Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Flashback Tidbits: Flashback Checker, OpenDNS Protection, Apple's Low-Visibility Security Team
- Thread starter MacRumors
- Start date
- Sort by reaction score
You don't know that at all. Available patches does not translate to more patched systems, especially amongst the user base most vulnerable to malware infections.
Clearly.
Go to the little search window on the Apple site and type "security". Then look at "Support Results" on the right.
Myth of the inherent invulnerability of OS X to malware... Busted!
No one ever claimed OS X was invulnerable to malware. This isn't the first piece of malware for OS X anyhow.
I've used OpenDNS for a number of years now and it works fine.
And what websites do you have to visit to get this "Flashback" thing exactly?
I checked both of my Macs using the command line thing and none of them are infected. Apparently none of my Mac-using friends have it either, which makes me question these infection numbers that are getting thrown around and whether the whole thing is just a viral marketing campaign by Norton to revitalize their company with a "radar gun / radar detector" business model now that Microsoft has finally made 3rd-party security software all but obsolete.
And what websites do you have to visit to get this "Flashback" thing exactly?
I checked both of my Macs using the command line thing and none of them are infected. Apparently none of my Mac-using friends have it either, which makes me question these infection numbers that are getting thrown around and whether the whole thing is just a viral marketing campaign by Norton to revitalize their company with a "radar gun / radar detector" business model now that Microsoft has finally made 3rd-party security software all but obsolete.
Exactly..
I sometimes wonder if these "security companies" who find these vulnerabilities, are not somehow connected to the hackers who exploit them. Particularly ones based in foreign countries where many of these attacks seem to originate.
Apple is no longer developing Java for OSX now that Oracle bought Sun and took over Java. I don't believe Java is included with the default Lion install. You specifically have to go download it and add it in. So if Oracle releases a fix for a Java security hole, it is understandable that Apple would need some time to make the changes to the JVM's they continue to support and then test them before rolling them out.
Most users have no need for Java on their machines these days. Very few mainstream web sites use it. Corporations that use Java based apps are probably using some type of ERP system, like Oracle, that use Java in some of their products, but for the average Mac user has very little need for it.
As for Apple being "secretive" or "non-communicative" - typical press noise and hype. These security experts all want their 15 minutes of fame. Or more if they can get it.
It cracks me up how many people come to an Apple focused web sites to whine, complain, and throw hate at Apple. If you are a Windows user, why would you even visit a Mac focused site? If your an Apple hater, why even buy an Apple product? What a pitiful life you must lead.
Step 1: Fake trojan outbreak news
Step 2: Create bogus removal tool that infects Mac when run
Step 3: 20 millions of Macs now trojaned
)
I sometimes wonder if these "security companies" who find these vulnerabilities, are not somehow connected to the hackers who exploit them. Particularly ones based in foreign countries where many of these attacks seem to originate.
Apple is no longer developing Java for OSX now that Oracle bought Sun and took over Java. I don't believe Java is included with the default Lion install. You specifically have to go download it and add it in. So if Oracle releases a fix for a Java security hole, it is understandable that Apple would need some time to make the changes to the JVM's they continue to support and then test them before rolling them out.
Most users have no need for Java on their machines these days. Very few mainstream web sites use it. Corporations that use Java based apps are probably using some type of ERP system, like Oracle, that use Java in some of their products, but for the average Mac user has very little need for it.
As for Apple being "secretive" or "non-communicative" - typical press noise and hype. These security experts all want their 15 minutes of fame. Or more if they can get it.
It cracks me up how many people come to an Apple focused web sites to whine, complain, and throw hate at Apple. If you are a Windows user, why would you even visit a Mac focused site? If your an Apple hater, why even buy an Apple product? What a pitiful life you must lead.
It's not matter of becoming "pen pals", it's matter of tackling the security issues as fast as possible so that the minor number of users are at risk and the botnet does not become a bigger threat (and bloggers have less ammunition to start spreading FUD about Mac security).
Having direct contact information can help with that, but it's not needed, as long as someone fixes the vulnerability very fast and/or replies so that you can start a collaboration in the best interest of security.
Apple was informed long ago of the security holes. Apple did nothing. Zero. No fixes whatsoever. Many of those 600k infected machines could have been prevented with a more serious approach to security responses by Apple, which most likely needs to be implemented given that they are not under the radar anymore.
Last edited:
I think he means MS has more experieince at handling major malware outbreaks.
If nothing else, I feel like this virus shows how relatively secure OS X is. If this is a bug that basically manifests through an issue in Java, that strengthens that argument.
While obviously a bad thing for Mac owners everywhere, it's nice to know how infrequently these issues arise on the Mac platform versus the Windows platform. To give Microsoft credit, they have come a long way, though. It seems like fewer and fewer viruses really hit critical mass for a Reuter's article anymore. Or maybe I'm just not seeing them?
