Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 8, 2013, 03:03 PM   #101
gotluck
macrumors 68030
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
Quote:
Originally Posted by FloatingBones View Post



Here's a different perspective: using vendors which continue to use something as broken as Java in web browsers holds the risk of crippling your entire organization. Your company sounds ripe for a spear phishing attack.



If you have proper planning in your organization and have decided that allowing zero-day attacks from Java and Flash is your preferred means of operating, you would have already changed that security option on the Macs in your enterprise.

Here's a question for you: how long will it take before your company realizes that Java/Flash in web clients is a terrible idea and you will phase them out?
Do you have any suggestions on an alternative to Jack Henry for banking systems that does not use java?

We have no macs at our community bank but operations would halt without access to java.
__________________
iPad Air LTE 7.1.2 JB (T-Mobile) - GS 4 Google Edition 4.4.4 ART (AT&T) - Windows 7 PC's - iPhone 4 6.1 JB
"Give me liberty (root access), or give me death!" - Patrick Henry
gotluck is online now   0 Reply With Quote
Old Feb 8, 2013, 03:03 PM   #102
MagnusVonMagnum
macrumors 68040
 
MagnusVonMagnum's Avatar
 
Join Date: Jun 2007
WTF doesn't Apple just give a warning and make the user DECIDE whether to disable it or not rather than just go around shutting down computers willy nilly without the users' permission? This strikes me as an invasion of privacy and frankly as pointed out with Java, it can do more damage than an actual threat in some cases if there's no update to move to (as was the case with Java at one point).
__________________
Mac Mini Server 2012 (2.3GHz Quad i7, 8GB, 2x1TB RAID 0) ; External 12x Memorex Blu-Ray USB3, External WD 3x3TB,1x2TB HD USB3)
15" Matte MBP 2.4GHz, 4GB/500GB, NVidia 8600M GT; 3 ATV; 2 iPod Touch
MagnusVonMagnum is online now   1 Reply With Quote
Old Feb 8, 2013, 03:22 PM   #103
wood_e
macrumors newbie
 
Join Date: Sep 2003
Send a message via AIM to wood_e
This Xprotect blocking is a PURE NIGHTMARE for enterprise users. I manage over 60 macs and updating each one by hand is such a PITA...
wood_e is offline   0 Reply With Quote
Old Feb 8, 2013, 04:34 PM   #104
tbrinkma
macrumors 65816
 
Join Date: Apr 2006
Quote:
Originally Posted by musicpaladin View Post
Um.... blocking exploits should be done at the liberty of the administrators, not by the manufacturer. That's the business's decision to make. Not Apple's. If Apple is serious about continuing to claim to serve the Enterprise market (which they have repeatedly shown more and more that they are completely inept at) then they will cease this practice immediately.

In the business world, when you have several thousand workstations on your network, it is unacceptible and impractical to ask an administrator to manually have to disable a block. And for some businesses, 1-2 hours is too long. What if you are in medicine and your medical database uses a Java based client? Someone could die if you lose access to these records for 1-2 hours.

This would NEVER fly on a Microsoft product. If this is what people will have to expect from Apple, then they will not use their products for the Enterprise.

Apple continues to play God and show an arrogance towards the Enterprise about their needs.
Congratulations. You've just told someone in IT, who has to deal with Microsoft's security practices on a regular basis that *cutting off an actively exploited security vulnerability* is a 'bad' thing. Really?

I've had to clean up after a *number* of 0-day exploits over the course of my career, and would have given my eye teeth to not have had to go through that mess. If you've ever had to deal with completely reimaging 2 dozen Windows boxes, you'll know how much *more* effort that is than undoing this security fix *IF* it actually causes any users a problem.

Might I suggest that you go shopping for a clue?

----------

Quote:
Originally Posted by iMikeT View Post
Actually, I do because I'll have to log into my admin account to install updates and such. The user account I use does not have admin privileges for obvious reasons. Then there's the OCD of rebooting after updates and such from the early days of computing.
You still don't need to reboot. Just switch to your admin account, do the install, and restart Safari when you switch back to your normal account.
__________________
17" MBP (unibody), 2.66GHz i7, 8GB RAM, 750 GB HDD; iPhone 4s 64GB/Black
tbrinkma is offline   3 Reply With Quote
Old Feb 8, 2013, 05:01 PM   #105
FloatingBones
macrumors 65816
 
FloatingBones's Avatar
 
Join Date: Jul 2006
Quote:
Originally Posted by gotluck View Post
Do you have any suggestions on an alternative to Jack Henry for banking systems that does not use java?

