YOU are the best line of defense because NOTHING is going to install on its own.
AI's article says that isn't the case at all. You should talk to the admin to have the story corrected.
"Once a user visits a site carrying Flashback, the program installs itself without the need for permission and proceeds to collect sensitive data like user iDs, passwords and web browsing histories which it then sends to an off-site repository."
I agree. Visiting a malicious web site checks if you have java installed, if found it forces you to update java using its own "fake" java update, same thing happens even if you dont have java installed, unfortunately most website needs java installed for its various needs / designs. Apple failed to warn its users about this, what they did is not to install java by default. Its been known that theres a multitude of java exploits out there, the new HTML5 will change this, but thats another exploit waiting to happen.
Every web site you go to download a bit of info to your computer, a web browser have cache that it maintains.. if for example your using the fastest browser now a days like Google Chrome, and you have ClamAV as an anti virus, it will flag a Google Chrome cache as a threat. The faster the web browser is, the more it downloads to its caches, from java , flash, cookies etc... you can limit some of these using options built in to your web browser, or setting up your java to clear its own cache when you exit a web browser.. try downloading ccleaner for instance and see how much crap is left in your apple mac without you knowing it.. did you allow it to happen? No, your just browsing / surfing the net , right? the same principle happens when you browse a malicious web site, that "crap" downloads to your system without you knowing it, since its maliciously designed to "fool" you one way or the other, its ALREADY on your computer. Its as simple as that.
…that "crap" downloads to your system without you knowing it, since its maliciously designed to "fool" you one way or the other, its ALREADY on your computer. Its as simple as that.
Where it can do absolutely nothing without your password. Which you give it.
How will Mac OS X protect me from this sites? Will it warn me about what it is? Surely an Anti-Virus like Sophos, or using a third party software will protect me against these but not Mac OS X.
I dont know if the above website involve the latest trojan , or might be something elsle, be warned!
One of these site even looks like a legitimate well known Bank..
So again, I ask , how will Mac OS X protects me from these sites? if ever , can you post something (pictures or screen shots) that the system did protect you from even opening these sites, I would love to see it, seeing Mac OS X in action!
ps: correct me if im wrong, as you can see, im just a newbie around here.
Independent studies shows Sophos did fairly well.. AVG, Avast and Bitdefender is gaining grounds on Malware protection, Avast still on beta for Mac as I see it, and it does'nt offer Mac Business suites for now.
Its my first time to use Sophos and its seems to be ok, it caught EICAR test file fast as it was downloaded to my Mac. I've been a fan of Bitdefender, due to its linux support, also been using it without a problem.
Comments
Quote:
Originally Posted by Tallest Skil
YOU are the best line of defense because NOTHING is going to install on its own.
AI's article says that isn't the case at all. You should talk to the admin to have the story corrected.
"Once a user visits a site carrying Flashback, the program installs itself without the need for permission and proceeds to collect sensitive data like user iDs, passwords and web browsing histories which it then sends to an off-site repository."
Quote:
Originally Posted by Gatorguy
AI's article says that isn't the case at all. You should talk to the admin to have the story corrected.
My statement remains correct. OS X doesn't install Java on its own.
I agree. Visiting a malicious web site checks if you have java installed, if found it forces you to update java using its own "fake" java update, same thing happens even if you dont have java installed, unfortunately most website needs java installed for its various needs / designs. Apple failed to warn its users about this, what they did is not to install java by default. Its been known that theres a multitude of java exploits out there, the new HTML5 will change this, but thats another exploit waiting to happen.
So, what are we supposed to do..
Quote:
Originally Posted by egrar
…if found it forces you to update java using its own "fake" java update…
Ooh, neat. Your computer holds a gun to your head! How extraordinary. Apple doesn't advertise that feature very often.
Listen to the guru Tallest Skill he knows everything.
Every web site you go to download a bit of info to your computer, a web browser have cache that it maintains.. if for example your using the fastest browser now a days like Google Chrome, and you have ClamAV as an anti virus, it will flag a Google Chrome cache as a threat. The faster the web browser is, the more it downloads to its caches, from java , flash, cookies etc... you can limit some of these using options built in to your web browser, or setting up your java to clear its own cache when you exit a web browser.. try downloading ccleaner for instance and see how much crap is left in your apple mac without you knowing it.. did you allow it to happen? No, your just browsing / surfing the net , right? the same principle happens when you browse a malicious web site, that "crap" downloads to your system without you knowing it, since its maliciously designed to "fool" you one way or the other, its ALREADY on your computer. Its as simple as that.
Quote:
Originally Posted by egrar
…you go to… …you can limit… …did you allow it…
And you've made my argument for me. Thank you.
Quote:
…that "crap" downloads to your system without you knowing it, since its maliciously designed to "fool" you one way or the other, its ALREADY on your computer. Its as simple as that.
Where it can do absolutely nothing without your password. Which you give it.
Game, set, match.
WARNING !! Verified malicious sites below.
For Reference only:
http://sistemabanesconlineseguro.66ghz.com/
http://facebookv10.altervista.org/
http://www.mie-kenkou.com/drugstore/m/region/matsusaka/cssbunhs/internetbanking.html
How will Mac OS X protect me from this sites? Will it warn me about what it is? Surely an Anti-Virus like Sophos, or using a third party software will protect me against these but not Mac OS X.
I dont know if the above website involve the latest trojan , or might be something elsle, be warned!
One of these site even looks like a legitimate well known Bank..
So again, I ask , how will Mac OS X protects me from these sites? if ever , can you post something (pictures or screen shots) that the system did protect you from even opening these sites, I would love to see it, seeing Mac OS X in action!
ps: correct me if im wrong, as you can see, im just a newbie around here.
no. it's not. it's useless. don't use that
Independent studies shows Sophos did fairly well.. AVG, Avast and Bitdefender is gaining grounds on Malware protection, Avast still on beta for Mac as I see it, and it does'nt offer Mac Business suites for now.
Its my first time to use Sophos and its seems to be ok, it caught EICAR test file fast as it was downloaded to my Mac. I've been a fan of Bitdefender, due to its linux support, also been using it without a problem.
hmmm... still waiting for those screen shots....
Good luck using Sophos it is a good app to use.