Application Sudo listed in Activity Monitor - Is this a default app that should be running?

First Question:        Do other MBP users have an application Sudo listed in Activity Monitor from start up of their mac or with typical use?
Second Question:   If you have Sudo process listed in your Activity Monitor, do you also use an Huawei USB wireless modem?
Third Question:       For those experienced in relevant coding domains and given the more technical details below - your thoughts?
(Technical)
Using MBP Retina, mid 2012, OSX 10.8.4
I understand sudo is a unix root level access command. 
I have used Terminal and become familiar with some basic unix commands, including using the sudo command in very limited single action command circumstances.  I have not used Terminal for many weeks, and the sudo command probably twice several months ago. 
Sudo showing in Activity Monitor as an active process is to my understanding an entirely different situation to it being used in Terminal.  It appears the sudo process is being activated by some other application or process not of my direct use or actions.
I remain a little concerned about this in view of the purchase of this particular MBP. It has a story to it. I was told this MBP was available as new on discount as it had been purchased by a man for his wife, the wife then left him, and subsequently he returned it unused to the store.   I was aware that there was a slim risk the laptop had been used for some other activities, and returned so any come back comes back to the new owner.
I noted later with use that the MBP lower keys were sticky as if something has been spilt on them, so I do wonder if the laptop was previously used, then wiped, in which case the story presented to the retailer is likely not true and a more concerning scenario becomes possible.  
All the same, I felt a clean install should remove any risk.  The MBP arrived in standard ready to set up and go mode, so OS loaded but no activation.  So it seemed a clean install to me.   I did not wipe the HD and do a fresh OS install from scratch. A decision I now regret.
Some months after using this new MBP, my concerns were raised when I had one day of inexplicable internet usage on a wireless internet connection.  Not only did the level of data upload and data load, about 4 GB out of 20 GB for the month not make sense with actual usage, but also the MBP system logs did not tally with the internet providers accounting of usage on that day.  There have been two or three other anomalies in usage since.  The internet service provider reimbursed me on my evidence of OSX system logs.  Not sure if the service provider has people joy riding other users accounts or something suss this end was going on. Never resolved. The ISP was not exactly forthcoming, and I had to press hard to get some collaboration on resolve the anomaly of unexplained data usage.
On the less suspicious side, the existence of this sudo program tracked down as in part coming from the install software from a Huawei modem provided by my internet provider.  However, while widely used and therefore likely not a security risk, I still feel need for some better explanation and resolution of the persistent sudo process. 
I have  inquired to Apple Support about this sudo app running, and it apparently was not seen as an issue of concern by the front line support staff.  I took up some further concerns with them but checks indicate no issues of concern with the MBP from their assessment. I trusted that as fairly likely a definitive view, and so left the questions and anomalies as unexplained but harmless. 
It is now several months later and I still find the existence of sudo as a running application or process in Activity Monitor troubling, and decided to try and resolve once again how typical and for what reason it is active on my MBP. Which brings us to this post.
I have again spent a few hours searching on Google and Apple Support Forums.   All search results I find relate to the use of sudo as a unix command in Terminal to resolve a problem.  I can not find any indication of sudo as an app being open routinely in Activity Monitor with or without Terminal being opened or used.
The only way I can think of to resolve if this is unusal or not is to get on this forum and ask the first two questions at the top of this post.
More technical details follow.
For some more technically minded the details may be of interest, hence below here I have added  details for further comment.   I am hoping some MBP users on this forum may also be coders, and hence have some idea of the internal mac coding environment. Enough to shed some light on this situation. 
As mentioned, I think the sudo Activity Monitor may originate from the running of the Internet Providers USB Wireless Modem and software (Huawei E 169? modem).  The USB modem has the install software on it.  You install that software on your HD as an application. 
On this USB Wireless Modem front I have done some checking.  
Killing sudo in Activity Monitor does not stop an internet connection mid session. 
When the USB modem is removed, the sudo process remains running and listed in Activity Monitor. 
If I remove the Modem icon, unplug modem, close all apps, restart without the modem connected, the sudo process is still loaded and running in Activity Monitor.
Months ago on a previous check if I deleted (uninstalled) the modem software, removed associated start up files installed by the modem installation, took out the USB Modem and did a restart, there was no return of the sudo process in Activity Monitor.  When the modem software was reinstalled or the start up files restored directly, the sudo process returns to Activity Monitor.  One of the software bits installed in start up files calls sudo (or so it appears having a peak in BBedit at the files.)
This seems to fairly much establish the source of the sudo application. However it does not resolve why it needs to be open all the time, and if this is unique to this modem, my modem,  modems in general, or if permanent running sudo processes are fairly 'normal' in general.  Since sudo is a root level access process, I do feel a little concerned of the situation.   Let's say the sudo process is needed to initiate the modem under some justification.  Does the sudo process in remaining running permanently from there on, with or without the USB modem connected leave an open access way and vulnerability that can or is used later?   i do not know enough of the coding level architecture to form a view.   Still, seeing a permanent sudo process operating does niggle by sense of suspicion.    Hence, I continue to raise this issue and ask the questions I do.
In Activity Monitor:
sudo as a process when running is not very active.  
Real Mem 8 KB, Virtual Mem 9.4 MB, Sent Msgs 75, Rcved Mesgs 26, Ports 25, Intel (64 bit).
The sudo process:
Using Sample Process in Activity Monitor:   sudo appears to be a running of the actual sudo command from within the unix command files.
Path:            /usr/bin/sudo  (Master Library, not the one in the User files)
Load Address:    (removed)
Identifier:      sudo
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  launchd [1]
Call graph
2nd line is 2656  start  (in libdyld.dylib) + 1  [(removed)]
Binary Images:
Includes reference to lots of .dylib files. eg libcache.dylib, libquarantine.dylib, libremovefile.dylib, libcompiler_rt.dylib, libcorecrypto.dylib
The parent process is launchd[1]
Process:         launchd [1]
Path:            /sbin/launchd
Load Address:    (removed)
Identifier:      launchd
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  ??? [Unknown]
It seems all of the activity of launchd[1] is from the sudo process.
Again reference to .dylib files as captured in call graph and Binary images.
I hope the details are valued by someone with an interest to assist with resolving concerns.

