Except every University or large corporation I've ever visited or worked for has self-trusted and sometimes unsigned certificates from time to time. The reality is that you just have to trust sometimes.
I think the real problem here is Java.
Ridiculous. The problem is the same with C++, Objective-C or whatever...
IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.
The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.
This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".
Any system, with or without Java, will suffer from this issue.
Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), ORyou decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.
Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.
Mr Clueless will never, ever be protected, as long as he doesn't realize that:
IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.
So why do consumers need it, then? Leave it to companies and servers on the back end to handle. We don't need it on OUR computers.
OpenOffice, for example, disagrees with you.
I also do.
We need as much software choice as possible on our computers. Computers are NOT iPads. They are work tools. They need choice.
Note that, however, enabling the user to install Java if he wants it but disabling it by default suits me perfectly...
What I'd like, however, if anyone feels full of energy, is someone to go and bash Adobe with a huge latex stick. I've been in the graphists' guys room today. I've seen Photoshop crash FOUR TIMESin the brief hour I was there. A software that crashes is a software that can be hacked into, apart form the fact it makes the artists very touchy about everything in life, and hence my life generally more complicated
So let me get this straight. In order for a Mac to get infected you A) must have Java installed AND active and you must have Rosetta installed and C) you have to fall for the malware social engineering ploy.
I'm running Lion with Java installed but not turned on. Since The latest Java update turns Java off by default and will turn it off if inactive after a period of time I wonder how many Macs will be vulnerable.
And if you're wise/Knowledgeable enough to enable Java AND Rosetta, you probably are wise/knowledgeable enough to not fall for social engineering ploys...
Ridiculous. The problem is the same with C++, Objective-C or whatever...
IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.
The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.
This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".
Any system, with or without Java, will suffer from this issue.
Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), ORyou decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.
Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.
Mr Clueless will never, ever be protected, as long as he doesn't realize that:
IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.
You are way over-arguing your point here and just look foolish. Most of the people you are arguing against and making fun of here (me for instance) would actually agree with what you're saying above anyway. My point was that in *addition* to the obvious things you state here, Java itself is a failed, useless concept that the end user doesn't need and has instead become an infection vector for the most part.
Really. I don’t care how smart you are it’s just simply less protuctive to try working in a command line world. Please don’t make stuff up. Thank you.
Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.
When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.
I don't think that somebody has to work in tech or be a computer expert to have common sense. Everybody should know that there are a ton of criminals lurking on the internet and they are looking to steal your money. There's no excuse for even the most computer illiterate person to not know that. I don't really see this scam as much different than getting scammed using more traditional methods, such as a scammer calling somebody on the telephone.
and everybody should have antivirus including mac users who too often think they are immune from malware...that's not the case osx is as vulnerable as other os
Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient.
Okay, that's just pure FUD.
But then again I'm a developer living in the command line 100% of the time.
Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.
When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.
If your a developer who equates GUI use to computer illiteracy, you're a developer with no clients.
To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"
However, is PowerPC and Rosetta still important. I haven't missed Rosetta since it was pulled from the OS and I haven't missed the programs that utilized it.
Yup, it sure is. Our company uses mission-critical 100% cross-platform software from a major U.S. corporation that only runs in Java 1.5. It's very, very popular software in this business.
Yup, it sure is. Our company uses mission-critical 100% cross-platform software from a major U.S. corporation that only runs in Java 1.5. It's very, very popular software in this business.
So do you have any idea how much money you'd make by writing a modern version thereof?
... To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"
Off topic, but I have never understood this question.
You only have to look up the science in any textbook for the answer.
The answer is no. Without an observer, the falling tree makes no sound. Period.
As for the other two examples, the programmer is obviously still a programmer but in the typical spousal argument, the woman is almost always right.
If your a developer who equates GUI use to computer illiteracy, you're a developer with no clients.
To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"
he is still a programmer. Being a programmer doesn't require having clients. You may be a hungry programmer, or busy doing other things to make money, but your still a programmer.
Off topic, but I have never understood this question.
You only have to look up the science in any textbook for the answer.
The answer is no. Without an observer, the falling tree makes no sound. Period.
the question is stupid to try to make children think... and your answer is wrong. Sound waves are produced without any help from an ear, human or otherwise. Sound waves can also affect things without ears. making a sound means producing a sound wave... so yes, sound waves can be produced even if no one hears them, because it can be measured in other ways. If you think your ear somehow helps produce all the sound waves it hears, then you're living in Lala Land™
You want to click Quote. Reply does absolutely nothing.
This isn't a rant against Tallest Skil. He's just a representative on the front line.
I call for a posting boycott until this forum software is scraped or repaired. How long would it take if posting fell through the floor, instead of we forum users allowing AI to get away with offering such junk. It's software like this one you're using that is more likely to have security holes in it. If AI doesn't want smileys, then remove them totally from the program. etc etc etc. Fix it, or you (AI) are the problem.
Yep, unless you bare in business, you shouldn't even have Java installed, or turned on. The average user doesn't need it for squat.
You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.
