'Flashback' trojan estimated to have infected 600K Macs worldwide

13567

Comments

  • john.bjohn.b Posts: 2,642member
    Obviously those numbers don't include Flash itself.



    The best way to secure a Mac is still to keep Java and Flash off of it in the first place.
  • hutchohutcho Posts: 132member
    But I thought Mac's couldn't get viruses?
  • andreidandreid Posts: 96member
    Prophylaxis not Always a Panacea.



    Similarly, because there are no known signatures for Mac viruses (because no viruses yet exist), there is no way to prevent infections that might be developed. The security software would have to be updated to provide any protection, but that update mechanism also serves as a potential vector for distributing elements of malicious attacks, either directly or by opening up potential new vulnerabilities.



    Were there some real, plausible risk of Mac viruses being developed (say, you operated a large lab of Macs that served as a valuable target for attackers), it might make some sense to install anti-virus tools so that you could mitigate damage once a threat was discovered. It also might make some sense for some institutions to install tools that limit what software its users can install.



    However, for home users, Mac anti-virus makes no sense whatsoever. All it can possibly do is slow down the system, add some irritating interruptions, and provide a false sense of security while actually undermining real security by adding new layers of potential vulnerabilities. Very targeted attacks, ones that might exploit a vulnerability to gain access to your system, are not preventable with anti-virus software that only scans for known patterns of malicious software.



    Really, how useful is it to install anti-virus software that can realistically only stop you from installing software you should know better than to attempt to install in the first place, whether it?s the pirated version of Photoshop or the pirated version of iWork or an unknown anti-virus package from the web? Yes, those are the four fearsome malware examples Goodin cited as his ?rising tide? of Mac malware, and which, coincidentally, Intego cites as the reasons to buy its Mac software.



    Of course, the security experts at Kaspersky, Symantec, Intego, and others don?t want you to know that. They want you to read scary articles like those that regularly appear on CNET, Wired, and the Register, which are based on press releases issued by those vendors, all suggesting that Macs are really damn close to being dangerous to use, and that their products are really critical for your continued safety.



    If you'd like to read more here's the whole article and the source for the above words: http://www.roughlydrafted.com/2009/0...-malware-myth/
  • adybadyb Posts: 158member
    Quote:
    Originally Posted by stelligent View Post


    I just haven't seen AV slow down Windows that much in recent years.



    When the Symantec Endpoint Protection on my works Windows laptop fires up, there is a real performance hit.



    I cannot say whether it is just our IT department's settings that make it so bad or if recent consumer AV software is better in this respect.
  • tallest skiltallest skil Posts: 40,857member
    Quote:
    Originally Posted by Hutcho View Post


    But I thought Mac's couldn't get viruses?



    But I thought people could read?
  • jragostajragosta Posts: 10,473member
    Quote:
    Originally Posted by Hutcho View Post


    But I thought Mac's couldn't get viruses?



    First, no one ever said that Macs couldn't get viruses (at least, no one rational). The statement has often been made that there are no viruses in the wild that affect Mac OS X. And that statement is true.



    Second, this is not a virus - it's a trojan. It is nearly impossible to completely protect a computer from a trojan unless you completely lock it down and make it impossible for the customer to install software that hasn't been approved by the OS vendor (a la the Apple iOS software store). It is unlikely that a PC would be accepted that wouldn't allow the user to install software.
  • welshdogwelshdog Posts: 1,365member
    Quote:
    Originally Posted by AdyB View Post


    When the Symantec Endpoint Protection on my works Windows laptop fires up, there is a real performance hit.



    I cannot say whether it is just our IT department's settings that make it so bad or if recent consumer AV software is better in this respect.



    Yeah Endpoint Protection is a huge drag on PCs here too. BTW how would one detect the trojan on a Mac? Does it work on Leopard, Snow Leopard and Lion machines? I need to go check all of our systems and want a quick way to detect.



    EDIT: Oh I see, just run those two Terminal commands. Sorry to bother.
  • mariomario Posts: 332member
    Quote:
    Originally Posted by Alfiejr View Post


    um, has anybody at AI (or anyplace) bothered to check if:



    - "Dr. Web" of Russia is for real?

    - they actually know what they are talking about?

    - they have some fact-based stats, and are not pulling numbers out of their butt?

    - anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?



    Exactly. This story has echoed verbatim (even BBC news is carrying it) without ANYONE, anywhere actually providing some evidence of their claims. I'm genuinely interested for anyone anywhere to provide some more data for this.
  • audio_insideaudio_inside Posts: 24member
    Quote:
    Originally Posted by hill60 View Post


    "On execution, the malware checks if the following path exists in the system:

    /Library/Little Snitch

    <snip>

    If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.".



    Wow, so this is all I have to do to protect my Mac?



    Code:


    sudo touch "/Library/Little Snitch"



  • quadra 610quadra 610 Posts: 6,615member
    Quote:
    Originally Posted by Hutcho View Post


    But I thought Mac's couldn't get viruses?



    They can't. Trojans, however . . . no way to protect against those.
  • mariomario Posts: 332member
    Quote:
    Originally Posted by wyseguy View Post


    Apple didn't "delay" offering it to Mac users. Apple takes JVM code from Oracle, ports it to OS X, tests it, then releases it. That takes about 30-60 days. This isn't new.



    Long term, I think Apple will get out of the business of porting Java to the Mac. Java isn't as critical to Apple's success as a platform as it was 15 years ago. Time to let Oracle do it, like it already does with other platforms.



