Pages

Saturday, August 10, 2013

THE SAFE MAC! Mac Malware Guide!

ကၽႊန္ေတာ္ MAC OSX အတြက္ ဘယ္ Malware antivirus က အေကာင္းဆံုးလဲရွာလိုက္တာ....
ဘယ္ antivirus မွမလိုဘူးတဲ့ဗ်ာ! Apple  software ေတြကိုဘဲ အျမဲတမ္း upgrate လုပ္ေနဖို႔ဘဲလိုပါ
တယ္တဲ့...ေကာင္းေရာ..
ဒါေတြေၾကာင့္ Window ႏွင့္မတူတာကိုး! ေနာက္ၿပီးသူကေျပာေသးတယ္ Java web applet plug-in
ႏွင့္ Adobe Flash plug-in ေတြ ကေန malware ၀င္လာတတ္တာကိုး! ဟုတ္လိုက္မယ္ ... Free Moive ေတြေပးထားတဲ့ဆုိဒ္ေတြ ေတာ္ေတာ္မ်ားမ်ားမွာ malware virus ေလးေတြ ပါလာတတ္လို႔ ခဏခဏရွင္းရတာကိုး... ဒါေၾကာင့္ကိုး! Window Version ေတြမွာ 90% ဟာ Virus ၀င္ႏုိင္တယ္ဆိုဘဲ..... 

Mac Malware Guide

Published June 17th, 2012 at 3:10 PM EDT, modified July 31st, 2012 at 9:35 AM EDT
The issue of Mac malware is one that is often understood poorly.  Many people will tell you there are no Mac viruses, which is a partial truth that masks the greater truth.  Unfortunately, there is malware out there that can infect your precious Mac!  This guide will help you learn how to avoid it and remain safe in an increasingly online world.
I strongly advise reading this guide in order, rather than jumping straight to the topic that interests you most.    It will be a bit of a long read, but each chapter is written on the assumption that you will already be familiar with the material from previous chapters, so that I don’t have to constantly repeat myself.  Of course, if you are already familiar with the topic of Mac malware and are just looking for clarification on a particular topic, feel free to skip ahead.

Table of Contents

If you are serious about security, I also highly recommend reading one of Apple’s Mac OS X Security Configuration Guides. If you have further questions, you are welcome to contact me, or to seek the advice of more experts on reputable forums, like the Apple Support Communities. (Though be cautious about blindly trusting advice from just anyone in a forum, as there are many people out there who will give inaccurate or partial information.)

 

How does Mac OS X protect me?

Published June 17th, 2012 at 8:31 PM EDT, modified January 27th, 2013 at 11:10 AM EDT
At this time, there is no known Mac malware that is capable of infecting a Mac running Snow Leopard (Mac OS X 10.6) or later, with a system that is kept properly updated, and with all third-party software kept properly updated, and on which certain security settings are left at their default settings. Apple has done a remarkably good job lately of keeping the system secured. There have been a number of important improvements to the system over the years.
File quarantine is a feature of Mac OS X introduced in Leopard. It is explained very well in Apple Support article HT3662, but here’s the gist of it: when you download a potentially dangerous file using a quarantine-aware application (such as Safari or Mail), that file will be “quarantined.” When you try to open it, the OS will warn you and ask if you really want to open it. Obviously, if you see this warning when trying to open something you didn’t think was an application – for example, if you thought the file was a song in MP3 format or a picture in JPEG format – you probably shouldn’t open it.
In Snow Leopard, quarantine was expanded to also check for trojans. Quarantine now uses a technology Apple has quietly named XProtect to scan downloads for known malware. The list of recognized trojans has been expanded several times from the original two (RSPlug and iServices) included in 10.6.0, and as of Security Update 2011-003, new malware definitions are downloaded daily. If you try to open a quarantined file that is actually a trojan, you will get a very different and scarier warning that tells you the application is malware.
Example XProtect warning. Image referenced from Apple.com.
Any of Apple’s applications that allow you to download support quarantine. However, results are more mixed with third-party applications. Some will support quarantine and some will not. Especially when using peer-to-peer file sharing programs, which are one of the biggest vectors for malware, I strongly advise testing support for quarantine. Download an application from a trusted source, and if you can open it without a quarantine warning, you know that the program that downloaded it does not support quarantine and could provide malware with a backdoor into your system by letting it sneak past quarantine.
There are many web sites that will tell you how to turn these “annoying” warnings off. I strongly recommend that you do no such thing, as this can also give malware a way to sneak onto your system. Although this system has its flaws – recent variants of known trojans have proven able to slip past quarantine for a day or so, until Apple issues an update for their malware definitions – it is nonetheless an important security feature.
The list of definitions can be found, by those interested in such things, at the following path on a Mac OS X 10.6 or 10.7 system:
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

