Q: Does anyone know what Citrix is and way did it load on my Mac after the latest upgrade?

Citrix makes network connectivity products. It is likely some corporate VPN software. It isn't part of OS X and didn't come from the update.

Did you download the update from the App Store or another source?

Have you participated in any Network Conferences like "Go to Meeting?"

I did that recently and suspect they somehow installed it for me.

I was quite surprised when you mentioned it, as I have it too.

It's in "my username/Applications/Utilities/ as CitrixOnlineLauncher (app)

But just guessing, really.

Thanks for the stars.

Like I said, I was surprised.

I simply attended a “Webinar” (for “LogicPro”) and am pretty sure that’s when it happened as the install dates coincide.

It was amazing how many files were installed without me even knowing, and the process of which slid by Apple security on my system. This log file reveals a lot of what it did, just amazing.

Do you still have this log file ?

HD/Users/YourUserName/Library/Logs/com.citrixonline.WebDeployment/DownloaderApp. log

It’s all done using javascript which, BTW, can be disabled in your browser if you like *Safari” ? …. whatever.

A lot of cautious people disable it for higher web browsing security.

Look into it, if it is something you think you need/want.

Cheers and safe networking.

TTab

It was amazing how many files were installed without me even knowing, and the process of which slid by Apple security on my system.

It didn't "slide" by anything. You authorized it.

Barney, I am sure you are probably correct about that, as I vaguely recall having to verify something before the whole thing happened.

It was careless of me to insinuate any fault of Apples' with the wording I used.

Thanks for the follow up.

Tab

My comment was meant as a defense of Apple, but to highlight the myriad of things that can happen when you authenticate any seemingly innocuous software install. You seem to have arrived at that conclusion which is the most important lesson here.

Much of the Adware that gets installed these days happens for the very same reason--additional payloads are installed along with the legitimate one you wanted.

With Adware they are attempting to put something past you, but in your case, they were just installing the necessary software to complete the requested task. They likely should present more information to you during the install to let you know what is being installed and why and also provide instructions on how to uninstall it when you are done.

Yes indeed.

Actually, I had just stumbled across that Citrix Installer Application and upon further inspection found that it must have been left behind after that Webinar.

Also, they (GoToMeeting) left behind 3 or 4 different versions of there Web Casting software App. which, was my initial discovery. Another thing(s) they had installed.

There was a serious interruption mid-way through the Webinar and they seemed to be desperately trying anything to get it working again. This could have contributed to the mess they left behind.

I don’t suspect anything malicious about what they did, and I have not noticed any problems here but, it just seemed a bit sloppy.

The thing that scares me is Java, and JavaScript. It’s a real software powerhouse.

It can take over your whole system and seemingly do what ever it wants, and all you have to do is NOT enable it. Yet, it seems to be enabled by default in most browsers.

I am anxious to find out if you have any comments about it.

Am I wrong ? I hope I am actually.

TTab

JavaScript isn't a threat. Java can be exploited. They are entirely different things despite have "Java" in both names.

Java is not enabled in Safari, nor installed with OS X, now.

OK, yes, Java itself, is the Bad Boy, or can be, and has been exiled by Apple.

It’s just that, I have a log file of what they were doing inside my system using a JavaScript.

The name of the Log file is “DownloaderApp.log” which they also downloaded (uploaded?) and ran for me.

I hesitate to upload all of it here, but I will, if need be.

It clearly reports completing some activities like these excerpts; code is between quotes “…”

“20160321 13:57:56.458 I: [7245] <1607> sending request for 'https://download.citrixonline.com/launcher2/telemetry/helper?token=e0-nQgYbn8YxW MxTRumxhi_0v19-RreCNM9kEHXTp5OFTJWFnuEwStkYiKLBXsxI9vut4v6wKRCB7vNf0Xf-tv1_XMmch Xw_MvWqoSYcIKk6bQROMHamv40VjTyoGjl7eJQbpos1PHVkpv86DESflXJ2&downloadTrigger=java script'   “

-and-

“this is the remove-dmg script.

  script: /private/var/tmp/4F9BED7C-5856-4059-9807-702257A5E8C9.sh

vol path: /Volumes/Citrix Online Launcher

dmg path: /Users/xxxxxxxxxxx/Downloads/Citrix Online Launcher.dmg

wait pid: 7245

detaching volume

"disk2" unmounted.

"disk2" ejected.

deleting disk image file

deleting script”

End of the Log file here.

So, here is a Java script, downloading, installing and executing files, and without me knowing it.

This seems like JavaScript can be a possible threat also.

Am I wrong about this ?

I don’t proclaim to be an expert, at all, I’m just hoping to understand things a bit better really.

That's not a JavaScript. Script is a generic term for code of some sort.

The first is a normal URL requesting something from the web. In this case it is the download that contains the installer for the webinar software.

The line that starts with "script" is a shell script (.sh). A shell is a unix command line environment.

Again, none of that is JavaScript.