Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How can I tell if someone has broken into my computer?

alexf

alexf

macrumors 6502a
Original poster
Apr 2, 2004
648
0
Planet Earth
I am sure this has been asked before, but I just need a simple way to look "behind the scenes" and see if someone has infiltrated my computer.

When I look at the Activity Monitor, there is a lot of activity going on from users "nobody" and "windowserve." What does this mean? Am I just being paranoid? (likely the case...) :confused:

Thanks for any advice.
 
alexf said:
I am sure this has been asked before, but I just need a simple way to look "behind the scenes" and see if someone has infiltrated my computer.
Click to expand...

Too bad there's no such thing. The only "simple" way to see if someone has inflitrated you is to use something like TripWire to protect yourself. And TripWire is FAR from "simple".

alexf said:
When I look at the Activity Monitor, there is a lot of activity going on from users "nobody" and "windowserve." What does this mean? Am I just being paranoid? (likely the case...)
Click to expand...

"nobody" is a real "user" on your box. It's an owner UID (unique id) assigned to certain binaries to help ensure that they don't get "out of hand" (that's a vast oversimplification, but it's a security thing). Examples are "mdimport", which is Spotlight. "windowserver" is also a real "user", and basically is the same thing as "nobody". The "WindowServer" process is owned by the "windowservr" UID. But there shouldn't be "a lot", AFAIK. Just 1 or 2 for each.

So.. it's likely that you're being paranoid.

Are you in a situation that would likely put your computer at risk? Not using a firewall? Not behind a router? Root enabled with a weak password? Weak passwords on admin accounts? Downloaded tons of unknown softwares from unknown sources? Posted your usernames and passwords on public sites? Etc, etc.

If not.. then I wouldn't worry.

However, the ONLY real way to make sure that you've not been hacked/cracked is to ERASE the drive and reinstall everything from a known, clean, safe install. That means, not restoring from a back up unless you know it's clean/safe. It means starting over from scratch. That's the ONLY way to be 100% safe.

For an idea of other "users" (UIDs with names) on your box, try opening NetInfo Manager and looking under "users".
 
What unusual activity is happening??? That would help point in what direction to look... and plug the hole if there is one :confused:
 
alexf said:
Thanks for the help - yes, I guess I probably am being paranoid. However, I have recently been reading a lot about how Macs seem to be becoming more prone to attacks (e.g. http://www.wired.com/news/technology/0,70780-0.html?tw=rss.index), and have noticed some "unusual" activity on my computer.

However, I am very careful with passwords, have a router, etc., so I probably shouldn't worry...
Click to expand...

Well you are not that important, don't worry :rolleyes:

Besides there are 20 other PC users to attack instead of the attacker wasting time on your Mac :D
 
alexprice said:
I don't think you need to worry, after all, your using a Mac.
Click to expand...
Although a lot of the coverage about Mac malware may be FUD, that kind of thinking is very harmful in general.

Hence, why I dislike one of the ads in Apple's new ad campaign about Macs being portrayed as not vulnerable to viruses. It's just wrong as it's cultivating the image that Macs are more secure than they really are, and it should be stopped, but unfortunately half the Mac community, as well as the marketing idiots and Steve Jobs at Apple seem to think otherwise.

No computer is that invulnerable to attacks. If you do believe Macs are, then, I'm sorry to say, I don't feel sorry for you if anything happens to the contrary. Macs may be less vulnerable out of the box compared to Windows et al, but that doesn't mean nobody's going to find a way to exploit security holes (of which there are actually many, whether or not Apple fixes them is a moot point, as it's painfully clear with Microsoft that not everyone updates their computer regularly...).

BTW, in that wired article they mention a guy named benjamin daines...isn't he one of the regulars here? Interesting...
 
janey said:
BTW, in that wired article they mention a guy named benjamin daines...isn't he one of the regulars here? Interesting...
Click to expand...

Yes.. and the malware originated here as "pictures of Leopard".
 
Is there someplace to download a firewall for a MAC? I have a router; do I need more? On my PC I had every safety net I could think of for security. I didn't know with a MAC that I needed to be a vigilant.
 
1) It's not an acronym, it's short for Macintosh, so it's just Mac, not MAC.

2) There's a built-in firewall called ipfw (or ipfw2 if you're on Tiger). To start it, simply go to the Sharing Preference Pane and click on the Firewall tab.

Running double firewalls may be overkill and paranoia.
 
yellow said:
Yes.. and the malware originated here as "pictures of Leopard".
Click to expand...
Ah yes, I remember that. Forgot about that so soon :eek:

Also, you don't need to be totally anal about security on your Mac. Just use some common sense and caution, same as you would on Windows with email attachments and such.
 
yellow said:
1) It's not an acronym, it's short for Macintosh, so it's just Mac, not MAC.

2) There's a built-in firewall called ipfw (or ipfw2 if you're on Tiger). To start it, simply go to the Sharing Preference Pane and click on the Firewall tab.

Running double firewalls may be overkill and paranoia.
Click to expand...

1)Thank you for the English lesson.

2)How do I get to the Sharing Preference Pane?

3)Is there a forum for folks who are truly new to Macs(See, lesson learned) and need basic, simple questions answered without others criticizing their lack of basic understanding of computer operations?
 
I'd recommend you sign up for a free trial to .Mac where you can view a bunch of Quicktime movies on using the OS and iLife apps. Hope that helps, noob. :D
 
3kids said:
1)Thank you for the English lesson.

2)How do I get to the Sharing Preference Pane?

3)Is there a forum for folks who are truly new to Macs(See, lesson learned) and need basic, simple questions answered without others criticizing their lack of basic understanding of computer operations?
Click to expand...

Welcome to macrumors. Enjoy your time here. :)

1. No comment.

2. Click on the icon in your dock that looks like a light-switch with the Apple logo on it. Or from Finder, one of the menu options is System Preferences. Select that. On the Internet and Network section from System Preferences, click on the Sharing Icon. The middle tab, Firewall, is the one you want. From the Sharing tab, you can also make sure that all file-sharing is off, or check selected ones that you might want to share.

3. Keep coming back here! There is a large number of really knowledgeable and friendly people who will be only too pleased to help answer your basic questions or point you in the right direction. Do try to use the Search (with the Advanced option) facility before posting, as your question may have been answered on a previous Thread. For instance, I have just looked and there are 138 separate threads from a search with "Firewall" as the keyword.

I am running Panther and there is a very good NSA article that details how to set up the security of your Mac (or MAC) and can be downloaded from here

Again, welcome and ask away! :)
 
alexf said:
Thanks for the help - yes, I guess I probably am being paranoid. However, I have recently been reading a lot about how Macs seem to be becoming more prone to attacks (e.g. http://www.wired.com/news/technology/0,70780-0.html?tw=rss.index), and have noticed some "unusual" activity on my computer.

However, I am very careful with passwords, have a router, etc., so I probably shouldn't worry...
Click to expand...

That article is atrocious. If you're trolling around looking for illegal software like the "unfortunate" fellow in the article, you're asking to have something bad happen to you.

Stay on the good sites, stay behind your router, and you should be pretty safe.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back