While obviously a bad thing for Mac owners everywhere, it's nice to know how infrequently these issues arise on the Mac platform versus the Windows platform. To give Microsoft credit, they have come a long way, though. It seems like fewer and fewer viruses really hit critical mass for a Reuter's article anymore. Or maybe I'm just not seeing them?
Of course available patches translate into more patched system. The only question is how many.
Whats more annoying is that all the idiotic Windows fanboys are parading around every known social networking site gloating that Mac's actually do get viruses.
How did so many people become so misinformed about the differences between trojans, worms, and viruses?
How did so many people become so misinformed about the differences between trojans, worms, and viruses?
Another piece I’m curious about: are email spam/phishing campaigns (possibly driven by Windows botnets) being used to send out clickable links to infected sites?
That’s a potential malware vector that I wouldn’t ignore if I were behind this, but email hasn’t been mentioned in the articles I’ve seen.
(By the way, Apple has stumbled in their communication on this—and maybe on their actions too—which does show their lack of experience; probably not their lack of caring. It may also be that this Russia-based sinkhole left them wondering who the good guys really are—which could well keep them silent while making sure of that. Even so, looking at the big security picture, I have to give credit where due: they’ve done things with Lion that NO other “more experienced” OS or vendor has done for security. They’re not the pros in every regard, but they do lead the security pack in other ways. Ways which make me even more glad to be on Mac.)
Also, as for Java being insecure, I always assumed that and always had it turned off, but it shouldn’t have been left to me to do so. Apple should turn it off by default, since most people never need it. I consider Java being enabled by default (much like Open Safe Files) to be a dropped ball by Apple. But easily remedied!
To be fair, “virus” (spreads itself from program to program) vs. “worm” (spreads itself from computer to computer) are terms few can tell apart, and even tech companies don’t always use them consistently. And “Trojan” is too simple a term—some distinction needs to be made between “requiring an unusual user action” and requiring simply visiting a web page. When I see Windows malware installing itself from someone simply visiting a web page, I certainly don’t minimize that risk! This time, it’s Macs. I guess “drive by” seems to be the term here, although I never heard that term before this.
Granted, trolls are making much more of this than it is (which no doubt hurts Mac sales as intended) but the term “virus” is kind of an understandable mistake.
Exactly. First successful one, but here’s the real myth: the myth of “people who claim Macs are invulnerable.”
No, people merely claim they’re safer. Which they still are. For many reasons, all of them helpful!
That’s a potential malware vector that I wouldn’t ignore if I were behind this, but email hasn’t been mentioned in the articles I’ve seen.
(By the way, Apple has stumbled in their communication on this—and maybe on their actions too—which does show their lack of experience; probably not their lack of caring. It may also be that this Russia-based sinkhole left them wondering who the good guys really are—which could well keep them silent while making sure of that. Even so, looking at the big security picture, I have to give credit where due: they’ve done things with Lion that NO other “more experienced” OS or vendor has done for security. They’re not the pros in every regard, but they do lead the security pack in other ways. Ways which make me even more glad to be on Mac.)
Also, as for Java being insecure, I always assumed that and always had it turned off, but it shouldn’t have been left to me to do so. Apple should turn it off by default, since most people never need it. I consider Java being enabled by default (much like Open Safe Files) to be a dropped ball by Apple. But easily remedied!
To be fair, “virus” (spreads itself from program to program) vs. “worm” (spreads itself from computer to computer) are terms few can tell apart, and even tech companies don’t always use them consistently. And “Trojan” is too simple a term—some distinction needs to be made between “requiring an unusual user action” and requiring simply visiting a web page. When I see Windows malware installing itself from someone simply visiting a web page, I certainly don’t minimize that risk! This time, it’s Macs. I guess “drive by” seems to be the term here, although I never heard that term before this.
Granted, trolls are making much more of this than it is (which no doubt hurts Mac sales as intended) but the term “virus” is kind of an understandable mistake.
Exactly. First successful one, but here’s the real myth: the myth of “people who claim Macs are invulnerable.”
No, people merely claim they’re safer. Which they still are. For many reasons, all of them helpful!
Last edited:
I tend to agree. I think the biggest use of Java these days on the Mac is in web platform development or software development in embedded platforms. Certainly not the typical user scenario.
You mean from the perspective of not giving a damn about non-issue others are using blow out of proportion their importance, this whole thing? Typical Apple indeed.
Not hardly
Microsoft has made 3-rd party security software all but obsolete? LMAO.
You obviously don't work in computer security, or have used Microsoft's ForeFront product. It is a weak product that most business don't rely on. Business for McAfee and Symantec security solutions, including endpoint systems, is busier than ever. The current APT landscape shows how sophisticated attacks have become, and that a multi-layer defense is priority number 1.
Apple could do more to improve its response to security issues, but the size of the security problems pale when compared to Windows. Windows 7 is a big improvement, but it still falls prey to the weakest link in the security chain - users who are uneducated and fall victim to phishing and other attacks.
