or Connect
AppleInsider › Forums › Software › Mac OS X › New Java malware attacks Apple's OS X along with Windows, Linux
New Posts  All Forums:Forum Nav:

New Java malware attacks Apple's OS X along with Windows, Linux - Page 2

post #41 of 68
Quote:
Originally Posted by bonobob View Post

Maybe you shouldn't make stuff up, either.  The command line and the gui both have their place, and there are things one can do on the command line far faster and more easily than in a gui--and vice versa.

I know that, thank you. Just please don’t take that one exception and make it a rule. OK? GUI is a logical evolution of a commad line desktop if you will.

Which of us is the fisherman and which the trout?

Reply

Which of us is the fisherman and which the trout?

Reply
post #42 of 68
Quote:
Originally Posted by digitalclips View Post

I'm surprised the 'Continue' button is shown as the default on the Mac dialog. The default is usually the safest option in my experience.

I could be wrong, but I seem to recall that the view shown in this article represents an expanded view of that dialogue box.
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
post #43 of 68
Quote:
Originally Posted by chelin74 View Post

Without Java there would be no iTunes, no iCloud, no Apple Store... people that think that Java is obsolete are ignorant.

So why do consumers need it, then? Leave it to companies and servers on the back end to handle. We don't need it on OUR computers.

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #44 of 68
Quote:
Originally Posted by Gazoobee View Post

 

Except every University or large corporation I've ever visited or worked for has self-trusted and sometimes unsigned certificates from time to time.  The reality is that you just have to trust sometimes.  

 

I think the real problem here is Java.  


Ridiculous. The problem is the same with C++, Objective-C or whatever...

 

IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

 

I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.

The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.

 

This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".

Any system, with or without Java, will suffer from this issue.

Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), OR you decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.

 

Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.

Mr Clueless will never, ever be protected, as long as he doesn't realize that:

 

IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #45 of 68
Quote:
Originally Posted by Tallest Skil View Post


So why do consumers need it, then? Leave it to companies and servers on the back end to handle. We don't need it on OUR computers.


OpenOffice, for example, disagrees with you.
I also do.

 

We need as much software choice as possible on our computers. Computers are NOT iPads. They are work tools. They need choice.

 

Note that, however, enabling the user to install Java if he wants it but disabling it by default suits me perfectly...

 

 

What I'd like, however, if anyone feels full of energy, is someone to go and bash Adobe with a huge latex stick. I've been in the graphists' guys room today. I've seen Photoshop crash FOUR TIMESin the brief hour I was there. A software that crashes is a software that can be hacked into, apart form the fact it makes the artists very touchy about everything in life, and hence my life generally more complicated ;)

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #46 of 68
Quote:
Originally Posted by lkrupp View Post

So let me get this straight. In order for a Mac to get infected you A) must have Java installed AND active and B) you must have Rosetta installed and C) you have to fall for the malware social engineering ploy.
I'm running Lion with Java installed but not turned on. Since The latest Java update turns Java off by default and will turn it off if inactive after a period of time I wonder how many Macs will be vulnerable.


And if you're wise/Knowledgeable enough to enable Java AND Rosetta, you probably are wise/knowledgeable enough to not fall for social engineering ploys...

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #47 of 68
Quote:
Originally Posted by lightknight View Post


Ridiculous. The problem is the same with C++, Objective-C or whatever...

 

IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

 

I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.

The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.

 

This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".

Any system, with or without Java, will suffer from this issue.

Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), OR you decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.

 

Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.

Mr Clueless will never, ever be protected, as long as he doesn't realize that:

 

IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.

 

Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.

 

You are way over-arguing your point here and just look foolish.  Most of the people you are arguing against and making fun of here (me for instance) would actually agree with what you're saying above anyway.  My point was that in *addition* to the obvious things you state here, Java itself is a failed, useless concept that the end user doesn't need and has instead become an infection vector for the most part.  

post #48 of 68
Quote:
Originally Posted by lightknight View Post


OpenOffice, for example, disagrees with you.
I also do. ....

 

OpenOffice is a steaming pile of excrement that no reasonable person should attempt to use.  

Java is half the reason.  

 

Technical magic trick:

 

1) make a list of all the cross-platform software that primarily uses Java to achieve this

2) make a list of some of the crappiest, ugliest, slowest, hardest to use programs

 

The lists become magically identical!!!!

post #49 of 68
Quote:
Originally Posted by Povilas View Post


Really. I don’t care how smart you are it’s just simply less protuctive to try working in a command line world. Please don’t make stuff up. Thank you.


Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.

 

When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.