We have no macs at our community bank but operations would halt without access to java.
Not my industry. Does Jack provide iPad (or other tablet) solutions for what you need to do?

Note: the problem isn't with Java per se; it's with Java apps in the browser.


Quote:
Originally Posted by MagnusVonMagnum View Post
WTF doesn't Apple just give a warning and make the user DECIDE whether to disable it or not rather than just go around shutting down computers willy nilly without the users' permission?
They don't. You gave them permission to do it in your preferences.

Apple needs to have swift response to a virus threat, and most users appreciate that. If you don't want that level of protection on your machine, then turn it off. Simple.
FloatingBones is offline   3 Reply With Quote
Old Feb 8, 2013, 05:45 PM   #106
Fatalbert
Banned
 
Join Date: Feb 2013
My old Flash Player isn't blocked, and I never install updates since I don't really use it.
Fatalbert is offline   0 Reply With Quote
Old Feb 8, 2013, 05:51 PM   #107
AdonisSMU
macrumors 68000
 
Join Date: Oct 2010
I'm happy to do without flash!
AdonisSMU is offline   0 Reply With Quote
Old Feb 8, 2013, 05:53 PM   #108
mrkgoo
macrumors 65816
 
Join Date: Aug 2005
The adobe get flash website downloads a file called "AdobeFlashPlayerInstaller_11_aih.dmg". This is different than what Adobe normally deliver (what does "aih" stand for?).

Further, it is only 879 KB, whereas the link specifies that the file will be 16 MB.

What gives?
mrkgoo is offline   0 Reply With Quote
Old Feb 8, 2013, 06:21 PM   #109
BIS2
macrumors regular
 
Join Date: Jun 2004
I have a 2011 macbook pro running 10.8.2. Over the last few months there have been several times where I've been using safari and suddenly I won't be able to play any video (on sites like hulu, nbcnews, and youtube). Sort of weird cause this hasn't ever happened until recently? The only way I've been able to fix this is by manually updating flash.

Anyway this was the case again today - no videos would play, but updating flash fixed it. But I'm reading on this thread that I don't need to even use flash - it can be disabled? So how would I get video to work again? How do I even shut off flash? And how come I don't get the "you need to update flash" message that was shown in the main story on this?

Thanks a lot
BIS2 is offline   0 Reply With Quote
Old Feb 8, 2013, 06:39 PM   #110
Lara F
macrumors 6502a
 
Join Date: May 2005
Location: Montreal, Quebec
Quote:
Originally Posted by HenryDJP View Post
Which was really unnecessary because Apple didn't block the recent Flash update, they blocked the older version. You're kids can still play their little games just fine.
But that's not the real point. Every time Flash comes up there are posts saying "who needs it?" and that it should disappear.

In the real world, try watching a stream of today's storm news from ABC New York without Flash if you don't have an iPad. (Just one example.)
http://abclocal.go.com/wabc/livenow?id=7241659

Adobe may have given up on mobile, but it's not close to dead on the desktop.
Lara F is offline   0 Reply With Quote
Old Feb 8, 2013, 06:53 PM   #111
deannnnn
macrumors 68000
 
deannnnn's Avatar
 
Join Date: Jun 2007
Location: New York City & South Florida
Quote:
Originally Posted by Ricanlegend View Post
Does anybody use flash anymore ? I been blocking flash for 4 years
You can't have a full internet experience without Flash.

I'm not sticking up for it, I hate Flash too, but you're kidding yourself if you think it's irrelevant. A very limited number of websites support HTML5 alternatives but they're always awful. The HTML5 YouTube is a buggy disaster... which is ironic because people will block Flash because it's "buggy" yet they're willing to go with an alternative that is 50x worse.

Additionally the video players on most non-indie websites require Flash (specifically TV networks), and then there are the small websites for local restaurants and stores that are built in Flash.
__________________
MacBook Pro (Retina) / iPhone 5S
deannnnn is offline   0 Reply With Quote
Old Feb 8, 2013, 07:32 PM   #112
cerote
macrumors 6502a
 
Join Date: Mar 2009
Quote:
Originally Posted by wood_e View Post
This Xprotect blocking is a PURE NIGHTMARE for enterprise users. I manage over 60 macs and updating each one by hand is such a PITA...
Can't it just be turned off then? There are other solutions if it is causing this much of an issue.
cerote is offline   1 Reply With Quote
Old Feb 8, 2013, 07:54 PM   #113
tech4all
macrumors 68040
 
tech4all's Avatar
 
Join Date: Jun 2004
Location: NorCal
Quote:
Originally Posted by iMikeT View Post
Great, just great. I don't know how many times I'll have to restart my iMac this week because of OEMs.
Aww poor you...

