Likely, but we don't know and we never will. As I said in the other discussion, I got a false alarm from the online tool of Kaspersky (I know that I am not infected since I disabled Java years ago and the scan tools show me clean). So the whole affair of counting the number of infected Macs looks at least suspicious.
So did I. It said both my MacBook Air and iMac had the virus, but ClamXav, Terminal, and this other piece of software all said I was clear.
I am among the 99% of Mac users not affected? ?at all? ?period.
How long has it been since the last exploit that could be honestly considered OS X's fault?
I remember four or so years back QuickTime being patched to fix a potential problem, but nothing since then.
It's all third party crap or loopholes in WebKit. And they all get patched.
The last thing I can remember actually being OS X's fault was that one where the exploit masqueraded as Microsoft Office files, but I don't remember how long ago that was.
Not nearly good enough. Others, with far fewer resources beat them. Apple need a pro-active security team and a dedicated Mac OS security app. After all, there's an app for absobloodylutely everything else on the App Store. The larger the Mac market share the more visible Apple needs to be with efforts to protect its users and the consequences resulting from their customers using Apple computers. MS are well ahead with MSE and the package is amongst the best available for Windows.
Apple have clearly acquired far more money than sense.
Few more blunders like this and AAPL will be 50% down from where it is now. All this insularity is SJ's fault and has become a cancerous disease at Apple.
Before you go and get yourself all worked up and throw a fit, take a deep breath and just calm down. Things are not as bad as you seem to think they are. You should really be thankful that you are working with the best OS out there. It is just a trojan attacking a java vulnerability. This trojan is actually rated as a very low threat.
Yeah, there should be multi-layer protection here. Java should restrict apps, the OS should sandbox Java, and Safari should not be executing Java apps/applets without specific user approval.
Ha - their solution is to turn of Java by default.
Actually, no that is not the solution. Java remains enabled in the browser. What it does is when you load a web page with a Java applet, it asks you if you want to load it or not load it. Think more Click-To-Flash. There are settings in the Java preferences to override this if you use Java applets often, which you often do in enterprise environments that still tend to use Java. If a future vulnerability attempts to use a drive by attack methodology again, you will at least get a warning the applet is trying to run.
Likely, but we don't know and we never will. As I said in the other discussion, I got a false alarm from the online tool of Kaspersky (I know that I am not infected since I disabled Java years ago and the scan tools show me clean). So the whole affair of counting the number of infected Macs looks at least suspicious.
When you visit that page using an iPad it tells you
"We have checked the version of Java installed on your computer and discovered that you are running a vulnerable version. You should update as soon as possible."
LOL, so much fail. I thought Kaspersky was a reputable company.
It's a trojan. We get a new one every 2 years or so.
The vast majority of users aren't affected. Still no tsunami of malware that was always predicted by the frustrated and envious.
MS *needs* be ahead of everyone else because they foisted technological swiss cheese on hapless users for years, resulting in what, over 100,000 pieces of malware for Windows? That might even be a conservative figure.
MS needs to be ahead because they screwed everyone. They're responsible for lord only knows how much data loss over a period of what, 20 or more years? Apple's current approach is perfectly in line with the threat level to Macs, which despite market share increases is still the same as it was 4-5 years ago.
Please stop posting misinformation. Even if it is just your opinion, make sure it's informed, rather than sensationalized.
Where did I misinform?
A Trojan was successfully vectored onto a large number of Macs.
Apple were slow to patch the vulnerability.
Apple does not have a publicly visible or accessible security team.
It need only be so much window dressing...but, it needs to be there.
This will happen again and again.
The misinformation here is people stating the higher number of problems that Windows OS's experience. I couldn't give a flying fig about PC users.
My contention is that Apple need to be far more open and reactive when Trojans, Viri, malware are found on the Mac.
As far as I know, none of the UK press were able to elicit a single comment about this from Apple.
When you visit that page using an iPad it tells you
"We have checked the version of Java installed on your computer and discovered that you are running a vulnerable version. You should update as soon as possible."
LOL, so much fail. I thought Kaspersky was a reputable company.
Apple does not have a publicly visible or accessible security team.
They do, they have security options in their bug reporter, which get fed directly to their security people.
Although the update is late, they at least did a good job with it as it will now prevent future behind-the-scenes installations.
I'd like to see a further step that would prevent this kind of software being installed at all. Someone could bundle this sort of thing with a 3rd-party software download (think infected Macupdate download) and it could patch the browser.
Count me as one of the 600,000. I was infected. I'm normally pretty cautious too.
I thought that I was being cautious too, but I still got infected with this trojan.
This Flashback trojan has several variants, some of which were recently released. The "Terminal removal detection and removal instructions" and the list of programs that the trojan would refuse to install upon detecting is outdated in my opinion, as confirmed by so many people that thought "they were clean" of this trojan, yet Apple's latest Java update notified them that it had detected and removed the Flashback trojan code.
New variants of this trojan seem to be installing regardless of what other programs are on the user's Mac, and seem to be hiding themselves from being removed and/or detected by the Terminal Trojan Removal Instructions that previously has been released by F-Secure and others.