Microsoft has made 3-rd party security software all but obsolete? LMAO.
You obviously don't work in computer security, or have used Microsoft's ForeFront product. It is a weak product that most business don't rely on. Business for McAfee and Symantec security solutions, including endpoint systems, is busier than ever. The current APT landscape shows how sophisticated attacks have become, and that a multi-layer defense is priority number 1.
Apple could do more to improve its response to security issues, but the size of the security problems pale when compared to Windows. Windows 7 is a big improvement, but it still falls prey to the weakest link in the security chain - users who are uneducated and fall victim to phishing and other attacks.
Most Apple fanboys at this moment. So many of them are grasping at straws, downplaying the situation, and pretending it's not a big deal when it's huge.
It's not a virus!!! DAMN ANTI APPLE MEDIA!! WE STILL DONT HAVE A VIARUS!!
Nobody cares about the difference between malware and a virus. Hell, how many true viruses have been released on Windows? This is an extremely potent thing that doesn't even need your admin password in order to install and begin.
To the college student, to the grandma, to the other less tech savvy Apple user they don't give a ****. They now have to think for the past couple of months their computer has possibly been tracked, used in attacks, and now they have to figure out what info could have been stolen.
This is an extremely serious infection that does extremely serious stuff. Apple's response was pathetic.
Image
Most Apple fanboys at this moment. So many of them are grasping at straws, downplaying the situation, and pretending it's not a big deal when it's huge.
It's not a virus!!! DAMN ANTI APPLE MEDIA!! WE STILL DONT HAVE A VIARUS!!
Nobody cares about the difference between malware and a virus. Hell, how many true viruses have been released on Windows? This is an extremely potent thing that doesn't even need your admin password in order to install and begin.
To the college student, to the grandma, to the other less tech savvy Apple user they don't give a ****. They now have to think for the past couple of months their computer has possibly been tracked, used in attacks, and now they have to figure out what info could have been stolen.
This is an extremely serious infection that does extremely serious stuff. Apple's response was pathetic.
Well i'm still not sticking AV on my mac so in your expert opinion what sites should I avoid?
It's not really "disclosed" (or "confirmed" as I've seen in other reports on this) that there are 600,000 Macs infected with the Flashback trojan. It's an ESTIMATE. If there were more accurate reporting around this story, there would be less chance for fanatics on either side to trot out their tired old cliches...
I also have a question about the authenticity of a never-before-heard-of security company who is running a "sink hole" server to make these estimates of infection. It doesn't seem very far removed from the actual bad guys - indeed the Dr. Web guy says that it would be part of a malicious scheme if it wasn't them running it because they're not doing any harm to users. OK... Let's take him at his word, but what protection is there for their sink hole server? How do we know that it's not now the prime target for the malicious hackers to inject some bad code...?
Anyway, I have three Macs in my household and none of them were infected, so as far as I'm concerned there's still no problem with MacOS.
It also seems from the Dr. Web page that if the trojan finds directories for either Little Snitch or Xcode it doesn't deploy, so that seems like easy and free protection to me...
I also have a question about the authenticity of a never-before-heard-of security company who is running a "sink hole" server to make these estimates of infection. It doesn't seem very far removed from the actual bad guys - indeed the Dr. Web guy says that it would be part of a malicious scheme if it wasn't them running it because they're not doing any harm to users. OK... Let's take him at his word, but what protection is there for their sink hole server? How do we know that it's not now the prime target for the malicious hackers to inject some bad code...?
Anyway, I have three Macs in my household and none of them were infected, so as far as I'm concerned there's still no problem with MacOS.
It also seems from the Dr. Web page that if the trojan finds directories for either Little Snitch or Xcode it doesn't deploy, so that seems like easy and free protection to me...
Pardon? You realize that it wasn't just a couple of sites or malware from pirate sites?
All you had to do was go to an infected site on say google images and even if you denied the password you'd be infected.
Just wanted to quote both of your posts as I think they’re excellent points. We know this Java payload was sent down from visited sites and was able to execute outside of the sandbox due to a flaw in the Java distribution.
Which sites though? Did people reach those legitimately or has there been some kind of email, redirect, etc., mechanism to drive people to sites specifically design to delivery it?
Again, great points, and there are still quite a few unanswered questions about this whole event.
Yeah, while I meant that post as a joke, I don’t think it’s totally outside the realm of possibility that there are relationships in place (with all the players) that aren’t totally above board.
Just did the command-line step-by-step:
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml
I'm clean too. I'd like to see a more proactive attitude from Apple. Microsoft already has a pretty decent antivirus/antimalware built-in.
Seems to me Apple is playing game: shoot the hacker and his servers and hope it will demotivate other hackers to make viruses for Macs.
I keep hearing that but have yet to see one reputable site by name announced as infected or that spread the infection.
Some people are making it out to be a bigger issue than it is and others are making it out to be a smaller issue that it is. Truth is probably somewhere in the middle.