...First World Problems.


__________________
I use OS X because of Windows. And I use Android because of iOS.
tech4all is offline   0 Reply With Quote
Old Feb 8, 2013, 08:15 PM   #114
Hes Nikke
macrumors member
 
Join Date: Apr 2001
Quote:
Originally Posted by MyNameIsDave View Post
You need to restart your browser after the install. It doesn't tell you to do this, but it looks as though the update has failed if you don't when it has in fact worked.
In my experience, all flash installs force you to quit all browsers before they let you install. That said, it has also been my experience that you can skirt around this by finding the .pkg installer package inside of the flash installer app bundle and letting apple's installer install flash. But if you're going to bypass the adobe installer front end, you're advanced enough to understand the consequences.
__________________
4966 2079 6F75 2061 7265 2064 6563 6970 6865 7269 6E67 2074 6869 7320 796F 7520 6D75 7374 2062 6520 7265 616C 6C79 2062 6F72 6564 2E2E
Hes Nikke is offline   0 Reply With Quote
Old Feb 8, 2013, 08:19 PM   #115
HenryDJP
macrumors 68020
 
Join Date: Nov 2012
Location: United States
Quote:
Originally Posted by Lara F View Post
But that's not the real point. Every time Flash comes up there are posts saying "who needs it?" and that it should disappear.

In the real world, try watching a stream of today's storm news from ABC New York without Flash if you don't have an iPad. (Just one example.)
http://abclocal.go.com/wabc/livenow?id=7241659

Adobe may have given up on mobile, but it's not close to dead on the desktop.
Which is why I said this earlier in the thread on post #95 but you missed my post somehow. .......


Before Flash took off all that was used for media streaming was Windows Media Player and it ran terribly on the Mac, of course MS made sure of that. . When Flash came around and started becoming the norm I highly welcomed it and I still do. It is quite a resource hog but I am far from trashing it as others seem to.
HenryDJP is offline   0 Reply With Quote
Old Feb 8, 2013, 08:46 PM   #116
Lara F
macrumors 6502a
 
Join Date: May 2005
Location: Montreal, Quebec
I did miss that, sorry. Actually I too remember those days where much streaming video on Windows Media Player didn't work on the Mac (got my first in 2005, it was about two years I think before Flash really became standard). I won't mind when something properly replaces it, I just don't see it happening soon enough on the desktop. Content providers may be fine with HTML5 on iOS where it's hard to pirate/download, but they're not allowing it outside.
Lara F is offline   1 Reply With Quote
Old Feb 8, 2013, 09:03 PM   #117
gotluck
macrumors 68030
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
Quote:
Originally Posted by FloatingBones View Post
Not my industry. Does Jack provide iPad (or other tablet) solutions for what you need to do?

Note: the problem isn't with Java per se; it's with Java apps in the browser.
The main client uses java in the browser. No available iOS solution. iPhones and iPads are prevalent (no android afaik), but only used for mail and non-jack henry (processing/underwriting/operations) tasks - mostly convenience devices.

I see no escape from java... just curious
__________________
iPad Air LTE 7.1.2 JB (T-Mobile) - GS 4 Google Edition 4.4.4 ART (AT&T) - Windows 7 PC's - iPhone 4 6.1 JB
"Give me liberty (root access), or give me death!" - Patrick Henry
gotluck is online now   0 Reply With Quote
Old Feb 8, 2013, 09:25 PM   #118
FloatingBones
macrumors 65816
 
FloatingBones's Avatar
 
Join Date: Jul 2006
Quote:
Originally Posted by Lara F View Post
But that's not the real point. Every time Flash comes up there are posts saying "who needs it?" and that it should disappear.

In the real world, try watching a stream of today's storm news from ABC New York without Flash if you don't have an iPad. (Just one example.)
http://abclocal.go.com/wabc/livenow?id=7241659

Adobe may have given up on mobile, but it's not close to dead on the desktop.
Lara: here's the disconnect: there's a clear and present danger from continuing to use web-based Flash. It has ceased to be a reliable way for people to use their laptop computers.

