Feeds:
Posts
Comments

Archive for August, 2018

by Tom Nelson

Your Mac is probably pretty trouble free, at least most of the time. But occasionally you may experience a system, process, or app crash that stops you in your tracks, and prevents you from continuing to work. These crashes are usually fleeting in nature, and resolved by simply relaunching the app or restarting your Mac.

And while an occasional crash can be frustrating, it’s generally not something to worry too much about. Stuff happens, and you can think of it as one of the many reasons you have a good backup system in place. (You do, don’t you?)

Now, when a crash starts occurring on a more regular basis, or you notice it always happens when x event occurs, it may be time to start delving into the crash and discover what may be causing the problem.

In this Rocket Yard Guide, we’re going to take a look at using the Console app to track down the cause of a system or app crash. With any luck, the Console app will be able to help you resolve the problem that’s causing the crash, or at least give you a good idea of what’s going on.

What is the Console App?
Back in the early years of computing, the console was a terminal that was attached to a computer to monitor the status of the system. If you go back even further, the console may have been a bank of meters, lights, and switches that indicated how well the computer was operating.

The Console app from macOS High Sierra. The sidebar shows devices reporting to the Console, as well as reports organized by category. Screen shot © Coyote Moon, Inc.

The Console app included with the Mac is a modern-day version of the old computer console; its primary job is to help you monitor how well your Mac is operating. It can do this because of its ability to display logs, status, and error files your Mac’s operating system and individual apps generate as they’re running.

Log Files
There are a number of different types of files that apps, processes, and the system generate as they work; you can think of them as a journal or diary of what’s going on at any point in time. While there are diagnostic files, crash files, log files, and a few other types, we’re going to refer to them collectively as log files. And for the most part, they can all be read by the Console app.

OS X Yosemite’s Console app displaying the crash log from when a system preference terminated unexpectedly. Turns out the preference pane is from an old version of an app, and is no longer supported. Screen shot © Coyote Moon, Inc.

The Console app can also look at process messages, and a few other real-time events, but we’re going to concentrate on looking at log files to discover what happened in the past, such as when the system or an app crashed.

Read more on Rocket Yard, The MacSales.com Blog

Advertisements

Read Full Post »

by Tom Nelson

If your Mac seems to suddenly be running hot, with the fans making more noise than usual, your battery runtime has taken a nosedive, or you’ve noticed that your Mac seems to be slowing down, you may be experiencing the effects of cryptojacking.

Of course, there are plenty of other reasons why your Mac could be misbehaving as outlined above; hot summer days can make your Mac run its fans at a higher rate, battery runtime can be affected by the type of processes you’re running, such as video or audio processing, and the Mac’s processors may simply be engaged in running multiple threads from multiple apps, keeping things a bit tied up.

But you could also be a victim of cryptojacking. In this Rocket Yard Guide, we’re going to take a look at cryptocurrency, how it’s mined, and how it may be affecting your Mac.

What Is Cryptojacking? The New, Friendlier Malware
Cryptojacking is a somewhat new way for nefarious individuals to make use of your Mac’s processing power for their own gain. With cryptojacking, the gain is in the acquisition of cryptocurrency coins by having your Mac solve complex mathematical problems. Each solved problem is worth some number of coins or fractions of coins in the cryptocurrency being mined.

Mining for money using your Mac’s hardware without your consent is commonly referred to as cryptojacking. Coin mining is probably best known as the way to acquire Bitcoins, a popular cryptocurrency that has been in use for a number of years. In the early days of coin mining, the tasks a computer had to perform to generate a coin were easy enough that a moderately outfitted personal computer could perform the tasks in a reasonable amount of time. As cryptocurrency become more popular, the difficulty of the problems that needed to be solved increased dramatically, to the point where multiple specially designed computer rigs were being used together to solve the problems and generate cryptocoins in a reasonable timeframe.

As the various cryptocurrencies gained support, the mining of the coins became more and more difficult, so that the days of someone using an average personal computer to solve problems and generate coins went by the wayside. Nowadays, the mining, a common term for solving the problems and generating the coins, is being performed by highly advanced, dedicated mining rigs, or through distributed computing systems that use a large number of individual computers, each working on a piece of the puzzle.

It’s this last mining rig type that has spawned the growth of cryptojacking, using computers that have had mining software installed without the consent of the owner to hijack the computer’s processing power to mine for coins.

Types of Cryptojacking
Cryptojackers use two common methods of manipulating a computer to run mining software. The first, and somewhat less common at the moment, is the old standard malware approach of using a Trojan app to install the mining app on an unsuspecting system. This usually takes the form of a mining app masquerading as another, more popular application. Once the app is downloaded and the installer run, the crypto miner is installed and starts mining for coins.

However, the most likely way for a Mac to run into cryptojacking is through a web browser. The software for mining cryptocurrency has been developed using JavaScript, which every web browser can run. Cryptojackers can insert the JavaScript code into a hacked website, or they can embed the JavaScript mining code within ads which are then placed on many websites.

All you need to do is visit one of these websites, and your Mac will start happily running the cryptocurrency mining code.

For the cryptojacker, using web-based infection has many advantages. It’s easy to do; while they can hack a website and insert the code, they can also just create an ad and place it with an ad service to have it distributed to many websites. Web-based cryptojacking also doesn’t require any type of enticement to get you to download and install a cryptojacking app; instead, the browser runs the mining code for as long as the webpage is open; no installation of code required.

Read more on Rocket Yard, The MacSales.com Blog

Read Full Post »

by Tom Nelson

Originally introduced with OS X El Capitan, System Integrity Protection, usually referred to as SIP, is a security feature built into the Mac operating system that’s designed to protect most system locations, system processes, and Kernel extensions from being written to, modified, or replaced.

SIP and related security protections in the Mac operating system have undergone changes with each release of the OS, but the basics of how the SIP system works have remained the same, including how SIP can be enabled, disabled, and have its current status checked on.

Rootless, More or Less
OS X El Capitan was the first version of the Mac operating system to incorporate SIP, as well as the idea that the Mac operating system was now rootless; that is, there was no longer a root account, the all-powerful primary account that had access to almost the entire system. But it turns out the concept of the Mac being rootless was more of a security marketing gimmick than actual fact. There was still a root account; the difference is that when enabled, SIP poses additional restrictions on the root account, walling off certain portions of the system from access by an account with root level privileges.

The additional isolation of system components from accounts with root privileges helps to prevent malware from being able to gain access to the system, where it could embed itself and take advantage of all of the system services running on a Mac.

System Integrity Protection (SIP)
While “rootless” was mostly marketing, SIP actually hardened the Mac by preventing modifications to the following locations:

  • /System
  • /usr
  • /bin
  • /sbin
  • All apps preinstalled by Apple

The exceptions to the rule are apps or processes that have been signed by Apple and have special entitlement to write to system files. This includes Apple installers and Apple software update services.

SIP is effective at stopping system locations from being written to by third-party apps and services. Only Apple-signed system processes can write to system locations.

System processes can’t be attached to. This prevents code injection or runtime attachment to system processes, techniques often used by malware to force privileged processes to run the malware code.

Kernel extensions must be signed with an Apple Developer ID that specifically allows for signed Kext (kernel extensions) certificates. This can prevent kernel extensions from being replaced or modified by malware, as well as prevent new unsigned kernel extensions from being installed.

Read more on Rocket Yard, The MacSales.com Blog

Read Full Post »