Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > SecurityAgent process

SecurityAgent process
Thread Tools
Mac Enthusiast
Join Date: Mar 2004
Status: Offline
Reply With Quote
Dec 7, 2004, 04:44 AM
 
Had a strange problem today. Safari became the frontmost application of its own accord. A page started to load (I think I saw the words "Safari" and "pop" near each other in the window title) and immediately closed. I do have PithHelmet installed (an older version, from when it was still free) so it may have closed the window if it read it as an ad page.

I thought this was a bit strange, to say the least. Running top-u showed a process "SecurityAg" several times towards the top of the list, although none of them were taking significant CPU time... nothing else was, either. The topmost SecurityAg was at 1.5-2.1% CPU.

Looked deeper, it is called SecurityAgent (when not truncated as the top output is).

ps -aux | grep SecurityAgent | wc -l
produced the output 21. One of these was the grep, so there are 20 of these running on my machine. tried without the wc and verified that indeed, all but one are for SecurityAgent, the other was the grep. All are owned by root. EDIT: I do not run as root, and haven't logged in as root ever. I don't think I had sudo'd since the last restart, either.

I'm on 10.3.6. All but the latest security update installed (I'm going to go do that right now). Applications running at the time were Adium, Safari, Direct Connect (connect to one network, the campus network), QuickTime, Preview, and VLC. I'm suspicious of Direct Connect. It "feels" like a seedy program... low production values, et cetera, and I know filesharing apps have a history of having spyware... quitting Direct Connect didn't kill the processes, however.

1) Is this abnormal? I've never seen it, but I don't check top or ps very often... max once every two days or something.
2) can I safely sudo killall SecurityAgent?
3) Should I be worried?
4) I think it might be Direct Connect... should I keep running DC to try and reproduce the problem, or should I avoid it like the plague?


Thanks all...
( Last edited by Turnpike; Dec 7, 2004 at 04:59 AM. )
     
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Dec 7, 2004, 05:09 AM
 
SecurityAgent is part of the system. It's located at /System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/SecurityAgent. You can see Apple's explanation if you're wondering what it does. However, it's not normal to have 20 instances of it running, or any more than one instance in fact.

That said, I strongly doubt there's spyware involved. For one thing, it's running as root, and I'd hope you wouldn't give root access to any app you distrust so much. Besides that, the only program for OS X that has ever been known to install spyware is LimeWire, and it was far less devious than to impersonate an OS-level process. I'd recommend doing the fsck/repair permissions dance, since it sounds like something's funny with your system.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Forum Regular
Join Date: Sep 2000
Location: The dark side of the moon
Status: Offline
Reply With Quote
Dec 7, 2004, 12:40 PM
 
It's Direct Connect, if it's the "official" version, I know from past experience.

I'll add that it's responsible for opening up that window in your browser. I do not know if it has any link to the 20 extra SecurityAgent processes you have running.
     
Mac Enthusiast
Join Date: Mar 2004
Status: Offline
Reply With Quote
Dec 7, 2004, 03:35 PM
 
okay, thanks guys. I've yet to see anything strange since then. I restarted (that killed all the extra SecurityAgent processes) and applied the latest security update.

I also haven't run Direct Connect (yes, it is the official client) since then. I'll probably avoid it unless I need it for some reason until a different program comes along.

It doesn't look like Security Agent could do any harm... so I'm not too worried, just annoyed.


Thanks again.
     
Forum Regular
Join Date: Jan 2001
Location: Boston, MA
Status: Offline
Reply With Quote
Dec 7, 2004, 06:05 PM
 
Originally posted by Chuckit:
Besides that, the only program for OS X that has ever been known to install spyware is LimeWire, and it was far less devious than to impersonate an OS-level process. I'd recommend doing the fsck/repair permissions dance, since it sounds like something's funny with your system.
Errr...really? LimeWire on Mac OS X installs spyware? Do you have any details? I haven't found any evidence of this (i.e.: spyware as a separate process), but haven't looked exhaustively.
     
Mac Enthusiast
Join Date: Mar 2004
Status: Offline
Reply With Quote
Dec 7, 2004, 06:38 PM
 
It used to, a while ago... it installed something called LimeShop which I believe directed you to their Amazon affiliate link or something similar... it no longer does.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 08:21 PM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2