O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

24.3. Looking for Rogue Software

If you know that malware or other unauthorized software is installed on a Mac but it's not actively running, finding it can be challenging. By nature, malware usually hides in obscure locations, uses innocent-looking or misleading names, and may use other tricks to avoid detection.

As before, the easiest way to find such programs is to run a commercial anti-malware utility. Such programs contain extensive databases of the characteristics of known malware programs — as well as heuristics that enable them to identify much as-yet-unknown malware — and can find them wherever they may lurk on your disk by scanning every file.

NOTE

For more on anti-malware software, see Chapter 14.

If you can't use anti-malware software for some reason, if you don't trust its results, or if it fails to locate malicious software that you're sure is there, you can use a few tricks to track it down.

One popular hiding place for malware is the /var/tmp directory because it's world-writable.

The first thing to keep in mind is that a program can't do any good (or any damage) when it's simply sitting idle on your hard disk. Only when the software is actively running can it accomplish anything. Therefore, it stands to reason that the program's designer would include some mechanism to make sure it runs — either at startup, on a recurring schedule, or in response to a frequent ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required