I think this is the gold standard for preventing apps from phoning home: Little Snitch
I've never used it personally, but I've heard only good things.
Or just use a 3rd party firewall and block everything, approve on demand. I use https://www.glasswire.com/ on Windows, https://www.obdev.at/products/littlesnitch/index.html on OS X
Going out of your way to uninstall updates and disabling deeply embedded settings is likely not a good long term solution.
A lot of people are asking "Why?", and I too have been doing this for YEARS under VMware Workstation and ESXi.
I'll give you three good reasons:
You can't even come close with the available Apple hardware, even maxed out. * Snapshots/rollback. You can snapshot before, during and after you make changes, install software, configure services, and so on. You can't easily do that on Apple itself, and no... TimeMachine doesn't cut it. You get what they allow you to get, not the entire writable space, end to end.
Did you know that was running all the time? It is.
Yup, it looks legit.
Reasons you may be getting the screen:
If the first two don't apply, then a good way to investigate the third (if you're on a Mac, if not, there should be PC equivalents) is using a tool like Little Snitch to look for network traffic coming from programs on your computer: https://www.obdev.at/products/littlesnitch/index.html
For Windows: Glasswire
For OS X: Little Snitch
For Linux: OpenSnitch
Try Little Snitch for blocking individual applications and hosts. It works quite well and is well worth the money in my opinion.
The problem with disabling things in OSX is that it still sends plenty of data out. Just log for a day or two with tcpdump and everything set to as private as possible and you'll see.
Beyond that, not counting what you've already done:
Non-OSX:
Literally no. You have zero evidence that Apple is scanning local content on macOS. There are thousands of security researchers and privacy advocates that monitor for issues like this. Using something like little snitch I can monitor network traffic to see if Apple is phoning home whenever an image is created. It does not.
I would consider installing Little Snitch to monitor all network traffic ( https://www.obdev.at/products/littlesnitch/index.html )
Also .. enable Two Factor on her AppleID. (and/or any other important accounts she may have (https://twofactorauth.org) such as Google, Facebook, Twitter, etc,etc.
Get organized.. and buy a Password Keeper (such as 1Password).. and start storing/organizing all your Passwords in there).
If you like to nerd out, LittleSnitch is useful and pretty cool. It has a passive mode that will run with the default firewall and the GUI is pretty awesome. Two week free trial.
If you want a full-blown network monitoring tool, I cannot recommend Little Snitch enough.
If you just want your basic network speed sitting in your Menu Bar, the Mac App Store is full of apps, like this one.
You could get Little Snitch and start observing your network from one place. It may help.
Hey /u/ZachsSmirkingRevenge
I work in information security and have been a security engineer at an organization that uses mainly mac machines.
Sorry to hear about your troubles with your ex boyfriend.
Comparing running processes from one machine to another wouldn't be super productive. There are a few avenues that I would take in this case.
You can use little snitch (there is a free trial) to monitor outbound network connections (this is really important as anyone who wants to "spy" on you would want to connect to the internet to pull the data off your computer).
You can also use Knock Knock (free software) to see if there is any persistently installed malware on your computer.
and finally you could use task explorer to see what processes are doing on your computer (network connections, loaded libraries, etc).
Feel free to reach out via PM if you have questions about any of this software. Like I said, I have a bit of experience with OSX (it's my preferred O.S as well) and have done forensics on OSX machines in the past.
KeePassXC is just KeePassX with some additional pull requests to add some features that the KeePassX maintainers haven't had time to implement yet. Eventually KeePassXC will merge back with KeePassX, at least that's the plan as I understand it.
If you're uncomfortable, you can always use a firewall like Little Snitch 3:
https://www.obdev.at/products/littlesnitch/index.html
Or Hands Off:
https://www.oneperiodic.com/products/handsoff/
To block KeePass from being able to access the internet. I'd block internet access to any password managers, just to be safe :)
Check out Little Flocker. It's little snitch for your files.
