Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Could this be a Mac trojan?

Macula

Macula

macrumors 6502
Original poster
Oct 23, 2006
435
36
All over the place
Yesterday I enabled the Leopard firewall by selecting the "set access for specific services and applications" option. In particular, I enabled incoming connections for iChat.app and for Transmission.app. I did not specify any applications or programs other than those two.

Today, as I was checking my Leopard preference panel, I noticed that a third program, a UNIX executable under the name natd, has been added to that list. This binary is located in the /usr/sbin folder, so it must be some really low-level process. Also, according to finder it has not been opened since last September.

Do you have any idea how this binary made it into the firewall settings? Is it placed there by Leopard itself? Could it be a trojan or malware?

Thank you.
 
It's nothing to worry about. NATD stands for "Network Address Translation daemon". It's part of the OS, that's probable why Leopard added it automatically.
 
Let me rephrase this otherwise: Is it normal for natd to be running in the background? I just realized, using Activity Monitor, that in my case it has been running for a while without me activating it in any way.
 
Macula said:
Let me rephrase this otherwise: Is it normal for natd to be running in the background? I just realized, using Activity Monitor, that in my case it has been running for a while without me activating it in any way.
Click to expand...
Yes that's normal. Leopard will automatically run and close processes as needed. If you look in activity monitor, even right after you restart, you will see quite a few processes. Most of these aren't vital to run the OS, only doing a couple of specific tasks.
One may do something with Bluetooth, or networking, or the UI.
So if you quit them strange things might start to happen.
 
lancestraz said:
Yes that's normal. Leopard will automatically run and close processes as needed. If you look in activity monitor, even right after you restart, you will see quite a few processes. Most of these aren't vital to run the OS, only doing a couple of specific tasks.
One may do something with Bluetooth, or networking, or the UI.
So if you quit them strange things might start to happen.
Click to expand...
With Little Snitch on I often see this in a list of processes when start up happens, one day I got curious and checked what it was doing at startup... from the short little description at the time it seemed to be checking to make sure the clock was correct. :) Nothing bad about that!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back