Apple working on software to detect and remove Flashback trojan

2

Comments

  • Reply 21 of 48
    Whiners! If I connect to the internet, or access any outside file, I am responsible for any virus attack or malware on my computer. Where is it written in the software license for OSX, that Apple guarantees my iMac to be free from virus and malware threats? I hear them say in their ads that they work to prevent such an occurrence, but I see no promise. I was not endangered by Flashback because I had installed protection, which I obtained for free, as anyone could. Take responsibility and protect yourself. It's not difficult or expensive.
  • Reply 22 of 48
    bugsnwbugsnw Posts: 717member
    I can't wait for the day when we can run our office sans Java, but it isn't happening any time soon. The industrial strength accounting apps require it and the programmers are slow to change.



    Apple is going to have to give this issue more time and energy.
  • Reply 23 of 48
    blitz1blitz1 Posts: 412member
    Was it not impossible to have a virus on OS X?



    Apple's superior OS was responsible for that!



    But now that there is a virus, it would all of the sudden be some third party's responsibility to fix this mess?



    Well, why don't we just merely buy some antivirus software for OS X and perform the same tiresome procedure as in Windows? Or just go back to Windows altogether as at least these guys seem to know how to cope with viruses.
  • Reply 24 of 48
    mstonemstone Posts: 11,510member
    Hackers should be set in stocks in the public square and pelted with rotten vegetables.
  • Reply 25 of 48
    Recent past day I was suffering with bad performance of my Mac computer. It was very annoying issue to use the computer. Suddenly I found a download tidy up mac tool for my computer. It effectively works over my wired computer and scan it to remove the infection. The speed and performance of my computer get increase due to this. I am quite happy now after using such a nice tools.
  • Reply 26 of 48
    pbpb Posts: 4,233member
    Quote:
    Originally Posted by tyler82 View Post


    Isn't flash required to use YouTube? There goes 95% of my fun!



    There is HTML5 for this; see a few posts above. All you need to do is to type in the URL field of your browser



    http://www.youtube.com/html5



    and YouTube will tell you the rest.
  • Reply 27 of 48
    pbpb Posts: 4,233member
    Quote:
    Originally Posted by Tallest Skil View Post


    But it's a Java problem…



    Fortunately, Apple already has software that takes care of it.



    It's called LION. Neither Flash nor Java come with Lion.



    True for new users. However you cannot just erase the already established base running Java and Flash that were by default included with Mac OS X. Not after a good number of years, so that the older versions could be considered as obsolete. Even so, in a related technical note Apple still refers to Leopard (10.5) saying that users should disable Java in their web browsers. They could even propose a "security update" for those users in the sense of a warning about the issue through the Software Update and offer the users the option to switch Java off. And of course have a Java update presto for 10.6 and 10.7 after Oracle fixed the issue.



    Whatever happened with this trojan is Apple's fault, plain and simple.
  • Reply 28 of 48
    pbpb Posts: 4,233member
    Quote:
    Originally Posted by Blitz1 View Post


    Was it not impossible to have a virus on OS X?



    This is a trojan, not a virus. This kind of exploit can happen to virtually any platform.



    Quote:
    Originally Posted by Blitz1 View Post


    Apple's superior OS was responsible for that!



    No, an OS cannot be held responsible for anything. It is Apple's responsibility that thought there is no risk and let the issue linger for about two months before issuing a security update.



    Quote:
    Originally Posted by Blitz1 View Post


    But now that there is a virus, it would all of the sudden be some third party's responsibility to fix this mess?



    Again this is not a virus. And in the case you missed it, Apple does not include anymore Java with Mac OS X. However, Apple has responsibility for the established user base still running older versions of Mac OS X.



    Quote:
    Originally Posted by Blitz1 View Post


    Well, why don't we just merely buy some antivirus software for OS X and perform the same tiresome procedure as in Windows? Or just go back to Windows altogether as at least these guys seem to know how to cope with viruses.



    Feel free to go back. Macs and PCs are just computers, not religion.
  • Reply 29 of 48
    pbpb Posts: 4,233member
    Quote:
    Originally Posted by TBell View Post


    I really don't see how. Sure, Oracle issued a patch a while ago, but Apple isn't going to just release the update through its servers without testing the update.



    No one says Apple should release an update without testing it. What I say is Apple should release it as soon as possible, and two months later is not exactly that.



    Quote:
    Originally Posted by TBell View Post


    Apple has always evaluated threats before reacting. Nine out of ten times it is the right approach. Time will tell here.



    And you know how all this? If there is a security threat, and Flashback is known since a while ago, the company should be prepared as if the worse was coming. Especially when this same company is advertising its OS as the most secure and safe out of the box.



    No, this was a big mistake from Apple's part; I only hope they learned the lesson.
  • Reply 30 of 48
    hill60hill60 Posts: 6,992member
    Quote:
    Originally Posted by razorpit View Post


    ...to think I finally got my parents to buy a Mac last month...