If you choose Go -> Go To Folder in the Finder and paste that path into the window, that will take you there. Getting inside the CoreTypes.bundle “file” manually may be a stumper, otherwise, for those who don’t know the trick.
 
In Mountain Lion (OS X 10.8), Apple added Gatekeeper, which provides for a way to limit what applications are allowed to run based on code signing. In System Preferences -> Security & Privacy -> General, you will see a control to set what applications are allowed, via three radio buttons. You can allow only applications downloaded from the Mac App Store, the most restrictive option. In this case, applications you downloaded from any other source will not open unless you change this setting.
You can also choose to allow applications from the App Store and those from “identified developers.” This means that applications from outside the App Store will work if they have been code-signed by a developer who is registered with Apple. Code signing just means that the application has been cryptographically signed by the developer, using a key given to them by Apple. That also means that the code cannot be modified without invalidating the signature, which in turn means that you can be sure that whatever code the app contains was written by the developer. Since developers have to pay a fee to register with Apple and get their key, it’s very unlikely that such a developer would use that key to produce signed malware, and even if that did happen, Apple could quickly revoke the key, preventing the app from working further. This is probably the ideal setting for most people, since it provides a significant amount of protection without being too restrictive.
The third radio button allows you to give any application, regardless of source, the right to run. This is the same behavior as in previous systems, and you should still have XProtect defending you against known malware. However, malware has been known to get past XProtect, since XProtect – like any anti-malware software – can only protect against known threats. This is the least safe option, and I discourage its use.
Gatekeeper is integrated with the quarantine system, and thus is only capable of blocking applications that would trigger a quarantine warning (ie, those that are downloaded from the internet via quarantine-aware apps). Do not be surprised when your Gatekeeper preference does not appear to be respected for apps that were already on your machine at the time you installed Mountain Lion. For good or for ill, those apps are considered to be “trusted” apps, and will not be blocked by Gatekeeper.
It is important to understand that quarantine, XProtect and Gatekeeper will not protect you against Java applets that install malicious code via either Java vulnerabilities or trickery. Java provides a back door that lets that malware sneak in behind the system’s back. As such, I highly recommend disabling Java if you have it enabled, or not installing it in the first place in Lion and Mountain Lion.
"If you do have Java installed, however, Apple has taken some steps to ensure that you are not in danger if at all possible. If you still have Java 6 installed, which is what is installed automatically on your system whenever you try to open a Java app, Apple has completely removed the Java web applet plug-in. This means that users of Java 6 cannot run Java applets embedded in web sites, which is the real source of concern with regard to Java. Those users do not have anything to fear from future “drive-by downloads,” installed through Java vulnerabilities by an applet on a web site.
Those who have installed Java 7, downloaded from Oracle’s web site, will have the Java web applet plug-in. That’s a serious security risk, given how often Java vulnerabilities are discovered. Although Oracle has provided some security settings for the Java plug-in, Apple has also taken proactive measures. They will disable that plug-in if you don’t use it for about a month, to protect users who simply forget they installed it and aren’t using it. In addition, whenever a new Java exploit is discovered in the wild, Apple will immediately block all vulnerable  versions of Java. (This doesn’t always make people who rely on Java happy, but it does keep them safe.)
In addition to Java, Apple has been known to block older and insecure versions of the Adobe Flash plug-in, even though no known Mac malware has ever been installed through a Flash vulnerability."
<- a="" href="http://www.thesafemac.com/mmg-threats" nbsp="">What are the threats?
Do I need anti-virus software? ->

 

Do I need anti-virus software?

