How can I tell if someone has broken into my computer?

Discussion in 'Mac Basics and Help' started by alexf, May 3, 2006.

  1. alexf macrumors 6502a

    alexf

    Joined:
    Apr 2, 2004
    Location:
    Planet Earth
    #1
    I am sure this has been asked before, but I just need a simple way to look "behind the scenes" and see if someone has infiltrated my computer.

    When I look at the Activity Monitor, there is a lot of activity going on from users "nobody" and "windowserve." What does this mean? Am I just being paranoid? (likely the case...) :confused:

    Thanks for any advice.
     
  2. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #2
    Too bad there's no such thing. The only "simple" way to see if someone has inflitrated you is to use something like TripWire to protect yourself. And TripWire is FAR from "simple".

    "nobody" is a real "user" on your box. It's an owner UID (unique id) assigned to certain binaries to help ensure that they don't get "out of hand" (that's a vast oversimplification, but it's a security thing). Examples are "mdimport", which is Spotlight. "windowserver" is also a real "user", and basically is the same thing as "nobody". The "WindowServer" process is owned by the "windowservr" UID. But there shouldn't be "a lot", AFAIK. Just 1 or 2 for each.

    So.. it's likely that you're being paranoid.

    Are you in a situation that would likely put your computer at risk? Not using a firewall? Not behind a router? Root enabled with a weak password? Weak passwords on admin accounts? Downloaded tons of unknown softwares from unknown sources? Posted your usernames and passwords on public sites? Etc, etc.

    If not.. then I wouldn't worry.

    However, the ONLY real way to make sure that you've not been hacked/cracked is to ERASE the drive and reinstall everything from a known, clean, safe install. That means, not restoring from a back up unless you know it's clean/safe. It means starting over from scratch. That's the ONLY way to be 100% safe.

    For an idea of other "users" (UIDs with names) on your box, try opening NetInfo Manager and looking under "users".
     
  3. alexprice macrumors 6502a

    Joined:
    Jan 8, 2005
    #3
  4. alexf thread starter macrumors 6502a

    alexf

    Joined:
    Apr 2, 2004
    Location:
    Planet Earth
    #4
    Thanks for the help - yes, I guess I probably am being paranoid. However, I have recently been reading a lot about how Macs seem to be becoming more prone to attacks (e.g. http://www.wired.com/news/technology/0,70780-0.html?tw=rss.index), and have noticed some "unusual" activity on my computer.

    However, I am very careful with passwords, have a router, etc., so I probably shouldn't worry...
     
  5. gman71882 macrumors 6502

    gman71882

    Joined:
    Jan 12, 2005
    Location:
    Houston, Tx
    #5
    What unusual activity is happening??? That would help point in what direction to look... and plug the hole if there is one :confused:
     
  6. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
  7. generik macrumors 601

    generik

    Joined:
    Aug 5, 2005
    Location:
    Minitrue
    #7
    Well you are not that important, don't worry :rolleyes:

    Besides there are 20 other PC users to attack instead of the attacker wasting time on your Mac :D
     
  8. alexf thread starter macrumors 6502a

    alexf

    Joined:
    Apr 2, 2004
    Location:
    Planet Earth
    #8
    What exactly is an "FUDturd"? Sounds like something interesting...
     
  9. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #9
    FUD+turd=FUDturd™

    I can't believe "turd" is in Wikipedia.
     
  10. janey macrumors 603

    janey

    Joined:
    Dec 20, 2002
    Location:
    sunny los angeles
    #10
    Although a lot of the coverage about Mac malware may be FUD, that kind of thinking is very harmful in general.

    Hence, why I dislike one of the ads in Apple's new ad campaign about Macs being portrayed as not vulnerable to viruses. It's just wrong as it's cultivating the image that Macs are more secure than they really are, and it should be stopped, but unfortunately half the Mac community, as well as the marketing idiots and Steve Jobs at Apple seem to think otherwise.

    No computer is that invulnerable to attacks. If you do believe Macs are, then, I'm sorry to say, I don't feel sorry for you if anything happens to the contrary. Macs may be less vulnerable out of the box compared to Windows et al, but that doesn't mean nobody's going to find a way to exploit security holes (of which there are actually many, whether or not Apple fixes them is a moot point, as it's painfully clear with Microsoft that not everyone updates their computer regularly...).

    BTW, in that wired article they mention a guy named benjamin daines...isn't he one of the regulars here? Interesting...
     
  11. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #11
    Yes.. and the malware originated here as "pictures of Leopard".
     
  12. 3kids macrumors regular

    Joined:
    Apr 27, 2006
    #12
    Is there someplace to download a firewall for a MAC? I have a router; do I need more? On my PC I had every safety net I could think of for security. I didn't know with a MAC that I needed to be a vigilant.
     
  13. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #13
    1) It's not an acronym, it's short for Macintosh, so it's just Mac, not MAC.

    2) There's a built-in firewall called ipfw (or ipfw2 if you're on Tiger). To start it, simply go to the Sharing Preference Pane and click on the Firewall tab.

    Running double firewalls may be overkill and paranoia.
     
  14. janey macrumors 603

    janey

    Joined:
    Dec 20, 2002
    Location:
    sunny los angeles
    #14
    Ah yes, I remember that. Forgot about that so soon :eek:

    Also, you don't need to be totally anal about security on your Mac. Just use some common sense and caution, same as you would on Windows with email attachments and such.
     
  15. 3kids macrumors regular

    Joined:
    Apr 27, 2006
    #15
    1)Thank you for the English lesson.

    2)How do I get to the Sharing Preference Pane?

    3)Is there a forum for folks who are truly new to Macs(See, lesson learned) and need basic, simple questions answered without others criticizing their lack of basic understanding of computer operations?
     
  16. rdowns Suspended

    rdowns

    Joined:
    Jul 11, 2003
    #16
    I'd recommend you sign up for a free trial to .Mac where you can view a bunch of Quicktime movies on using the OS and iLife apps. Hope that helps, noob. :D
     
  17. UKnjb macrumors 6502a

    UKnjb

    Joined:
    May 23, 2005
    Location:
    London, UK
    #17
    Welcome to macrumors. Enjoy your time here. :)

    1. No comment.

    2. Click on the icon in your dock that looks like a light-switch with the Apple logo on it. Or from Finder, one of the menu options is System Preferences. Select that. On the Internet and Network section from System Preferences, click on the Sharing Icon. The middle tab, Firewall, is the one you want. From the Sharing tab, you can also make sure that all file-sharing is off, or check selected ones that you might want to share.

    3. Keep coming back here! There is a large number of really knowledgeable and friendly people who will be only too pleased to help answer your basic questions or point you in the right direction. Do try to use the Search (with the Advanced option) facility before posting, as your question may have been answered on a previous Thread. For instance, I have just looked and there are 138 separate threads from a search with "Firewall" as the keyword.

    I am running Panther and there is a very good NSA article that details how to set up the security of your Mac (or MAC) and can be downloaded from here

    Again, welcome and ask away! :)
     
  18. savar macrumors 68000

    savar

    Joined:
    Jun 6, 2003
    Location:
    District of Columbia
    #18
    That article is atrocious. If you're trolling around looking for illegal software like the "unfortunate" fellow in the article, you're asking to have something bad happen to you.

    Stay on the good sites, stay behind your router, and you should be pretty safe.
     
  19. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #19
    I a good place to start with is here:

    http://www.apple.com/support/mac101/
     

Share This Page