I had this trojan when it first came out, and it exploited the Java vulnerability to get into my Mac without me knowing about it. I started seeing strange things happening in the background (like a lot of data transfer being reported by my ISP) even after I followed the Terminal Removal instructions from F-Secure.
Someone suggested I install "Little Snitch" which monitors and reports on any program out of the ordinary trying to send data out onto The Internet from my Mac. I installed "Little Snitch" and it reported that several Flashback trojan programs masquerading as hidden files and/or configuration files for valid Mac apps were trying to send data out to strangely named botnet servers without my consent. I Googled the domains they were trying to access and the filenames the trojan was masquerading as, and found on Apple discussion forums that other others were seeing the same trojan behavior with these infected files and botnet domains/websites.
I manually removed these trojan infected hidden files and configuration files, and have had no more problems reported by Little Snitch. Also Apple's latest Java update did not report that it found any traces of this Flashback trojan on my Mac, when I installed it, unlike many other people who reported that the update said that it had removed infected Flashback files from their system.
So I believe that every Mac user running Lion should install Apple's latest Java update (for Lion), and all Mac users should install the Little Snitch app (which runs for 3 hours free in demo mode). It can be restarted after 3 hours as many times as necessary. This way you should detect if any remnants of this trojan are trying to run and contact their command and control botnet servers.
All Mac users should also verify that Java is disabled from running in Safari's Security Preferences panel, as an extra precaution.
Interesting...it was my understanding that, according to F-secure, Flashback wouldn't install itself if you had Little Snitch (or a host of other programs). Am I reading this wrong?
Regardless, I ran the update and have done the discovery steps of the manual removal progress, and found nothing.
Java is not installed by default on Lion. Only power users really need Java, and if you are a power user infected by flashback you likely let your guard down big time.
I remember seeing screenshots of the fake flash installer & thinking right away it looks nothing like Adobe's legitimate installer, should have been very easy to spot something was wrong.
What's really frustrating is that for years software developers have had the ability to tag their installers with an ssl cert yet many still use the ridiculous drag & drop install method that went away with Tiger. The reason we have so many issues with malware on both Windows & OS X is primarily because we cater too much to legacy developers. Update your code already, we're sick of dealing with the mess.
Comments
Likely, but we don't know and we never will. As I said in the other discussion, I got a false alarm from the online tool of Kaspersky (I know that I am not infected since I disabled Java years ago and the scan tools show me clean). So the whole affair of counting the number of infected Macs looks at least suspicious.
So did I. It said both my MacBook Air and iMac had the virus, but ClamXav, Terminal, and this other piece of software all said I was clear.
Madness.
I am among the 99% of Mac users not affected? ?at all? ?period.
How long has it been since the last exploit that could be honestly considered OS X's fault?
I remember four or so years back QuickTime being patched to fix a potential problem, but nothing since then.
It's all third party crap or loopholes in WebKit. And they all get patched.
The last thing I can remember actually being OS X's fault was that one where the exploit masqueraded as Microsoft Office files, but I don't remember how long ago that was.
Not nearly good enough. Others, with far fewer resources beat them. Apple need a pro-active security team and a dedicated Mac OS security app. After all, there's an app for absobloodylutely everything else on the App Store. The larger the Mac market share the more visible Apple needs to be with efforts to protect its users and the consequences resulting from their customers using Apple computers. MS are well ahead with MSE and the package is amongst the best available for Windows.
Apple have clearly acquired far more money than sense.
Few more blunders like this and AAPL will be 50% down from where it is now. All this insularity is SJ's fault and has become a cancerous disease at Apple.
Before you go and get yourself all worked up and throw a fit, take a deep breath and just calm down. Things are not as bad as you seem to think they are. You should really be thankful that you are working with the best OS out there. It is just a trojan attacking a java vulnerability. This trojan is actually rated as a very low threat.
Yeah, there should be multi-layer protection here. Java should restrict apps, the OS should sandbox Java, and Safari should not be executing Java apps/applets without specific user approval.
Gatekeeper will resolve a lot of these issues...
http://www.apple.com/macosx/mountain-lion/security.html
Ha - their solution is to turn of Java by default.
Actually, no that is not the solution. Java remains enabled in the browser. What it does is when you load a web page with a Java applet, it asks you if you want to load it or not load it. Think more Click-To-Flash. There are settings in the Java preferences to override this if you use Java applets often, which you often do in enterprise environments that still tend to use Java. If a future vulnerability attempts to use a drive by attack methodology again, you will at least get a warning the applet is trying to run.
Likely, but we don't know and we never will. As I said in the other discussion, I got a false alarm from the online tool of Kaspersky (I know that I am not infected since I disabled Java years ago and the scan tools show me clean). So the whole affair of counting the number of infected Macs looks at least suspicious.
When you visit that page using an iPad it tells you
"We have checked the version of Java installed on your computer and discovered that you are running a vulnerable version. You should update as soon as possible."
LOL, so much fail. I thought Kaspersky was a reputable company.
Edit: And it gets worse, http://www.computerworld.com/s/artic...k_removal_tool
Delusional fear-mongering.
It's a trojan. We get a new one every 2 years or so.
The vast majority of users aren't affected. Still no tsunami of malware that was always predicted by the frustrated and envious.
MS *needs* be ahead of everyone else because they foisted technological swiss cheese on hapless users for years, resulting in what, over 100,000 pieces of malware for Windows? That might even be a conservative figure.
MS needs to be ahead because they screwed everyone. They're responsible for lord only knows how much data loss over a period of what, 20 or more years? Apple's current approach is perfectly in line with the threat level to Macs, which despite market share increases is still the same as it was 4-5 years ago.
Please stop posting misinformation. Even if it is just your opinion, make sure it's informed, rather than sensationalized.
Where did I misinform?
A Trojan was successfully vectored onto a large number of Macs.
Apple were slow to patch the vulnerability.
Apple does not have a publicly visible or accessible security team.
It need only be so much window dressing...but, it needs to be there.
This will happen again and again.
The misinformation here is people stating the higher number of problems that Windows OS's experience. I couldn't give a flying fig about PC users.
My contention is that Apple need to be far more open and reactive when Trojans, Viri, malware are found on the Mac.
As far as I know, none of the UK press were able to elicit a single comment about this from Apple.
When you visit that page using an iPad it tells you
"We have checked the version of Java installed on your computer and discovered that you are running a vulnerable version. You should update as soon as possible."
LOL, so much fail. I thought Kaspersky was a reputable company.
Edit: And it gets worse, http://www.computerworld.com/s/artic...k_removal_tool
Interesting considering that iPad doesn't have Java.
Apple does not have a publicly visible or accessible security team.
They do, they have security options in their bug reporter, which get fed directly to their security people.
Although the update is late, they at least did a good job with it as it will now prevent future behind-the-scenes installations.
I'd like to see a further step that would prevent this kind of software being installed at all. Someone could bundle this sort of thing with a 3rd-party software download (think infected Macupdate download) and it could patch the browser.
Count me as one of the 600,000. I was infected. I'm normally pretty cautious too.
I thought that I was being cautious too, but I still got infected with this trojan.
This Flashback trojan has several variants, some of which were recently released. The "Terminal removal detection and removal instructions" and the list of programs that the trojan would refuse to install upon detecting is outdated in my opinion, as confirmed by so many people that thought "they were clean" of this trojan, yet Apple's latest Java update notified them that it had detected and removed the Flashback trojan code.
New variants of this trojan seem to be installing regardless of what other programs are on the user's Mac, and seem to be hiding themselves from being removed and/or detected by the Terminal Trojan Removal Instructions that previously has been released by F-Secure and others.
I had this trojan when it first came out, and it exploited the Java vulnerability to get into my Mac without me knowing about it. I started seeing strange things happening in the background (like a lot of data transfer being reported by my ISP) even after I followed the Terminal Removal instructions from F-Secure.
Someone suggested I install "Little Snitch" which monitors and reports on any program out of the ordinary trying to send data out onto The Internet from my Mac. I installed "Little Snitch" and it reported that several Flashback trojan programs masquerading as hidden files and/or configuration files for valid Mac apps were trying to send data out to strangely named botnet servers without my consent. I Googled the domains they were trying to access and the filenames the trojan was masquerading as, and found on Apple discussion forums that other others were seeing the same trojan behavior with these infected files and botnet domains/websites.
I manually removed these trojan infected hidden files and configuration files, and have had no more problems reported by Little Snitch. Also Apple's latest Java update did not report that it found any traces of this Flashback trojan on my Mac, when I installed it, unlike many other people who reported that the update said that it had removed infected Flashback files from their system.
So I believe that every Mac user running Lion should install Apple's latest Java update (for Lion), and all Mac users should install the Little Snitch app (which runs for 3 hours free in demo mode). It can be restarted after 3 hours as many times as necessary. This way you should detect if any remnants of this trojan are trying to run and contact their command and control botnet servers.
All Mac users should also verify that Java is disabled from running in Safari's Security Preferences panel, as an extra precaution.
Interesting...it was my understanding that, according to F-secure, Flashback wouldn't install itself if you had Little Snitch (or a host of other programs). Am I reading this wrong?
http://www.f-secure.com/v-descs/troj...shback_i.shtml
Regardless, I ran the update and have done the discovery steps of the manual removal progress, and found nothing.
Java is not installed by default on Lion. Only power users really need Java, and if you are a power user infected by flashback you likely let your guard down big time.
I remember seeing screenshots of the fake flash installer & thinking right away it looks nothing like Adobe's legitimate installer, should have been very easy to spot something was wrong.
What's really frustrating is that for years software developers have had the ability to tag their installers with an ssl cert yet many still use the ridiculous drag & drop install method that went away with Tiger. The reason we have so many issues with malware on both Windows & OS X is primarily because we cater too much to legacy developers. Update your code already, we're sick of dealing with the mess.