"The safety of Macintosh computers is going down very quickly, and they?re thinking what to do next. They?re thinking about how to manage a future where the Mac is no longer safe."
They already did by removing Java from OS X. They just need to do two things:
- block Java from use in the web browser and only whitelisted by the user on a case-by-case basis
- prevent dynamic libraries injecting code into applications at the user-level without permission
Mac itself wasn't vulnerable, it was Java. The right thing to do would be point this to Java. If you install a vulnerable piece of software in your OS, then it makes that OS, no matter how secure, vulnerable. This vulnerability also existed on Linux boxes as well.
What Apple should do is simply remove Java from Mountain Lion. If the user needs Java, they can download it from Oracle. And if there are vulnerabilities in that, then it's Oracle's fault.
Apple stopped carrying Java a long time ago, for good reasons. Having to maintain third-party distributions is insane, and this time they were blamed for it was well.
Oracle patched the Java vulnerability in February. For whatever reason, Apple chose not push this patch out via Software Update (MS did). I agree Apple should probably drop Java distribution themselves, but while they do it's their responsibility to deal promptly with things like this.
Oracle patched the Java vulnerability in February. For whatever reason, Apple chose not push this patch out via Software Update (MS did). I agree Apple should probably drop Java distribution themselves, but while they do it's their responsibility to deal promptly with things like this.
That's entirely the point - Apple have dropped java distribution themselves and no longer support or update it, specifically because of issues like this. They also don't distribute and update flash, shockwave or adobe and microsoft software - third party technologies are the responsibility of third parties.
Oracle patched the Java vulnerability in February. For whatever reason, Apple chose not push this patch out via Software Update (MS did). I agree Apple should probably drop Java distribution themselves, but while they do it's their responsibility to deal promptly with things like this.
I don't know about the USA, but in several countries, Apple could be sued for "passive cooperation with an illegal operation" or "negligence". Pick your interpretation, I'd go for negligence
Of course, I understand a small company with limited resources like Apple cannot put a huge team to solve security holes as soon as humanly possible, while making sure nothing breaks due to the "solves"...
So many Pavlovian comments, shooting the messenger, etc. Dr web is a respectable, 20 years old company... Now who is arrogant, the one writing a mail to inform you about vulnerabilities on your platform or the one who doesn't even care to answer? Some people seems to have real cognitive troubles...
Quote:
Originally Posted by nkhm
That's entirely the point - Apple have dropped java distribution themselves and no longer support or update it, specifically because of issues like this. They also don't distribute and update flash, shockwave or adobe and microsoft software - third party technologies are the responsibility of third parties.
FYI the problematic -because left unpatched- Java on Mac OS is an Apple's PORT, i.e. Apple own version, so the responsibility is well all on its side.
the entire article is, in fact, newsworthy. i doubt most people, here, knew how security firms track down and ultimately eliminate threats. the Forbes article gives some insight into the legitimate tactics deployed by Dr Web and other security firms.
while i agree the assumption is a bit arrogant, the bigger picture is people shouldn't necessarily be equally as arrogant to dismiss the notion that OS X can be victims of certain kinds of digital threats.
Agreed, but sadly as with the majority of apps that come to the Mac platform from the PC world I'm still waiting for an AV/malware app that doesn't turn my blazingly fast Mac into a slug. I've tried several that appear to work fine for a bit but in the end my Mac always ends up acting erratic, almost like the AV software is malware.
I use ClamXAV for antivirus and that works awesome (the non-app store version lets you do realtime monitoring of certain folders). For malware I just use bit defender's free scanner, but it has no realtime monitoring. Mountain Lion will help a lot with preventing malware but nothing Apple has done so far has dealt well with what to do once it's on your system.
Why wouldn't Apple want those servers to be shut down. If they are hosting some malware, then they SHOULD be shut down. They aren't helping anyone by having that crap available to be used. They should simply find out who posted it in the first place and go after the people that put the crap out there in the first place.
He or she is probably 14 years old and is defiantly a Mac user.
Both companies have a highly vested interest in scaring the crap out of newbie Mac users. I don't trust a word they say.
It's like running a million ads saying "Ask your doctor for our drug that cures restless nose syndrome ... you do have a restless nose don't you ...?" Cut to video of people just like you with restless noses.
The only difference is I wouldn't put it past one of that bunch of AV companies to be behind the trojans in the first place. These guys are all dead when the PC dies and they know it.
Apple reportedly trusts Kaspersky more than some forum members. Apple has asked for Kaspersky's help in identifying OS X security problems.
Speaking to Computing, Kaspersky’s chief technology officer Nikolai Grebennikov confirmed Apple’s call for help, but warned that the platform is “really vulnerable”.
“Mac OS is really vulnerable,” he claimed, “and Apple recently invited us to improve its security. We’ve begun an analysis of its vulnerabilities, and the malware targeting it,” Grebennikov said in the interview.
The two companies will work together in partnership to secure the Mac operating system — which will be renamed to “OS X” in the latest ‘Mountain Lion’ iteration — but remains to be seen whether Apple will integrate anti-malware software into its software.