So once the backdoor is open what can be executed and on what account? I thought that when using shell you still need to figure out passwords to admin accounts in order to do serious damage.
Of course many users are ignorants and have configured default login with admin privileges. So convenient to be foolish. Just leave your keys under floor mat next to your home entrance doors. It is also conevenient.
I call for a posting boycott until this forum software is scraped or repaired. How long would it take if posting fell through the floor, instead of we forum users allowing AI to get away with offering such junk. It's software like this one you're using that is more likely to have security holes in it. If AI doesn't want smileys, then remove them totally from the program. etc etc etc. Fix it, or you (AI) are the problem.
Huddler handles hosting. Heh, alliteration. They also are in charge of the code base and therefore implementation. We've compiled a list of changes we'd like to see, but as with all bureaucracies, these things take (a lot of) time.
You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.
Wow. *I'm* "ignirant"? Hmmmm...
Considering that only (roughly) 40% of a given population (modern, western countries), is typically even *interested* in sports, and considering that Formula 1 racing is one of those marginal sort of sporting things that only a tiny percentage of the population that does like sports follows or cares about, I would say that this plug-in is hardly essential or necessary to the average user.
Also, you missed part of my point entirely which was that these stupid java plug-ins and sites that "require" them could easily accomplish the same ends with other software that doesn't require them.
Comments
I could be wrong, but I seem to recall that the view shown in this article represents an expanded view of that dialogue box.
So why do consumers need it, then? Leave it to companies and servers on the back end to handle. We don't need it on OUR computers.
Quote:
Originally Posted by Gazoobee
Except every University or large corporation I've ever visited or worked for has self-trusted and sometimes unsigned certificates from time to time. The reality is that you just have to trust sometimes.
I think the real problem here is Java.
Ridiculous. The problem is the same with C++, Objective-C or whatever...
IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.
The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.
This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".
Any system, with or without Java, will suffer from this issue.
Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), OR you decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.
Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.
Mr Clueless will never, ever be protected, as long as he doesn't realize that:
IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.
Quote:
Originally Posted by Tallest Skil
So why do consumers need it, then? Leave it to companies and servers on the back end to handle. We don't need it on OUR computers.
OpenOffice, for example, disagrees with you.
I also do.
We need as much software choice as possible on our computers. Computers are NOT iPads. They are work tools. They need choice.
Note that, however, enabling the user to install Java if he wants it but disabling it by default suits me perfectly...
What I'd like, however, if anyone feels full of energy, is someone to go and bash Adobe with a huge latex stick. I've been in the graphists' guys room today. I've seen Photoshop crash FOUR TIMESin the brief hour I was there. A software that crashes is a software that can be hacked into, apart form the fact it makes the artists very touchy about everything in life, and hence my life generally more complicated
Quote:
Originally Posted by lkrupp
So let me get this straight. In order for a Mac to get infected you A) must have Java installed AND active and
I'm running Lion with Java installed but not turned on. Since The latest Java update turns Java off by default and will turn it off if inactive after a period of time I wonder how many Macs will be vulnerable.
And if you're wise/Knowledgeable enough to enable Java AND Rosetta, you probably are wise/knowledgeable enough to not fall for social engineering ploys...
Quote:
Originally Posted by lightknight
Ridiculous. The problem is the same with C++, Objective-C or whatever...
IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
I think this is worth repeating anytime. Mr Cluley might think the issue is with OS X. Gazoobee might think it's Java.
The problem is elsewhere. The problem is Mr. Clueless, which includes my beloved artist brother, my dear Dad, and mostly everyone on this planet, apart from us geeks.
This software relies on SOCIAL ENGINEERING. It's that part of the phrase that means "PBKAC".
Any system, with or without Java, will suffer from this issue.
Unless you have a 100% 7/7 24/24 iT-service ready to solve any of your issues on the fly (can I has some of your money, Mr Billionnaire?), OR you decide to transform your computer into an iPhone and only run software from a trusted party like Apple, RedHat or Ubuntu, there is no way to ensure against social engineering.
Mr Clueless knows about the password thingie. It's that annoying box you have to type that obscure text in that he has on a paper somewhere, where was it, if he could not deactivate it.
Mr Clueless will never, ever be protected, as long as he doesn't realize that:
IF ANY USER GIVES ADMINISTRATIVE PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
When a platform is insecure, this gets worse, since the phrase turns into IF ANY USER GIVES PERMISSION TO AN UNTRUSTED PIECE OF SOFTWARE TO EXECUTE, HE RISKS HIS COMPUTER'S SECURITY.
Apple, with or without Java, is only at risk due to user insecure actions. This FUD that lets people believe that our UNIXes are somehow insecure, as Windows is, is extremely irritating, and repeating it only furthers the problem. Educating people around us is the only way to somehow get mchines more secure. For secure Macs, you need "secure-aware" users, or pure-users-without-any-admin-privileges.
You are way over-arguing your point here and just look foolish. Most of the people you are arguing against and making fun of here (me for instance) would actually agree with what you're saying above anyway. My point was that in *addition* to the obvious things you state here, Java itself is a failed, useless concept that the end user doesn't need and has instead become an infection vector for the most part.