Published June 17th, 2012 at 8:38 PM EDT, modified January 28th, 2013 at 2:25 PM EDT
There is no simple yes or no answer to this question. The answer will depend on many factors, the biggest of which is your own opinion on security. However, I do have some recommendations. Before we get to those, we need to examine some basic facts about anti-virus (AV) software.
Perhaps the biggest fact that often gets swept under the rug is that no AV software catches 100% of all viruses. It is known that AV software in the Windows world recognizes at best 90% of all malware. Although some Mac anti-virus software does better than that (see my latest round of anti-virus testing), none is perfect, and some is actually pretty awful.
Another important thing to know is that no AV software is capable of intercepting a brand-new virus. When a new virus appears, that virus must become widespread enough to be noticed by the companies publishing AV software. Then they must find a copy of the virus, examine it and add it to the list of virus definitions used by their software. And, of course, none of that does you any good until you actually download the update, which doesn’t happen immediately. This means that, even if a particular AV program worked with 100% efficiency, it still would be completely useless for a period of time after the introduction of a new virus. In the case of the MacDefender outbreak, frequent name changes and minor tweaks to the “packaging” kept the MacDefender trojan variants one step ahead of all anti-virus software, for a day at a time here and there.
Trojans also make extensive use of what is called “social engineering”. Much like phishing scams and other online fraud, they are often carefully designed to use fear, greed, lust and other emotions to fool you into doing what they want. The MacDefender trojans are a perfect example: a malicious JavaScript injected into a legitimate site redirects you to a page that tries to fool you into thinking viruses have been detected on your machine, and from there fools you into downloading and installing “anti-virus software”. In reality, that software is a trojan that will do its best to make you think you’ve got real viruses (even faking some symptoms), all while pestering you to buy the software to remove them.

"If you “buy” the software, you have given the criminals your credit card number.
Because of all this, blind usage of AV software can often make one more susceptible to infection by the right malware."     If you become complacent, assuming that your AV software will protect you, it is unlikely that you will be as cautious as you should be, and something will eventually slip past your AV software. This is not just a theoretical concern, it has been documented to actually happen. I have personally seen reports from people with AV software who nonetheless got infected with something.
This doesn’t mean that AV software is worthless, but it does mean that you can’t just install it and then do whatever you like in perfect safety, as most people believe. As security experts say, the biggest flaw in a computer’s security is between the keyboard and the chair. It is extremely important to be careful and think carefully about what is downloaded. AV software should be thought of more like a safety net to catch anything that slips past your own defenses.
I personally don’t use AV software.  It simply is not necessary at this time for someone who is cautious about their online activities.  However, there are some cases where AV software may be needed right now. For example:
  • If you need to keep Java turned on in your web browser, AV software may be a good idea to avoid malware that takes advantage of Java vulnerabilities.
  • If you are using a Mac in an environment where AV software is required
  • If you frequently trade files with Windows users and don’t want to be accused of passing on a virus
  • If you want the peace of mind and don’t mind installing software that may be obtrusive
  • If you can’t be bothered to give any thought to what you download, though this is a very dangerous attitude on today’s internet
  • If you are not at all tech savvy and have trouble accurately determining what is trustworthy and what is not
  • If there is a major change in the malware affecting Mac users (in which case I will note it here)
If you decide to install anti-virus software, do some research before installing it and be sure to choose a program that is not reviled by other Mac users. Some of the commercial AV packages are renowned for their ability to bring a healthy Mac to its knees. Sophos Anti-Virus for Mac Home Edition is probably the best choice for most users. Those who just want something that will do manual scans of selected files would also do well with either Dr. Web Light or VirusBarrier Express, both available for free in the App Store.

OS X: About Gatekeeper

Learn about Gatekeeper in OS X.

