Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 31, 2013, 12:56 PM   #101
sseaton1971
macrumors 6502
 
Join Date: Feb 2012
Quote:
Originally Posted by jk1002 View Post
You an disable the Xprotect auto updates under system preferences - security - general - advanced - untick automatically update safe download list
But that also affects the list of malware in XProtect.plist, correct? The solution I use only disables the Flash and Java blocks in XProtect.meta.plist. I don't want to stop Apple from updating the list of malware.
sseaton1971 is offline   0 Reply With Quote
Old Jan 31, 2013, 01:06 PM   #102
RMo
macrumors 6502a
 
Join Date: Aug 2007
Location: Iowa, USA
Quote:
Originally Posted by RMo View Post
Do you really do most of the work on your computer with Java plug-in applets?...
Quote:
Originally Posted by doelcm82 View Post
Yes. Yes I do.

Next question?
Then you don't really need OS X to do it, so you can work around it.

(I'd also seriously reconsider anything that makes me depend on a Java applet without providing a more accessible method of access.)
RMo is offline   0 Reply With Quote
Old Jan 31, 2013, 01:14 PM   #103
iVoid
macrumors 65816
 
Join Date: Jan 2007
What worries me the most is that unlike the last Java block, this one is affecting Snow Leopard users.

And as far as I can see, Oracle only supports 1.7.2+ with Java 7.

So Snow Leopard users are completely out of luck for Java plug-ins now unless the hack the xprotect file?
iVoid is offline   1 Reply With Quote
Old Jan 31, 2013, 01:30 PM   #104
doelcm82
macrumors 6502a
 
Join Date: Feb 2012
Location: Texas, USA
Quote:
Originally Posted by RMo View Post
Then you don't really need OS X to do it, so you can work around it.

(I'd also seriously reconsider anything that makes me depend on a Java applet without providing a more accessible method of access.)
I did work around it by downloading Firefox.

I prefer OS X, and I prefer Safari. But if I can't do my job with them, I'll use something else. You are right that I don't need Apple products. You are so very, very right.
doelcm82 is offline   0 Reply With Quote
Old Jan 31, 2013, 01:45 PM   #105
Tiger8
macrumors 68000
 
Join Date: May 2011
Quote:
Originally Posted by notjustjay View Post
I still think that's a dumb and vulnerable approach, but I understand that it's frustrating that you can't get work done as a result.
I'm sorry, but I don't think you get it. For high interactivity applications JRE or a variation of it is the way to go. Your other web-only choices are limited to:
- Microsoft ActiveX (horrible)
- Flash (check out the late Mr Jobs about Flash)
- (Recently) HTML5 - which anyway requires JQuery or some sort of a backend technology to support it.

Otherwise, you need to develop native applications which is so 1999 for desktops (I know it is hot in mobile world). Enterprise is moving to zero footprint web-only applications.

Java was fine before Oracle, they went downhill since Oracle bought Sun
Tiger8 is offline   0 Reply With Quote
Old Jan 31, 2013, 01:56 PM   #106
patchfp86
macrumors newbie
 
Join Date: Oct 2011
Out with the old

Ya know, I am actually surprised at the number of online courses/test preps that still rely on Java applets. I just sat down to take a practice MCAT and I obviously cannot. Companies need to kick Java and start looking at HTML5/modern coding that allows easy access. This Java business is getting insane. It has nothing to do with Apple either. They dropped it cause it sucks and is archaic. While its not fun, some companies need to get with the program.
patchfp86 is offline   0 Reply With Quote
Old Jan 31, 2013, 02:03 PM   #107
PaulKemp
macrumors 6502
 
Join Date: Jun 2009
Location: Norway
Quote:
Originally Posted by jwkay View Post
Java is essential for the joint Norwegian bank login system BankID. If Apple has disabled this without a way of switching it back on, we are all locked out of our bank accounts!
This is ridiculous. Apple is blocking all Norwegian Mac users from using their online banking system. Nad everybody younger than 70 years is using. Online banking in Norway had 50% user penetration - in 2007!