Mac Pro, 8 Core, 32 GB RAM, nVidia GTX 285 1 GB, 2 TB storage, 240 GB OWC Mercury Extreme SSD, 30'' Cinema Display, 27'' iMac, 24'' iMac, 17'' MBP, 13'' MBP, 32 GB iPhone 4, 64 GB iPad 3

Reply

Mac Pro, 8 Core, 32 GB RAM, nVidia GTX 285 1 GB, 2 TB storage, 240 GB OWC Mercury Extreme SSD, 30'' Cinema Display, 27'' iMac, 24'' iMac, 17'' MBP, 13'' MBP, 32 GB iPhone 4, 64 GB iPad 3

Reply
post #50 of 68
Quote:
Originally Posted by Apple ][ View Post

 

I don't think that somebody has to work in tech or be a computer expert to have common sense. Everybody should know that there are a ton of criminals lurking on the internet and they are looking to steal your money. There's no excuse for even the most computer illiterate person to not know that. I don't really see this scam as much different than getting scammed using more traditional methods, such as a scammer calling somebody on the telephone.

and everybody should have antivirus including mac users who too often think they are immune from malware...that's not the case osx is as vulnerable as other os

"Apple people have no objectivity when it comes to criticism of Apple.." Lenovo X1 Carbon is out..bye bye MBAir

Reply

"Apple people have no objectivity when it comes to criticism of Apple.." Lenovo X1 Carbon is out..bye bye MBAir

Reply
post #51 of 68
Quote:
Originally Posted by Mario View Post

Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient.

Okay, that's just pure FUD.
Quote:
But then again I'm a developer living in the command line 100% of the time.

Your numbers are dwindling.
Quote:
Originally Posted by daylove22 View Post

…osx is as vulnerable as other os

{Citation needed, but will never be provided}

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #52 of 68
Quote:
Originally Posted by Mario View Post


Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.

 

When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.

If your a developer who equates GUI use to computer illiteracy, you're a developer with no clients.

 

To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"

post #53 of 68
Quote:
Originally Posted by waldobushman View Post

However, is PowerPC and Rosetta still important. I haven't missed Rosetta since it was pulled from the OS and I haven't missed the programs that utilized it.

 

 

Yup, it sure is. Our company uses mission-critical 100% cross-platform software from a major U.S. corporation that only runs in Java 1.5. It's very, very popular software in this business.

post #54 of 68
Quote:
Originally Posted by dualie View Post

Yup, it sure is. Our company uses mission-critical 100% cross-platform software from a major U.S. corporation that only runs in Java 1.5. It's very, very popular software in this business.

So do you have any idea how much money you'd make by writing a modern version thereof?

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #55 of 68
Quote:
Originally Posted by waldobushman View Post

... To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"

 

Off topic, but I have never understood this question.  

 

You only have to look up the science in any textbook for the answer.  

The answer is no. Without an observer, the falling tree makes no sound.  Period.  

 

As for the other two examples, the programmer is obviously still a programmer but in the typical spousal argument, the woman is almost always right.  

post #56 of 68
Quote:
Originally Posted by waldobushman View Post

If your a developer who equates GUI use to computer illiteracy, you're a developer with no clients.

To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"
he is still a programmer. Being a programmer doesn't require having clients. You may be a hungry programmer, or busy doing other things to make money, but your still a programmer.

Quote:
Originally Posted by Gazoobee View Post

Off topic, but I have never understood this question.  

You only have to look up the science in any textbook for the answer.  
The answer is no. Without an observer, the falling tree makes no sound.  Period.
the question is stupid to try to make children think... and your answer is wrong. Sound waves are produced without any help from an ear, human or otherwise. Sound waves can also affect things without ears. making a sound means producing a sound wave... so yes, sound waves can be produced even if no one hears them, because it can be measured in other ways. If you think your ear somehow helps produce all the sound waves it hears, then you're living in Lala Land™
post #57 of 68
Quote:
Originally Posted by Tallest Skil View Post


You want to click Quote. Reply does absolutely nothing.

This isn't a rant against Tallest Skil. He's just a representative on the front line.

 

I call for a posting boycott until this forum software is scraped or repaired. How long would it take if posting fell through the floor, instead of we forum users allowing AI to get away with offering such junk. It's software like this one you're using that is more likely to have security holes in it. If AI doesn't want smileys, then remove them totally from the program. etc etc etc. Fix it, or you (AI) are the problem.

post #58 of 68
Quote:
Originally Posted by Gazoobee View Post

 

Yep, unless you bare in business, you shouldn't even have Java installed, or turned on.  The average user doesn't need it for squat.  

 

 

You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.

post #59 of 68

So once the backdoor is open what can be executed and on what account? I thought that when using shell you still need to figure out passwords to admin accounts in order to do serious damage.

 

Of course many users are ignorants and have configured default login with admin privileges. So convenient to be foolish. Just leave your keys under floor mat next to your home entrance doors. It is also conevenient.

post #60 of 68
Quote:
Originally Posted by ljocampo View Post

I call for a posting boycott until this forum software is scraped or repaired. How long would it take if posting fell through the floor, instead of we forum users allowing AI to get away with offering such junk. It's software like this one you're using that is more likely to have security holes in it. If AI doesn't want smileys, then remove them totally from the program. etc etc etc. Fix it, or you (AI) are the problem.

