Java generates Mb/s unwanted net traffic

Discussion in 'MacBook Pro' started by JB Tipton, Nov 13, 2012.

  1. JB Tipton macrumors newbie

    Feb 5, 2011
    My Macbook Pro started behaving strangely a few days ago. At first I thought that Comcast had begun imposing data limits on me, because I would randomly lose connection with the net, but if I waited long enough, or switched airport to another one of my WiFi routers (forcing a new IP), it would continue on OK.

    It was only gmail's communicator and some other heavy comm users that would notify me of broken connection, but 'small number of packets' apps -- like text apps -- were still usually working, but a little slow. But today, even they became unusable; very little to no net bandwidth available.

    Then I noticed that about half my net bandwidth (both up and down) was being used -- a varying load -- but almost continuously. I have measured the available bandwidth as varying between 5 to 10 Mb/s, so whatever was generating traffic was generating A LOT! I had noticed that a lot of bandwidth was being used for a long time (maybe even since I got the machine 18 months ago), but it never interfered with my work. I had a lot of (Chrome) browser windows open, so quit the browser. I found Apple's cron job S/W update scanner dialog box had been open but invisible (for god knows how long) behind the browser window. I killed it. Still the same massive net traffic continued on what should have been a quiescent machine. The CPU usage graph showed only small but exclusively OS (kernel) cycles in use. There was some intermittent disk I/O.

    I rebooted the machine without external disks. I launched NO apps (nothing!): Same behavior. Fearing a virus or worm attack, I immediately shut down -- somewhat happy that it wasn't showing much disk I/O accompanying the net I/O, and that all my data still seemed to still be intact.

    I used my phone to search the net for news of mac viruses/worms, but didn't really find anything applicable. Hence, I post this in the hope that it might help others:

    - - - - - - - - - - - - - - - - - - - - - - - - - - -

    You may not believe this, because I don't understand how this is possible, myself, but:

    Luckily I didn't have to dig very deeply into my computer to stop the massive net traffic. If a reasonable hypothesis as to a mechanism with the apparent behavior doesn't surface in the next couple of days, I may choose to try to perform a detailed post mortem to figure out exactly what the mechanism was that caused my problem.

    I poked around on the net looking for possible explanations or other people with similar problems, and found essentially nothing. But I did find a few interesting, but not necessarily related, things. One of those was a suggestion of 5 things things dummies could do to improve the security of their mac:

    I chose to make a backup and tighten up my security a bit before beginning a real debugging process. I only allowed myself short bursts of re-connection to the internet as required while carefully monitoring traffic -- and whether my (internal-only) hard-disk data continued to exist.

    When I got around to disabling Java, I first disabled Java in Safari, then Firefox, and then Chrome.

    When I disabled Java in Chrome, the massive net traffic immediately ceased. I had disabled Chrome remote desktop viewing in the same session, so I re-enabled each individually to see which was responsible. (I do not suspect 'Chrome remote desktop viewing', because I have NEVER installed the webapp which enables it.) The massive traffic did not come back in either case. It seems that a small amount of traffic came back when I re-enabled Java, but it's a noisy space, so I don't entirely trust that measurement. But I think so.

    After this initial indication, I disabled Java in the Opera browser, as well.

    Wanting to verify both necessary and sufficient conditions for the problem, I began trying to re-create the massive net traffic by trying combinations of enabling/disabling Chrome Java, Chrome remote desktop viewing, and Apple Software Update, -AND- permutations of the order of these operations along with system re-boot. Again, a small increase in net traffic seemed to correlate with the enabling of Java in Chrome, but nothing like the volume of traffic which interfered with surfing the web.

    Nothing I have tried to date has re-created the massive net traffic problem which, basically, was impossible to stop until I initially disabled Java (and [the non-installed] remote desktop viewing) in Chrome.

    I do not understand how it is possible for a Java enable/disable setting inside a browser to affect the behavior of a freshly-booted quiescent computer, especially before Chrome is launched. Does Java, perchance, begin running by itself upon boot? Even if so -- perhaps just to initialize and/or install stuff -- why would the setting in a browser which has never been launched (since boot) have any affect on it? Maybe it has to install some kind of link between the Java sandbox, or some global Java resources, and Chrome? Even if that could be remotely possible, why would it cause code, apparently identified to my CPU activity monitor as OS kernel code, to run enough cycles to generate massive bi-directional net traffic?

    Does anyone know enough about the internals of the initialization and workings of Java to form any reasonable hypothesis as to a mechanism which could account for this behavior?

    Thank you.
  2. b0fh666 macrumors 6502a


    Oct 12, 2012
    java, at least on windows not sure about osx has something called 'quick starter', wich is basically preloading the JRE to fool the user into thinking java apps start fast... heh
  3. JB Tipton thread starter macrumors newbie

    Feb 5, 2011
    One possibility; & HDs stopped spinning up all night, too

    Since originally isolating this problem a few days ago, a number of people have told me that Java contains its own automatic update facility. Even though I believe I chose to require manual permission prior to installing an update, my friends point out that a potential mechanism which could account for this behavior would be for the automatically-running portion of Java's update mechanism which 'interrogates its home-base to see if a new update is available' to have gone nuts, somehow, and be interrogating over-and-over again. Perhaps it could even be generating hundreds of instances of the interrogation program to do so in parallel, or something.

    I'm sorry I was unable to re-create the problem to verify exactly what was causing it, but, on the other hand, I'm really glad it's gone!

    As an aside, I have two Seagate GoFlex 2 TB firewire external hard disks connected to this MacBook Pro. They have had a problem since I installed them of constantly spinning up and spinning down over-and-over again while the computer is in sleep mode. (It makes it hard to sleep in the same room with the computer.) This problem also seems to have also gone away upon turning off Java!

    What on Earth is going on? Doesn't anyone ever test anything anymore???
  4. GGJstudios macrumors Westmere


    May 16, 2008
  5. JB Tipton thread starter macrumors newbie

    Feb 5, 2011
    Java generates unwanted massive internet traffic

    Thank you for warning me about potential Java-based viruses.

    But everyone seems to be overlooking the main issue here: Java is broken in some way which can generate so much spurious unwanted internet traffic that it can cripple your computer. This isn't about viruses or safe computing. It's about a horrendous bug in Java -- and probably its automatic updater -- which is associated with Chrome, and perhaps only on a Mac or OS X platform.

    I've performed my public service by identifying and reporting this bug. Isn't there still some civic responsibility associated with delivering products to the public? Like maintaining the products, warrantying them free from harmful defects, or at least attempting to fix bugs? -- Especially bugs which could be responsible for generating oodles of useless internet traffic which represents a wasted resource that someone has to pay for???

    Maybe I'm an old fuddy-duddy, but I find it difficult to differentiate between a hacker who destroys computing resources out of maliciousness, and a company who continues to destroy computing resources out of a belief that they are too important to be bothered to fix their products. I think they should both be punished.

    Furthermore, I hasten to point out that while it is often difficult to identify the anonymous hacker responsible for creating a destructive virus so he can be served with a class-action to recoup the value of the resources he has destroyed, an irresponsible company is not so lucky.

Share This Page