Chrome is neither a option.
__________________
iMac i7 3.4 GHz, 24 GB Ram, 256 SSD | MBA 2011 i5 1.7 GHz, 4 GB Ram | Mini i7 2.0 GHz, 4 GB Ram, RAID 0 | iPad 2 16 GB | iPhone 5 16 GB | ATV 3
Remember to quote orignal post.
PaulKemp is offline   2 Reply With Quote
Old Jan 31, 2013, 02:29 PM   #108
bryanzak
macrumors member
 
Join Date: Feb 2002
Quote:
Originally Posted by RayK View Post
Have you found a way to disable XProtect (Automatically update safe downloads list) through command line means? I cannot seem to find what plist this is modifying. This has been driving me nuts for weeks.
Yeah I've been trying to find out how to do this too. We could use login scripts or something along those lines, but would rather not for a number of reasons.

I have been completely unable to find out what bits on the disk are changed when toggling the auto update safe downloads option.
bryanzak is offline   0 Reply With Quote
Old Jan 31, 2013, 02:56 PM   #109
TylerL
macrumors regular
 
Join Date: Jan 2002
Best of Both Worlds

At my school district, we want to use Java 1.6 for a single Gradebook app, but we also want to keep XProtect running (in case there's a malware outbreak of another kind).
So, I've tweaked the /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist file with some of sonynair's fancy PlistBuddy snippet.
This way, whenever XProtect gets updated on any of our computers, it gets patched immediately and automatically.

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>StartInterval</key>
	<integer>86400</integer>
	<key>Label</key>
	<string>com.apple.xprotectupdater</string>
	<key>ProgramArguments</key>
	<array>
                <string>sh</string>
                <string>-c</string>
                <string>/usr/libexec/XProtectUpdater ; /usr/libexec/PlistBuddy -c "Delete :JavaWebComponentVersionMinimum" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
</dict>
</plist>
TylerL is offline   1 Reply With Quote
Old Jan 31, 2013, 03:03 PM   #110
RayK
macrumors 6502
 
Join Date: Oct 2005
Quote:
Originally Posted by bryanzak View Post
Yeah I've been trying to find out how to do this too. We could use login scripts or something along those lines, but would rather not for a number of reasons.

I have been completely unable to find out what bits on the disk are changed when toggling the auto update safe downloads option.
What TylerL does is similar to mine. I just unload the updater. It unchecks the box in System Preferences.

The script below reenables the java plugin after you install Apple's Java update 2012-006. I updated it to kill XProtect.

Here's my script:

Code:
do shell script "rm /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
rm /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
sudo /usr/libexec/XProtectUpdater
launchctl unload -w /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist" with administrator privileges
do shell script "rm -r -f /Library/Internet\\ Plug-Ins/disabled
mkdir -p /Library/Internet\\ Plug-Ins/disabled
mv /Library/Internet\\ Plug-Ins/JavaAppletPlugin.plugin /Library/Internet\\ Plug-Ins/disabled
ln -sf /System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPlugin2_NPAPI.plugin /Library/Internet\\ Plug-Ins/JavaAppletPlugin.plugin
ln -sf /System/Library/Frameworks/JavaVM.framework/Commands/javaws /usr/bin/javaws
/usr/libexec/PlistBuddy -c 'Delete :JavaWebComponentVersionMinimum' /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
" with administrator privileges
activate
display dialog "Java 6 Web Plug-In should now function! XProtect is now disabled." buttons {"OK"} default button "OK"
__________________
24" iMac Early 2009, iPad 2 64GB VZW, iPhone 5 Verizon
Apple Certified Macintosh Technician
RayK is offline   0 Reply With Quote
Old Jan 31, 2013, 03:27 PM   #111
MagnusVonMagnum
macrumors 68040
 
MagnusVonMagnum's Avatar
 
Join Date: Jun 2007
Quote:
Originally Posted by notjustjay View Post
I've had Java disabled in my browser for the last several years, and I don't miss it at all. I think in all that time I have re-enabled it maybe once because there was an applet I actually wanted to run.