Your WABC website was able to find a way to stream to iOS devices years ago. WTF haven't they learned how to stream to laptops without Flash? The only reason I see is that they have complacency about going Flash-free.

Note: I'm not disagreeing that Flash is needed on some websites. I am wondering what it will take to light a fire under their ... feet. Got any ideas?

Quote:
Originally Posted by gotluck View Post
The main client uses java in the browser. No available iOS solution. iPhones and iPads are prevalent (no android afaik), but only used for mail and non-jack henry (processing/underwriting/operations) tasks - mostly convenience devices.

I see no escape from java... just curious
What about Jack Henry's iBizmanager: http://www.prnewswire.com/news-relea...158549095.html

Quote:
Originally Posted by tshrimp View Post
Yes. Still widely used.
Flash is not run in the browser on over 100 million iPads. It's not run in the browser on a total of 410 million iOS devices. It doesn't run on Windows RT or a whole bunch of new machines. Adobe has abandoned development of Flash on mobile platforms.

At the same time, we continue to get 0-day security risks for Flash. Flash and Java are the two primary sources of malware on Apple laptop and desktop computers. They are the Typhoid and the Mary for Mac users.

What is it going to take to get those complacent service providers to stop using Flash?

Last edited by FloatingBones; Feb 8, 2013 at 10:07 PM.
FloatingBones is offline   0 Reply With Quote
Old Feb 8, 2013, 09:58 PM   #119
tshrimp
macrumors 6502
 
Join Date: Mar 2012
Quote:
Originally Posted by Ricanlegend View Post
Does anybody use flash anymore ? I been blocking flash for 4 years
Yes. Still widely used.
tshrimp is offline   1 Reply With Quote
Old Feb 8, 2013, 10:36 PM   #120
nagromme
macrumors G4
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by MagnusVonMagnum View Post
WTF doesn't Apple just give a warning and make the user DECIDE whether to disable it or not rather than just go around shutting down computers willy nilly without the users' permission? This strikes me as an invasion of privacy and frankly as pointed out with Java, it can do more damage than an actual threat in some cases if there's no update to move to (as was the case with Java at one point).
You'll be relieved to know that what just happened is not at all what you think just happened.

Apple never shuts down your Mac remotely, and when they issue an urgent security update like this, it doesn't secretly collect any private information from you.

If a user doesn't know how to use a different browser, and doesn't know how to uncheck a box in Security preferences, then they aren't going to know how answer that question you think should be asked. They are not the expert able to judge the magnitude of the threat, and getting malware is almost NEVER going to be better than losing access to some app temporarily until you get tech support to install a workaround (or until an automatic patch comes along--in this case, instantly).

Leaving that kind of highly technical research and decision to a user who doesn't even understand the basic factors is asking for trouble on a scale Windows knows all about.... The choice you want from Apple IS there, but it's for knowledgeable users, not thrown in the face of people who won't know what to do with it.

The problem is not Apple, it's Flash and Java being insecure--people ought to write to THEM saying how vital Flash and Java are, and demanding better security. Security is a feature just as vital--and to a LOT more people--than browser-based Java or Flash.
nagromme is offline   0 Reply With Quote
Old Feb 9, 2013, 12:31 AM   #121
phoenixsan
macrumors 65816
 
phoenixsan's Avatar
 
Join Date: Oct 2012
Too many people....

criticizes the late Steve Jobs by not allowing flash in some Apple devices. Time appears to show that was a sound decission: Resource hog, malware, bogging down hardware, privacy concerns and so on.....That is a pity, because Flash is a very useful tech...

__________________
Mac Pro 2012 3.06 Westmere version, 12 Core 64 GB RAM, 4 TB , iPhone 5 (black), Moto G 8 GB (black)
phoenixsan is offline   1 Reply With Quote
Old Feb 9, 2013, 02:16 AM   #122
H2SO4
macrumors 6502a
 
Join Date: Nov 2008
Quote:
Originally Posted by Yvan256 View Post
Not only that but it's ridiculous that a website would still require Flash or Java to function properly. A proper website should still be readable and navigable with javascript disabled.
This is it!
I browse sans plug ins and I find it annoying to have to enable them because something I'd like to/need to see requires Flash or Java.
Mind you the website developer surley has a reason for it.
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   0 Reply With Quote
Old Feb 9, 2013, 03:04 AM   #123
Nall
macrumors regular
 