Thanks,
I usually use the OS connection option. So as you suggest, connect without the ISP connection software.  Doing so does not by-pass the sudo command being active in Activity Monitor however. 
On reading my post I see my failure to link the concerns of the laptop purchase with the sudo and modem. My thought here is of an intersection of known vulnerability with this widely used modem/software (via permanent sudo process activated) and that vulnerability then being known and utilised by another party(s).
I am pursuing the issue in part with consideration to a broader possible issue of vulnerability.
Thanks again for your thoughts and suggestions. Valued.

Similar Messages

  • TS1702 I downloaded an app that should be in hd, but it's in standard def, why? And how can I fix this

    I got pocket gods awhile ago, when I had a 3rd gen iPod touch, but after I downloaded it onto this iPod it stayed in sd, just wondering what I can do to fix this.

    What makes you think it should be HD?. It is listed as an iPhone app. Just what are you expecting
    https://itunes.apple.com/us/app/id301387274?mt=8

  • I restored my ipod, when I went to put everything back on it, I got a message that said, "an error writing to the device, can not sinc.  Then it said the required disc can not be found.  Now what do I do, I have all of this music and apps that I can't get

    Before I restored my ipod, I backed it up then I updated and restored.  The problem is when I went to put everything back on it, I got a message saying that an error writing to the device, can not sync.  Then another message appeared saying that "the required disc can not be found.  Now what do I do?

    Try resetting the iPOd. Nothing will be lost.
    Reset iPod touch:  Press and hold the On/Off Sleep/Wake button and the Home
    button at the same time for at least ten seconds, until the Apple logo appears.
    - Also, delet the iPod Phot Cache folder for the second error. For its loation see:
    iTunes: Photo sync creates iPod Photo Cache folder

  • Activity Monitor shows no apps in list

    When I fired up Activity Monitor today, there are no apps listed in the Application window.
    Clearly I am missing something but I've been using AM since 10.0. I am showing All Processes but no matter which tab I click at the bottom of the window, I do not see any applications.
    Anyone have any ideas?

    Since there's no applications window, just processes, exactly what are you not seeing?? Additionally, there's nothing dealing with applications when selecting any of the five bottom tabs. What are you expecting??

