New Java malware attacks Apple's OS X along with Windows, Linux - Page 2

I know that, thank you. Just please don’t take that one exception and make it a rule. OK? GUI is a logical evolution of a commad line desktop if you will.

I could be wrong, but I seem to recall that the view shown in this article represents an expanded view of that dialogue box.

So why do consumers need it, then? Leave it to companies and servers on the back end to handle. We don't need it on OUR computers.

Ridiculous. The problem is the same with C++, Objective-C or whatever...

 

IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

 

I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.

The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.

 

This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".

Any system, with or without Java, will suffer from this issue.

Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), OR you decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.

 

Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.

Mr Clueless will never, ever be protected, as long as he doesn't realize that:

 

IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.

OpenOffice, for example, disagrees with you.
I also do.

 

We need as much software choice as possible on our computers. Computers are NOT iPads. They are work tools. They need choice.

 

Note that, however, enabling the user to install Java if he wants it but disabling it by default suits me perfectly...

 

 

What I'd like, however, if anyone feels full of energy, is someone to go and bash Adobe with a huge latex stick. I've been in the graphists' guys room today. I've seen Photoshop crash FOUR TIMESin the brief hour I was there. A software that crashes is a software that can be hacked into, apart form the fact it makes the artists very touchy about everything in life, and hence my life generally more complicated ;)

And if you're wise/Knowledgeable enough to enable Java AND Rosetta, you probably are wise/knowledgeable enough to not fall for social engineering ploys...

 

You are way over-arguing your point here and just look foolish.  Most of the people you are arguing against and making fun of here (me for instance) would actually agree with what you're saying above anyway.  My point was that in *addition* to the obvious things you state here, Java itself is a failed, useless concept that the end user doesn't need and has instead become an infection vector for the most part.  

 

OpenOffice is a steaming pile of excrement that no reasonable person should attempt to use.  

Java is half the reason.  

 

Technical magic trick:

 

1) make a list of all the cross-platform software that primarily uses Java to achieve this

2) make a list of some of the crappiest, ugliest, slowest, hardest to use programs

 

The lists become magically identical!!!!

Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.

 

When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.

and everybody should have antivirus including mac users who too often think they are immune from malware...that's not the case osx is as vulnerable as other os

Okay, that's just pure FUD.

Your numbers are dwindling.

{Citation needed, but will never be provided}

If your a developer who equates GUI use to computer illiteracy, you're a developer with no clients.

 

To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"

 

 

Yup, it sure is. Our company uses mission-critical 100% cross-platform software from a major U.S. corporation that only runs in Java 1.5. It's very, very popular software in this business.

So do you have any idea how much money you'd make by writing a modern version thereof?

 

Off topic, but I have never understood this question.  

 

You only have to look up the science in any textbook for the answer.  

The answer is no. Without an observer, the falling tree makes no sound.  Period.  

 

As for the other two examples, the programmer is obviously still a programmer but in the typical spousal argument, the woman is almost always right.  

he is still a programmer. Being a programmer doesn't require having clients. You may be a hungry programmer, or busy doing other things to make money, but your still a programmer.

the question is stupid to try to make children think... and your answer is wrong. Sound waves are produced without any help from an ear, human or otherwise. Sound waves can also affect things without ears. making a sound means producing a sound wave... so yes, sound waves can be produced even if no one hears them, because it can be measured in other ways. If you think your ear somehow helps produce all the sound waves it hears, then you're living in Lala Land™

This isn't a rant against Tallest Skil. He's just a representative on the front line.

 

I call for a posting boycott until this forum software is scraped or repaired. How long would it take if posting fell through the floor, instead of we forum users allowing AI to get away with offering such junk. It's software like this one you're using that is more likely to have security holes in it. If AI doesn't want smileys, then remove them totally from the program. etc etc etc. Fix it, or you (AI) are the problem.

 

 

You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.

So once the backdoor is open what can be executed and on what account? I thought that when using shell you still need to figure out passwords to admin accounts in order to do serious damage.

 

Of course many users are ignorants and have configured default login with admin privileges. So convenient to be foolish. Just leave your keys under floor mat next to your home entrance doors. It is also conevenient.

Huddler handles hosting. Heh, alliteration. They also are in charge of the code base and therefore implementation. We've compiled a list of changes we'd like to see, but as with all bureaucracies, these things take (a lot of) time.

 

Wow.  *I'm* "ignirant"?  Hmmmm... 

 

Considering that only (roughly) 40% of a given population (modern, western countries), is typically even *interested* in sports, and considering that Formula 1 racing is one of those marginal sort of sporting things that only a tiny percentage of the population that does like sports follows or cares about, I would say that this plug-in is hardly essential or necessary to the average user.  

 

Also, you missed part of my point entirely which was that these stupid java plug-ins and sites that "require" them could easily accomplish the same ends with other software that doesn't require them.  

Edited by Gazoobee - 7/11/12 at 7:35pm

 

If you read carefully, you will see that I actually agreed about the programmer still being a programmer.  

 

As for the "sound in a forest question," unfortunately it is you that are wrong.  I didn't say that the falling tree wouldn't produce compression waves ("sound waves") in the air. I merely said that it wouldn't produce "sound."  

 

I'm right.  It won't, and what's more it can't.  Look it up.  

If you are trying to suggest that there is a functional difference between "sound waves" and "sound", you need to be a bit more specific about what it is I should be looking up. I can only guess that you are talking about quantum physics, about observation of quantum events and whatnot; if that is what you are talking about, you are wrong. The quantum reality of how subatomic particles behave under observation is completely irrelavent when talking about sound waves and other events on the scale visible to the naked eye. That's why quantum theory is so weird, because these two real scales of reality (the quantum scale and the ordinary scale) are fundamentally different in how the rules play out.

I'm not making fun of you...  I apologize if my words did not convey my meanings properly and hurt your feelings.

 

I just happen to work with (and support) quite a few "clueless" users (artists mainly), and anytime I'm at my mother in law's, guess who gets asked to solve the PC's issues.

I'm happy to say the Macs at my parents quite work, even though my Mom in particular is sort of technology-averse :p

 

I like Java, and I tend to believe people who hate Java fall in three categories:

 

- people with an agenda

- developers with another religious belief (and well, I've learnt it's not worth fighting the Emacs/Vim war a few years ago already...)

- people who don't understand technology and just think "it doesn't work, so it must be (accuse whatever technology they see the name of in a dialog box)"

 

I think you're neither the first or the last case, and you're as entitled to freedom of developer religious beliefs, as I am :D

Edited by lightknight - 7/12/12 at 1:29am

Double post.

Can you please elaborate and explain how you came to this conclusion?

 

It's like saying without flash there wouldn't have been youtube....

Recently moved "Internet Plugins" to "Internet Plugins (Disabled)" folder. Never happier. The plugin web is now dead. Some people refuse to accept it, but, there you go.

Well, it's nonsense, so I'm not optimistic about that poster's explanation.