Just what is this direction that has people so upset with Lion and Mountain Lion that they won't upgrade? Seriously I've yet to hear a sound explanation for this resistance. Considering the security related nature of this thread people should be looking kindly upon Mountain Lion as it tightens things up considerably.
There are still a LOT of people on Snow Leopard (with Rosetta installed), and will be for some time. The direction Lion and ML have gone has stopped many people from upgrading, at least for now.
You just have to be someone that doesn't work in tech and doesn't spend their spare time on sites like AppleInsider.
Statistically, that's everyone.
I don't think that somebody has to work in tech or be a computer expert to have common sense. Everybody should know that there are a ton of criminals lurking on the internet and they are looking to steal your money. There's no excuse for even the most computer illiterate person to not know that. I don't really see this scam as much different than getting scammed using more traditional methods, such as a scammer calling somebody on the telephone.
According to the article, Lion isn't affected. It's a PowerPC binary, and Apple dropped Rosetta support in Lion. So unless someone has gone to the extraordinary effort to get Rosetta running under Lion, there appears to be no impact.
On a Mac, the new malware is defined as "Backdoor:OSX/GetShell.A. According to F-Secure, it is a PowerPC binary, which means users running a modern, Intel-based Mac must also have Rosetta installed.
So it's a power PC binary, so it won't run on Lion or Mountain Lion. Got it.
These social engineering tricks and malware scams are targeting dumb people, because that's what somebody has to be, in order to get tricked by this.
ComuTV? And it says right there in very red letters, "This root certificate is not to be trusted". If somebody clicks "continue", then they only have themselves to blame.
This is more serious than the issue of dumb people. Java executions should be sandboxed. I sounds like, at least for some versions of Java, users are able to install and execute either native libraries that Java will access to Java code using JNDI to get unlimited access to the machine.
However, is PowerPC and Rosetta still important. I haven't missed Rosetta since it was pulled from the OS and I haven't missed the programs that utilized it.
Really. I don’t care how smart you are it’s just simply less protuctive to try working in a command line world. Please don’t make stuff up. Thank you.
Maybe you shouldn't make stuff up, either. The command line and the gui both have their place, and there are things one can do on the command line far faster and more easily than in a gui--and vice versa.
Yep, unless you bare in business, you shouldn't even have Java installed, or turned on. The average user doesn't need it for squat.
While that is an admirable position to take it doesn't seem practical. My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java. I can only assume there are many thousands of other ways Java is still used. It may be some time before most can take your advice.
First Flash, now Java… what else is total crap that we can get rid of?
OS X shouldn't have to suffer this nonsense.
How did i know some ignorant person would be the first person to jump in and troll flame java on this. Yes, please apple, strip us of all the things that make OS X worth using! Next, please remove Apache, PHP, and Ruby! Afterwards, find a way to yank our access to the terminal! Maybe next, yank our ability to write apps using anything but apple tech, because that will certainly make the Mac a worthwhile platform... surely.
While that is an admirable position to take it doesn't seem practical. My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java. I can only assume there are many thousands of other ways Java is still used. It may be some time before most can take your advice.
Everything uses Java. People don't respect Java because the apps they use that run on it don't have big JavaTM logos all over them. Apple made a good move to put the onus on Oracle to push the Java updates to the Mac and bring feature parity to that of linux and windows for their dev platform, but talking about banishing Java or Flash or any other programming language just shows how ill-informed people are. I'd fully expect these were the same people blindly riding the Sony or Windows bandwagons years ago, championing a cause not worth it's weight in dog hair.
There are still a LOT of people on Snow Leopard (with Rosetta installed), and will be for some time. The direction Lion and ML have gone has stopped many people from upgrading, at least for now.
Actually according to Omni Software Update Statistics, the percentage of PowerPC users was less than 3% as of 2009, and how many people are still using Rosetta on Snow Leopard? Just because people might be unable to upgrade to Lion doesn't mean they're needing to use Rosetta to run 6+ year old PowerPC apps. If one must though, maybe consider disabling Java or don't bypass the warnings and install unknown java content.
While that is an admirable position to take it doesn't seem practical. My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java. I can only assume there are many thousands of other ways Java is still used. It may be some time before most can take your advice.
Yeah, well it's the same argument as Flash two years ago though. Not one of the places you mention actually *needs* to use Java to do the things the particular site does. These sites use Java because it's easier and they are lazy or stuck in the past or have a developer that thinks Java is the bees knees etc.
Just like the situation with Flash, they won't stop using Java on these sites, until enough people disable Java and thus complain.
There's a tendency to assume an attitude of arrogance in fields where one has a degree of expertise. This isn't about being dumb, it's about exploiting lack of knowledge and bad habits instilled by daily work with computers.
Yes, I certainly agree with you here. OS's can and should be improved to prevent this from happening, just like Apple is doing with Gatekeeper in Mountain Lion.
My point was that it's a bit unfair to frame this as a Java problem as it's not exploiting an actual weakness or security flaw in Java. This could just as easily be a rogue native app.
Maybe you shouldn't make stuff up, either. The command line and the gui both have their place, and there are things one can do on the command line far faster and more easily than in a gui--and vice versa.
I know that, thank you. Just please don’t take that one exception and make it a rule. OK? GUI is a logical evolution of a commad line desktop if you will.
Comments
You want to click Quote. Reply does absolutely nothing.
It would be interesting to see some statistics at some time point that would show how many macs, pcs and linux boxes were affected, percentage wise.
Quote:
Originally Posted by PXT
You don't have to be dumb.
You just have to be someone that doesn't work in tech and doesn't spend their spare time on sites like AppleInsider.
Statistically, that's everyone.