For more security-related apps for Mac, check out objective-see
Burpsuite - the license price is a bargain for what that tool does. On my personal laptop I use Little Snitch to monitor outbound connections and I think is worth every cent.
You could try this. https://www.avast.com/en-us/free-mac-security
If you are somewhat tech savvy, you could run little snitch to see what apps are trying to use your network connection. https://www.obdev.at/products/littlesnitch/index.html
Keep in mind that most US providers, including Comcast I believe, will occasionally change your IP address. Sometimes, a new IP was used previously by a spammer, so it may not be your fault. I had this happen to me once several years ago.
What you need then is a new IP.
Sometimes, cycling your modem and router will accomplish this, but I've found the only reliable way is to change the MAC address of your router or use a new router. If you have an all-in-one modem/router, you should probably just call Comcast and request a new IP.
In any case, definitely run a virus scan.
I use a Mac Mini all day but I run everything work-related via Citrix so my Mac never actually touches my work network. Some apps I recommend in general are Little Snitch for firewall, Micro Snitch (companion app to Little Snitch) notifies you when your mic or camera are active and MacUpdater keeps your apps current.
I highly recommend Little Snitch from Objective Development for Mac Users. It’s a reverse firewall that lets you see all outbound queries by application and set rules. It makes tracking down anything like this quite easy. Little Snitch
I'd really love to add that Host List into Little Snitch, but it looks like I can't subscribe to it. Anyone have experience with that?
Some companies allow customers to inspect their code, most don't. It is also increasingly a moving target less practical with continuous deployment.
Watching who is getting into your network and what they are taking out is a good strategy. Mac users can use Lil Snitch to know exactly what is coming in and going out and and from where.
We've also leared a lot from the SolarWinds breach.
MacOS software - Little Snitch, it's worth the money. I think there was a CVE some time ago that mentioned a worm that would discover if little snitch was installed and uninstall itself to avoid detection.
All of that seems like the standard "please don't do X, Y or Z" stuff -- Not much in the way of actual control there. Googling for "apple firewall" shows that other than [https://www.obdev.at/products/littlesnitch/index.html](Little Snitch) for iOS on desktops, there's really not much in way of firewalls for Apple's mobile devices, other than this somewhat gimmicky solution, and that app is apparently the only one of its kind, i.e an actual firewall for iOS mobile, and it seems to be doing it in the same way that non-rooted apps try to do content filtering on Android; Do a kind of VPN thing, so that means no actual VPN on the side. Looking through OS options, you can only disable apps from using cellular data, so no functionality that rivals AfWall2+ or other solutions on Android. I'm guessing this is for the same reason that the non-rooted versions of the apps I mentioned above will not work; Without rooting, apps simply do not have access to the sensitive system components that they need to allow the user to do system-level blocking in the way of hosts files, firewalls, etc.
I haven't seen anything similar to this study done with MacOS, or any other OS for that matter, so I can't say with 100%. My gut says while it happens, I don't think it's happening at the rate of 687 connections per hour.
A pretty healthy majority of popular Linux distros don't do this. Stuff like Debian, ElementaryOS, and Solus are built with privacy in mind and don't send data back to the mothership. Even distros who have been caught up in privacy blunders, such as Ubuntu, are extremely minimal compared to Windows or MacOS.
If you have or use a Mac, Little Snitch is an absolute must (imo).^1 There's also an open source Linux port of it called Open Snitch.^2 It prompts you when an application tries to make a connection somewhere and it allows you to block it (once or perm) or allow it. This is not a fool proof 'here's every connection being made' but it'll give you a fair bit of information and control.
Sources
OK, so you think you got scammed and you decide to post a picture of what you think is the same thing the scammer had access on Reddit to potentially millions of people. /shrug
I have a feeling you're leaving some details out of the story, but don't think that's intentional. Prior to a wipe, you may want to look at installing LittleSnitch - it'll tell you if your computer is making outbound connections.
The Double NAT line is interesting. Usually a Double NAT is used when you're running a router behind a router. (Although, in these days, having a basic netgear router behind your ISP's router can create a double NAT). So, it could be nothing, or the perp could have installed an agent on your computer to directly access it via the LogMeIn app. LittleSnitch would tell you that, too.
