient. I've disabled all autoupdaters on my machines on all OSs. I'm responsible enough to provide for my own security.

  • andyBall_uk Level 7 Level 7 (20,495 points)

    >>Is it that you think this is vulnerable to being compromised by some kind of exploit

    No

     

    >>Why would it matter for this who is using the computer?

    As I see it, the change allows 'critical' updates w/o confirmation or admin approval. They don't pop up in sw update where they can be dismissed, and will occur regardless of software update automatic checks being disabled.

  • WZZZ Level 6 Level 6 (12,660 points)

    I'm responsible enough to provide for my own security.

    But you can't write your own security patches.

  • WZZZ Level 6 Level 6 (12,660 points)

    andyBall_uk wrote:

     

    >>Is it that you think this is vulnerable to being compromised by some kind of exploit

    No

     

    >>Why would it matter for this who is using the computer?

    As I see it, the change allows 'critical' updates w/o confirmation or admin approval. They don't pop up in sw update where they can be dismissed, and will occur regardless of software update automatic checks being disabled.

    I see what you're saying, but what if this is the only way going forward that Snow will be getting security updates? I guess we need to know more. I agree, I always like to wait a few days to see what trouble a security update might be causing. Set up this way, that will no longer be possible.

     

    Message was edited by: WZZZ

  • baltwo Level 9 Level 9 (61,945 points)

    WZZZ wrote:

    …but what if this is the only way going forward that Snow will be getting security updates?

    Then, Apple should be shot. Autoupdates w/o user intervention is beyond nuts.

  • andyBall_uk Level 7 Level 7 (20,495 points)

    >>what if this is the only way going forward that Snow will be getting security updates...I guess we need to know more.

    Yes indeed - I'd hope that Apple would say something if that became so.

Previous 1 4 5 6 7 8 Next