I don't think that somebody has to work in tech or be a computer expert to have common sense. Everybody should know that there are a ton of criminals lurking on the internet and they are looking to steal your money. There's no excuse for even the most computer illiterate person to not know that. I don't really see this scam as much different than getting scammed using more traditional methods, such as a scammer calling somebody on the telephone.
According to the article, Lion isn't affected. It's a PowerPC binary, and Apple dropped Rosetta support in Lion. So unless someone has gone to the extraordinary effort to get Rosetta running under Lion, there appears to be no impact.
When I'm dictator, I'm going to remove the letter J from the alphabet. Any technology that includes the letter J will be banned.
So long, Objective-C.
Quote:
Originally Posted by Apple ][
These social engineering tricks and malware scams are targeting dumb people, because that's what somebody has to be, in order to get tricked by this.
ComuTV? And it says right there in very red letters, "This root certificate is not to be trusted". If somebody clicks "continue", then they only have themselves to blame.
This is more serious than the issue of dumb people. Java executions should be sandboxed. I sounds like, at least for some versions of Java, users are able to install and execute either native libraries that Java will access to Java code using JNDI to get unlimited access to the machine.
However, is PowerPC and Rosetta still important. I haven't missed Rosetta since it was pulled from the OS and I haven't missed the programs that utilized it.
Quote:
Originally Posted by Povilas
Really. I don’t care how smart you are it’s just simply less protuctive to try working in a command line world. Please don’t make stuff up. Thank you.
Maybe you shouldn't make stuff up, either. The command line and the gui both have their place, and there are things one can do on the command line far faster and more easily than in a gui--and vice versa.
Quote:
Originally Posted by Gazoobee
Yep, unless you bare in business, you shouldn't even have Java installed, or turned on. The average user doesn't need it for squat.
While that is an admirable position to take it doesn't seem practical. My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java. I can only assume there are many thousands of other ways Java is still used. It may be some time before most can take your advice.
Quote:
Originally Posted by Tallest Skil
First Flash, now Java… what else is total crap that we can get rid of?
OS X shouldn't have to suffer this nonsense.
How did i know some ignorant person would be the first person to jump in and troll flame java on this. Yes, please apple, strip us of all the things that make OS X worth using! Next, please remove Apache, PHP, and Ruby! Afterwards, find a way to yank our access to the terminal! Maybe next, yank our ability to write apps using anything but apple tech, because that will certainly make the Mac a worthwhile platform... surely.
BILE!
Quote:
Originally Posted by WelshDog
While that is an admirable position to take it doesn't seem practical. My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java. I can only assume there are many thousands of other ways Java is still used. It may be some time before most can take your advice.
Everything uses Java. People don't respect Java because the apps they use that run on it don't have big JavaTM logos all over them. Apple made a good move to put the onus on Oracle to push the Java updates to the Mac and bring feature parity to that of linux and windows for their dev platform, but talking about banishing Java or Flash or any other programming language just shows how ill-informed people are. I'd fully expect these were the same people blindly riding the Sony or Windows bandwagons years ago, championing a cause not worth it's weight in dog hair.
Actually according to Omni Software Update Statistics, the percentage of PowerPC users was less than 3% as of 2009, and how many people are still using Rosetta on Snow Leopard? Just because people might be unable to upgrade to Lion doesn't mean they're needing to use Rosetta to run 6+ year old PowerPC apps. If one must though, maybe consider disabling Java or don't bypass the warnings and install unknown java content.
Quote:
Originally Posted by AppleInsider
On a Mac [...] users running a modern, Intel-based Mac must also have Rosetta installed.
That's a relief. I'd guess that about 99% of the Intel-based Macs out there do not have Rosetta installed.
IIRC, Java was deprecated as of OS X 10.6 and the JRE wasn't even bundled in 10.7 and 10.8.
Not sure though. I don't keep up on legacy programming languages like Java, FORTRAN, etc.
I think it’s clever that even IF you turn on Java on a Mac, if you don’t use it for a long enough while, it gets turned back off.
As far as I know, though, that applies specifically to applets, not Safari? Safari Java should disable after non-use as well, if it doesn’t already.
(Once every other year someone wants to do a Cisco WebEx conference with me. Java. Ugh! The only time I ever enable it.)
Quote:
Originally Posted by WelshDog
While that is an admirable position to take it doesn't seem practical. My Etrade streaming quotes app is Java, Vimeo uses Java, Ebay uses Java, many Wordpress themes use Java. I can only assume there are many thousands of other ways Java is still used. It may be some time before most can take your advice.
Yeah, well it's the same argument as Flash two years ago though. Not one of the places you mention actually *needs* to use Java to do the things the particular site does. These sites use Java because it's easier and they are lazy or stuck in the past or have a developer that thinks Java is the bees knees etc.
Just like the situation with Flash, they won't stop using Java on these sites, until enough people disable Java and thus complain.
Quote:
Originally Posted by anonymouse
There's a tendency to assume an attitude of arrogance in fields where one has a degree of expertise. This isn't about being dumb, it's about exploiting lack of knowledge and bad habits instilled by daily work with computers.
Yes, I certainly agree with you here. OS's can and should be improved to prevent this from happening, just like Apple is doing with Gatekeeper in Mountain Lion.
My point was that it's a bit unfair to frame this as a Java problem as it's not exploiting an actual weakness or security flaw in Java. This could just as easily be a rogue native app.
Without Java there would be no iTunes, no iCloud, no Apple Store... people that think that Java is obsolete are ignorant.
I know that, thank you. Just please don’t take that one exception and make it a rule. OK? GUI is a logical evolution of a commad line desktop if you will.