I kind of think you just dealt with a guy who didn't want to waste his/her time on a mac, since they couldn't install their Windows based spyware on it.
3.7GB is for as long as the Activity Monitor has been monitoring the system, through app quits and launches.
Nothing looks too weird to me at all. Why are you concerned?
You could play with a reverse firewall like Little Snitch https://www.obdev.at/products/littlesnitch/index.html that will make you approve outgoing connections, but as you can see that's only 203MB.
Probably Steam was downloading some game update.
Firewalld will do the application side of things but doesn't have popups.
What it sound like it that your looking for a port or an open project build of little snitch. As far as I can tell there is not a port to Linux, but there is a project called open snitch. Please keep in mind that his is a very early build "Alpha" and it may not be prime time ready yet.
I can't recommend this tool enough: Little Snitch
Also, keep your software up to date and don't use pirated software. Either use free alternatives (from the official sources!) or pay.
As far as setting up rules for the software end, take a look at Little Snitch:
https://www.obdev.at/products/littlesnitch/index.html
As far as routing some traffic through a wireless connection that routes through a VPN, you might consider hanging a wireless AP off of a separate router, or tagging your AP to a separate vlan.
> people are saying it has to do with iCloud
Yeah, that's not true; any app can use the NSURLSession API. There's no real way to track down individual apps' requests that I know of, but you could set up something like Little Snitch or Hands Off! to notify you of (and give you control over) which domains it's connecting to.
Which is why you run "Little Snitch", https://www.obdev.at/products/littlesnitch/index.html. Every time an app or the OS sends a packet, it lets you know and defaults to block. You set rules over time to allow or block. Great little tool.
You don't need antivirus. Disregard the downvotes and ignore replies saying you do. Reddit has a few people that must work for av companies trying to convince people antivirus is needed on a Mac. Commonsense and not installing Java has a monthly subscription price of free. The standard firewall is pretty good but if you want more control have a look at HandsOff or Little Snitch
Reset all her passwords elsewhere, without logging them onto 1password.
Wipe hard drives and reinstall everything including router firmware. Because when finances are involved, you need scorched earth.
Also, get Little Snitch.
It sounds like you take all the proper precautions in keeping your system secure; what it really comes down to is to trust whatever program is prompting you for your administrative password, and this usually means avoiding anything downloaded from advertisements or illicit sources. Thorough research is a better preventative measure than any antivirus!
The same goes for firewall. If you trust the programs you have installed to not to transmit anything without your consent, then there's little need. On the other hand, if you'd like to be exhaustively watchful over inbound and outbound connections, Little Snitch is a very powerful solution.
Oh, and my pleasure! Don't worry about the gold, I enjoy this stuff.
I use Li'l Snitch.
It will alert you to incoming and outgoing connections. Including connections made via command line.
But then, I'm paranoid.
You can use Little Snitch for a more advanced control.
https://www.obdev.at/products/littlesnitch/index.html
Or trip more for easier and quicker access control based on your connection https://tripmode.ch/
Try restarting your Mac, to see if that fixes the problem and resets bb to the correct behavior. I would contact customer support if the problem persists.
I’m using bb on a Windows pc but on the Mac you could try https://radiosilenceapp.com or Little Snitch to cut internet access to bb whenever you wish.
Firewalla does gives you insight of how your network traffic flows from a device within your network out to the internet world out there. Firewalla is also an IPS IDS. https://firewalla.com/pages/cyber-security
Alternatively you can try this application on Macbook https://www.obdev.at/products/littlesnitch/index.html
Little Snitch (45€) <strong>Link</strong>
Little Snitch gør det usynlige, synligt! Kort fortalt en firewall til Mac der giver dig kontrollen over hvilke apps må hvad. Perfekt til at holde styr på hvad dine apps sender af data til omverden. Jeg sover bare bedre med Little Snitch ;) Selvom det siges ikke at være nødvendigt på en Mac ;)
Nova fra Panic ($99) <strong>Link</strong>
Nova fra Panic er en fantastisk native code-editor til macOS. Den er lynende hurtig, intelligent og virkelig flot 🥴️Den har erstattet VS Code her, og jeg tror aldrig jeg kommer til at kigge tilbage.
