What is "rsync"?

[stefanmaine]

This morning there appears a popup (see attached) "resync is locking files! .... sign: validly signed by Apple ..."

The word "locking" is actually an image of a padlock + ing

Should I "allow" or "terminate"

I am running DetectX Swift.

Thank you.

 

[Raz0rEdge]

Rsync is an application included with macOS, but it's Chrome that is using it to keep a couple of files/folders in sync. If you use Chrome, then this is totally safe.

 

[stefanmaine]

"it's Chrome that is using it"

Yes, I had opened Chrome. I normally use Firefox, but wanted to see how a particular page displayed in Chrome.

As always re this forum, thank you being here!

 

[Randy B. Singer]

This morning there appears a popup (see attached) "resync is locking files! .... sign: validly signed by Apple ..."

The word "locking" is actually an image of a padlock + ing

Should I "allow" or "terminate"

That message is from RansomWhere? (which you obviously have installed.), a free utility that protects you from ransomware. It works by noticing when a process is trying to encrypt data on your Mac, and blocking it until you give your permission. It's a great utility that is highly effective, but it's really only for experts, as there are a bunch of legitimate things that encrypt data on your Mac, and it will frequently be throwing up false positives.

If you aren't prepared to search the Web whenever you get such a notice from RansomWhere? to see if what is being encrypted is a normal process (or you don't know how), then I recommend that you uninstall RansomWhere? The chances of encountering ransomware on your Macintosh are currently about nil, so having RansomWhere? installed will serve no purpose other than to constantly frighten you.

 

[stefanmaine]

"I recommend that you uninstall RansomWhere?"

Thank you for that suggestion and the alert "it's really only for experts." That excludes me!

As I understand the post by Raz0rEdge, Chrome — which I did have open at the time of the popup —was the cause. Is Chrome configured to perform a similar function as RansomWhere?

Coincidentally, Google has a full page advertisement in yesterday's WSJ (and other newspapers?) asserting (bragging?) "We keep more Americans safe online ... ." It includes "Google's Chrome Safe Browsing technology was built to block ..." Is the popup evidence of that technology?

 

[Randy B. Singer]

As I understand the post by Raz0rEdge, Chrome — which I did have open at the time of the popup —was the cause. Is Chrome configured to perform a similar function as RansomWhere?

Not to my knowledge. Chrome will use Google's Safe Browsing technology to keep you from visiting malicious Web sites that are known to be dishing out ransomware (that is, it blacklists them), but that isn't the same as actually blocking ransomware.

Coincidentally, Google has a full page advertisement in yesterday's WSJ (and other newspapers?) asserting (bragging?) "We keep more Americans safe online ... ." It includes "Google's Chrome Safe Browsing technology was built to block ..."

HAHAHAHAHA! That' an example of the equivalent of someone kicking you hard in the knee, and then grabbing you before you fall, and then have them brag that they've kept you safe from falling on your face!

It's absolutely true that Google has a very nice technology called Safe Browsing:

https://transparencyreport.google.com/safe-browsing/overview

Google's Safe Browsing is a database of known malicious Web sites. The database is constantly updated and it acts as a blacklist that keeps you from visiting malicious Web sites. Google gives this technology away for free, so virtually every other browser has the same technology. So, Google is correct is saying that they have "saved" a huge number of people from bad stuff.

However, GOOGLE'S ENTIRE BUSINESS MODEL is to give you awesome free services (including the Chrome browser), get you hooked on them, and then use them to track you and gather your private information. They then aggregate that information and sell it to advertisers. Google doesn't bother to try and hide this. It's how they make just about all of their money. GOOGLE IS NOT YOUR FRIEND. See:

https://spreadprivacy.com/what-does-google-know-about-me/

So...guess what? You are using Google's Chrome browser. Guess what it is doing? Yes, it's tracking you and collecting your private data. Google is spying on you.

I HIGHLY recommend that you ditch Chrome. The good news is that there are other browsers based on the same codebase as Chrome (i.e. they offer all the advantages of Chrome), only without all of Google's spyware in it. I personally recommend:

Brave browser (free)
https://brave.com

Brave is currently the most secure browser (at least when using the default settings) you can use. Check out this respected security site:

Restore Privacy
https://restoreprivacy.com/browser/secure/

You can check the security of any Web browser yourself (in case you don't believe me) with any number of tools. You might like this one:

Browser Audit
https://browseraudit.com

Is the popup evidence of that technology?

No. As I told you previously, that popup was from RansomWhere? It was a false positive.

 

[Rod]

I tried RansomWhere for a while just to see how it worked but got tired of looking up instances of "normal" encryption processes.
So, I agree with Randy 100%.
Trash RansomWhere.
Trash Chrome browser.
Use Brave Browser.

 

[stefanmaine]

Randy B Singer & Rod:
I have occasion regularly to check HTML for proper display on various browsers (Mac & Windows). Chrome is among those. Normally I browse with Firefox, but I have Brave installed. On your recommendations, I will switch to Brave as a default, and see how I like it.