Some apps downloaded and installed from the Internet could adversely affect your Mac. Gatekeeper helps protect your Mac from such apps. Read this article to learn about Gatekeeper and its options.
Gatekeeper is a new feature in Mountain Lion and OS X Lion v10.7.5 that builds on OS X's existing malware checks to help protect your Mac from malware and misbehaving apps downloaded from the Internet.
The safest and most reliable place to download and install apps is via the Mac App Store. Apple reviews each app before it's accepted by the store, and if there's ever a problem with an app, Apple can quickly remove it from the store.
For apps that are downloaded from places other than the Mac App Store, developers can get a unique Developer ID from Apple and use it to digitally sign their apps. The Developer ID allows Gatekeeper to block apps created by malware developers and verify that apps haven't been tampered with since they were signed. If an app was developed by an unknown developer—one with no Developer ID—or tampered with, Gatekeeper can block the app from being installed.
Note: If you have an app that has not been signed with a Developer ID  to support Gatekeeper, contact the developer of the app to determine if they offer an update which supports Gatekeeper.

Click here for more details

Gatekeeper options
Gatekeeper gives you more control over what you install. You can choose the safest option and only allow apps that come from the Mac App Store to open. There is also the option of only allowing apps that come from the Mac App Store and identified developers. Or you can choose to allow any apps to open, just like previous versions of OS X.
Gatekeeper options are found in Apple menu > System Preferences… > Security & Privacy > General tab under the header "Allow applications downloaded from:"
Note: The default setting for Gatekeeper in OS X Lion v10.7.5 is "Anywhere".
Gatekeeper options are:
  • Mac App Store – Only apps that came from the Mac App Store can open.
  • Mac App Store and identified developers (default in OS X Mountain Lion) – Only allow apps that came from the Mac App Store and developers using Gatekeeper can open.
  • Anywhere – Allow applications to run regardless of their source on the Internet (default in OS X Lion v10.7.5); Gatekeeper is effectively turned off. Note: Developer ID-signed apps that have been inappropriately altered will not open, even with this option selected.
How to open an app from a unidentified developer and exempt it from Gatekeeper
If you are confident the app downloaded from the Internet is the latest version and is from a source you trust, you can open an app from an unidentified developer by following these steps.
Important: Some Apple screened apps from developers that are in the process of acquiring Developer ID signatures will present the "Open" option when they are double-clicked.
Note: In most cases, you will only have to perform these steps once for all user accounts on the Mac:
  1. In Finder, Control-click or right click the icon of the app.
  2. Select Open from the top of contextual menu that appears.
  1. Click Open in the dialog box. If prompted, enter an administrator name and password.
Note: If there is an app that presents multiple Gatekeeper dialog boxes, you can temporarily use Gatekeeper's "Always" option. Make sure to restore the Gatekeeper option that was there before to bring back Gatekeeper function.
 
Gatekeeper messages
  • Gatekeeper options set to "Mac App Store"
    • "App name" can't be opened because it was not downloaded from the Mac App Store
      • Your security preferences allow installation of only apps from the Mac App Store.
      • Safari downloaded this file Date from URL.

 
  • Gatekeeper options set to "Mac App Store and identified developers"
    • "App name" can't be opened because it is from an unidentified developer
      • Your security preferences allow installation of only apps from the Mac App Store and Identified developers.
      • Safari downloaded this file Date from URL.

 
  • "Damaged" app. – The app has been altered by something other than the developer. This message will appear no matter the Gatekeeper option chosen.
    • "App name" is damaged and can't be opened. You should move it to the Trash. 
      • Safari downloaded this file on Date & Time from URL.

 
  • Control clicking app icon then selecting "Open" – Used to exempt Developer ID signature protection from a unidentified developer.
    • "App name" is from an unidentified developer. Are you sure you want to open it?
      • Opening "App name" will always allow it to run on this Mac.
      • Safari downloaded this file Date from URL.

Additional Information

System administrators
Manage Gatekeeper policy
Gatekeeper uses rule based policies that can be modified for education and enterprise environments.
Use Profile Manager to customize Gatekeeper policies.
See man spctl for Terminal command methods to customize and inspect Gatekeeper policies. This will give you direct access to the System Policy Assessor.
See man codesign to examine code signatures.
Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.

 

What are the threats?

