Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Developing Software to Remove Flashback Malware

I love how defensive people are getting in this thread.

No, Macs don't have to worry about PC viruses. In the much the same way I'll never have to worry about dying because I blew a cylinder while jogging down the street.

It's not really a bragging point, you know.
 
It’s just as I envisioned the first real OS X malware: since it’s the only one, all eyes are on it, with a fix posted rapidly by third parties, and Apple responding soon after.

Hopefully we’ll never have more than one at a time...
 
nagromme said:
It’s just as I envisioned the first real OS X malware: since it’s the only one, all eyes are on it, with a fix posted rapidly by third parties, and Apple responding soon after.

Hopefully we’ll never have more than one at a time...
Click to expand...

It has started! :eek:

But seriously, smart users will just disable Java on their browsers from now on.
 
It will be interesting to see how long it will take them. It's seems this action on Apples part is damage control regarding their image.

Had they been genuinely concerned & performed their due diligence in a timely manor, they'd have this under control already. In turn that would have polished their image.

Sadly the residual arrogance left over from the Steve Jobs days, has caught them asleep at the wheel.

Time will tell.
 
This is why it takes so long

Oracle does not release a version of Java for the mac, so by the time Apple makes the latest version available for the mac there's another version already sitting in the can ready for them to start over.

"Sun (now Oracle) supplies Java for all other platforms. They have their own release schedules, which are almost always different than ours, so the Java we ship is always a version behind. This may not be the best way to do it."

Steve Jobs
Click to expand...

http://www.flickr.com/photos/frasers/5104179782/
 
Question:
So this trojan doesn't install if it detects antivirus, right?

If I had the trojan on my mac, AND THEN installed some of the OTC mac antiviri that exists by the mr. fancy pants companies, would it detect and remove the software?

EDIT: And I'm talking about the Norton for Mac "high end" kind, not the tools especially designed for this trojan.
 
I just love how sheep continue to spin this by saying, "It's not a virus, it's a trojan.", "It's not a virus, it's malware.", etc....
BOTTOM LINE: To the everyday user who bought a Mac because "it doesn't get viruses", IT'S AN INFECTION. End of story. Virus, Malware, Trojan, or whatever, the everyday user doesn't care about the technical definitions. To them it just means problems they don't want. So stop trying to get technical about it. That's Apple's job when trying to come out with a patch.
With Apple's popularity, did you really think it wasn't going to get the attention of the mischievous ones. It's only gonna get worse from here. So strap yourselves in and get ready, it's gonna be a bumpy ride.
 
ddarko said:
You realize Apple makes and distributes Java for the Mac under license from Oracle? If you try to download Java for Mac from Oracle's site directly, you'll find this message:



The ONLY way to get Java on the Mac is from Apple. Apple may not preinstall Java on Macs anymore but when you want it, you get it from Apple. That's why updates for Java are also pushed out through the built-in OS software update. It's the way it's worked for years.

Oracle publicly released the fix for this security hole on Windows in February. Apple is the ONLY one who could have released the fix for Mac Java because it writes and distributes Mac Java. It waited until after Flashback installed itself on 600,000 Macs to release the fix. Who's at fault here?
Click to expand...

Too the words right out of my mouth.

As much of a machead as I am... even *I* can't gloss over the fact Apple dropped the ball on this. It's their Java that got corn-holed and only they could fix it. Yet most everyone here still defends this incompetence. :eek: (And somehow Microsoft even gets dragged into it :))

And so much for nothing being able to infect OSX without user permission. Apples Java version allows this to happen by default.
 
Krazy Bill said:
Too the words right out of my mouth.

As much of a machead as I am... even *I* can't gloss over the fact Apple dropped the ball on this. It's their Java that got corn-holed and only they could fix it. Yet most everyone here still defends this incompetence. :eek: (And somehow Microsoft even gets dragged into it :))

And so much for nothing being able to infect OSX without user permission. Apples Java version allows this to happen by default.
Click to expand...

Its still an issue with Java....even if there is a Mac version of Java updated/created by Apple, Java is still where this underlying Trojan lies affects the computer through and Apple is updating/fixing this as sees fit.
 
You know

As an aside, I often wonder who makes these viruses and trojans? I mean, is there a guy or group of guys just sitting around making these programs for fun or thievery? What do they do for a living, if their time is spent hacking systems and developing all these viruses, etc? Selling credit card numbers? A guy I met who once worked for McAfee in marketing joked that it's the companies that propagate these programs/viruses/what have you to increase a need for their product(s)... then he winked and kind of got us wondering. Then again, we all should probably wear tin foil hats LOL :eek:
 
andiwm2003 said:
Is there any realistic chance that the guys who created this malware get caught?

I hope this lowlifes eventually get what they deserve.
Click to expand...

This lowlife f***face needs to be caught, agree with you 100%. Chances are, he will NEVER be caught :mad::mad:and spends the rest of his doing this crap. I hope Apple gets him.
 
jeffzoom91 said:
You do not know what irony means.

It would be ironic if it said "Macs don't get viruses" and each Mac was contaminated with ebola.
Click to expand...

I thought irony was "like rain on your wedding day, or a free ride when you've already paid" lol :p

... isn't ironic, don't ya think ;)
 
7o7munoz7o7 said:
Its still an issue with Java....even if there is a Mac version of Java updated/created by Apple, Java is still where this underlying Trojan lies affects the computer through and Apple is updating/fixing this as sees fit.
Click to expand...

Yes. OSX is as safe as it's ever been. It's Javas fault some creepy internet guy got all your bank account information. You can still feel completely secure using your Mac, which doesn't get viruses.


bedifferent said:
I thought irony was "like rain on your wedding day, or a free ride when you've already paid" lol :p

... isn't ironic, don't ya think ;)
Click to expand...

...or the good advice you just didn't take. Who would've thought it figured, huh?
 
Very disappointed in Apple. The blame for how this was mishandled belongs to them alone.
 
Expect it about 2 months late, like the java updates. By then it will evolve again and continue to be a problem.

People defending Apple here to the death, hilarious.
 
bigchief said:
http://www.tech-faq.com/trojan-virus.html
Click to expand...

What this article is describing is a trojan, not a virus. It's easy to use malware terminology interchangeably but it's just wrong. 's like calling a dog a "catdog"

Trojan = Backdoor maker, often dumps keyloggers and system monitors on. Scrapes CC#s, passwords, etc. These days often come up under the guise of a rogue security product or system optimizer. Can definitely cause system issues but in and of itself is not likely to cause immediate data loss. These are used more for making botnets and stealing info for cash.

Virus = Infects system files (but isn't limited to only those), replicates, and/or injects malicious code into legitimate files. Often can be polymorphic to avoid detection with traditional signature-based methodologies. Worms are in the same family tree as a virus, except they don't need to act as a parasite to another file, they are standalone. This means they are plenty likely to be able to do things like install more trojans and invite rootkits/viruses etc.

Yes, to an unsavvy user, one might feel like it doesn't matter, but truthfully, OSX is a paradise compared to PC land and the sheer magnitude of exploitable environment there is to offer there. Even if Apple got 50% of the comp users in the world using it, OSX would be less likely to be infected on the whole, and still would likely be virus-free. It's a very locked-down environment. Ultimately though it's up to the user. Even with great AV solutions and behavioral detection there will be grey-area stuff that doesn't fall into a good file or bad file area right away. Common sense still holds a premium in internet security.
 
ctrlshft said:
Yes, to an unsavvy user, one might feel like it doesn't matter, but truthfully, OSX is a paradise compared to PC land and the sheer magnitude of exploitable environment there is to offer there.
Click to expand...

Is it really so? Have not wee seen the stats that show that more Macs are now infected with malware than PCs (with Windows 7) - percentage wise? Times have changed. Mac users are desperately trying to figure out how to remove their malware (and Apple is not of much help) and PC users are watching this saga with amusement.
 
maccompatible said:
They don't. This is a Trojan that's downloaded through a java exploit. Viruses are programs that run and do odd things without your permission. Trojans are different. Every computer is susceptible to Trojans, except for walled garden computers like the iPad and a few Linux distros.
Click to expand...

They haven't. There's a fine but necessary distinction between the use of verbs here. You may say I'm nitpicking, but don't implies an absolute, connoting that macs will never--past, present, and future--get viruses. Macs do have the ability to get a virus.

However, there haven't been any true viruses out in the wild to date for OS X. So no macs have been infected with a wild virus to date. Doesn't mean that it's not possible in the future.


bedifferent said:
As an aside, I often wonder who makes these viruses and trojans? I mean, is there a guy or group of guys just sitting around making these programs for fun or thievery? What do they do for a living, if their time is spent hacking systems and developing all these viruses, etc? Selling credit card numbers? A guy I met who once worked for McAfee in marketing joked that it's the companies that propagate these programs/viruses/what have you to increase a need for their product(s)... then he winked and kind of got us wondering. Then again, we all should probably wear tin foil hats LOL :eek:
Click to expand...

Good question. Honestly, I'm surprised that there hasn't been a windows fanboy, in the 10 years that OS X has been released, that got tired of all the Apple fans cheering "Macs don't get viruses! Take that windows users!" and decided to write a wild virus for macs just out of spite. Maybe I'm underestimating the difficulty of such a task...
 
feeze said:
What exactly would Redmond have done? My guess is that they would of patched the bug back in February when Oracle released the patch as opposed to Apple's current practice of reactively releasing patches after an outbreak or after a security researcher gets fed up and publicly announces a vulnerability. It's worrying over the years how many instances there has been of researchers submitting a vulnerability to Apple, only to have Apple do nothing, and then when the researcher publicly releases the vulnerability Apple magically has a patch for it within a few days.

We can accuse Microsoft of many things, but not taking security seriously is not one of them. Yes, there was a time were they were hopeless but they got burned too many times and changed their attitude. They're not infallible and neither is their product but their attitude towards security and the security community puts Apple to shame.

Apple dropped the ball on this one. Things like this happen, Apple is not perfect and no one expects them to be. But instead of blindly defending them we, the Mac community and their customers, should be saying to Apple, "This is not acceptable, things have got to change. Waiting till after a serious outbreak to patch a vulnerability that was vendor patched months ago is not acceptable."

Blindly defending Apple and getting into pedantic arguments over definitions, validity of numbers, etc achieves nothing. Demanding better from Apple benefits everybody.
Click to expand...

Big ****ing dot.

All of this could've been avoided. Apple, like the usual didn't give a **** and just let it slide. It's disgraceful how Apple disrespects security professionals.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back