If someone installs a spy-program locally on your computer?

Discussion in 'macOS' started by netdog, Sep 20, 2010.

  1. netdog macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #1
    If someone installs a spy-program locally on a computer, how would you go about finding it and/or rectifying the situation?

    A friend has reason to believe that someone installed software on their OS X computer to gather information. They may or may not have had the password, and she thinks they got on locally.

    How would she go about finding any such programs installed? She is reluctant to to a clean install (the only suggestion that I could think of).
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    LittleSnitch is one program that comes to mind. It acts as a firewall for applications trying to send messages from your machine. It does not remove any spyware though, it simply acts as a firewall to let you know about things trying to communicate outside your machine. You might also consider one of the big name security companies like Symantec to do a scan. There isn't much spyware for Mac, including legitimate software.
     
  3. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #3
    Another vote for littlesnitch.

    This will report any and all applications that try to "phone home" That is contact a server.
     
  4. x0r-lord macrumors member

    Joined:
    Aug 31, 2010
    Location:
    Ottawa, Canada
    #4
    It wont help remove it though. so basically, the best option is a clean install seeing as the type of "malware" is unidentified and the amount is unknown.

    to the OP, in order for somebody to install software on your system usually requires your root password, something you gave up by installing the software/letting somebody else..

    1 vote for clean install ;)
     
  5. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #5
    I'm sure you meant an admin password and not root. Root definitely isn't needed. The OP also stated that the person may have had the password so it's quite possible they could have installed something.
     
  6. ribbo1939 macrumors newbie

    Joined:
    Feb 8, 2009
    Location:
    Australia
    #6
    If someone installs a spy-program locally on your computer?

    If someone installs a spy-program locally on a computer, how would you go about finding it and/or rectifying the situation?

    An application called ClamXav (free) for Mac OS X will pick up viruses and may also do the sort of thing your after.

    It found a malware in one of the d/loads I had for a Windows programme
    I was attempting to preview.
     
  7. x0r-lord macrumors member

    Joined:
    Aug 31, 2010
    Location:
    Ottawa, Canada
    #7
    I did mean administrator, but its irrelevant.
    the admin password allows root access, both on a temporary basis (as with sudo) or more permanently by allowing the enabling of the root account itself (only requires administrator access).

    I'm personally of the belief that security is nobodies concern but your own. If you don't care enough to take precautions, why should I care if your information gets stolen?

    That being said, I reaffirm my initial position, clean install, complete password change.

    It only takes a little work to prevent a lot of damage.
     
  8. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #8
    iAntivirus includes most "spy-program" type applications in it's malware definitions. You could give that a try first.

    Check to see if any settings have been altered in your System Preferences -> Sharing tab.

    Install an app, such as TrashMe, that can find and list most of the apps, prefs, and plugins installed in your system to look to see if you can find anything suspicious.

    Use Activity Monitor in your utilities folder to look for anything suspicious.

    What makes her think that something malicious was installed in her system?
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    iAntiVirus is bogus. I would never install that on a Mac.
     
  10. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #10
    In the end, after running Little Snitch for a few days and watching what was running, just went the easy route and did an erase and clean install of OS X.

    Then returned her home directory to it's place as it didn't seem to me that any harm could really come from there.

    The why is a long story, but it would have involved a pro tampering with the machine.
     
  11. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #11
    I also believe that iAntivirus is somewhat bogus but it does include definitions for legitimate keyloggers (that require admin password to install) so i thought they would get piece of mind by running it on their system. Even that link you provided states that it includes definitions for legitimate softwares that COULD be used maliciously.

    I prefer to use ClamXav not out of worry for my Mac but to prevent inadvertently forwarding an email with a virus to a windows user. Interestingly, the Clamav engine is included in Mac OS X Server.

    I did not refer the user to ClamXav because it does not include definitions for legitimate software on the chance that their suspicions were correct.
     

Share This Page