Thread: Has my machine been *owned*??
View Single Post
  #8  
Old February 27th, 2006, 11:31 AM
perfessor101's Avatar
perfessor101 perfessor101 is offline
Registered User
  
Join Date: Feb 2004
Posts: 748
Thanks: 0
Thanked 0 Times in 0 Posts
perfessor101 is on a distinguished road
The multiple "hidden users" associated with apps you have installed is completely normal OS X/Unix operation. Many applications install and use their own "user" in the system to handle functions regardless of which particular user is actually logged on.

Without knowing what those 13 applications are I would also say that it is not unusual for them to take advantage of the user being idle and grabbing some system resources to go do their thing. You have already mentioned TechTool Pro and its various protection features do just that. Anti-virus applications are another user of resources during slack user time. There is nothing unusual in any of that.

Open Firmware is written in Forth which is a world all unto itself. I have written some code in Forth and it was a lot of fun to work with even if it does give conventional programmers a headache trying to comprehend. Unless you are an expert Forth programmer, and maybe not even then, you really can't tell that much about the organization of the Open Firmware. Since you are running OS X 10.4, it is safe to assume the drive is formatted Mac OS Extended (a.k.a. HFS+) so when you talk about the volume structure, I presume you are referring to the structure outlined in Apple Developer Technote TN1150 and if so congratulations on having the patience to wade through that Technote. However, it should be pointed out that OS X 10.4 modifies that structure somewhat to accommodate Spotlight which is why versions of Disk Utility and fsck prior to those that shipped with Tiger will actually damage the volume structure beyond repair if Tiger has been used on the volume.

NOTE: For more information on Open Firmware the best place to start is Openfirmware.org/ and FIG (Forth Interest Group) is the best source of information on the Forth programming language. FIG actually owns the Forth language standard, but using standard and Forth in the same sentence is a contradiction in terms.

It is extremely unlikely that anyone could have left a trojan behind that would survive erasing the drive. It would either have to be in a separate partition/volume or embedded in the Mac firmware. Just because you are paranoid doesn't mean someone is not out to get you, but in this case I think you are just paranoid and no one is out to get you. If however, the seller on eBay was aware that you are doing Top Secret research for the National Security Agency or the Department of Defense and are receiving hundreds of thousands of dollars for capturing your data then all bets are off.
__________________
G4/1.25 MDD, 1.5 GB, OS X 10.4.5
G4/133 Quicksilver, 1.2 GB, OS X 10.4.5
iBook G4/1.25, 1 GB, OS X 10.4.5
Last edited by perfessor101; February 27th, 2006 at 11:39 AM.
Reply With Quote