Published June 17th, 2012 at 3:26 PM EDT, modified August 14th, 2012 at 5:19 PM EDT

Classes of Malware

It is very important to understand that there are, by my definition, two different kinds of malware. One is the virus: malware that is capable of infecting a machine without user interaction. Some people further divide such malware, referring to viruses (programs that must attach to other programs) and worms (programs that spread without needing to attach to other programs). I personally do not find this distinction particularly useful, and will refer to both of these as viruses. Viruses always rely on some vulnerability in the system, as all systems strive to prevent untrusted code from running by itself.
The second kind of malware is called the trojan horse (or just “trojan”, for short). This malware is named after the famous wooden horse, filled with soldiers, that the Greeks tricked the Trojans into bringing into their city. Like the Trojan horse of legend, this class of malware relies on tricking the user into downloading, installing and running it. A trojan is only dangerous if it can trick you.
Viruses are, in my eyes, by far the more dangerous kind of malware. They often rely on security holes in the system that can allow the virus to sneak in without your knowledge. A trojan, on the other hand, relies on the user intentionally running it, and thus will not easily make its way onto a careful user’s machine.

Mac Malware

I have built a database of all known Mac malware over several years, assisted in part through collaboration with others in the Mac anti-malware community.  It’s always possible that it is not complete, of course, and new malware does appear from time to time.  If you discover something that is not on my list, please let me know!
Almost all of the malware that affects Macs lies firmly in the trojan category. There are a variety of “social exploits” (ie, ways to trick a human) that malware uses to get itself installed, but in the end, a wary user will probably not fall for them.  The only malware to-date that cannot be placed squarely in the trojan category is malware that uses Java vulnerabilities to install itself.
For the most part, there’s very little to be concerned about. Most are rare, to varying degrees between very and extraordinarily, and half of them either never were or no longer are a threat. Almost all of the ones that are real threats can be handled by anti-malware features in versions of Mac OS X starting with 10.5 (Leopard).
You may see much lengthier lists of malware on the sites of some anti-virus software vendors. In my experience, much of what appears on these lists is ancient… worrying about those things is like losing sleep for fear of dinosaur attacks. There were many more Mac viruses in the days before Mac OS X (though nowhere near the current number of Windows viruses), but none of those viruses can in any way affect a modern Mac.

Third-party software issues

Some malware is empowered by third-party software. The oldest example is the Word macro “virus,” which is seeing a little bit of a comeback since Microsoft added the scripting language they relied on back to the Mac version of MS Office, but those are pretty wimpy as malware goes. Older versions of MS Office also had a vulnerability that allowed a maliciously-crafted document to install executable code on the user’s machine. Similarly, Adobe Flash, if not kept updated, is a source of potential vulnerabilities that could let malware into the system. Although it has never been cited in the infection of a Mac system with malware, that is a definite possibility.
Worst of all is Java. Java applets are used by some websites (not many at this point) for a variety of things. Unfortunately, Java has a history of vulnerabilities that can be, and have been, used to install malware. Further, Java applets can break out of their “sandbox” and get access to your system if you grant them permission, and they have been known to trick users into doing just that in order to install malware.
Am I infected?
Published June 17th, 2012 at 9:29 PM EDT, modified July 19th, 2013 at 9:15 AM EDT
I hear this question all the time these days, and find myself often typing the same things over and over again. This FAQ, which is part of my Macintosh Malware Guide, will help you determine whether or not you should be worried. Note that it is written on the assumption that you have read the Macintosh Malware Guide first.
If you think you have malware, you probably have some kind of reason for thinking that. Browse through the descriptions of symptoms, and when you find one that matches, your answer will follow. If you do not find a match, let me know!
If, after reading this, you have reason to believe that you do have malware on your computer, use a scanner recommended in Do I need anti-virus software?. If a good anti-virus scanner doesn’t turn up anything, you’re probably not infected with anything, and your problems lie elsewhere.

My computer is crashing/slow!

Perhaps the most frequent reason for people to ask this question, this is almost guaranteed not to be a symptom of having malware. There are many reasons for a computer to crash or become slow, and malware is almost never one of them on a Mac. Unfortunately, a full discussion of possible fixes would be well outside the scope of this document. Try visiting a forum like Apple’s user-to-user forums, where you can get help from other users, or consider contacting Apple directly for support.
<- a="" href="http://www.thesafemac.com/mmg">Table of Contents

Someone is sending messages from my e-mail address!