Sketch ($9/md) <strong>Link</strong>
Jeg er i gang med at pøve at migrere mit SVG og vector workflow til Affinity, fordi Sketch er blevet ret dyrt - men det går ærligtalt ikke særlig godt 😅️ Jeg bliver nok hængende og betaler $9 om måneden. Sketch er ikke billigt mere, men det er awesome, når man ligesom jeg har lært alle genvejstaster og små tricks, er det lynende hurtigt at arbejde i Sketch til alt fra små ikoner på mine hjemmesider til mockups af designs før jeg udviklerne dem.
I had this exact same issue and reported it to Apple; however, then I installed Little Snitch; just the demo/trial. Somehow, that fixed it. No need to actually even use the filtering feature; it works after I turn that off. I was going to use it as a sort of debugging or troubleshooting tool. I guess it poked some network setting or service in some way that I hadn't been able to before.
>Not sure how you analysed the API requests Radar was making.
I've used the Little Snitch firewall.
>I can confirm it will only make a request to api.codegulp.com
to check if Radar is still in beta.
There's quite a bit more happening. When I allowed the connections, my twitter counter did update. However, Radar never connected to twitter.com
— so I assume the data were fetched via api.codegulp.com
?
Little Snitch sounds like what you're looking for https://www.obdev.at/products/littlesnitch/index.html
There are built-in apps to track open files (lsof ) and IP connections (nettop )
Activity Monitor will also tell you about open files for any given process.
> I'm sorry. I don't care about DISA STIG guidelines.
You want to reverse engineer and break the poor little Citrix app but aren't concerned with securing the rest of your system per DoD guidelines? Seems odd to me.
Regarding the
> I don't ...
These can be managed/disabled on the Workspace App preferences, trying to disable them via permissions at the file level is definitely not going to be supported or something Citrix has published.
> Is this some alien concept for Citrix engineers?
Yes, if we're being honest, you're asking to reverse engineer a package that is already fairly small to begin with because you're convinced it represents a potential vulnerability. I haven't seen DoD or other public sector customers ask for the granularity of what you're asking.
Use the Security & Privacy pane and yank all of the permissions except Camera, Microphone, and Input (I think Screen Recording is the only one you'd remove).
If you're concerned further, use Little Snitch and restrict the Workspace App to only connect to your specific system. They also have Micro Snitch to monitor audio/mic access.
Even the most recent TNT Adobe apps are attempting to phone home: I would highly recommend blocking this kind of creeping, regardless of the application. Little Snitch is really good at this, even showing you which servers and where in the world your computer connects to, which is mind-blowing even for normal traffic.
I'm not yet familiar with 3rd-party antivirus or endpoint protection that works on Big Sur, but XProtect[1] is the built-in antivirus on macOS. It's good enough for detecting known malware. Also be sure to understand Gatekeeper[2] and how it helps you protect yourself.
Most malware won't get past XProtect or your careful attention to Gatekeeper. But, they won't help you if you're careless about what you install and give permissions, or if you unknowingly install unknown/polymorphic malware. This is fundamentally true for all antivirus/antimalware tools--even those with advanced anomaly detection. There's no substitute for your judgement using your computer. This is why I also recommend Little Snitch[3].
Little Snitch is an outbound firewall, and it can be used to prevent malware from connecting to command-and-control servers, or steal information on your computer over a network. It's just a tool like Gatekeeper, though. It doesn't "know" which connections are malicious and which are normal. The onus is still on you to only allow connections that you trust. It's just giving you the ability to see what's going on and decide what to do with your own judgement.