Huddler handles hosting. Heh, alliteration. They also are in charge of the code base and therefore implementation. We've compiled a list of changes we'd like to see, but as with all bureaucracies, these things take (a lot of) time.

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #61 of 68
Quote:
Originally Posted by maciekskontakt View Post

 

 

You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.

 

Wow.  *I'm* "ignirant"?  Hmmmm... 

 

Considering that only (roughly) 40% of a given population (modern, western countries), is typically even *interested* in sports, and considering that Formula 1 racing is one of those marginal sort of sporting things that only a tiny percentage of the population that does like sports follows or cares about, I would say that this plug-in is hardly essential or necessary to the average user.  

 

Also, you missed part of my point entirely which was that these stupid java plug-ins and sites that "require" them could easily accomplish the same ends with other software that doesn't require them.  


Edited by Gazoobee - 7/11/12 at 7:35pm
post #62 of 68
Quote:
Originally Posted by doh123 View Post

... the question is stupid to try to make children think... and your answer is wrong. Sound waves are produced without any help from an ear, human or otherwise. Sound waves can also affect things without ears. making a sound means producing a sound wave... so yes, sound waves can be produced even if no one hears them, because it can be measured in other ways. If you think your ear somehow helps produce all the sound waves it hears, then you're living in Lala Land™

 

If you read carefully, you will see that I actually agreed about the programmer still being a programmer.  

 

As for the "sound in a forest question," unfortunately it is you that are wrong.  I didn't say that the falling tree wouldn't produce compression waves ("sound waves") in the air. I merely said that it wouldn't produce "sound."  

 

I'm right.  It won't, and what's more it can't.  Look it up.  

post #63 of 68
Quote:
Originally Posted by Gazoobee View Post

As for the "sound in a forest question," unfortunately it is you that are wrong.  I didn't say that the falling tree wouldn't produce compression waves ("sound waves") in the air. I merely said that it wouldn't produce "sound."  

I'm right.  It won't, and what's more it can't.  Look it up.  

If you are trying to suggest that there is a functional difference between "sound waves" and "sound", you need to be a bit more specific about what it is I should be looking up. I can only guess that you are talking about quantum physics, about observation of quantum events and whatnot; if that is what you are talking about, you are wrong. The quantum reality of how subatomic particles behave under observation is completely irrelavent when talking about sound waves and other events on the scale visible to the naked eye. That's why quantum theory is so weird, because these two real scales of reality (the quantum scale and the ordinary scale) are fundamentally different in how the rules play out.
post #64 of 68
Quote:
Originally Posted by Gazoobee View Post

 

You are way over-arguing your point here and just look foolish.  Most of the people you are arguing against and making fun of here (me for instance) would actually agree with what you're saying above anyway.  My point was that in *addition* to the obvious things you state here, Java itself is a failed, useless concept that the end user doesn't need and has instead become an infection vector for the most part.  

I'm not making fun of you...  I apologize if my words did not convey my meanings properly and hurt your feelings.

 

I just happen to work with (and support) quite a few "clueless" users (artists mainly), and anytime I'm at my mother in law's, guess who gets asked to solve the PC's issues.

I'm happy to say the Macs at my parents quite work, even though my Mom in particular is sort of technology-averse :p

 

Quote:
Originally Posted by Gazoobee View Post

 

OpenOffice is a steaming pile of excrement that no reasonable person should attempt to use.  

Java is half the reason.  

 

Technical magic trick:

 

1) make a list of all the cross-platform software that primarily uses Java to achieve this

2) make a list of some of the crappiest, ugliest, slowest, hardest to use programs

 

The lists become magically identical!!!!


I like Java, and I tend to believe people who hate Java fall in three categories:

 

- people with an agenda

- developers with another religious belief (and well, I've learnt it's not worth fighting the Emacs/Vim war a few years ago already...)

- people who don't understand technology and just think "it doesn't work, so it must be (accuse whatever technology they see the name of in a dialog box)"

 

I think you're neither the first or the last case, and you're as entitled to freedom of developer religious beliefs, as I am :D


Edited by lightknight - 7/12/12 at 1:29am

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #65 of 68

Double post.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #66 of 68
Quote:
Originally Posted by chelin74 View Post

Without Java there would be no iTunes, no iCloud, no Apple Store... people that think that Java is obsolete are ignorant.

Can you please elaborate and explain how you came to this conclusion?

 

It's like saying without flash there wouldn't have been youtube....

post #67 of 68
Recently moved "Internet Plugins" to "Internet Plugins (Disabled)" folder. Never happier. The plugin web is now dead. Some people refuse to accept it, but, there you go.
post #68 of 68
Quote:
Originally Posted by AndreiD View Post

Can you please elaborate and explain how you came to this conclusion?

It's like saying without flash there wouldn't have been youtube....

Well, it's nonsense, so I'm not optimistic about that poster's explanation.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › New Java malware attacks Apple's OS X along with Windows, Linux