New Java malware attacks Apple's OS X along with Windows, Linux

13

Comments

  • Reply 41 of 67
    I'm surprised the 'Continue' button is shown as the default on the Mac dialog. The default is usually the safest option in my experience.

    I could be wrong, but I seem to recall that the view shown in this article represents an expanded view of that dialogue box.
  • Reply 42 of 67
    tallest skiltallest skil Posts: 43,399member
    chelin74 wrote: »
    Without Java there would be no iTunes, no iCloud, no Apple Store... people that think that Java is obsolete are ignorant.

    So why do consumers need it, then? Leave it to companies and servers on the back end to handle. We don't need it on OUR computers.
  • Reply 43 of 67
    lightknightlightknight Posts: 2,312member

    Quote:

    Originally Posted by Gazoobee View Post


     


    Except every University or large corporation I've ever visited or worked for has self-trusted and sometimes unsigned certificates from time to time.  The reality is that you just have to trust sometimes.  


     


    I think the real problem here is Java.  





    Ridiculous. The problem is the same with C++, Objective-C or whatever...


     


    IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.


     


     


    I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.


    The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.


     


    This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".


    Any system, with or without Java, will suffer from this issue.


    Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), OR you decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.


     


    Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.


    Mr Clueless will never, ever be protected, as long as he doesn't realize that:


     


    IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.


     


    When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.


     


    Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.

  • Reply 44 of 67
    lightknightlightknight Posts: 2,312member

    Quote:

    Originally Posted by Tallest Skil View Post





    So why do consumers need it, then? Leave it to companies and servers on the back end to handle. We don't need it on OUR computers.




    OpenOffice, for example, disagrees with you.

    I also do.


     


    We need as much software choice as possible on our computers. Computers are NOT iPads. They are work tools. They need choice.


     


    Note that, however, enabling the user to install Java if he wants it but disabling it by default suits me perfectly...


     


     


    What I'd like, however, if anyone feels full of energy, is someone to go and bash Adobe with a huge latex stick. I've been in the graphists' guys room today. I've seen Photoshop crash FOUR TIMESin the brief hour I was there. A software that crashes is a software that can be hacked into, apart form the fact it makes the artists very touchy about everything in life, and hence my life generally more complicated ;)

  • Reply 45 of 67
    lightknightlightknight Posts: 2,312member

    Quote:

    Originally Posted by lkrupp View Post



    So let me get this straight. In order for a Mac to get infected you A) must have Java installed AND active and B) you must have Rosetta installed and C) you have to fall for the malware social engineering ploy.

    I'm running Lion with Java installed but not turned on. Since The latest Java update turns Java off by default and will turn it off if inactive after a period of time I wonder how many Macs will be vulnerable.




    And if you're wise/Knowledgeable enough to enable Java AND Rosetta, you probably are wise/knowledgeable enough to not fall for social engineering ploys...

  • Reply 46 of 67
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by lightknight View Post




    Ridiculous. The problem is the same with C++, Objective-C or whatever...


     


    IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.


     


     


    I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.


    The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.


     


    This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".


    Any system, with or without Java, will suffer from this issue.


    Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), OR you decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.


     


    Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.


    Mr Clueless will never, ever be protected, as long as he doesn't realize that:


     


    IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.


     


    When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.


     


    Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.



     


    You are way over-arguing your point here and just look foolish.  Most of the people you are arguing against and making fun of here (me for instance) would actually agree with what you're saying above anyway.  My point was that in *addition* to the obvious things you state here, Java itself is a failed, useless concept that the end user doesn't need and has instead become an infection vector for the most part.  

  • Reply 47 of 67
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by lightknight View Post




    OpenOffice, for example, disagrees with you.

    I also do. ....



     


    OpenOffice is a steaming pile of excrement that no reasonable person should attempt to use.  


    Java is half the reason.  


     


    Technical magic trick:


     


    1) make a list of all the cross-platform software that primarily uses Java to achieve this


    2) make a list of some of the crappiest, ugliest, slowest, hardest to use programs


     


    The lists become magically identical!!!!

  • Reply 48 of 67
    mariomario Posts: 345member

    Quote:

    Originally Posted by Povilas View Post





    Really. I don’t care how smart you are it’s just simply less protuctive to try working in a command line world. Please don’t make stuff up. Thank you.




    Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.


     


    When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.

  • Reply 49 of 67
    daylove22daylove22 Posts: 215member

    Quote:

    Originally Posted by Apple ][ View Post


     


    I don't think that somebody has to work in tech or be a computer expert to have common sense. Everybody should know that there are a ton of criminals lurking on the internet and they are looking to steal your money. There's no excuse for even the most computer illiterate person to not know that. I don't really see this scam as much different than getting scammed using more traditional methods, such as a scammer calling somebody on the telephone.



    and everybody should have antivirus including mac users who too often think they are immune from malware...that's not the case osx is as vulnerable as other os

  • Reply 50 of 67
    tallest skiltallest skil Posts: 43,399member
    mario wrote: »
    Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient.

    Okay, that's just pure FUD.
    But then again I'm a developer living in the command line 100% of the time.

    Your numbers are dwindling.
    daylove22 wrote: »
    …osx is as vulnerable as other os

    {Citation needed, but will never be provided}
  • Reply 51 of 67

    Quote:

    Originally Posted by Mario View Post




    Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.


     


    When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.



    If your a developer who equates GUI use to computer illiteracy, you're a developer with no clients.


     


    To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"

  • Reply 52 of 67
    dualiedualie Posts: 331member

    Quote:

    Originally Posted by waldobushman View Post


    However, is PowerPC and Rosetta still important. I haven't missed Rosetta since it was pulled from the OS and I haven't missed the programs that utilized it.



     


     


    Yup, it sure is. Our company uses mission-critical 100% cross-platform software from a major U.S. corporation that only runs in Java 1.5. It's very, very popular software in this business.

  • Reply 53 of 67
    tallest skiltallest skil Posts: 43,399member
    dualie wrote: »
    Yup, it sure is. Our company uses mission-critical 100% cross-platform software from a major U.S. corporation that only runs in Java 1.5. It's very, very popular software in this business.

    So do you have any idea how much money you'd make by writing a modern version thereof?
  • Reply 54 of 67
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by waldobushman View Post


    ... To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"



     


    Off topic, but I have never understood this question.  


     


    You only have to look up the science in any textbook for the answer.  


    The answer is no. Without an observer, the falling tree makes no sound.  Period.  


     


    As for the other two examples, the programmer is obviously still a programmer but in the typical spousal argument, the woman is almost always right.  

  • Reply 55 of 67
    doh123doh123 Posts: 323member
    If your a developer who equates GUI use to computer illiteracy, you're a developer with no clients.

    To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"
    he is still a programmer. Being a programmer doesn't require having clients. You may be a hungry programmer, or busy doing other things to make money, but your still a programmer.

    gazoobee wrote: »
    Off topic, but I have never understood this question.  

    You only have to look up the science in any textbook for the answer.  
    The answer is no. Without an observer, the falling tree makes no sound.  Period.
    the question is stupid to try to make children think... and your answer is wrong. Sound waves are produced without any help from an ear, human or otherwise. Sound waves can also affect things without ears. making a sound means producing a sound wave... so yes, sound waves can be produced even if no one hears them, because it can be measured in other ways. If you think your ear somehow helps produce all the sound waves it hears, then you're living in Lala Land™
  • Reply 56 of 67
    ljocampoljocampo Posts: 657member

    Quote:

    Originally Posted by Tallest Skil View Post





    You want to click Quote. Reply does absolutely nothing.


    This isn't a rant against Tallest Skil. He's just a representative on the front line.


     


    I call for a posting boycott until this forum software is scraped or repaired. How long would it take if posting fell through the floor, instead of we forum users allowing AI to get away with offering such junk. It's software like this one you're using that is more likely to have security holes in it. If AI doesn't want smileys, then remove them totally from the program. etc etc etc. Fix it, or you (AI) are the problem.

  • Reply 57 of 67

    Quote:

    Originally Posted by Gazoobee View Post


     


    Yep, unless you bare in business, you shouldn't even have Java installed, or turned on.  The average user doesn't need it for squat.  



     


     


    You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.

  • Reply 58 of 67


    So once the backdoor is open what can be executed and on what account? I thought that when using shell you still need to figure out passwords to admin accounts in order to do serious damage.


     


    Of course many users are ignorants and have configured default login with admin privileges. So convenient to be foolish. Just leave your keys under floor mat next to your home entrance doors. It is also conevenient.

  • Reply 59 of 67
    tallest skiltallest skil Posts: 43,399member
    ljocampo wrote: »
    I call for a posting boycott until this forum software is scraped or repaired. How long would it take if posting fell through the floor, instead of we forum users allowing AI to get away with offering such junk. It's software like this one you're using that is more likely to have security holes in it. If AI doesn't want smileys, then remove them totally from the program. etc etc etc. Fix it, or you (AI) are the problem.

    Huddler handles hosting. Heh, alliteration. They also are in charge of the code base and therefore implementation. We've compiled a list of changes we'd like to see, but as with all bureaucracies, these things take (a lot of) time.
  • Reply 60 of 67
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by maciekskontakt View Post


     


     


    You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.



     


    Wow.  *I'm* "ignirant"?  Hmmmm... 


     


    Considering that only (roughly) 40% of a given population (modern, western countries), is typically even *interested* in sports, and considering that Formula 1 racing is one of those marginal sort of sporting things that only a tiny percentage of the population that does like sports follows or cares about, I would say that this plug-in is hardly essential or necessary to the average user.  


     


    Also, you missed part of my point entirely which was that these stupid java plug-ins and sites that "require" them could easily accomplish the same ends with other software that doesn't require them.  

Sign In or Register to comment.