I’m on Mac and I use Little Snitch with the same adlists as Pi-hole added to the rules. It does effectively the same thing, just without the nice dashboard. It does give you process-level control over domains though, which is nice if you want only certain things to access otherwise blocked domains. It also works on raw IP addresses.
This got me thinking though, could I install unbound directly on my Mac to have a local recursive resolver too? If I did that, could I dynamically apply the search domains provided by DHCP to enable conditional forwarding to the router for local dns?
you can use other tools for that e.g. https://www.obdev.at/products/littlesnitch/index.html.
imho daedalus should be a wallet foremost and not an os or something doing all kinds of things other tools can do better.
On Mac, there is Little Snitch. You can configure it to deny/allow traffic from any application... just noticed you said .exe, so probably irrelevant.
Mac OS users may like Little Snitch. You can set it up to ask permission for every_single_connection in and out. People would be surprised how many permissions one innocent visit for a single webpage may cause. Its not only your browser that needs connection when going to websites, but one website may ask tens or hundreds of different permissions for in-/outgoing connections. Webpages are built from "blocks", like text-blocks, image-blocksa, video-blocks, advertisements etc, and all those may be located on different servers. Also hidden trackers etc that is running on background. First it will be pain in the ass to choose what you wanna allow or deny, and you can break your browser and websites. But give it a try.
There is (free)equivalent for PC, or as an chrome/firefox addon, but I cant remember right know. I will update if I find it later.
If you use common sense you don’t need anti virus. Also, it is harmful because it slow down your computer.
That said, for more security you can use Little Snitch which will ask for permission anytime any application want to access the internet
What I find fascinating is that Zoom doesn't work when I have Little Snitch's "Network filter" turned on... it's basically the ONLY app on my computer I can't use, unless I completely disable Little Snitch.
I just recently started using Zoom because of bi-weekly calls with my closest friends during the quarantine... it's the only software they want to use. As soon as the lockdown is over, I will promply delete it from my computer. And I would never ever install it on my phone, I don't trust them at all!
No. A little bit of learnt common sense, along with what the OS has built in, is the best protection. Eg. if you download something from outside the AppStore, vet it on places like Reddit. Search the app on Google, and make sure you're using the right site/URL to download from. If the system says it's preventing an app from opening, research the app further.
Backup your files regularly (in the case of Ransomware that makes it through somehow). Encrypt with FileVault -- even though it's exposed when in use.
Keep your passwords strong. Especially for anything online like your Apple account (Find my Mac). Shared services like remote desktop/screen/file access should be turned off by default, so leave it off if not in use. These are the types of services that are most likely to be exploited.
Minimize the number of browser extensions you use, especially those that can "read your data from all websites".
Mac OS is incredibly secure. To the point that us "advanced" users are even limited in what we can do intentionally, like changing system files or even just opening an unsigned application.
However, I do recommend Little Snitch. Every device needs a robust network monitor/connection blocker. I use this more for privacy reasons than security though.
Ultimately if someone finds an exploit for Mac, 3rd party software isn't going to do a better job than the system in detecting it. In fact, it will do worse, because the system limits what they have access to. Installing "free" software like this is only opening yourself up to privacy problems. I guarantee companies like Sophos and Microsoft (TIL they have anti-malware software for Mac) are collecting some sort of data from you. They're just doing it legally.
Take this as a reminder to install Little Snitch or Hands Off, which offer a substantial layer of protection against bad behavior such as this.
Try running little snitch and see if there are any network communications taking place. If someone is doing something malicious or creates a backdoor they'll likely need a network connection to communicate between the slave and master devices.
​
Essential Mac software: Little Snitch for network monitoring & Clean My Mac for managing application uninstalls, general crud cleaning and so much more.
GlassWire was inspired by LittleSnitch [1] which IMO works much better than TripMode [1] and PeakHour [2] together.
[1] https://www.obdev.at/products/littlesnitch/index.html
[2] https://www.tripmode.ch/
[3] https://peakhourapp.com/
I didn't have any luck using the lsof
, which stands for list open files
(that another Redditor posted) to identify processes that are using the AppleCamera application.