Just leave it turned off.
How nice for you. Some people actually need Java for their work or other uses. Hell, some people even paid Pogo.com to use their gaming site ad-free for the year and Apple comes along and makes it UNUSABLE without some dancing about workarounds that NO ONE should have to bother with. How about a freaking WARNING and a simple override button. At what point does being treated like kindergarten students become unacceptable? I don't use Java anywhere else except for my Brother printer management software, so I think a single exception to a trusted web site shouldn't be such a huge issue, really.

On the other hand, I just tested Java SE7 Update 11 in both Safari and Firefox and it still works in both here (A security warning comes up and asks me if I want to run the app in question but when I click run it still runs including Pogo.com) so I have to wonder about the accuracy of this article.

Quote:
Originally Posted by jk1002 View Post
Apple seems to be clueless when it comes to their business customers.

This is really ridiculous. This causes as much damage for some as a potential virus attack.
You got my up-vote. That is a PERFECT way of describing their interference. They are doing more damage than any hacker out there because it's to ALL systems, not just one visiting a bad site that gets click approved by a clueless user. Yeah, I want to run that "StealMyIdentity" Java App I found on a random web site! CLICK YES! Whoops! What happened?

Quote:
Originally Posted by AppleScruff1 View Post
Flash, Java, what's next? Internet access to Apple approved sites only?
No, I think access only to Apple approved applications will be next on the list using Gatekeeper and the App Store to enforce it. The writing has been on the wall for a long time now and since most Apple users just roll over and take it any time Apple does something unacceptable I'm sure they'll never make a stink about it like they did with the iPhone's antenna reception since obviously moving your finger to get reception to work in some cases is SO much worse than not being able to access your bank account.
__________________
Mac Mini Server 2012 (2.3GHz Quad i7, 8GB, 2x1TB RAID 0) ; External 12x Memorex Blu-Ray USB3, External WD 3x3TB,1x2TB HD USB3)
15" Matte MBP 2.4GHz, 4GB/500GB, NVidia 8600M GT; 3 ATV; 2 iPod Touch

Last edited by MagnusVonMagnum; Jan 31, 2013 at 03:50 PM.
MagnusVonMagnum is offline   2 Reply With Quote
Old Jan 31, 2013, 03:39 PM   #112
gazonk
macrumors newbie
 
Join Date: Jan 2009
Quote:
Originally Posted by PaulKemp View Post
This is ridiculous. Apple is blocking all Norwegian Mac users from using their online banking system. Nad everybody younger than 70 years is using. Online banking in Norway had 50% user penetration - in 2007!

Chrome is neither a option.
The right way to view this is that BankID is blocking all Norwegian computer users from using their machines in a reasonably safe way.

But fortunately, if you're not using one of the banks that have implemented the banking interface itself as a java applet, give them a call and ask them to deactivate your BankID. I did a couple of weeks ago - what a relief to get rid of the junk!
gazonk is offline   0 Reply With Quote
Old Jan 31, 2013, 03:57 PM   #113
DaveTheRave
macrumors 6502
 
Join Date: May 2003
Quote:
Originally Posted by SmileyBlast! View Post
Your Banks IT department should be aware and should have notified you.

You would also think that a Bank is particularly security conscious and would provide you with a remote access solution that did not rely on Java.

The exploit is serious.
Oh...so you think Apple contacted my company's IT department to tell them they were going to disable Java?
DaveTheRave is offline   2 Reply With Quote
Old Jan 31, 2013, 04:12 PM   #114
derek
macrumors newbie
 
Join Date: Aug 2001
Location: Syracuse, NY
Send a message via ICQ to derek Send a message via AIM to derek
Avoid Java In All Cases; Kill It Off The Internet; Oracle Sucks

Quote:
Originally Posted by sonynair View Post
They are also blocking Apple Java 1.6! Don't know where XProtect.meta.plist screenshot is from, but that is not what Apple pushed out this morning.

Here's what it really is! . . .

Hope that helps someone!
I hope that doesn't get someone's Mac PWNed.

Most likely, all of us here are responsible users, as opposed to LUSERS. Nonetheless, I don't want anyone, except those in dire need or who know how to responsibly avoid malware, knowing how to bypass Apple's wisdom here.