  • Ram not showing up in activity monitor

    I recently upgraded to 8gb of ram (4x1gb) that came with the computer and (2x2gb) that I just recently bought. I know this isn't the ideal setup for speed but I just wanted more.
    While I had activity monitor open tonight I noticed that the RAM that was showing up in use under the System Memory tab didn't add up to 8gb but instead only 5gb. If I view "About this Mac" the correct 8GB shows up and also shows up correctly in System Profiler.
    Was just wondering if anyone else has noticed this kind of behavior as well?
    Thanks,
    Andrew

    Then there is a difference between Activity Monitor and that shown in About This Mac? I would first check that the RAM is installed correctly. See the following:
    About RAM installation in the Mac Pro
    Mac Pro memory arrangement photos
    Mac Pro Memory Configuration
    Memory Tests- "2008" Mac Pro
    Ram should be installed minimally in matched pairs and optimally in matched quads. This means the memory modules are the same size and specifications. They should also be equipped with the Apple-certified style of heat sink.
    I'm puzzled by your profile info. You say your MP is a 3.0 GHz model but you list it as a Mac Pro 1,1. The 3.0 GHz model only started with the 2,1 version. The 1,1 model was only 2.66 GHz.
    I would also open System Profiler and see what it reports. If it is reporting 8 GBs, then check in Activity Monitor if it's listed as (64-bit) Intel or just Intel. If the latter then you don't have the current version of Activity Monitor. This might result from doing an upgrade to Snow Leopard as opposed to erasing the drive and doing a fresh installation of SL, especially if the upgrade was done from Tiger rather than Leopard.

  • Newbie having problems with noisy fan and high CPU usage in Activity Monitor

    I am new to the world of Apple and have got my hands on a hand-me-down PowerBook G4 version 10.4.11. It works fairly well for everything but the Internet.
    One of the first symptoms i noticed was that watching stuff on youtube was slow and jumped a lot. I checked a few things out and looked the CPU usage in activity monitor and this was about 80% to 100% when on youtube or even moving from page to page. I'e tried loads of stuff including repairing disk permissions, emptying caches and relaunching finder when the preferences file is on the desktop (not really sure what that was supposed to do).
    The next thing I discovered was that if i disconnected the laptop from the mains and played youtube and some other applications the whole thing would go into sleep mode very quickly. I have got temperature monitor downloaded now although I already know it is getting very hot.
    PS when it heats up the fan turns on because I can hear a whirring sound...
    Would really appreciate some insight into this as it seems to be a good runner otherwise.
    PS2 I have loads of free space left in the disk usage tab in activity monitor.
    Big thank you in advance

    Welcome to the world of PowerBook!
    One of the first symptoms i noticed was that watching stuff on youtube was slow and jumped a lot. I checked a few things out and looked the CPU usage in activity monitor and this was about 80% to 100% when on youtube
    Virtually no G4s are dealing well with web video anymore. The video technology used by modern developers puts a huge strain on a G4 processor. As this a choice made by coders, there is not much you can do about it. Some people suggest adding RAM but the effect is marginal considering it's the processor that's taxed.
    Notebooks get hot. The fans in my 1Ghz 17-inch PowerBook from 2003 kick in between 130 and 140°F. The danger point is not until in the vicinity of 100F so don't sweat it to much. Make sure you do not cover the case bottom by setting the computer on a thick cloth placemat, pillow or other bedding item, or on your lap without a lapboard. The bootom of the case is part of the heat dissipation system and needs air under it to work
    A lot of PowerBooks have, by now, lost some or all of their "feet" that gve a little space under the case. Don't bother looking for official replacements--get the silicone door/drawer bumpers from the hardware store that stick on. I found some about 3/16" thick that let more air under my PB thatn the mostly missing originals.
    The next thing I discovered was that if i disconnected the laptop from the mains and played youtube and some other applications the whole thing would go into sleep mode very quickly
    Your battery is likely dead from old age. Batteries only last about 2-3 years. You are seeing a sign of the battery lacking sufficient remaining capacity to run the computer. Get this utility:
    http://www.coconut-flavour.com/coconutbattery/
    (you'll need the 2.6.6 version for Tiger) and post what is says about "Health" and "Cycles."

  • Activity Monitor % User and % System do not add up

    Looking at my iMac i7 Activity Monitor/ All Processes/ CPU I find that the % User and % System do not add up to showing the correct % Idle.
    For example, a recent screenshot shows % user = 0.81, the % System = 0.41 and % idle shows 61.25. The CPU usage graph show nothing going on and the Process Name list shows nothing unusual.
    This constantly changes - sometimes the figures add up to 100% but usually the % Idle can be anywhere from 40% to a correct 98 - 99% based on nothing of any consequence running.
    I look at the Activity Monitor on my MacBook and % Idle shows correct addition and a constant 98 - 99%.
    What is going on?
    Thank you.

