New Terminal Results 4 Spyware / Keylogger Detection Review

That shows that your Notes account is used with Notes (not NotePad) which is the default.

When you select the e-mail accounts in the left column they should be associated with Mail.

If you really want your Notes to appear in Mail then check that box, but it's not the default so unless you changed it before it's as it should be.

morning sun wrote:

That is my concern I never changed my email accounts to be associated with the Notes App... I just opened my Mail App 2 days ago and all of my connections but one were not connecting. So I opened the Mail Accounts pane within the Sys Prefs dialog and found that my mail accounts had been dissassociated withmy Mail App and reassociated with the Notes App. I did not make this change. It got changed on its own somehow or potentially through malware of some sort...

Well you are only showing me your Notes which is not an email account and would normally only be associated with the Notes app. I can't see any of your Mail accounts so I can't comment on them.

morning sun wrote:

MY POINT IS: why would out of nowhere would there be an extra dialog box within my Mail Account configuration dialog box that gives me an option to associate, an account I'm setting up to be used with the Mail App, instead with the Notes App?!?

It is possible that an Apple update added features or they changed a setting in iCloud that caused you to see the Notes settings in System Preferences.

It is also possible that you tweaked settings within Mail or the Notes app that caused iCloud to associate the account into the settings panel.

Do you think 'hackers' are going to make a nice icon & create a settings pane for System Preferences to dupe someone? Wouldn't it be simpler to steal your keychain & try to get/crack the password for it? They could add key loggers if they control your Mac, they can compromise other pieces of the OS. Instead they made a new settings panel?

What terribly civilized hackers you have.

What you describe is 'kinda fuzzy'. It seems normal to some people here as far as I can see (aside from the camera incident that you won't tell us about). If you are convinced you have been compromised the only solution is to shut down & reinstall from known safe sources (that means away from your network, since it's been running this 'hacked Mac').

Backup the data you have but avoid using it in read+write mode, frankly it shouldn't be read when on a network if you are viewing the 'compromised' data.

Erase & restore known good firmware to your router & any other device on the network that could be 'hacked' too. Then you have to spend time motoring traffic out to be sure that nothing untoward is going on.

The scale of damage could be huge if you really have been hacked and someone has a foothold on your network.

Assuming all 'strange things' are happening because of hackers likely to be a costly mistake. If you have your business running on this machine you may consider professional help. There are companies that will do forensic analysis, but it isn't cheap or quick.

If you want 'ultra paranoid security' find an OS like https://en.wikipedia.org/wiki/Tails_OS that will protect you by default and refuse to save to your disks.

morning sun wrote:

"you are only showing me your Notes which is not an email account and would normally only be associated with the Notes app"

Yes this is my Mail Account configuration dialog box.

No it is not, it is the service selector for whatever that account is, and Mail is turned off. This has nothing to with the configuration of either Mail or Notes. it's the on/off switch.

morning sun wrote:

Yes this is my Mail Account configuration dialog box. This dialog box should have nothing to do with the Notes App. This dialog box is intended to be used to set up an email account to be used with the Mail App.

No, it's not just for Mail and clearly includes Notes. You even have Notes highlighted in your screen grab, so it must be used to configure the applications used to access your notes. I suppose it could have been added to ML at some point, but it's been so long since I used it I can't say for sure, but it's certainly in 10.8.5. In Mavericks it has been replaced by the iCloud preference pane and includes all Mail accounts, Contacts, Calendar, Reminders, Notes, Safari, Keychain, Photos, Documents & Data, Back to My Mac, Find My Mac, Messages, Facebook and probably others that I don't use.

It certainly isn't unheard of for preference lists to become corrupted which would explain any change to your e-mail accounts. I wish I could tell you which .plist that was, but off-hand I don't know.

morning sun wrote:

What do you all think of the capabilities of Little Snitch?

I've been using it for years. PITA to setup, but once you've told it what apps, IP's, ports to trust, it serves to keep everything honest. You'll need to research a lot of normal processes to understand what they for and that they are legit, but you should never have to worry about a new unknown process communicating outbound.

morning sun wrote:

Is Little Snitch reliable enough to catch even sophisticated malware communication outbound?

AFAIK it catches all outbound communications. There is no analysis involved, so it won't be able to tell you what is being communicated, but as I said before it will make clear the process involved, the IP it's attempting to contact, the port and protocol (e.g. TCP, UDP) that is being requested. The only sophistication with regard to malware is that during the installation phase it may be able to detect that you are using LS and abandon the install.

Is Little Snitch reliable enough to catch even sophisticated malware communication outbound?

There are two things to consider here, both related to the fact that Little Snitch and any malware that may have been installed are both running on the same machine.

First, as MadMacs0 points out, malware may short-circuit itself if it detects the presence of Little Snitch. This is not speculation, it has been observed in real-world Mac malware, and provides a potential added benefit to the use of Little Snitch.

On the other hand, though, malware can potentially disable Little Snitch, if it is able to achieve sufficient privileges. This is also not speculation, and has been observed in the real world. Thus, using Little Snitch could give you a potentially false sense of confidence.

In addition, as MadMacs0 points out, you have to do a lot of learning early on when getting Little Snitch configured initially. This is sometimes a fatal flaw for some people, as I've seen it cause people to spiral down into unrecoverable paranoia. If you look for people saying that perfectly normal processes are malicious, you'll find them. For example, consider the perfectly normal mds process. If I search for "Mac mds virus", one of the top hits is a post on this forum saying:

I contracted the dreaded mds virus. There is also something called md worker--two files, in fact.

There are quite a few posts on here on how to disable it but how do it get rid of it completely? Also will disabling or getting rid of it mean the files it infected have to be replaced? I guess it must also be on my backup drive.

So, be sure to look at these things rationally, and don't start researching outgoing connections on the assumption that they must be malicious, or you'll find what you're looking for rather than the truth.