But I did have success using the top
command - top | grep "AppleCamera"
- to see which processes were using my camera: https://imgur.com/a/Jh4Dmyr
In that screenshot above I was running the MacOS PhotoBooth application so it makes sense that the AppleCamera app was running.
Open the Terminal.app application, type in top | grep "AppleCamera"
and if you paste the output of that command here I'd be happy to help you trouble-shoot what is going on with you computer.
You might also want to install a program called LittleSnitch, which is a firewall. There's a free trial - https://www.obdev.at/products/littlesnitch/index.html - for 30 days. This will help you lock down any outgoing traffic in case you're infected with some malware. After the program installs an icon for LittleSnitch will appear in your menu bar. Click on it and be sure to select Deny outgoing connections; here's a screenshot of the menu bar: https://imgur.com/a/8u0MlXG
Feel free to PM me if you need help setting up LittleSnitch or troubleshooting the unusual camera behavior. I'm a software engineer who has unfortunately had an ex try to sneak spyware / malware onto my laptop before so I have some experience in dealing with stuff like this.
Check out Little Snitch. Lets you see any connections going in/out of your computer and block them if you want. Super useful when you’re not sure if a program is trying to send or receive data it shouldn’t.
Take a look at Little Snitch. It allows you to inspect and block traffic in/out of your computer. Useful to retake control in situations like this.
>Update Automator, sync it with Siri Shortcuts, and add features similar to keyboard maestro
Yes, and evangelize/reward developers (also with AppleScript).
>(from last year’s wishlist) make iTunes not terrible
But don't make things worse (which is likely happen at some point). I'd be happy if they just improved efficiency/reliability, added persistency of view modes in playlists, and provided "dummy" modes. Also, expand MusicKit functionality (which I totally expect them to do) and have an Apple hosted web version of Apple Music.
> buy Little Snitch and integrate it into the OS.
This is a bad idea. They should implement an outbound firewall/reporting panel, that is somewhat similar to Little Snitch, but allow Little Snitch to remain independent and cater to the specific market that it does. It would cost less to develop than it would to acquire... even if sold for free, the paperwork and logistics would be more than the development effort. It's also worth noting that if LS were free with macOS, then developers would increase efforts to work around it... Apps wouldn't work if they couldn't phone home, ping addresses would rotate constantly, etc... Most developers look the other way because LS is a small percentage and not worth the effort of defeating.
I do not agree with the statement you quoted. There are apps that can certainly help protect you from malware and viruses that Macs may be vulnerable to. However, using good sense and avoiding shady websites and software is usually enough to keep your Mac free of viruses and such. If your Mac is acting up only when connected to your schools network, download a program like LuLu or Little Snitch to see what outbound connections your Mac is trying to make. It's possible that there is software that connects to a server at your school network and begins a scan or something. If you block that connection, it may resolve the problem that you're having.
If you're concerned, install Little Snitch (https://www.obdev.at/products/littlesnitch/index.html). You'll be able to see the network resources (e.g. websites) each process is attempting to connect to. Obviously, a keylogger isn't remarkably useful if it can't "phone home". If you see a process or application you are not familiar with that happens to be requesting access to a website or resource you don't recognise, that's usually a sign something is wrong.
But it goes both ways... be careful not to go overboard and assume something is dodgy just because you don't understand what Little Snitch is warning you about.
Of course, you can always take a backup of your data and erase your drive and reinstall macOS if you are still concerned.
Neat, now I feel obligated to share NetLimiter with you. For mac there's Little Snitch and Open Snitch for linux.
You can try with Little Snitch, or there was a FOSS alternative, but I don’t recall the name...
Edit: I also found Radio Silence which looks easier to use than Little Snitch! (Still not free, though)
The dark toolbar and dock is actually an native option built into macOS in the General settings menu. As for the network status indicator, that's a feature built into a program Little Snitch, a 3rd party firewall for macOS.
On Mac you have Little Snitch. It's a "reverse firewall" in that it asks you about everything that attempts to connect to the internet if you want to allow it.