    This afternoon, it will be an entire week without a crash on my Squeezebox system!
    Totally removing Intego VirusBarrier X6 from my main computer (iMac i7) finally lets me enjoy my music again.
    The main problem is that X6 does not provide feedback as to what it is doing so the user cannot adjust the settings. In other words, no specific message as to what X6 just prevented.
    As a crash can occur anywhere from 10 minutes to 8 hours of play time, hit or miss setting adjustments waste an amazing amount of time. This has been going on for a year with the frequency of crashes escalating.
    I had already entered all my music devices on the Trusted List and had set up rules for all the ports that Squeezebox uses. Still crashed.
    There is no reason why Logitech and/or Intego engineers cannot provide security setup instructions. Unfortunately, Logitech only shows security help for PCs.
    Well the nightmare is over. Amazing what free time I now have.
    The next three paragraphs are for Squeezebox owners and may be of some help if you are having problems:
    A crash (for me) is defined in many ways. The worst crash is when the Squeezebox device shuts off and only pulling the electric plug will revive it. Another crash shows itself when the next song only plays for about 1 second and goes to the next song endlessly until the device shuts off. The Logitech manual says move the device closer to the wireless point when this happens but if they are connected by ethernet cables, this advice is useless. Another crash is when three units are synced and one of them suddenly is no longer in sync and playing a different song.
    Crashes can occur when units are in sync or not in sync. Connected wirelessly or by ethernet. And when a crash occurs, the loud 'crunching' noise that occurs is not kind to the speakers.
    BTW, if some devices are in sync, make sure these devices are connected the same way - either all wirelessly or all by ethernet. If you don't, you will experience sound lags of about 1/2 second. A very annoying echo effect.

  • Activity Monitor will not open.

    After upgrading to OS X v10.7.2, Activity Monitor does not open.  Upon clicking, error message reads "You can't use this version of the application Activity Monitor with this version of Mac OS X.  You have Activity Monitor 10.5."   Where can I update the program or get the proper version of this program?  Software Update shows all software is up-to-date.

    Activity Monitor does not exist in the /Applications/Utilities/ directory as you suggested.  Perhaps this is the problem?  It currently resides in /Users/Ross/Utilites/   Get Info command reports version 10.5.   I have never moved the Activity Monitor program in the life of this computer.  (circa 2008)
    Edit:  Attempted to move AM to the aforementioned directory and the operation was not allowed. 
    Message was edited by: KJ4KTW

  • 2 process of IDVD not working (Activity Monitor)

    Sorry, found a post with the same problem and without a solution. Since I can't delete this, please take a look at:
    http://discussions.apple.com/thread.jspa?messageID=1727581??
    Message was edited by: Quiroga

    Your link seems broken, but other readers should know that iDVD and its helper applications often appear as "not responding" in Activity Monitor. This is not something to worry about, do not force-quit iDVD just becasue of this.
    "Not responding" just means iDVD is too busy to answer queries from Activity Monitor.....

  • Dual processor not showing up in Activity Monitor

    I have a dual processor G5 PowerPC at work and when I look at the CPU Activity Monitor it shows me the activity on both processors. My Mac Pro at home is also a dual processor but when I look at the activity monitor it only shows one processor thread. Is this normal or is there something wrong with my Mac Pro? Anyone else notice this as well?

    Hi KSStudio. A few questions to clarify.
    1. Is this a dual or single cpu machine?
    2. How many cores per machine?
    Check it out...
    Assuming you have a dual cpu (8 core) 2009 mac pro, when you use activity monitor choose > Window > CPU Usage. You should see a floating window with 16 panes. (8 panes if you have a single processor/4 core model) Under normal loads using 10.5 you should see some activity in all 16 panes. Under normal loads using 10.6 you should see activity in odd numbered panes. You will see activity in even numbered panes when the load is high. This is normal and due to Snow Leopard's improved utilization of processor technology.
    Hope this helps.
    --Jesse

  • Why does Activity Monitor show traffic to my external drive?

    Because one of my email accounts was hacked a couple of months ago (from my provider's end, I'm convinced), I have been monitoring network usage on my iMac using Activity Monitor. Yesterday, I noticed almost continuous use, altho "spiky".  The spikes were very regular and high and just kept going on and on.  I shut down all my apps (including mail, browser, etc.) except Photoshop.  Spikes still there.  Pulled out the Ethernet cord.  Spikes still there.  Shut down blue tooth, wi-fi - spikes still there.  Overnight, I shut down my computer.  This a.m. when I powered up, still spikes.  I noticed Time Machine was running.  Stopped it, and spikes stopped.  I have my back up on a separate external hard drive.  Why in the world would Activity Monitor show this as "network activity"?  Is there any way I can use settings that would show only "real" network activity, from outside my wi-fi, blue-tooth, and external drives? Spiky right now (can't get screen shot to upload), but more irregular. Have browser, email,and others open. Time Machine not running.
    Maybe there's some other app that would help me watch my network usage in the way I would like. Please recommend.   Thx!

    https://discussions.apple.com/thread/3045965

  • Why do I have 10.6 version of Activity Monitor in 10.7? It won't open

    I partitioned my Hard drive and am dual booting into Lion on my early 09' MacBook Pro.  Oh, and the other partiton is running Snow Leopard, all up to date etc..
    I tried opening Activity monitor and this is what I got:
    How exactly is this possible or what did I do wrong? Thanks for any input.
    Doug

    you might have what I have which is I have an ssd or second hard drive with my os and my other one has the home folder in it with all my user data. This is because one is smaller then the other but as you may know SSD is faster. I digress.
    It must mean you have it on there twice. not sure what would happen if you deleted it... when I spotlight search I make sure I'm clicking the right activity monitor because the other one I know is because I have SL on my other hard drive.

  • Activity Monitor Problem

    Hi all,
    Have had my macbook since christmas now and everything has been great, until about 3 days ago when activity monitor just stopped working, I open it, then it appears on the dock and disappears a second later! No window pops up, just the icon on the dock.
    Anyone got any ideas what the problem might be? I don't really want to go through the rigmarole of a re-install
    Ps, I haven't made any changes to the mac recently so I am stumped as to what might have caused it!?

    Does the icon stay in the dock? I noticed that if you close the Activity Monitor window and then close the program, the next time you open it, the program will launch but no window will appear. Try this:
    Open Activity Monitor.
    Select Window in the menu bar and click Activity Monitor. This should bring a new Activity window up for you.
    If the problem is that it launches and then immediately shuts down (disappears from the dock), I would run a maintenance program like Onyx and then restart.

  • Activity monitor never launch

    When try to launch the activity monitor, the icon showed up in dock, and then disappeared.

    Activity monitor is installed by default.
    It looks like your Mac OS X installation is damaged. You appear to be missing some or all of the contents of the directory
    /System/Library/PrivateFrameworks/GraphKit.framework/Versions/A/GraphKit
    cited in the log.
    This could be due to directory corruption or overall OS corruption:
    1. Run the procedure specified in my "Resolving Disk, Permission, and Cache Corruption" FAQ. Perform the steps therein in the order specified. Be sure to write down any error messages encountered in Step 2 of the procedure.
    2. If item 1 does not resolve the problem, perform an Archive and Install of Mac OS X. See my "General advice on performing an Archive and Install" FAQ. Perform the steps therein in the specified order.
    Good luck!
    Dr. Smoke
    Author: Troubleshooting Mac® OS X
    Note: The information provided in the link(s) above is freely available. However, because I own The X Lab™, a commercial Web site to which some of these links point, the Apple Discussions Terms of Use require I include the following disclosure statement with this post:
    I may receive some form of compensation, financial or otherwise, from my recommendation or link.

  • Recent upgrade, slow performance, shown in Activity Monitor

    I have been experiencing gradually slowing performance in the last couple of weeks, the only thing I have done a couple months ago is upgrade to Leopard, though the timing does not indicate it's this precisely.
    It is most noticeable in Safari and PS CS3 and Bridge, the programs I mostly use.
    In Activity Monitor, when this occurs there are a couple of offending processes, and they are always hanging when the slowing phases happen. They say, in red:
    UserEventAgent (not responding)
    and/or
    coreaudioid (not responding)
    Does anyone know what this might be? How I can correct whatever this is?
    thx

    That thread indicates the cause points to various plug-ins primarily from Pro Tools. I do have PT installed, and I have now uninstalled it. We'll see if things improve. Otherwise I don't know how to isolate the cause, for example another random plug-in, so the thread was of limited value. Good start though, thanks.
    Pro Tools LE 7.x is apparently not yet compatible with Leopard, joy.

Maybe you are looking for