    Actually, that's not true. Apple is solely responsible for its own implementation of the JVM. No code is taken from Sun/Oracle.



    It's the other way around. Apple has last year donated its code to Oracle, and starting with JDK 7 Oracle will be providing JVM for OS X.
  • emacs72emacs72 Posts: 356member
    Quote:
    Originally Posted by DeanSolecki View Post


    Not sure why you kids get so worked up about this stuff. I'm glad AI is circulating what might be an important issue for a handful of people.



    i don't know, but here's a wild guess: perhaps, the kids are getting worked up because they are overly defensive and any hint of bad news about Apple is treated like a personal strike / attack against themselves. as perverse as it sounds, it seems their personal identity is tied to a piece of electronic equipment.
  • Quote:
    Originally Posted by techno View Post


    And we all know to trust everything we find through Google. Especially trust Wikipedia as that never lies.



    You guys are a laugh riot.



    I suppose you think that the only alternative to trusting everything we find via Google is to trust nothing we find via Google?



    Hey - those are the only possible choices, eh?



    I love AI!
  • elrothelroth Posts: 1,201member
    Quote:
    Originally Posted by digitalclips View Post


    As a Mac Pro user I am surprised you are not a bit more savvy. I would suggest investing in Little Snitch rather than relying on Christian Prayers & Music.



    I use the rhythm method...
  • quadra 610quadra 610 Posts: 6,615member
    THIS is why iOS lockdown is the way to go (among other reasons.)
  • focherfocher Posts: 579member
    Quote:
    Originally Posted by audio_inside View Post


    Wow, so this is all I have to do to protect my Mac?



    Code:


    sudo touch "/Library/Little Snitch"





    Pretty much.



    You can also do a "sudo touch" on the rest of the list...unless you have one installed. I personally always install Xcode.



    /Developer/Applications/Xcode.app/Contents/MacOS/Xcode

    /Applications/VirusBarrier X6.app

    /Applications/iAntiVirus/iAntiVirus.app

    /Applications/avast!.app

    /Applications/ClamXav.app

    /Applications/HTTPScoop.app

    /Applications/Packet Peeper.app
  • charlitunacharlituna Posts: 7,083member
    Quote:
    Originally Posted by mcmach View Post


    My thoughts exactly. It is always amazing how these "security companies" come up with such exact numbers, that too country wise! And always from pedlars of "security software". Talk about vested interest or scareware as you wish to call it.



    That it came from an software company that specializes in this type of software to me is suspect. It seems like when Sophos or whomever finds a virus, their software will stop it of course. And no one else ever backs up the claim. Really makes you wonder how true the information is.



    Plus there's calling it a Mac whatever when in most cases its not really. You can't get it from just running Mac OS. You have to be using Java, Flash, Microsoft Office, etc. And you have to be using an old version of that whatever generally. I believe this one was an exploit of Java versions that originated with Snow Leopard, if not Leopard. If you have updated to the Lion compatible versions you are fine as I recall. Although many Lion users never bothered to download a runtime anyway cause they haven't needed it. Especially the newbie users that got their first Mac since Lion came out.



    Oh and I love the touch of saying there's a noticeable number of computers infected in Cupertino. To the general public Cupertino=Apple. If Apple can get infected then this must be really really bad. And all the newbie types that would make that leap don't know how to use terminal or open an app's package contents so of course they would run to buy a program to clean and protect their computer.
  • charlitunacharlituna Posts: 7,083member
    Quote:
    Originally Posted by Quadra 610 View Post


    THIS is why iOS lockdown is the way to go (among other reasons.)



    I agree to a degree. Some of the 3rd party apps have bugs in them that are as bad in terms of the result to the customer as a virus. And they do things like uploading your address book without permission etc.



    I think that if Apple is going to vet apps they need to do it more fully. they need to really go over the code and vet what it is doing. They need to actually publish for developer use some of the code bits for 'proper' whatever to ensure that folks are using the best method. And they need to do things like not allowing apps to stay on sale if they were written for iOS 2 and 3 and never updated to the more efficient methods of battery control, memory clearance etc.



    And that's not even getting into my other gripes like the 15 game networks out there (especially the ones that want access to your whole Facebook), IAP abuses and lack of uses, lack of a common file container even if we can't directly access it etc.
  • charlitunacharlituna Posts: 7,083member
    Quote:
    Originally Posted by nagromme View Post


    I?ve never run AV software, but I also never enable Java unless a web site needs it for something important.*



    Same here. I decided to clean install Lion (after I ran an initial install to get the recovery partition) and just brought over my user data. Clean installed my applications as well. I knew that there was no Flash or Java so I decided to just wait until I needed them before I bothered looking for them.



    This was in October of last year. To date, I still haven't gotten either. Haven't needed them
  • charlitunacharlituna Posts: 7,083member
    Quote:
    Originally Posted by Gatorguy View Post


    The Java patch that closed the hole was made available in February



    And was it impossible for one to go to the source and get the patch. Was it Windows only, or such. did you have to wait for Apple to do their 'software update' version or could you have gotten it yourself.



    Is this gripe really because Apple didn't bother to fix a known issue (that wasn't actually theirs to fix) and forced you to wait or because you were too lazy to do the work yourself and choose to wait until Apple did it and served it to you on a silver platter
Sign In or Register to comment.