Now I don't know about Windows, but a quick search says a program called "NetLimiter" might be able to do that:
Camera and mic specifically you could use Oversight.
Another way would be to use a firewall. I like using Little Snitch, Every time a process wants to connect to the network it asks you to authorize or block it. My rule of thumb is, if I don’t recognize or can determine what process is trying to establish the connection I block it. I don’t know if OS X built-in firewall works in a similar way since Little Snitch is not a free product.
No security solution protects you 100%. It’s always possible there are ways to bypass these but it’s a start.
I doubt the developer of iStat (Bjango) will release a Win10 version (they're Mac/iOS developer through and through) but it shouldn't stop a Windows developer from coming up with similar app and a version of Little Snitch.
Hello
I've been using Little Snitch for 8 years on Mac without a single problem. When I run OB2, Little Snitch has an absolute shit-fit. Little Snitch locks up, fans kick in etc. I have to disable Little Snitch to be able to run OB.
It enables you to see which apps/programs are accessing the internet and on what IP addresses. Then you can add rules and profiles, to block certain connections in certain circumstances.
e.g. all of my network traffic is blocked unless I'm connected to a VPN. I allow DNS, local traffic and Tor to bypass this rule.
More info here: https://www.obdev.at/products/littlesnitch/index.html
No, don't waste your time with that garbage. At most if you install/test a lot of apps for shits 'n giggles, AppZapper and Hands Off! (or LittleSnitch) are pretty much all I use at home.
I was too paranoid and uninformed to use Little Snitch, but SO swears by it. Shows you everything that's going on with your network and lets you control its traffic. If like me you don't know what you're looking at, it won't help much. It's for Macs only, I think.
I use Little Snitch to see my network traffic. It is such a handy tool to use. I can make rules on every process whether I want to block incoming or outgoing connections its all there. The user interface is fantastic too! https://www.obdev.at/products/littlesnitch/index.html
Possibly a little bit extreme for your needs, but Little Snitch may be of some use. It'll let you block access for processes to do network things. I use it in a more general "managing what gets online" capacity but it could help with this specific issue you have.
Do understand though that your particular use case seems to be rather specific, so isn't something that is going to be handled out of the box in a lot of cases, especially with Apple. There are always solutions to be had though.
Keep using MalwareBytes.
Download Sophos for Mac---I think it's free.
Turn on your Firewall in System Prefs>Security.
If you really want go deep into your paranoia, download little snitch: https://www.obdev.at/products/littlesnitch/index.html
This is an excellent case for Little Snitch (my favorite, for it's customizable profiles), or Radio Silence, which is similar in functionality, yet with much less features.
With Little Snitch, you can create a profile for when you're on Satellite Internet (or Mobile, in my case), and limit all bandwidth using apps' traffic. Then, if you're on regular 'ol WiFi, you can switch to another profile that allows greater access.
You can do this as an experiment on your own computer if you have a Mac with a little taskbar tool called Little Snitch. It shows all traffic coming into and out of your computer and all the destinations/sources.
You can try using an application like Tripmode to restrict the Internet access of specific applications. There's also Little Snitch which allows for much more fine grained control, but it's more expensive and much harder to set up too.
If you've wiped the computer did you restore anything from backup as part of the rebuild process? Something on your backups could have been infected.
If this is some sort of remote access hack being used have you considered trying out a VPN for a short while? There are some free ones out there, but some of the better ones are still only a few dollars for a month to try it out.
I'd also look at a program called Little Snitch. It's a light weight, software based firewall. It's annoying as hell during the first week or so of using it because it will ask you to allow/deny almost every single request coming or going in to your computer.
Not sure what the connection is? Make a note of the program name, IP Address or URL along with port info and do a temporary block. Go and Google the info and see what comes up.
I think it would be worth recording these morning calls and contacting the police. It may seem like a harmless prank but if this person is remotely enabling your web cam you have no idea what he's doing with the images and or video that is being recorded.
> It's not asking for permission.