Comments
"The safety of Macintosh computers is going down very quickly, and they?re thinking what to do next. They?re thinking about how to manage a future where the Mac is no longer safe."
They already did by removing Java from OS X. They just need to do two things:
- block Java from use in the web browser and only whitelisted by the user on a case-by-case basis
- prevent dynamic libraries injecting code into applications at the user-level without permission
This is more about Java.
Mac itself wasn't vulnerable, it was Java. The right thing to do would be point this to Java. If you install a vulnerable piece of software in your OS, then it makes that OS, no matter how secure, vulnerable. This vulnerability also existed on Linux boxes as well.
What Apple should do is simply remove Java from Mountain Lion. If the user needs Java, they can download it from Oracle. And if there are vulnerabilities in that, then it's Oracle's fault.
Apple stopped carrying Java a long time ago, for good reasons. Having to maintain third-party distributions is insane, and this time they were blamed for it was well.
Oracle patched the Java vulnerability in February. For whatever reason, Apple chose not push this patch out via Software Update (MS did). I agree Apple should probably drop Java distribution themselves, but while they do it's their responsibility to deal promptly with things like this.
Oracle patched the Java vulnerability in February. For whatever reason, Apple chose not push this patch out via Software Update (MS did). I agree Apple should probably drop Java distribution themselves, but while they do it's their responsibility to deal promptly with things like this.
That's entirely the point - Apple have dropped java distribution themselves and no longer support or update it, specifically because of issues like this. They also don't distribute and update flash, shockwave or adobe and microsoft software - third party technologies are the responsibility of third parties.
Oracle patched the Java vulnerability in February. For whatever reason, Apple chose not push this patch out via Software Update (MS did). I agree Apple should probably drop Java distribution themselves, but while they do it's their responsibility to deal promptly with things like this.
I don't know about the USA, but in several countries, Apple could be sued for "passive cooperation with an illegal operation" or "negligence". Pick your interpretation, I'd go for negligence
Of course, I understand a small company with limited resources like Apple cannot put a huge team to solve security holes as soon as humanly possible, while making sure nothing breaks due to the "solves"...
That's entirely the point - Apple have dropped java distribution themselves and no longer support or update it, specifically because of issues like this. They also don't distribute and update flash, shockwave or adobe and microsoft software - third party technologies are the responsibility of third parties.
FYI the problematic -because left unpatched- Java on Mac OS is an Apple's PORT, i.e. Apple own version, so the responsibility is well all on its side.
the entire article is, in fact, newsworthy. i doubt most people, here, knew how security firms track down and ultimately eliminate threats. the Forbes article gives some insight into the legitimate tactics deployed by Dr Web and other security firms.
while i agree the assumption is a bit arrogant, the bigger picture is people shouldn't necessarily be equally as arrogant to dismiss the notion that OS X can be victims of certain kinds of digital threats.
Agreed, but sadly as with the majority of apps that come to the Mac platform from the PC world I'm still waiting for an AV/malware app that doesn't turn my blazingly fast Mac into a slug. I've tried several that appear to work fine for a bit but in the end my Mac always ends up acting erratic, almost like the AV software is malware.
I use ClamXAV for antivirus and that works awesome (the non-app store version lets you do realtime monitoring of certain folders). For malware I just use bit defender's free scanner, but it has no realtime monitoring. Mountain Lion will help a lot with preventing malware but nothing Apple has done so far has dealt well with what to do once it's on your system.
Why wouldn't Apple want those servers to be shut down. If they are hosting some malware, then they SHOULD be shut down. They aren't helping anyone by having that crap available to be used. They should simply find out who posted it in the first place and go after the people that put the crap out there in the first place.
He or she is probably 14 years old and is defiantly a Mac user.
Quote:
Originally Posted by digitalclips
Both companies have a highly vested interest in scaring the crap out of newbie Mac users. I don't trust a word they say.
It's like running a million ads saying "Ask your doctor for our drug that cures restless nose syndrome ... you do have a restless nose don't you ...?" Cut to video of people just like you with restless noses.
The only difference is I wouldn't put it past one of that bunch of AV companies to be behind the trojans in the first place. These guys are all dead when the PC dies and they know it.
Apple reportedly trusts Kaspersky more than some forum members. Apple has asked for Kaspersky's help in identifying OS X security problems.
http://www.zdnet.com/blog/btl/kaspersky-joins-apple-in-mac-security-push/76735?utm_medium=twitter&utm_source=twitterfeed
Speaking to Computing, Kaspersky’s chief technology officer Nikolai Grebennikov confirmed Apple’s call for help, but warned that the platform is “really vulnerable”.
“Mac OS is really vulnerable,” he claimed, “and Apple recently invited us to improve its security. We’ve begun an analysis of its vulnerabilities, and the malware targeting it,” Grebennikov said in the interview.
It comes only a month since Eugene Kaspersky’s comments arguing that Apple is “ten years behind Microsoft in terms of security“.
The two companies will work together in partnership to secure the Mac operating system — which will be renamed to “OS X” in the latest ‘Mountain Lion’ iteration — but remains to be seen whether Apple will integrate anti-malware software into its software.