Quote:
Originally Posted by lightknight
OpenOffice, for example, disagrees with you.
I also do. ....
OpenOffice is a steaming pile of excrement that no reasonable person should attempt to use.
Java is half the reason.
Technical magic trick:
1) make a list of all the cross-platform software that primarily uses Java to achieve this
2) make a list of some of the crappiest, ugliest, slowest, hardest to use programs
The lists become magically identical!!!!
Quote:
Originally Posted by Povilas
Really. I don’t care how smart you are it’s just simply less protuctive to try working in a command line world. Please don’t make stuff up. Thank you.
Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.
When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.
Quote:
Originally Posted by Apple ][
I don't think that somebody has to work in tech or be a computer expert to have common sense. Everybody should know that there are a ton of criminals lurking on the internet and they are looking to steal your money. There's no excuse for even the most computer illiterate person to not know that. I don't really see this scam as much different than getting scammed using more traditional methods, such as a scammer calling somebody on the telephone.
and everybody should have antivirus including mac users who too often think they are immune from malware...that's not the case osx is as vulnerable as other os
Okay, that's just pure FUD.
Your numbers are dwindling.
{Citation needed, but will never be provided}
Quote:
Originally Posted by Mario
Really. Command line just happens to be the fastest and most powerful way to interact with the computer. First of all you can't even do 99.9% of things that you can do from the command line, second I will be 2-3 orders of magnitude faster than any GUI user no matter how proficient. But then again I'm a developer living in the command line 100% of the time.
When you are little and can't read you look at picture books, but when you grow up you learn to read and write. Clicking on pretty pictures is akin to being computer illiterate.
If your a developer who equates GUI use to computer illiteracy, you're a developer with no clients.
To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"
Quote:
Originally Posted by waldobushman
However, is PowerPC and Rosetta still important. I haven't missed Rosetta since it was pulled from the OS and I haven't missed the programs that utilized it.
Yup, it sure is. Our company uses mission-critical 100% cross-platform software from a major U.S. corporation that only runs in Java 1.5. It's very, very popular software in this business.
So do you have any idea how much money you'd make by writing a modern version thereof?
Quote:
Originally Posted by waldobushman
... To play on the "If a tree falls in the forest, and there is no one there to hear it, does it make a sound?", and "If a man makes a statement, and there is no woman there to hear him, is he still wrong?", I'd add, "If a programmer writes programs and there is no one who uses them, is he still a programmer?"
Off topic, but I have never understood this question.
You only have to look up the science in any textbook for the answer.
The answer is no. Without an observer, the falling tree makes no sound. Period.
As for the other two examples, the programmer is obviously still a programmer but in the typical spousal argument, the woman is almost always right.
the question is stupid to try to make children think... and your answer is wrong. Sound waves are produced without any help from an ear, human or otherwise. Sound waves can also affect things without ears. making a sound means producing a sound wave... so yes, sound waves can be produced even if no one hears them, because it can be measured in other ways. If you think your ear somehow helps produce all the sound waves it hears, then you're living in Lala Land™
Quote:
Originally Posted by Tallest Skil
You want to click Quote. Reply does absolutely nothing.
This isn't a rant against Tallest Skil. He's just a representative on the front line.
I call for a posting boycott until this forum software is scraped or repaired. How long would it take if posting fell through the floor, instead of we forum users allowing AI to get away with offering such junk. It's software like this one you're using that is more likely to have security holes in it. If AI doesn't want smileys, then remove them totally from the program. etc etc etc. Fix it, or you (AI) are the problem.
Quote:
Originally Posted by Gazoobee
Yep, unless you bare in business, you shouldn't even have Java installed, or turned on. The average user doesn't need it for squat.
You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.
So once the backdoor is open what can be executed and on what account? I thought that when using shell you still need to figure out passwords to admin accounts in order to do serious damage.
Of course many users are ignorants and have configured default login with admin privileges. So convenient to be foolish. Just leave your keys under floor mat next to your home entrance doors. It is also conevenient.
Huddler handles hosting. Heh, alliteration. They also are in charge of the code base and therefore implementation. We've compiled a list of changes we'd like to see, but as with all bureaucracies, these things take (a lot of) time.
Quote:
Originally Posted by maciekskontakt
You do not know how ignirant you are. Of course average user needs Java. Have you ever heard about streaming plugins based on Java? No, there is no substitute. For example Formula 1 streams live results just using Java plugin. There are more than that.
Wow. *I'm* "ignirant"? Hmmmm...
Considering that only (roughly) 40% of a given population (modern, western countries), is typically even *interested* in sports, and considering that Formula 1 racing is one of those marginal sort of sporting things that only a tiny percentage of the population that does like sports follows or cares about, I would say that this plug-in is hardly essential or necessary to the average user.
Also, you missed part of my point entirely which was that these stupid java plug-ins and sites that "require" them could easily accomplish the same ends with other software that doesn't require them.