There are three possible explanations for this. First, it could just be that a spammer is sending e-mails out with your address faked on the From line. Spammers frequently do that sort of thing, usually faking the e-mail so that it looks like it’s coming from someone on their list. Unfortunately, if that’s what is happening, you’ll just have to ride out the storm and wait for them to stop. There’s not much to be done about it, since they could be sending from somewhere like Russia or China, and are usually very difficult to track down.
The second possibility is that the spammer has hacked your e-mail account and is both sending spam from that account. This is a fairly common occurrence these days with e-mail servers that have a high-volume of inexperienced users, such as Yahoo, AOL, Hotmail, GMail, etc. Generally, inexperienced users will have weak passwords or more easily fall for phishing attempts, and thus their accounts will be easily hacked. This is also more likely if messages are being sent to people you e-mail frequently. You may see the sent messages in your Sent mailbox, but you also may not, as the hacker responsible may remove them. The solution in this case is to change your password immediately.
Unfortunately, changing your password may not always be adequate.  Some mail servers provide features that allow a hacker to leave themselves a back door, so they can get back in even after you change the password.  One prominent example is GMail’s e-mail delegation that can allow a hacker to “read, send and delete messages on your behalf.”  Be sure to check the settings for your mail server and ensure that a stranger has not been given access.  You may need your mail service provider’s assistance with this.
In addition, hackers have been known to configure vacation messages or rules to send automatic spam responses to everyone who sends you e-mail. This problem will persist even after you have changed your password and closed any back doors that they might have left open. Be sure to check any of the settings on your e-mail server related to any kind of auto-replies or rules, such as vacation messages.
The third, and most unlikely, possibility is that you have some kind of malware on your computer. At this time, there is no malware whatsoever that behaves this way. However, if it makes you feel better, get a copy one of the anti-virus programs recommended in Do I need anti-virus software? and scan the hard drive. Be aware that any malware it finds that does not contain the text “OSX” or “MacOS” in the name is usually malware that cannot affect your system, and is simply sitting inert on your hard drive.
<- a="" href="http://www.thesafemac.com/mmg" nbsp="">Table of Contents

When I try to visit a web site, I get redirected to a different site!

See Eliminating browser redirects and advertisements.
<- a="" href="http://www.thesafemac.com/mmg" nbsp="">Table of Contents

Random words on web sites are underlined and cause pop-up ads when I put the mouse over them!

If this problem is only happening with a few specific sites, it’s just the way the site works. Some sites do this normally. It’s a bit obnoxious, and I tend to avoid those sites, but it’s not malware.
If it’s happening with all sites, this is still not likely to be malware, but it is likely that you have installed some kind of unsavory software commonly referred to as “adware.” It was probably installed as part of some other junky software, sometimes a game. The trick is finding it once it’s installed.
For more suggestions, and help with diagnosing and eliminating the cause of the problem, see Eliminating browser redirects and advertisements.
<- a="" href="http://www.thesafemac.com/mmg" nbsp="">Table of Contents

Facebook isn’t letting me log in and is telling me I have a virus!

On a Mac, this is not related to malware of any kind. What has probably happened is that someone has hacked your Facebook account and then used it for something like sending Facebook spam. This sort of thing results in Facebook disabling your account. To re-enable your account, you need to refer to Facebook’s help page for disabled accounts.
<- a="" href="http://www.thesafemac.com/mmg" nbsp="">Table of Contents

I keep having nasty web sites open by themselves, and something is telling me I have a virus!

Browser windows opening on their own are not a symptom of malware. This is just caused by obnoxious or outright malicious JavaScript on the page. This could be because the site itself is malicious, but is more likely to be caused by a bad advertisement on the page or a hack of some kind (either the site itself has been hacked or a site it pulls content from – such as an ad site – has been hacked).
Often, these pop-ups are malicious, and may do things like try to scare you into downloading something to fix the “viruses” that have been detected or into paying money to re-gain access to your computer. You should under no conditions do whatever the pop-up is telling you to do!
If you cannot close the browser window or quit the browser, you can force quit by pressing command-option-esc, selecting the browser and clicking Force Quit. Then close the force quit window. Some browsers may try to re-load the pages that were open the next time you open the browser, causing the problem to recur. If that happens, you need to prevent that from happening. In Safari, that is done by holding the shift key while opening Safari.
<- a="" href="http://www.thesafemac.com/mmg" nbsp="">Table of Contents

My mouse keeps moving around on its own, as if someone is remotely controlling my Mac!