Yes, Apple want to maintain a reputation as being proactive against Apple-user targeted malware. They also don't want any LUSER lawsuits against them. But I also believe Oracle is too stupid and lazy to ever take their severe Java security hell seriously.

Therefore, the sooner Java is killed off the Internet, the better for everyone.

Conspiracy theorists who think they're being shoved into another Apple proprietary 'walled garden' can bite themselves. Computer security takes precedence over your paranoia or ignorance.
__________________
Fortune Magazine 11-29-05: What's your computer setup today?
Frederick Brooks: I happily use a Macintosh. It's not been equaled for ease of use, and I want my computer to be a tool, not a challenge.

Last edited by derek; Jan 31, 2013 at 04:17 PM. Reason: I wrote it. I edit it.
derek is offline   0 Reply With Quote
Old Jan 31, 2013, 05:03 PM   #115
Mike1984
macrumors newbie
 
Join Date: Oct 2010
Quote:
Originally Posted by Bubba Satori View Post
Apple should just buy Java.
Exactly.
If they're such control freaks, they should be in the user community fixing the issues.
And developing support for Retina display and add Java classes for native functionality.

----------

Quote:
Originally Posted by bbeagle View Post
How does HTTPS have anything to do with Java Applets?

Conversely, I could create a dummy web site, use HTTPS, and write a 'rogue' java applet which takes over your machine.
Then you'd be a hacker with a REGISTERED Certificate for your server.
Whereby you could be held liable for your damage.
You wouldn't be anonymous.
Mike1984 is offline   1 Reply With Quote
Old Jan 31, 2013, 05:19 PM   #116
pmjoe
macrumors 6502
 
Join Date: Mar 2009
Quote:
Originally Posted by patchfp86 View Post
Companies need to kick Java and start looking at HTML5/modern coding that allows easy access.
HTML5 + JavaScript + whatever is on the server backend is hardly "modern coding", it's a sad, arcane state that hopefully the software industry will find a way to grow past.
pmjoe is offline   0 Reply With Quote
Old Jan 31, 2013, 05:59 PM   #117
sectime
Banned
 
Join Date: Jul 2007
Quote:
Originally Posted by topmike View Post
This is too funny


I went to www.icloud.com to make some changes to my account - which for some reason, the icloud site uses JavaScript!

Of course Safari blocks access to it. The screenshot was from Safari.

(I think MacRumors uses Java to submit reply's too.....)
You know Java exploit and Javascript in Safari are two different things? Javascript is not blocked by Apple. At least on the ten machines at my workplace.
sectime is offline   0 Reply With Quote
Old Jan 31, 2013, 06:13 PM   #118
snoop92679
macrumors newbie
 
Join Date: Feb 2008
No One is Asking Why Apple is Blocking Java...

I'm totally guessing, but this remote blocking of JAVA on end user computers without any notice is based on national security. My bet is that Anonymous has been able to break into Justice Department and other US computer systems as revenge for the death of Aaron Swartz. What the prosecutor did to that guy is so outrageous and shameful - it makes me sick to my stomach to have Obama and his jack booted goons as our president.
snoop92679 is offline   1 Reply With Quote
Old Jan 31, 2013, 06:59 PM   #119
haruhiko
macrumors 68030
 
haruhiko's Avatar
 
Join Date: Sep 2009
Quote:
Originally Posted by PaulKemp View Post
This is ridiculous. Apple is blocking all Norwegian Mac users from using their online banking system. Nad everybody younger than 70 years is using. Online banking in Norway had 50% user penetration - in 2007!