Join Date: Aug 2003
Quote:
Originally Posted by slu View Post
Any exploits in the wild for this, or is this just a security "hole" that is being closed? Basically, does anyone need to worried that they have been compromised?
I'm curious about this, too.
Nall is offline   0 Reply With Quote
Old Feb 9, 2013, 08:16 AM   #124
FloatingBones
macrumors 65816
 
FloatingBones's Avatar
 
Join Date: Jul 2006
Quote:
Originally Posted by slu View Post
Any exploits in the wild for this, or is this just a security "hole" that is being closed? Basically, does anyone need to worried that they have been compromised?
Quote:
Originally Posted by Nall View Post
I'm curious about this, too.
I believe every single one of the Java/Flash updates in 2012 and 2013 have happened when 0-day exploits were identified in the wild. If you wish to stay current on the malware exploits, you can watch the Security Now! podcast weekly. You can also peruse the archive of transcripts from this week's show back to August 19, 2005. Steve has all the shows professionally transcribed a day or two after recording; this is a tremendous service that he provides to the community.

Apple has had the mechanism to instantly disable malware for several versions of the OS (I see references back to at least Snow Leopard). Updates to that plist file allow "sleeper" malware that has been widely deployed to be instantly disabled. The thing that's changed recently is Apple's use of this mechanism to turn off Flash and Java when 0-day threats are identified. Exploits through Flash and Java are, AFAICT, the two greatest risks to Mac users today; I'm grateful for Apple's closing the loop here.

The complaints that Apple is "taking over" machines is nonsense. Anyone with admin privileges on a Mac can turn off this mechanism in their security settings. Apple has provided a great mechanism to secure their computers, they are actively using it, and they even provide a simple means for those not wanting to use it to turn it off. None of the complainers here show understanding of how that mechanism works.

Quote:
Originally Posted by phoenixsan View Post
criticizes the late Steve Jobs by not allowing flash in some Apple devices. Time appears to show that was a sound decission: Resource hog, malware, bogging down hardware, privacy concerns and so on.....
If Apple hadn't drawn that line in the sand with the iPhone back in 2007, imagine how much worse the malware problem would be today.

Quote:
That is a pity, because Flash is a very useful tech
The idea of Flash was wonderful, but Flash never ever executed on its promise. Those tactical and strategic failures of Flash were spelled out in Jobs's 2010 Thoughts on Flash memo. The note provides a rare historical insight into why Apple abandoned a particular technology. IMHO, I think Apple did a tremendous service to the Internet community as a whole by drawing this line in the sand.

I think we're getting pretty close to getting directives from the DHS for websites to drop Flash/Java. I do not like that kind of government intervention, but it is time to remove these sources of infection from mainstream websites. I am rather astonished that Google has failed to take the lead and make their services Flash-free.

Last edited by FloatingBones; Feb 9, 2013 at 09:31 AM.
FloatingBones is offline   1 Reply With Quote
Old Feb 9, 2013, 08:31 AM   #125
fahlman
macrumors member
 
Join Date: Sep 2003
Apple Remote Desktop

Quote:
Originally Posted by wood_e View Post
This Xprotect blocking is a PURE NIGHTMARE for enterprise users. I manage over 60 macs and updating each one by hand is such a PITA...
Have you tried Apple Remote Desktop?
__________________
NOTICE: While every effort has been made to ensure the accuracy of the information supplied herein, fahlman cannot be held responsible for any errors or omissions. Unless otherwise indicated, opinions expressed herein are those of fahlman and do not necessarily represent the views of MacRumors.com

Last edited by fahlman; Feb 9, 2013 at 08:51 AM.
fahlman is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Adobe Releases Another Emergency Update for Flash MacRumors Mac Blog Discussion 125 Feb 25, 2014 07:11 PM
Apple Enforces Adobe Flash Player Security Upgrade with Updated Malware Definitions MacRumors Mac Blog Discussion 51 Feb 15, 2014 11:04 AM
Adobe Releases 'Critical' Update for Flash After Security Vulnerability Discovered MacRumors Mac Blog Discussion 92 Feb 10, 2014 12:29 PM
Am I The Only One Who Can't Update Adobe Flash Player? 53kyle OS X Mavericks (10.9) 4 Jun 14, 2013 03:29 AM
Apple Updates Anti-Malware Software to Block Older Versions of Adobe Flash Player Plug-in MacRumors MacRumors.com News Discussion 40 Mar 9, 2013 04:46 PM

Forum Jump

All times are GMT -5. The time now is 06:50 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC