Whiners! If I connect to the internet, or access any outside file, I am responsible for any virus attack or malware on my computer. Where is it written in the software license for OSX, that Apple guarantees my iMac to be free from virus and malware threats? I hear them say in their ads that they work to prevent such an occurrence, but I see no promise. I was not endangered by Flashback because I had installed protection, which I obtained for free, as anyone could. Take responsibility and protect yourself. It's not difficult or expensive.
I can't wait for the day when we can run our office sans Java, but it isn't happening any time soon. The industrial strength accounting apps require it and the programmers are slow to change.
Apple is going to have to give this issue more time and energy.
But now that there is a virus, it would all of the sudden be some third party's responsibility to fix this mess?
Well, why don't we just merely buy some antivirus software for OS X and perform the same tiresome procedure as in Windows? Or just go back to Windows altogether as at least these guys seem to know how to cope with viruses.
Recent past day I was suffering with bad performance of my Mac computer. It was very annoying issue to use the computer. Suddenly I found a download tidy up mac tool for my computer. It effectively works over my wired computer and scan it to remove the infection. The speed and performance of my computer get increase due to this. I am quite happy now after using such a nice tools.
Fortunately, Apple already has software that takes care of it.
It's called LION. Neither Flash nor Java come with Lion.
True for new users. However you cannot just erase the already established base running Java and Flash that were by default included with Mac OS X. Not after a good number of years, so that the older versions could be considered as obsolete. Even so, in a related technical note Apple still refers to Leopard (10.5) saying that users should disable Java in their web browsers. They could even propose a "security update" for those users in the sense of a warning about the issue through the Software Update and offer the users the option to switch Java off. And of course have a Java update presto for 10.6 and 10.7 after Oracle fixed the issue.
Whatever happened with this trojan is Apple's fault, plain and simple.
This is a trojan, not a virus. This kind of exploit can happen to virtually any platform.
Quote:
Originally Posted by Blitz1
Apple's superior OS was responsible for that!
No, an OS cannot be held responsible for anything. It is Apple's responsibility that thought there is no risk and let the issue linger for about two months before issuing a security update.
Quote:
Originally Posted by Blitz1
But now that there is a virus, it would all of the sudden be some third party's responsibility to fix this mess?
Again this is not a virus. And in the case you missed it, Apple does not include anymore Java with Mac OS X. However, Apple has responsibility for the established user base still running older versions of Mac OS X.
Quote:
Originally Posted by Blitz1
Well, why don't we just merely buy some antivirus software for OS X and perform the same tiresome procedure as in Windows? Or just go back to Windows altogether as at least these guys seem to know how to cope with viruses.
Feel free to go back. Macs and PCs are just computers, not religion.
I really don't see how. Sure, Oracle issued a patch a while ago, but Apple isn't going to just release the update through its servers without testing the update.
No one says Apple should release an update without testing it. What I say is Apple should release it as soon as possible, and two months later is not exactly that.
Quote:
Originally Posted by TBell
Apple has always evaluated threats before reacting. Nine out of ten times it is the right approach. Time will tell here.
And you know how all this? If there is a security threat, and Flashback is known since a while ago, the company should be prepared as if the worse was coming. Especially when this same company is advertising its OS as the most secure and safe out of the box.
No, this was a big mistake from Apple's part; I only hope they learned the lesson.
To quote from AllThingsD, "Naturally, Windows apologists, sick of being the target of a decade of malware-based ridicule, were quick to jump up and down and scream that the Mac?s newfound market success has made it the next natural target for malware creators." In fact, most of the frothing at the mouth about this incident has come from Windows evangelists like Ed Bott at ZDnet.
That said, if you don't have security software and you're using highly exploitable plugins such as Java, don't be surprised if you are part of that 1% and it will likely happen again. It would be nice if Apple was more pro-active on the security front but there will always be an open window of vulnerability until the exploit is identified and patched.
Who cares whose fault it is. Apple wants good relationships with its customers so they should help them deal with this.
There's step by step instructions for how to check if you have it. Couldn't Apple have quickly turned this into an automated program, so that users could just click a button to find out it they have it?
If they almost have a fix to automatically remove it, then I can understand waiting to help people check if they have it. But if users have to wait much more than a couple of days, imo people would rather know if they have it now - and for those who do, wait until later next week to get a tool that automatically removes it.
I still suspect one of the AV companies is behind this. Once the PC era is over they are out of work unless they can find a way to fool newbie Mac users into buying their software. Maybe they didn't write and distribute this directly but some little off the books sub contract work perhaps? I wouldn't be surprised if DR Web's detection system was written at the same time as the Trojan ....
Regarding OS X, Apple is already disconnected from the Java wagon. In a few years from now it could not be held responsible for this kind of vulnerability, if the security charge goes 100% to Oracle. But Apple should really learn the lesson from this screw-up and consider security issues really seriously. Probably the convergence of OS X and iOS in the upcoming Mountain Lion is a good thing after all, security-wise. Time will tell.
As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.
It is a little more complicated than that. If the vulnerability had standards involved behavior fixes then Oracle would need to say what the official behavior should be and the Sun/Oracle Java team has never been known to nicely play with outsiders before the official release has been made.
It is possible Apple was somewhat hamstrung in being able to effectively start a fix because they were license constrained about what they could do before Oracle made certain conditions official.
I don't know this for sure in this case, but that exact problem has been a 10 year thorn in Apple's side with respect to Java. I am sure is one of the reasons they were thrilled to see the beginning of an Open Source Java 7 project. Get out from under the license restrictions that always made them Java-late, and put the security issues squarely back on the Java producer (Oracle) who now cannot treat OS X like a second class citizen, but just another part of the project.
I know that doesn't get a OS X 10.6 and earlier JVM out any faster, but I definitely believe laying the proper sharing of the responsibility for screwing things up needs to be done lest the player with the strong side of the license (Oracle now) is never given pressure to clean up their act.
A trojan typically does not exploit security holes to install. It installs with legit software.
Originally this was a trojan. Subsequent versions required no user interaction at all, which makes it more of a virus.
The only thing stopping it from being a true virus is there's no self-replication.
The thing stopping it from being a virus is that a virus requires no explicit user action to do it's work, it just spreads through self propagation and piggybacking on other functionality to launch itself. Worms seplf propagate through self driven action not even needing to piggyback.
No this is still a good old fashioned Trojan Horse since the user has to be tricked to bring it inside the city walls in the first place. After that, well, even the Trojan's didn't open their horse on their own, it self deployed Odysseus and company.
Comments
Apple is going to have to give this issue more time and energy.
Apple's superior OS was responsible for that!
But now that there is a virus, it would all of the sudden be some third party's responsibility to fix this mess?
Well, why don't we just merely buy some antivirus software for OS X and perform the same tiresome procedure as in Windows? Or just go back to Windows altogether as at least these guys seem to know how to cope with viruses.
Isn't flash required to use YouTube? There goes 95% of my fun!
There is HTML5 for this; see a few posts above. All you need to do is to type in the URL field of your browser
http://www.youtube.com/html5
and YouTube will tell you the rest.
But it's a Java problem…
Fortunately, Apple already has software that takes care of it.
It's called LION. Neither Flash nor Java come with Lion.
True for new users. However you cannot just erase the already established base running Java and Flash that were by default included with Mac OS X. Not after a good number of years, so that the older versions could be considered as obsolete. Even so, in a related technical note Apple still refers to Leopard (10.5) saying that users should disable Java in their web browsers. They could even propose a "security update" for those users in the sense of a warning about the issue through the Software Update and offer the users the option to switch Java off. And of course have a Java update presto for 10.6 and 10.7 after Oracle fixed the issue.
Whatever happened with this trojan is Apple's fault, plain and simple.
Was it not impossible to have a virus on OS X?
This is a trojan, not a virus. This kind of exploit can happen to virtually any platform.
Apple's superior OS was responsible for that!
No, an OS cannot be held responsible for anything. It is Apple's responsibility that thought there is no risk and let the issue linger for about two months before issuing a security update.
But now that there is a virus, it would all of the sudden be some third party's responsibility to fix this mess?
Again this is not a virus. And in the case you missed it, Apple does not include anymore Java with Mac OS X. However, Apple has responsibility for the established user base still running older versions of Mac OS X.
Well, why don't we just merely buy some antivirus software for OS X and perform the same tiresome procedure as in Windows? Or just go back to Windows altogether as at least these guys seem to know how to cope with viruses.
Feel free to go back. Macs and PCs are just computers, not religion.
I really don't see how. Sure, Oracle issued a patch a while ago, but Apple isn't going to just release the update through its servers without testing the update.
No one says Apple should release an update without testing it. What I say is Apple should release it as soon as possible, and two months later is not exactly that.
Apple has always evaluated threats before reacting. Nine out of ten times it is the right approach. Time will tell here.
And you know how all this? If there is a security threat, and Flashback is known since a while ago, the company should be prepared as if the worse was coming. Especially when this same company is advertising its OS as the most secure and safe out of the box.
No, this was a big mistake from Apple's part; I only hope they learned the lesson.
...to think I finally got my parents to buy a Mac last month...
They are likely to be among the 99% of Mac owners who have not been infected, 99%!
That said, if you don't have security software and you're using highly exploitable plugins such as Java, don't be surprised if you are part of that 1% and it will likely happen again. It would be nice if Apple was more pro-active on the security front but there will always be an open window of vulnerability until the exploit is identified and patched.
There's step by step instructions for how to check if you have it. Couldn't Apple have quickly turned this into an automated program, so that users could just click a button to find out it they have it?
If they almost have a fix to automatically remove it, then I can understand waiting to help people check if they have it. But if users have to wait much more than a couple of days, imo people would rather know if they have it now - and for those who do, wait until later next week to get a tool that automatically removes it.
So it IS a Trojan. Jeeze the tech media is so ready for a virus to hit macs they don't even recognize the difference anymore!
It's kind of in a middle ground.
A trojan typically does not exploit security holes to install. It installs with legit software.
Originally this was a trojan. Subsequent versions required no user interaction at all, which makes it more of a virus.
The only thing stopping it from being a true virus is there's no self-replication.
What would we miss if Java went away?
Apple needs to ban Java on all iOS devices.
They are likely to be among the 99% of Mac owners who have not been infected, 99%!
Only 99%!?
More likely 99.99999999999999999999%!!!!
Apple needs to ban Java on all iOS devices.
Regarding OS X, Apple is already disconnected from the Java wagon. In a few years from now it could not be held responsible for this kind of vulnerability, if the security charge goes 100% to Oracle. But Apple should really learn the lesson from this screw-up and consider security issues really seriously. Probably the convergence of OS X and iOS in the upcoming Mountain Lion is a good thing after all, security-wise. Time will tell.
As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.
It is a little more complicated than that. If the vulnerability had standards involved behavior fixes then Oracle would need to say what the official behavior should be and the Sun/Oracle Java team has never been known to nicely play with outsiders before the official release has been made.
It is possible Apple was somewhat hamstrung in being able to effectively start a fix because they were license constrained about what they could do before Oracle made certain conditions official.
I don't know this for sure in this case, but that exact problem has been a 10 year thorn in Apple's side with respect to Java. I am sure is one of the reasons they were thrilled to see the beginning of an Open Source Java 7 project. Get out from under the license restrictions that always made them Java-late, and put the security issues squarely back on the Java producer (Oracle) who now cannot treat OS X like a second class citizen, but just another part of the project.
I know that doesn't get a OS X 10.6 and earlier JVM out any faster, but I definitely believe laying the proper sharing of the responsibility for screwing things up needs to be done lest the player with the strong side of the license (Oracle now) is never given pressure to clean up their act.
It's kind of in a middle ground.
A trojan typically does not exploit security holes to install. It installs with legit software.
Originally this was a trojan. Subsequent versions required no user interaction at all, which makes it more of a virus.
The only thing stopping it from being a true virus is there's no self-replication.
The thing stopping it from being a virus is that a virus requires no explicit user action to do it's work, it just spreads through self propagation and piggybacking on other functionality to launch itself. Worms seplf propagate through self driven action not even needing to piggyback.
No this is still a good old fashioned Trojan Horse since the user has to be tricked to bring it inside the city walls in the first place. After that, well, even the Trojan's didn't open their horse on their own, it self deployed Odysseus and company.