Solved

Mac OS X / Unix / networking Expert advice sought, possible malware operating on work laptops

Posted on 2011-09-27
3
386 Views
Last Modified: 2012-05-12
I would appreciate hearing a specific, step-by-step process by which one can determine with confidence if a Mac OS X machine has been compromised, in particular by phishing, keystroke logging, or related practices.

Please reply without concern for lay understanding.  I truly want an expert second opinion on this matter. I have programmers and network professionals who work for me, and who can implement as complicated a plan/solution as you might devise. This site is being used for that expert second opinion, for possible "thinking outside the box".

(Hence, no answers questioning reasons for the making the query, suggesting reinstallation of system software, or simply encouraging installation of Little Snitch or similar monitoring, are desired. Monitoring toward a specific end, as a step in a plan is welcome; sledge hammer solutions and monitoring activities as open-ended exploratory activities are unhelpful.)

Thank you in advance for your effort on this.  Prof D
0
Comment
Question by:LeProf_No1
  • 2
3 Comments
 
LVL 19

Accepted Solution

by:
Kash earned 500 total points
ID: 36715992
Hello,
 what kind of possible malware you suspect is running on your network. If you think a machine has been compromised you can check on ACTIVITY MONITOR to see if any suspect program is running in the background. that is the first check you can do.

you can also check for open ports on machine if you think any ports are open which shouldn't be.

the firewall (built in) on the mac is very strong and if you turn it on, it will definitely block most of the programs and will raise alarm if some malicious activity occurs.

again, my answers are very generic as I am not sure what kind of info you are after but we can work towards it.
0
 

Assisted Solution

by:LeProf_No1
LeProf_No1 earned 0 total points
ID: 37008325
We did *not* accept this Comment as a solution, though the individual clearly made an attempt to assist us.

What was desired was a process to follow, in IT language, to unequivocally determine if a Mac OS X machine has been compromised, see original request (or to be told such was not possible, see comment offered on replying "No" to "Was this Comment Helpful?" query).

Specifically, Activity Monitor (AM) and equivalent unix procs are already in use, but clarification is needed as to what evidence is sought. Open ports was a helpful step/point, with the same limitation as the AM recommendation. The Mac firewall rec, while largely sound as a preventative, here would be closing the barn door after...

As "innocent" said, the answers, while well-meaning and appreciated -- especially as the ONLY answer offered by this expert service -- were too generic to be of help.
0
 

Author Closing Comment

by:LeProf_No1
ID: 37035291
We have discontinued use of this service, less than expert in this crucial area, and will use other means to arrive at the process we need.  LeProf_No1
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now