I don't think you get it. My setup won't let any program access send any data over the network before I allow it. It's similar to Little Snitch for macs (that's where I got the idea).
> Are you always on the computer when it's on?
Yes. When I go away it locks and eventually goes to sleep mode.
> There are ways of hiding it/automating it.
Again, no network traffic can be sent without it being detected. And I would sure as hell block something unrecognisable as this.
> When you plug a USB device on your computer, do you validate what it is connecting as?
I checked the devices when I got them. Other than standard plugged in devices I use every day and occasionally connected microcontrollers, I haven't used anything via USB for very long time.
Little Snitch can block items based on Wifi network.
I think Tripmode would also work - just add the work wifi as a blocked network and you can select what programs get through.
> you can match outgoing based on uid
Interesting, does that mean one could build rules roughly like app-based firewall, like Little Snitch?
I've been using Windows 7/8 Firewall Control for years as it was the closest thing to Little Snitch that I found for Windows, but recently had problems with it not displaying pop-ups until 10-20 minutes after a connection attempt had been made, which was obviously very frustrating.
After searching around and testing a number of alternatives, I switched to GlassWire. It's not perfect, but the interface is a lot nicer and I appreciate the additional monitoring/logging features.
First I am a new sailor - but coming from a technology background. If you have a Mac - consider Little Snitch it will easily permit you to allow/deny each and every network request.
Well... off the top of my head,.. there are really 2 different ways to accomplish this:
1.) Locally (on your Laptop) by some kind of remote-access tool or malware/exploit. Assuming you're running a fairly standard install of OSX with normal security settings & Firewall.. this is pretty unlikely. Possible, if they had physical access or some way to install legitimate (but subversive) tools. You could use a tool like "Little Snitch" to view all incoming/outgoing network traffic and decide for yourself if it all looks legit or not: https://www.obdev.at/products/littlesnitch/index.html
or
2.) Remotely .... where all the Browsing/Browser-traffic that you're sending out over the network is being captured by someone who owns/controls the Router/Switch/etc that your traffic goes out through. In this scenario, there's no way in hell you'd ever know.. because the sniffing/snooping is done outside of your computer. But it would typically only happen on 1 network (because odds are pretty low that 1 malicious person owns/controls ALL networks you might connect to.
I'm a Mac user (don't hate) who will be building his first PC very soon! I rely on Little Snitch and iStat Menus for firewall and system monitoring. Are there similar apps for Windows that have similar layouts/design?
> Eradication of anti-muggle crime seemed impossible short of panopticon surveillance or making every wizard take an Unbreakable Vow, neither of which were currently practical.
The detection of underage magic has to already imply some similar mechanism exists for enforcement, no? Even just making every usage of memory-manipulation magic cause an automatic report to the DMLE would be enough to disincentivize bad behavior, I'd think, whether they're currently doing anything with those reports or not.
Then again, unlike children, adult wizards probably know a shield charm with effects equivalent to Little Snitch...
Okay, so unlikely a hardware issue.
Searching around I found a program you can use that monitors bandwidth to help you find what program might be using it all up.
Here's what this guy suggested: "You could try Little Snitch. That should tell you what's trying to connect. The download gives you a three-hour trial which should be enough to determine what's sending out data, and you can decide later whether you find "Snitch" to be useful enough to keep."
And here's the OP's response: Wow... THANK YOU. Little Snitch is exactly what I was looking for. Found the culprit within 5 minutes.
"For those curious, it was my Crashplan.com backup. I had a 1.4GB file it was trying to backup. Now I have to figure out why it was running when I had it disabled!"
And here's the link to the post: https://discussions.apple.com/thread/2330201?tstart=0
And the link to the program (3 hour trial but it should be enough to narrow it down): https://www.obdev.at/products/littlesnitch/index.html
No, but Little Snitch https://www.obdev.at/products/littlesnitch/index.html allows you to control which programs SEND data, not only receive it.
You'd have to open up an ip connection list and see where the davinci software is sending data to, if you wanted to do the iptables thing manually.