Apple Releases Flashback Removal Tool for Macs Running OS X Lion without Java

[roadbloc]

Way to go Apple! I'm so glad the apple team did this right away without being pressured by the media! I'm even more happy that their Java updates are so speedy and current! Thanks to Apple for taking it upon themselves to save the day as soon as possible! I'm sure that's the reason why it was released in the middle of the night in most of the western world!

I really hope this is sarcasm. I think Apple did a lousy job. A good job would have not have the flashback trojan as a threat in the first place. I hope Apple realizes it isn't as infallible as it was before now that it is popular. Security should be a number one task. Antivirus firms have had a removal tool for flashback for some time now.

 

[macsmurf]

I really hope this is sarcasm. I think Apple did a lousy job. A good job would have not have the flashback trojan as a threat in the first place. I hope Apple realizes it isn't as infallible as it was before now that it is popular. Security should be a number one task. Antivirus firms have had a removal tool for flashback for some time now.

Apple have never been infallible. They just don't take security very seriously and haven't had to in the past.

Apple left their customers exposed to a security flaw for 8 weeks after it had been fixed on the other platforms. As a result 600 000 macs were infected. The fact that people here would applaud Apple's incredibly late reaction (again) is a testament to the effectiveness of the Apple marketing machine, but out in the real world people are certainly being made aware of the fact that macs aren't impervious to malware/viruses and that Apple aren't committing the resources they should to security.

The good thing about this is that Apple DO care about their image which will probably get them to step up their game when it comes to security.

 

[user418]

Why do you say it 'weighs in at' 356 KB?

Why don't you just say it 'is' 365 KB

I don't see how writing 'it weighs in at' adds any information or style especially as you have used this phrase at least 100 times in the exact same way. That seems to reveal a certain lack of style. Or perhaps I am just being a curmudgeon.

For our bout tonight we have the champion weighing in at 245 pounds.

You can't hit what you can't see. Float like a butterfly, sting like a bee!!
Rumble young man rumble. Aaaaaaaargh!!!

Some of you guys really go for the knockout punch.

 

[Can't Stop]

Thanks Apple?

Hello? What are you thinking?

It's Apples responsibility to step up, too bad they had to get busted publicly, before taking action to resolve this.

Or maybe they don’t like to start ******** their pants for no good reason. Acting in cold blood always is the right thing.

 

[likemyorbs]

Why do you say it 'weighs in at' 356 KB?

Why don't you just say it 'is' 365 KB

I don't see how writing 'it weighs in at' adds any information or style especially as you have used this phrase at least 100 times in the exact same way. That seems to reveal a certain lack of style. Or perhaps I am just being a curmudgeon.

You're a virgin aren't you?

 

[diehldun]

Why do you say it 'weighs in at' 356 KB?

Why don't you just say it 'is' 365 KB

I don't see how writing 'it weighs in at' adds any information or style especially as you have used this phrase at least 100 times in the exact same way. That seems to reveal a certain lack of style. Or perhaps I am just being a curmudgeon.

Are you kidding me? There are bigger fish to fry in life.

 

[elppa]

• First in Leopard came sandboxing, file quarantine, Package/Code Signing and rudimentary ASLR.
• Then in Snow Leopard came XProtect and improved data execution prevention.
• Then in Lion came the improvements to sandboxing, XPC Services framework, FileVault 2 and much improved ASLR.
• Mountain Lion brings Gatekeeper and further security improvements.

It's not as black and white as people like to make out. Blanket cover all statements like following don't work: e.g. "Apple is bad at security" vs "Microsoft is good at security", "Macs are secure" vs "PCs aren't secure".

Often there are complex trade offs at play between security, performance and usability. There's shades of grey everywhere. Security experts won't always agree on best practice either.

So far I feel Apple has generally got in right in stepping up the defences to guard against the risk. Obviously they will learn and improve from their experiences with Flashback this year and MacDefender last year.

 

[chevy57]

I still have Java preference in application file on my OS X Lion MacBook Pro which having Java SE 6 (64-bit and 32-bit). Should be uninstalled it or keep it? I m afraid to lose it for Chrome and Firefox browsers.

 

[ixodes]

Nokia Cares About Customers

It's a shame that Apple places such a low priority on security & the impact on it's customers.

Waiting two months before addressing the Flashback Trojan makes Apple look awfully complacent, or downright guilty.

Apple needs to take a lesson from Nokia.

Just a day or two after discovering a connectivity issue, they pushed a fix out to all Lumia 900 Smartphones including mine.

Very impressive indeed.



Source: http://www.digitaltrends.com/mobile/nokia-quickly-releases-lumia-900-data-connectivity-fix/

 

[iScott428]

Ahh this reminds me of all of those times Microsoft pushed out service pack updates to remove the vaults of virus's on my old PC's...oh wait that never happened.

 

[faroZ06]

All it takes is 1 trip to Google Images, click on the wrong thumbnail and boom.

So I was just lucky? Or is the malware contained in some ad that is being blocked by my Adblock?

----------

It's a shame that Apple places such a low priority on security & the impact on it's customers.

Waiting two months before addressing the Flashback Trojan makes Apple look awfully complacent, or downright guilty.

Apple needs to take a lesson from Nokia.

Just a day or two after discovering a connectivity issue, they pushed a fix out to all Lumia 900 Smartphones including mine.

Very impressive indeed.



Source: http://www.digitaltrends.com/mobile/nokia-quickly-releases-lumia-900-data-connectivity-fix/

Are you sure Apple wasn't working on the software or waiting for Flashback to fully evolve or something? I don't see why any company would wait so long to release something that can be done so quickly. Either that, or I overestimate how much Apple cares about Mac OS (I already know that they don't care about it as much as iOS).

 

[iScott428]

It's a shame that Apple places such a low priority on security & the impact on it's customers.

Waiting two months before addressing the Flashback Trojan makes Apple look awfully complacent, or downright guilty.

Apple needs to take a lesson from Nokia.

Just a day or two after discovering a connectivity issue, they pushed a fix out to all Lumia 900 Smartphones including mine.

Very impressive indeed.



Source: http://www.digitaltrends.com/mobile/nokia-quickly-releases-lumia-900-data-connectivity-fix/

Nokia was fixing a flaw, apple is fixing an infection.

You are comparing fixing a birth defect to getting healthy after having a flu.

 

[Dillenger]

Are you kidding me? There are bigger fish to fry in life.

But how much do those fish weigh?

 

[faroZ06]

Perhaps, those who got infected are visiting too much porn sites

This may be true in a way. Maybe they also got it from piracy sites? I don't torrent anything except occasionally with extreme caution (if I lose the disc or something), and I really only go to a few sites that are most likely secure.

----------

Nokia was fixing a flaw, apple is fixing an infection.

You are comparing fixing a birth defect to getting healthy after having a flu.

I think we need another infection to predict why Apple waited for so long. For all we know, they might have had no people assigned to the task, so they had to hire some.

----------

No Flash. I run Little Snitch, and I'm willing to run AV software, but I'm going to test things out. It slows down my Mac, it's gone.

Most AV will, and I find AV worse than viruses sometimes. It installs itself all over the place. Just whatever you do, do NOT get Norton.

----------

Apple have never been infallible. They just don't take security very seriously and haven't had to in the past.

Apple left their customers exposed to a security flaw for 8 weeks after it had been fixed on the other platforms. As a result 600 000 macs were infected. The fact that people here would applaud Apple's incredibly late reaction (again) is a testament to the effectiveness of the Apple marketing machine, but out in the real world people are certainly being made aware of the fact that macs aren't impervious to malware/viruses and that Apple aren't committing the resources they should to security.

The good thing about this is that Apple DO care about their image which will probably get them to step up their game when it comes to security.

Just saying, Microsoft doesn't release anything to fix malware on their machines... at least, nothing that actually works. Every Windows user I know has to rely on antivirus software to remove it.

But still, Apple did a bad job. Just because MS did worse doesn't mean Apple can just do slightly better than them. It's frustrating how much Apple gets away with @#$% like my Mac coming with NVIDIA's faulty GPU (a problem that affected only some of the 2006 24" iMacs but was recall-worthy). If they recall, it'll be all over the news, but if they don't, people will just ignore it since it's only for a few users of an unpopular PC line (10% market share).

 

[charlituna]

That's 4 updates in 4 minutes, er, days.

4 updates in 4 days for something that wasn't Apple's fault and isn't their responsibility. And yet they have taken it upon themselves to fix it for their users. Something that hasn't been done by Adobe or Oracle and yet Apple gets crap from many folks because they didn't do it sooner. They didn't release corrected versions of Java right away (because its so easy and quick to do it), they didn't release these tools etc right away. Hell they didn't stop it from happening (via software that they didn't create and don't control)

 

[ixodes]

Whenever I need an excuse for something, I know I can count on some of the members of MacRumors.

The fan boys here can justify or explain away anything. It never ceases to amaze me. Lessons in denial are free. No wonder Apple has it's way.

Hypocrisy reigns supreme

 

[charlituna]

I really hope this is sarcasm. I think Apple did a lousy job. A good job would have not have the flashback trojan as a threat in the first place.

Agreed. Now go bitch at the folks at Adobe and Oracle because it was THEIR software that was the issue that allowed this threat to happen. Not Apple.

 

[roadbloc]

Agreed. Now go bitch at the folks at Adobe and Oracle because it was THEIR software that was the issue that allowed this threat to happen. Not Apple.

It has nothing to do with Adobe or Oracle. Just because the trojan mimick's Adobe's software, that does not make it Adobe's fault. Just like if a peice of malware mimicked iTunes, it wouldn't be Apple's fault.

Oracle don't compile Java for OS X. Apple do. That is why OS X Java support is always at least a version outdated. Oracle fixed this issue a long time ago, it was Apple who failed to keep OS X updated.

 

[macsmurf]

Agreed. Now go bitch at the folks at Adobe and Oracle because it was THEIR software that was the issue that allowed this threat to happen. Not Apple.

Apple maintain and is responsible for Java for OS X which is a port of Java from Oracle. Moreover, Apple have a responsibility towards their customers.

Oracle DID fix the vulnerability 8 weeks before Apple. Apple just had to port the patch.

Even if that was to big a job for Apple they could have disabled the Java plugin on their platform as long as Java was unpatched. That amounts to making a software update that unchecks an option in the Safari preferences.

Even if that was too much of an effort they could have recommend to their customers to disable Java until further notice.

 

[charlituna]

Apple have never been infallible. They just don't take security very seriously and haven't had to in the past.

A firewall that is fully operating by default, a safe downloads list, security updates, requiring an admin password for all software that wants system level access, etc. Yeah Apple doesn't care about security.

Apple left their customers exposed to a security flaw for 8 weeks after it had been fixed on the other platforms. As a result 600 000 macs were infected.

But was that infection caused by a flaw in OS X. No, it was a flaw in Java. Which Apple doesn't own or operate. You act like porting a software and setting up the installers etc for it to download via their Software Update system is this easy piece of cake that would take 5 minutes to set up. Which is likely very far from the truth.

Also you fail to consider that perhaps the reason for the infection was actually user idiocy. Many of the infected could have been leftovers from the Flash player run last year. If someone puts in their password to install software that just suddenly pops up that's on them for not stopping to think about how they didn't hit a 'download and install' button on a site they know and trust.

Plus what evil has this trojan and botnet actually done. It's called out to some server and identified the computers but otherwise what has actually happened. Seems to me that nothing has happened other than someone proving they could create a botnet with the help of some flawed third party software (where's the ire about Java creating the flaw in the first place), and a few stupid users that hit install without thinking. Hell for all we know it was created by this relatively unknown russian software company that first broke the numbers as a press stunt.

 

[Winter Charm]

Thanks Apple?

Hello? What are you thinking?

It's Apples responsibility to step up, too bad they had to get busted publicly, before taking action to resolve this.

Exactly. Especially when some of these vulnerabilities had been found in the non-apple distributed versions of Java....

 

[charlituna]

Oracle don't compile Java for OS X.

True, but they created Java which is what was flawed and allowed this whole malware to work.

So now Apple is supposed to not only port the software overnight they are supposed to verify that the software has no flaws that could cause a security issue etc before they do it.

Oracle DID fix the vulnerability 8 weeks before Apple. Apple just had to port the patch.

And you're so smart you could have had it done in under an hour. Under 5 minutes I bet. Call Tim Cook, he needs to hire you today.

Even if that was to big a job for Apple they could have disabled the Java plugin on their platform as long as Java was unpatched. That amounts to making a software update that unchecks an option in the Safari preferences.

And here comes the lawsuits etc over Apple having and using the ability to do such things on customer computers. If they can do that what other things can they do to violate customer's privacy.

And even if they did it via a software update or an alert you still have the folks that don't keep their stuff up to date or both to actually read such alerts for whatever reason. So how is Apple supposed to protect those folks, because they are responsible for them right?

 

[roadbloc]

But was that infection caused by a flaw in OS X. No, it was a flaw in Java. Which Apple doesn't own or operate. You act like porting a software and setting up the installers etc for it to download via their Software Update system is this easy piece of cake that would take 5 minutes to set up. Which is likely very far from the truth.

Sigh. Okay, this is going to take a little more explaining it seems.

Imagine I have make a recipe for a wonderful cake. I call this cake the Java-Cake. I make these Java-Cakes and sell them to cake stalls/shops.

Okay, now this is where you come in. You want to sell my cakes in your cake shop, a shop you call the Apple-Cake-Shop. But you wish to bake them yourself so they arrive on the shelf fresh and perfect. I agree to give you access the latest recipe as long as people are aware that it is a Java-Cake and not an Apple-Cake-Shop Cake.

For a few weeks everything is great. Then I notice that some people are having an allergic reaction to a certain ingredient in my Java-Cake. I improve the recipe and remove the offensive ingredient. By default, you get a copy of the new recipe, because it is part of the agreement that you have access to the latest recipe.

Unfortunately, you fail to take notice and continue to use my old Java-Cake recipe. Your consumers begin sending complaints of allergic reactions. Naturally, because it is a Java-Cake and made by me, the initial reaction is to blame me. Unfortunately, everyone else but you has the safe version of the Java-Cake, putting you at fault, because you (for whatever reason) failed to use the latest recipe.

When you agree to do something on behalf of your consumers, it is your responsibility. It is your fault as the owner of the Apple-Cake-Shop as you failed to update the recipe. You either need to pick up the game a bit or let me bake your Java-Cakes for you to ensure you have the latest recipe.

And that is exactly what Apple needs to do. Either accept its responsibility that it took on or let Oracle bake their Java-Cakes for them.

Get it now?

 

[bigchief]

Sigh. Okay, this is going to take a little more explaining it seems.

Imagine I have make a recipe for a wonderful cake. I call this cake the Java-Cake. I make these Java-Cakes and sell them to cake stalls/shops.

Okay, now this is where you come in. You want to sell my cakes in your cake shop, a shop you call the Apple-Cake-Shop. But you wish to bake them yourself so they arrive on the shelf fresh and perfect. I agree to give you access the latest recipe as long as people are aware that it is a Java-Cake and not an Apple-Cake-Shop Cake.

For a few weeks everything is great. Then I notice that some people are having an allergic reaction to a certain ingredient in my Java-Cake. I improve the recipe and remove the offensive ingredient. By default, you get a copy of the new recipe, because it is part of the agreement that you have access to the latest recipe.

Unfortunately, you fail to take notice and continue to use my old Java-Cake recipe. Your consumers begin sending complaints of allergic reactions. Naturally, because it is a Java-Cake and made by me, the initial reaction is to blame me. Unfortunately, everyone else but you has the safe version of the Java-Cake, putting you at fault, because you (for whatever reason) failed to use the latest recipe.

When you agree to do something on behalf of your consumers, it is your responsibility. It is your fault as the owner of the Apple-Cake-Shop as you failed to update the recipe. You either need to pick up the game a bit or let me bake your Java-Cakes for you to ensure you have the latest recipe.

And that is exactly what Apple needs to do. Either accept its responsibility that it took on or let Oracle bake their Java-Cakes for them.

Get it now?

You're wasting your time. These fans boys will take up for Apple come hell or high water.

 

[elppa]

Just a day or two after discovering a connectivity issue, they pushed a fix out to all Lumia 900 Smartphones including mine.

Very impressive indeed.

Yes, very speedy.

If one was cynical you might suggest they knew about the issue before launch and had even started developing a fix. But I'm not, so I won't.