Believe it or not, that kind of behavior is almost guaranteed not to be caused by malware. Modern malware tries its best to be sneaky, so it can do its dirty work of gathering information from you without notice. Few things are quite so noticeable as waving the cursor around right under the user’s nose!
So what’s the issue, then? If you’re using a trackpad, the answer may be as simple as dirt, jewelry or a faulty third-party power supply. See Portables and Magic Trackpad: Jumpy or erratic trackpad operation. If you’re using an optical mouse, it could be that the surface the mouse is sitting on is causing the problem. Try a different surface. You can also try a different input device if you’re using an external mouse or trackpad, as the device itself could be bad.
If you are using a wireless trackpad, you may be having signal interference issues, low battery issues or problems caused by a faulty device. If you’re not using a wireless trackpad, perhaps someone else has a wireless trackpad that your machine has somehow connected to. Try turning off Bluetooth in System Preferences. (Note that if you’re having the keyboard randomly type things, these same things apply to that situation.)
It could also be a hardware problem. MacBook Pro models with built-in batteries can have problems with the battery swelling when it starts to go bad. If that happens, it puts pressure on the underside of the trackpad, causing this problem. If you hold down the option key and click the battery icon in the menu bar, and the condition is anything other than “Normal,” you may have a failing battery, and that battery may be swelling. The solution in this case is to get the device checked out by Apple.
I have also seen reports that aftermarket or defective power supplies can cause a problem with the built-in trackpad. If the problem goes away when you unplug your machine, that’s likely to be the cause of the issue. Try connecting your charger using a grounded (three-prong) extension cable, rather than through the flip-down two-prong plug, or the equivalents used in other countries besides the US. You may also need to replace the charger.
If the problem goes away when the machine is cut off from the network, and returns when re-connected to the network, then the problem may actually be a remote control issue. The first possibility is that someone has hacked into some account you have with software that provides screen sharing service. A common example with Mac users would be Back to My Mac, which can be configured to allow you to share the screen of your Mac remotely via your iCloud account. If someone has hacked your iCloud account, they could be exploring to see what they can find. If you have Back to My Mac turned on, change your iCloud password immediately. If you are using something else that provides similar functionality, like LogMeIn, you should do the same with the account for that software.
It could also be someone you know, who has physical access to the computer and has installed and/or configured screen sharing software to give themselves access. This could mean that this is a simple prank, or it could be a more malicious attempt to do harm from someone like an untrustworthy co-worker or computer technician. Unfortunately, if it comes down to this as the final possibility, there’s little that you can do to put a stop to the problem other than erase the hard drive and reinstall the system and all your applications from scratch. You may be tempted to look for and remove screen sharing software or turn on a firewall, but keep in mind that you don’t know what has been done and what has been installed where. You cannot assume that you are safe after someone malicious has had physical access to your computer. And there is no anti-virus software in existence that will find and remove all possible sources of access, since a back door could be left using entirely legitimate software, or even built-in Mac OS X functionality.
<- a="" href="http://www.thesafemac.com/mmg" nbsp="">Table of Contents

Safari keeps crashing, complaining about an error with a plugin.

This was a classic symptom of the Flashback malware. (See a complete description in About the Flashback malware.) However, that malware has been extinct for some time now, and cannot infect recent systems. The only way a new occurrence of this problem could be Flashback at this point would be if you restored a backup of an old, infected system.
The other possibility is just a bad browser plug-in. Uninstall anything that you installed right before the problem began occurring. Be sure to use the uninstaller, rather than just dragging the application to the trash, so that the plug-in is removed.
- Posted using BlogPress from my iPhone5

No comments:

Post a Comment