Solved

Mac OS X / Unix / networking Expert advice sought, possible malware operating on work laptops

Posted on 2011-09-27
3
399 Views
Last Modified: 2012-05-12
I would appreciate hearing a specific, step-by-step process by which one can determine with confidence if a Mac OS X machine has been compromised, in particular by phishing, keystroke logging, or related practices.

Please reply without concern for lay understanding.  I truly want an expert second opinion on this matter. I have programmers and network professionals who work for me, and who can implement as complicated a plan/solution as you might devise. This site is being used for that expert second opinion, for possible "thinking outside the box".

(Hence, no answers questioning reasons for the making the query, suggesting reinstallation of system software, or simply encouraging installation of Little Snitch or similar monitoring, are desired. Monitoring toward a specific end, as a step in a plan is welcome; sledge hammer solutions and monitoring activities as open-ended exploratory activities are unhelpful.)

Thank you in advance for your effort on this.  Prof D
0
Comment
Question by:LeProf_No1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 19

Accepted Solution

by:
Kash earned 500 total points
ID: 36715992
Hello,
 what kind of possible malware you suspect is running on your network. If you think a machine has been compromised you can check on ACTIVITY MONITOR to see if any suspect program is running in the background. that is the first check you can do.

you can also check for open ports on machine if you think any ports are open which shouldn't be.

the firewall (built in) on the mac is very strong and if you turn it on, it will definitely block most of the programs and will raise alarm if some malicious activity occurs.

again, my answers are very generic as I am not sure what kind of info you are after but we can work towards it.
0
 

Assisted Solution

by:LeProf_No1
LeProf_No1 earned 0 total points
ID: 37008325
We did *not* accept this Comment as a solution, though the individual clearly made an attempt to assist us.

What was desired was a process to follow, in IT language, to unequivocally determine if a Mac OS X machine has been compromised, see original request (or to be told such was not possible, see comment offered on replying "No" to "Was this Comment Helpful?" query).

Specifically, Activity Monitor (AM) and equivalent unix procs are already in use, but clarification is needed as to what evidence is sought. Open ports was a helpful step/point, with the same limitation as the AM recommendation. The Mac firewall rec, while largely sound as a preventative, here would be closing the barn door after...

As "innocent" said, the answers, while well-meaning and appreciated -- especially as the ONLY answer offered by this expert service -- were too generic to be of help.
0
 

Author Closing Comment

by:LeProf_No1
ID: 37035291
We have discontinued use of this service, less than expert in this crucial area, and will use other means to arrive at the process we need.  LeProf_No1
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Information security is a multi-billion dollar industry. Just as lucrative is the black market industry which trades stolen identities, credit card numbers and software exploits all over the world. Nothing is hack-proof. The best one can do is make …
A common question or need, when setting-up a new Mac for someone would be to make all of the applications, installed, available from the dock. Many people often do not realize an application is installed unless it is in the dock. Creating a custo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question