Intruder Alert! 4 ways to track down hidden Mac malware
Are programs running on your computer that you don’t know about? Could a mischievous installer have plunked an unknown application in your Login Items list and set it to hide each time it launches at startup? If you’re curious, there are a number of ways to find out.
1. Check Login and Startup Items: It’s easy to check your Login Items. Go to the Accounts system preferences panel and click the Login Items tab to see what’s listed. Here, you’ll find items that automatically run whenever you log in—or, if your Mac is set up to automatically log you in, whenever you start up the Mac (see “Check Behind the Scenes”). Don’t forget to look in /Library/StartupItems folder as well to see if anything’s configured to launch whenever the computer starts up, regardless of who logs in.
2. Activate Activity Monitor: Activity Monitor (/Applications/Utilities) lets you keep an eye on all of the processes running on your Mac, from the applications you’ve launched, to the OS services running behind the scenes, to the underlying Unix mechanisms that make it all work. But just because you don’t recognize something—
ntpd, for example—doesn’t mean it’s a dangerous piece of software (
ntpdsyncs your Mac clock with a central time server). Skim this list periodically, though, and you’ll start to recognize what should be there and have a chance of noticing when something out of the ordinary appears.
Check Behind the Scenes : The Accounts tab in System Preferences lets you select programs you’d like your Mac to run every time you log in, but it could also contain programs that put themselves there when you ran an innocuous installer.
3. Use Feature-rich Firewall Software: Firewall software can also make you aware of unknown software running on your Mac that’s trying to make network connections. While Apple’s built-in firewall only watches for incoming connections (unless you reconfigure it manually, or using a third-party tool such as BrickHouse), other firewall software can keep an eye on outgoing connections, as well.
4. Geek Out: If you’re in a really geeky mood, type the command
sudo fs_usagein Terminal (/Applications/Utilities) followed by your administrator password when prompted to see what programs are accessing your Mac’s file system. If you have lots of software running, this will generate more info than you’ll be able to read, but if you try it with no applications (other than Terminal) running, it could expose unexpected or unwelcome software trying to read or write to your hard drive. —Mark Anbinder
When your laptop goes missing: 5 steps to take to prepare for the worst
Losing a laptop can be a traumatic experience. You not only have to deal with the cost of buying a new one, but with the loss of all the personal files that were on it. And if you haven’t taken steps to make that data secure, you open yourself to a lot of problems. Here are some steps that can make losing your laptop (or having it stolen) a little less painful.
1. Keep Paperwork: Note your laptop’s serial number, and make sure you have a copy of the original receipt in a safe place. You’ll need both for insurance purposes, and the serial number will help identify the computer if it turns up. You can find the serial number on the laptop, usually under the battery, or in the Hardware Overview of System Profiler (select Apple: About this Mac, then click More Info).
2. Encrypt Your Files: If you keep sensitive files on your laptop, make sure to use FileVault, turn off auto-login, protect your Keychain. All of these measures can help prevent anyone from getting to your files or your personal information.
3. Leave Your Calling Card: Create a special account named “guest” with no password. In this account, set up a TextEdit document with your name, address, telephone number, e-mail address, and reward information. Go to the Accounts preference pane, click Login Items, and add this document. If someone finds your laptop and turns it on, the login window will show this account, and a good Samaritan might log into it. When they do, they’ll see all this information, and may give you a call.
4. Get Tracking Software: Consider using laptop tracking software, such as SealthSignal’s XTool Computer Tracker. This software communicates with a central server when the Mac is connected to the Internet. If you lose the laptop, contact the vendor, and there’s a good chance they’ll be able to find out where your computer is.
5. Act Fast: If your laptop is lost or stolen, act immediately: as soon as possible, change every password you can at every Web site that has your credit card: your bank, eBay, Amazon, the iTunes Music Store or any other on-line vendors you use. If someone gets hold of your user name and password, these accounts might be in serious jeopardy—especially if you haven’t set a different password for your Keychain and you use Safari’s AutoFill feature to automatically fill in your user names and passwords online. —Kirk McElhearn
What to do before you give away a Mac: 3 things you should do to protect your data
When you buy a new Mac, you may choose to sell your old one or give it to a family member, friend, school or charity. If so, there are a few things you need to do to clean house and remove all traces of your personal information.
1. Deauthorize It: If you use the iTunes Music Store or Audible.com, you’re limited in the number of computers that can be authorized to play back music or audiobooks. You therefore need to deauthorize your Mac. In iTunes, select Advanced: Deauthorize Computer, select which account to deauthorize, and follow the instructions.
2. Erase Everything Securely : delete all the files on your hard disk. Don’t just delete them, but zero the disk completely. Using Disk Utility, you can write zeroes to the entire disk making it impossible for all but the NSA to find remnants of your files. Boot from an installation CD or DVD, then select Tools: Disk Utility after the installer launches. Select your Mac’s hard disk, then click the Erase tab. Select Security Options, and choose the Zero Out Data option (or 7-Pass or 35-Pass erase if you’re really paranoid). Click Erase. (The multiple-pass erases will take a while, so make sure you’re not in a hurry.) If the disk was partitioned, you should select the disk first, click the Partition tab, then re-partition it to a single volume, unless you’re sure the new user wants to keep it as is.
3. Make It Factory Fresh: Reinstall the original system that came with the Mac. Use the original system disc(s) (CD or DVD), and note the user name and password for the first user account you create after installation. If you want, after you’ve deleted everything on the hard disk, as explained above, quit the installer. Then find all the discs (CDs or DVDs) that came with the Mac to give to the new owner. —Kirk McElhearn