Chrome is neither a option.
It seems to me that relying on a third party platform like Java for crucial systems like online banking is not a very great idea. The user interface should be transparent to the user and doesn't require any plug-ins. Most online banking / transaction system here in Hong Kong completely ditched the requirement of Java browser plug-in recently.
__________________
Mac: rMBP'12, iMac'08/24", Mini'09, MBP'10/15", MBA'11/13". iPhone: 5s/64S 5/64B, 4S/64W, 4/32B, 3GS/16. iPT: 3G,1G. iPad: Air,Mini2,4,3/LTE/64 2/3G/32, 1/WiFi/16. ATV'12,'11, AEBS'09, TC'13/2TB
haruhiko is offline   0 Reply With Quote
Old Jan 31, 2013, 07:05 PM   #120
Tech198
macrumors 68040
 
Join Date: Mar 2011
Location: Australia, Perth
I agree, it is ridiculous that Apple is cleaning up someone else's continuous mess, in this case (Oracle's)

Could't Apple do its own Java.... period ? That way only they will control it, and most importantly, it will always be more secure. It can't be any less secure than what we currently have.
__________________
13" MBPR, i5, 256Gig SDD, 8 Gig Ram, Apple TV, iPhone 5S 16Gig, iPad 16Gig, Mac Mini 2.3Ghz i7, 1TB HD
"There are no stupid questions, just stupid people."
Tech198 is offline   0 Reply With Quote
Old Jan 31, 2013, 07:20 PM   #121
pmz
Banned
 
Join Date: Nov 2009
Location: NJ
Quote:
Originally Posted by Steve121178 View Post
Nothing about your post is accurate.
Right exactly, disabling a major threat to a user's computer is somehow LESS professional than knowingly leaving users open to exploits > viruses > loss of data.

Gotcha. Accuracy.
pmz is offline   0 Reply With Quote
Old Jan 31, 2013, 09:12 PM   #122
MacMan988
macrumors 6502a
 
Join Date: Jul 2012
How do they block and unblock ? Do they send any updates through App Store? I did not get any kind of updates from Apple.
MacMan988 is offline   0 Reply With Quote
Old Jan 31, 2013, 09:21 PM   #123
McSev2010
macrumors newbie
 
Join Date: Jan 2013
I have been stewing about this all day. And this is probably one of the few posts I'll ever make to a forum.

I don't understand how Apple can just flip the switch with NO notification to the user. I own my Mac -- and I paid for my o/s. If Microsoft did such a thing, people would be outraged about infringement of their personal liberties. Why does Apple think I am so stupid that I can't turn off Java myself if I want to?
McSev2010 is offline   2 Reply With Quote
Old Jan 31, 2013, 09:22 PM   #124
derek
macrumors newbie
 
Join Date: Aug 2001
Location: Syracuse, NY
Send a message via ICQ to derek Send a message via AIM to derek
Quote:
Originally Posted by Mike1984 View Post
Exactly.
If they're such control freaks, they should be in the user community fixing the issues.
Apple IS in the user community, contributing to the Mac version of the JRE. You're ignorant.

And since when does attention to Mac user security = being 'control freaks'? You're ignorant.

This is a security issue, not your personal problems issue.
__________________
Fortune Magazine 11-29-05: What's your computer setup today?
Frederick Brooks: I happily use a Macintosh. It's not been equaled for ease of use, and I want my computer to be a tool, not a challenge.
derek is offline   0 Reply With Quote
Old Jan 31, 2013, 09:26 PM   #125
McSev2010
macrumors newbie
 
Join Date: Jan 2013
Quote:
Originally Posted by derek View Post
This is a security issue, not your personal problems issue.
It's more than a security issue. I suspect they aren't protecting you. They're protecting their operating system. There is a huge difference.
McSev2010 is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Releases New Java 6 Updates With Enhanced Security, Uninstalls Apple-Provided Java Applet Plug-in MacRumors Mac Blog Discussion 49 Oct 22, 2013 09:58 AM
Apple Again Blocks Older Versions of Java Over Vulnerability MacRumors Mac Blog Discussion 27 Sep 2, 2013 02:40 PM
Apple Releases Safari and Java Updates With Plug-In and Security Improvements MacRumors MacRumors.com News Discussion 77 Apr 23, 2013 03:09 PM
Oracle Releases Java 7 Update 13 to Address Security Issues, Reenable Web Plug-in on OS X MacRumors MacRumors.com News Discussion 134 Feb 17, 2013 12:40 PM
Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat MacRumors MacRumors.com News Discussion 247 Jan 19, 2013 02:22 PM

Forum Jump

All times are GMT -5. The time now is 07:36 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps