'Flashback' trojan estimated to have infected 600K Macs worldwide - Page 2

Naive is just as easily spelled as you are naive by making so naive statements, because:

1. Using or not using the AV has nothing to do with odds. By saying "odds" you imply that Macs are safer against malware just because of random events and let's say chance, which either way is wrong. If you imply security by obscurity then you are also wrong because market share and obscurity have nothing to do with security against malware. If you want to d-bate on this i'd be happy to do it and provide real numbers on this and real facts.

2. You are naive to think that AV software represents some magical barrier that keeps the nasty bugs outside of your computer. Remember pls that AV software is just a pice of software (with a specific task) and as ALL software around the world, is not perfect and not without vulnerabilities. Many times in the past in the Windows world malware successfully exploited vulnerabilities in the AV software itself, not in the OS. So think about it!

3.Regarding your "tantamount" i have one also to give you: As i said, installing anti-virus software on a Mac puts you at greater risk because the anti-virus software itself provides new opportunities for potential infection. If thats hard to comprehend, imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldnt do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.

4. LAST: Working on a much safer and better built OS from the ground up compared to any Microsoft has to offer, is indeed a reward and a pleasure. As one poster noted before me, you tend to forget all the problems Windows had to offer us and still offers, and now being relieved of all that makes some of us a bit smug. In the end why not?! It's like seeing the light from all those time spent in darkness. It's just wow, and you can't help by bragging especially in the face of all the night creatures out there that still think there's only one way, their way.

Obviously those numbers don't include Flash itself.

The best way to secure a Mac is still to keep Java and Flash off of it in the first place.

But I thought Mac's couldn't get viruses?

Prophylaxis not Always a Panacea.

Similarly, because there are no known signatures for Mac viruses (because no viruses yet exist), there is no way to prevent infections that might be developed. The security software would have to be updated to provide any protection, but that update mechanism also serves as a potential vector for distributing elements of malicious attacks, either directly or by opening up potential new vulnerabilities.

Were there some real, plausible risk of Mac viruses being developed (say, you operated a large lab of Macs that served as a valuable target for attackers), it might make some sense to install anti-virus tools so that you could mitigate damage once a threat was discovered. It also might make some sense for some institutions to install tools that limit what software its users can install.

However, for home users, Mac anti-virus makes no sense whatsoever. All it can possibly do is slow down the system, add some irritating interruptions, and provide a false sense of security while actually undermining real security by adding new layers of potential vulnerabilities. Very targeted attacks, ones that might exploit a vulnerability to gain access to your system, are not preventable with anti-virus software that only scans for known patterns of malicious software.

Really, how useful is it to install anti-virus software that can realistically only stop you from installing software you should know better than to attempt to install in the first place, whether its the pirated version of Photoshop or the pirated version of iWork or an unknown anti-virus package from the web? Yes, those are the four fearsome malware examples Goodin cited as his rising tide of Mac malware, and which, coincidentally, Intego cites as the reasons to buy its Mac software.

Of course, the security experts at Kaspersky, Symantec, Intego, and others dont want you to know that. They want you to read scary articles like those that regularly appear on CNET, Wired, and the Register, which are based on press releases issued by those vendors, all suggesting that Macs are really damn close to being dangerous to use, and that their products are really critical for your continued safety.

If you'd like to read more here's the whole article and the source for the above words: http://www.roughlydrafted.com/2009/0...-malware-myth/

When the Symantec Endpoint Protection on my works Windows laptop fires up, there is a real performance hit.

I cannot say whether it is just our IT department's settings that make it so bad or if recent consumer AV software is better in this respect.

But I thought people could read?

First, no one ever said that Macs couldn't get viruses (at least, no one rational). The statement has often been made that there are no viruses in the wild that affect Mac OS X. And that statement is true.

Second, this is not a virus - it's a trojan. It is nearly impossible to completely protect a computer from a trojan unless you completely lock it down and make it impossible for the customer to install software that hasn't been approved by the OS vendor (a la the Apple iOS software store). It is unlikely that a PC would be accepted that wouldn't allow the user to install software.

Yeah Endpoint Protection is a huge drag on PCs here too. BTW how would one detect the trojan on a Mac? Does it work on Leopard, Snow Leopard and Lion machines? I need to go check all of our systems and want a quick way to detect.

EDIT: Oh I see, just run those two Terminal commands. Sorry to bother.

Exactly. This story has echoed verbatim (even BBC news is carrying it) without ANYONE, anywhere actually providing some evidence of their claims. I'm genuinely interested for anyone anywhere to provide some more data for this.

Wow, so this is all I have to do to protect my Mac?

They can't. Trojans, however . . . no way to protect against those.

Actually, that's not true. Apple is solely responsible for its own implementation of the JVM. No code is taken from Sun/Oracle.

It's the other way around. Apple has last year donated its code to Oracle, and starting with JDK 7 Oracle will be providing JVM for OS X.

i don't know, but here's a wild guess: perhaps, the kids are getting worked up because they are overly defensive and any hint of bad news about Apple is treated like a personal strike / attack against themselves. as perverse as it sounds, it seems their personal identity is tied to a piece of electronic equipment.

You guys are a laugh riot.

I suppose you think that the only alternative to trusting everything we find via Google is to trust nothing we find via Google?

Hey - those are the only possible choices, eh?

I love AI!

I use the rhythm method...

THIS is why iOS lockdown is the way to go (among other reasons.)

Pretty much.

You can also do a "sudo touch" on the rest of the list...unless you have one installed. I personally always install Xcode.

/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app

That it came from an software company that specializes in this type of software to me is suspect. It seems like when Sophos or whomever finds a virus, their software will stop it of course. And no one else ever backs up the claim. Really makes you wonder how true the information is.

Plus there's calling it a Mac whatever when in most cases its not really. You can't get it from just running Mac OS. You have to be using Java, Flash, Microsoft Office, etc. And you have to be using an old version of that whatever generally. I believe this one was an exploit of Java versions that originated with Snow Leopard, if not Leopard. If you have updated to the Lion compatible versions you are fine as I recall. Although many Lion users never bothered to download a runtime anyway cause they haven't needed it. Especially the newbie users that got their first Mac since Lion came out.

Oh and I love the touch of saying there's a noticeable number of computers infected in Cupertino. To the general public Cupertino=Apple. If Apple can get infected then this must be really really bad. And all the newbie types that would make that leap don't know how to use terminal or open an app's package contents so of course they would run to buy a program to clean and protect their computer.

I agree to a degree. Some of the 3rd party apps have bugs in them that are as bad in terms of the result to the customer as a virus. And they do things like uploading your address book without permission etc.

I think that if Apple is going to vet apps they need to do it more fully. they need to really go over the code and vet what it is doing. They need to actually publish for developer use some of the code bits for 'proper' whatever to ensure that folks are using the best method. And they need to do things like not allowing apps to stay on sale if they were written for iOS 2 and 3 and never updated to the more efficient methods of battery control, memory clearance etc.

And that's not even getting into my other gripes like the 15 game networks out there (especially the ones that want access to your whole Facebook), IAP abuses and lack of uses, lack of a common file container even if we can't directly access it etc.

Same here. I decided to clean install Lion (after I ran an initial install to get the recovery partition) and just brought over my user data. Clean installed my applications as well. I knew that there was no Flash or Java so I decided to just wait until I needed them before I bothered looking for them.

This was in October of last year. To date, I still haven't gotten either. Haven't needed them

And was it impossible for one to go to the source and get the patch. Was it Windows only, or such. did you have to wait for Apple to do their 'software update' version or could you have gotten it yourself.

Is this gripe really because Apple didn't bother to fix a known issue (that wasn't actually theirs to fix) and forced you to wait or because you were too lazy to do the work yourself and choose to wait until Apple did it and served it to you on a silver platter

No they wouldn't. THese percents are about the distribution of the known infected systems against the whole infection. So all they need is to know how many machines are infected and where they come from (which the IP would tell them). If they figured out what the trojan was up to, they might have figured out a way to intercept the information, perhaps even knowingly infected a computer of their own to get it (similar to how the studios put up torrents to get folks to grab them so they can read the IP address of the peers)

Already gotten. Although they weren't porting Java, just the installer. And they stopped doing it as of Lion, same with Flash. This update was likely targeting Snow Leopard and before users, rather than those who would have gotten their runtime directly from Oracle and thus the update directly from them in Feb

That's just what they claimed to have done, redirecting the botnets to their own servers using a hacker trick referred to as a blackhole by at least one report and a sinkhole by most others I've seen

And this would mean what exactly?

I don't have any complaint as it's not my issue. If you have the knowledge to protect yourself then you certainly shouldn't blame Apple I suppose.

With that said the complaints about Apple's slow response to reported security issues aren't new according to ArsTechnica, who I consider as fair-minded as any tech blog. They note:

"Although Apple stopped bundling Java by default in OS X 10.7 (Lion), it offers instructions for downloading and installing the Oracle-developed software framework when users access webpages that use it. Some security researchers have for years criticized Apple for lagging behind Microsoft and Linux distributors in releasing Java updates to its users. F-Secure has recently joined others in counseling Mac users to disable Java on machines that don't regularly use it."
http://arstechnica.com/apple/news/20...ord-needed.ars

Actually, it is you that is posing it as an either or choice. Of course there are other choices. The point is not to take those two sources, actually the internet in general as a completely reliable source. People mistake Wikipedia for the Encyclopedias we used to have as kids.

The problem, and this is both agreement and disagreement, is that while running a curated (more appropriate term than "lockdown") system has many benefits (Quadra's point), there is no way to actually protect yourself from invasive apps (mr. tuna's point).

What iOS needs is the equivalent of Little Snitch, but Apple isn't allowing it, AFAIK. There is a similar app available for jailbroken devices, but good luck buying it without giving up personal info to that seller.

The privacy dangers of running a mobile device with full-time connectivity, access to much of your personal data, AND NO WAY TO MONITOR OR BLOCK OUTGOING NETWORK TRAFFIC are mindboggling. I refuse to use a device like this connected to the open internet. I think if people had a clue about all the data sent out from their apps there would be a minor revolution, or at least a strong push for something like Little Snitch for iOS. Please join me in pressing Apple for this!

I suspect the issue is a conflict of interest. Apple wants as many developers as possible, and many developers still want to be able to poke their fingers into your data. Not just the obvious stuff like address book, but relatively benign things as well, like tracking how many times you launch your app, where you launch it, etc. That's fine IF AND ONLY IF the user understands what data they're giving away and agrees to do so. Openly, and with reasonable option to opt out without giving up the ability to use the app. Apps that won't launch without users agreeing to allow transmission of data back to the home servers are unsavory at best.

With the time, I'm getting more and more convinced that if there weren't any antivirus companies, there would be less than 90% of viruses around.

This.

Every once in a long while you come across a particularly cogent gem on this site. Thanks for that AndreiD.

Sorry, but simple math says that you're wrong.

As for the rest, I'm still trying to figure out how in the world they were able to access the server records of the servers to know how many clients were infected.

he is wrong though. Most so called virus's that infect windows machines get installed the same way one would get installed on a mac. By the user running the program as an admin. On a mac the user would just type in their password when the prompt comes up and it would install itself.

Mac users keep saying windows is inherently bad and mac cannot be touched. Thats not true. OSX is just as insecure as windows when it comes to the main thing that is getting installed on machines today.

Also a real antivirus does stop a trojan from even running. So as more of these trojans for mac appear having a virus scanner on a mac will help when it comes to users like parents who will just let anything run.

The malware scans text entered into Safari for usernames and passwords and sends them to a server somewhere. This means Paypal, banking, online store accounts etc.

I think this is quite a dangerous iteration of the software as it doesn't directly ask for your password as it did before:

http://www.telegraph.co.uk/technolog...passwords.html

Apparently there are 4 million compromised web pages:

http://www.pcmag.com/article2/0,2817,2402641,00.asp

Anyone visiting those pages with an unpatched Mac, with Java installed and enabled will have it installed behind the scenes.

Apple should probably setup Java in Safari to ask the user if Java should execute code on every page that requests it. This way, it would be clear if a website is trying to run code stealthily.

OK I'm on the same page as you however I don't use a Mac Pro. I don't know if I am infected or not. I've always (for years) have disabled Java in my browser and use Little Snitch and ClamxAV. This antivirus cat and mouse game is a war. In all wars misinformation is an important weapon. A Russian security company (with exact numbers) telling me not to worry about a Russian trojan when you have ClamxAV or Little Snitch install is highly suspect. Are they trying to get me to let my guard down? Are they the real BOT masters?

I have a program (SnapProX) that lately has been continuously asking me to allow a call back home to check for software updates. I only know this because LS tells me, not the developer's App. However, I have alway had "checked for update" on this program disabled. This unexpected behavior is what made me suspicious. Although I think the Mac is relatively secure, I believe we should not think we are safe from any type of malware.

This week I had a online fraudulent credit card purchase attempted in the UK (I am in the US) which my bank picked up and would not allow it to pass until the bank let me know. The Visa/debit card number had to be changed. Luckily I had two CC numbers attached to the same bank account (which are not the real bank account number), which is isolated from other accounts and only used for online purchases.

Also Little Snitch keeps flagging Apple's software update wanting to allow port 80 and when I deny it, the program tries again and asks for port 443. This has never been my experience with these programs. I have Apple's software update on manual and it should not be asking at all. I do suspect an infection of some sort but have found none. However I always suspect an infection. That's my normal state of mind and it should be all Mac users too.

I don't know what "touch" means in that terminal command. See my post above this one for a take on Little Snitch. I consider myself pretty good at knowing how my computer works, and I know plenty about terminal but I avoid it like the plague. It is too dangerous for mere mortals. UNIX is not for mere mortals that's why Apple built its OSX on top of UNIX in the first place.

In any case, I think Macs now or in the future, needs to worry about virus because the new methodology is getting in with a trojan to install a virus. It doesn't matter if Macs are virus proof when they are not, and never will, be trojan proof. If you have an operating system that needs to get to the lower levels of the computer, you open the door to UNIX hackers through social engineering the UNIX keys to the locks, which is [UNIX] one of the most secure operating systems on the planet.

Thank you very much for coming out of the closet and acknowledging you are not one of us. I've known you as a troll. Your statement above implies you believe you're an outsider to the AI community. That's OK with me because you are way too cynical for an Apple lover and you always present the negative to all things Apple.

Before this outing you were just a troll. Now we know you are a trojan horse trying to infect our AI community with your viral FUD. So you're a virus.

mashable has a good article and simple ways to test

http://mashable.com/2012/04/05/mac-flashback-trojan/

http://mashable.com/2012/04/05/mac-f...-trojan-check/

i downloaded the scripts and unzipped ran both
and all my macs are clean

For those who got infected, I got some questions. I'm a long time Windows user, and dealt with viruses.. got fed up, and ended up using Linux and now a Mac OS X Lion user, both are much more secure than Windows regarding virus-trojan infections.

Again to those who got 'infected' by this trojan, what was your MAIN WEB BROWSER? Java installed or not? Does it have flash plug-in? Javascript on or off?

I'm looking at a more secure web browser..

I guess you're "smarter" than the other 600,000 Mac users who were infected? It's time to stop being a bunch of smug pricks and please READ the article before commenting!!!! This trojan SILENTLY installs in the background with NO USER INTERACTION REQUIRED. Why do you think 600,000 Macs were infected? You simply visit an infected website with Java enabled and your Mac is infected. In the Windows world it's called a drive by download.

I'm running the new Sophos 8.0 antivirus for Mac which was just released yesterday and I have been for several months without a bit of shame for doing so. Better to be safe than sorry. I know it's a hard pill to swallow for us Mac users but this won't be the last mass attack that will be successful.

What i don't understand is why the trojan aborts the installation if Xcode is present. I can understand the rest of the AV software and network monitoring but Xcode?