Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

If someone installs a spy-program locally on your computer?

netdog

netdog

macrumors 603
Original poster
Feb 6, 2006
5,760
38
London
If someone installs a spy-program locally on a computer, how would you go about finding it and/or rectifying the situation?

A friend has reason to believe that someone installed software on their OS X computer to gather information. They may or may not have had the password, and she thinks they got on locally.

How would she go about finding any such programs installed? She is reluctant to to a clean install (the only suggestion that I could think of).
 
LittleSnitch is one program that comes to mind. It acts as a firewall for applications trying to send messages from your machine. It does not remove any spyware though, it simply acts as a firewall to let you know about things trying to communicate outside your machine. You might also consider one of the big name security companies like Symantec to do a scan. There isn't much spyware for Mac, including legitimate software.
 
Another vote for littlesnitch.

This will report any and all applications that try to "phone home" That is contact a server.
 
maflynn said:
Another vote for littlesnitch.

This will report any and all applications that try to "phone home" That is contact a server.
Click to expand...

It wont help remove it though. so basically, the best option is a clean install seeing as the type of "malware" is unidentified and the amount is unknown.

to the OP, in order for somebody to install software on your system usually requires your root password, something you gave up by installing the software/letting somebody else..

1 vote for clean install ;)
 
x0r-lord said:
to the OP, in order for somebody to install software on your system usually requires your root password, something you gave up by installing the software/letting somebody else..
Click to expand...

I'm sure you meant an admin password and not root. Root definitely isn't needed. The OP also stated that the person may have had the password so it's quite possible they could have installed something.
 
If someone installs a spy-program locally on your computer?

If someone installs a spy-program locally on a computer, how would you go about finding it and/or rectifying the situation?

An application called ClamXav (free) for Mac OS X will pick up viruses and may also do the sort of thing your after.

It found a malware in one of the d/loads I had for a Windows programme
I was attempting to preview.
 
angelwatt said:
I'm sure you meant an admin password and not root. Root definitely isn't needed. The OP also stated that the person may have had the password so it's quite possible they could have installed something.
Click to expand...

I did mean administrator, but its irrelevant.
the admin password allows root access, both on a temporary basis (as with sudo) or more permanently by allowing the enabling of the root account itself (only requires administrator access).

I'm personally of the belief that security is nobodies concern but your own. If you don't care enough to take precautions, why should I care if your information gets stolen?

That being said, I reaffirm my initial position, clean install, complete password change.

It only takes a little work to prevent a lot of damage.
 
iAntivirus includes most "spy-program" type applications in it's malware definitions. You could give that a try first.

Check to see if any settings have been altered in your System Preferences -> Sharing tab.

Install an app, such as TrashMe, that can find and list most of the apps, prefs, and plugins installed in your system to look to see if you can find anything suspicious.

Use Activity Monitor in your utilities folder to look for anything suspicious.

What makes her think that something malicious was installed in her system?
 
In the end, after running Little Snitch for a few days and watching what was running, just went the easy route and did an erase and clean install of OS X.

Then returned her home directory to it's place as it didn't seem to me that any harm could really come from there.

The why is a long story, but it would have involved a pro tampering with the machine.
 
GGJstudios said:
iAntiVirus is bogus. I would never install that on a Mac.
Click to expand...

I also believe that iAntivirus is somewhat bogus but it does include definitions for legitimate keyloggers (that require admin password to install) so i thought they would get piece of mind by running it on their system. Even that link you provided states that it includes definitions for legitimate softwares that COULD be used maliciously.

I prefer to use ClamXav not out of worry for my Mac but to prevent inadvertently forwarding an email with a virus to a windows user. Interestingly, the Clamav engine is included in Mac OS X Server.

I did not refer the user to ClamXav because it does not include definitions for legitimate software on the chance that their suspicions were correct.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back