    They are likely to be among the 99% of Mac owners who have not been infected, 99%!
  • Reply 31 of 48
    markbyrnmarkbyrn Posts: 612member
    To quote from AllThingsD, "Naturally, Windows apologists, sick of being the target of a decade of malware-based ridicule, were quick to jump up and down and scream that the Mac?s newfound market success has made it the next natural target for malware creators." In fact, most of the frothing at the mouth about this incident has come from Windows evangelists like Ed Bott at ZDnet.



    That said, if you don't have security software and you're using highly exploitable plugins such as Java, don't be surprised if you are part of that 1% and it will likely happen again. It would be nice if Apple was more pro-active on the security front but there will always be an open window of vulnerability until the exploit is identified and patched.
  • Reply 32 of 48
    Who cares whose fault it is. Apple wants good relationships with its customers so they should help them deal with this.



    There's step by step instructions for how to check if you have it. Couldn't Apple have quickly turned this into an automated program, so that users could just click a button to find out it they have it?



    If they almost have a fix to automatically remove it, then I can understand waiting to help people check if they have it. But if users have to wait much more than a couple of days, imo people would rather know if they have it now - and for those who do, wait until later next week to get a tool that automatically removes it.
  • Reply 33 of 48
    MacProMacPro Posts: 18,460member
    I still suspect one of the AV companies is behind this. Once the PC era is over they are out of work unless they can find a way to fool newbie Mac users into buying their software. Maybe they didn't write and distribute this directly but some little off the books sub contract work perhaps? I wouldn't be surprised if DR Web's detection system was written at the same time as the Trojan ....
  • Reply 34 of 48
    ericblrericblr Posts: 172member
    So it IS a Trojan. Jeeze the tech media is so ready for a virus to hit macs they don't even recognize the difference anymore!
  • Reply 35 of 48
    asherianasherian Posts: 144member
    Quote:
    Originally Posted by ericblr View Post


    So it IS a Trojan. Jeeze the tech media is so ready for a virus to hit macs they don't even recognize the difference anymore!



    It's kind of in a middle ground.



    A trojan typically does not exploit security holes to install. It installs with legit software.



    Originally this was a trojan. Subsequent versions required no user interaction at all, which makes it more of a virus.



    The only thing stopping it from being a true virus is there's no self-replication.
  • Reply 36 of 48
    Quote:
    Originally Posted by Swift View Post


    What would we miss if Java went away?



    Apple needs to ban Java on all iOS devices.
  • Reply 37 of 48
    Quote:
    Originally Posted by hill60 View Post


    They are likely to be among the 99% of Mac owners who have not been infected, 99%!



    Only 99%!?





    More likely 99.99999999999999999999%!!!!
  • Reply 38 of 48
    pbpb Posts: 4,233member
    Quote:
    Originally Posted by I am a Zither Zather Zuzz View Post


    Apple needs to ban Java on all iOS devices.



    Regarding OS X, Apple is already disconnected from the Java wagon. In a few years from now it could not be held responsible for this kind of vulnerability, if the security charge goes 100% to Oracle. But Apple should really learn the lesson from this screw-up and consider security issues really seriously. Probably the convergence of OS X and iOS in the upcoming Mountain Lion is a good thing after all, security-wise. Time will tell.
  • Reply 39 of 48
    hirohiro Posts: 2,663member
    Quote:
    Originally Posted by JavaCowboy View Post


    As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.



    It is a little more complicated than that. If the vulnerability had standards involved behavior fixes then Oracle would need to say what the official behavior should be and the Sun/Oracle Java team has never been known to nicely play with outsiders before the official release has been made.



    It is possible Apple was somewhat hamstrung in being able to effectively start a fix because they were license constrained about what they could do before Oracle made certain conditions official.



    I don't know this for sure in this case, but that exact problem has been a 10 year thorn in Apple's side with respect to Java. I am sure is one of the reasons they were thrilled to see the beginning of an Open Source Java 7 project. Get out from under the license restrictions that always made them Java-late, and put the security issues squarely back on the Java producer (Oracle) who now cannot treat OS X like a second class citizen, but just another part of the project.



    I know that doesn't get a OS X 10.6 and earlier JVM out any faster, but I definitely believe laying the proper sharing of the responsibility for screwing things up needs to be done lest the player with the strong side of the license (Oracle now) is never given pressure to clean up their act.
  • Reply 40 of 48
    hirohiro Posts: 2,663member
    Quote:
    Originally Posted by Asherian View Post


    It's kind of in a middle ground.



    A trojan typically does not exploit security holes to install. It installs with legit software.



    Originally this was a trojan. Subsequent versions required no user interaction at all, which makes it more of a virus.



    The only thing stopping it from being a true virus is there's no self-replication.



    The thing stopping it from being a virus is that a virus requires no explicit user action to do it's work, it just spreads through self propagation and piggybacking on other functionality to launch itself. Worms seplf propagate through self driven action not even needing to piggyback.



    No this is still a good old fashioned Trojan Horse since the user has to be tricked to bring it inside the city walls in the first place. After that, well, even the Trojan's didn't open their horse on their own, it self deployed Odysseus and company.
Sign In or Register to comment.