Apple Releases Flashback Removal Tool for Macs Running OS X Lion without Java

[Sackvillenb]

infected!

Well, to my surprise, my computer had flashback on it... but I'm happy to say the tool removed it, and notified me about it as well, so that's good.

 

[east85]

I really hope this is sarcasm. I think Apple did a lousy job. A good job would have not have the flashback trojan as a threat in the first place. I hope Apple realizes it isn't as infallible as it was before now that it is popular. Security should be a number one task. Antivirus firms have had a removal tool for flashback for some time now.

Just to be clear, it's sarcasm.

I tried my best to lay it on thick, but that text barrier gets the best of my posts.

 

[57004]

Strange, the update is 66MB for me, not 300kB.

Edit: Ah, now I see. It's because I have Java, I got the Java update instead.

 

[Les Kern]

Why do you say it 'weighs in at' 356 KB?

Why don't you just say it 'is' 365 KB

I don't see how writing 'it weighs in at' adds any information or style especially as you have used this phrase at least 100 times in the exact same way. That seems to reveal a certain lack of style. Or perhaps I am just being a curmudgeon.

Anal much? Hey, I mean that in the nicest way, seriously. Reminds me of a dear friend who constantly corrects people's grammar. He's still a friend. SO know I will not point out your glaring grammatical errors.

----------

You're wasting your time. These fans boys will take up for Apple come hell or high water.

Huh? "Fans Boys"? OHHH you mean "fanboys" or the more and more popular term "fanbois". I actually don't see that too much here. Seems to be pretty evenly split on who did what and who might be responsible. SO maybe it's unfair to broad-brush? I mean, they are just having a conversation, and perhaps labeling one side "Fans Boys" isn't really fair. Is it?

 

[locust76]

Why do you say it 'weighs in at' 356 KB?

Why don't you just say it 'is' 365 KB

I don't see how writing 'it weighs in at' adds any information or style especially as you have used this phrase at least 100 times in the exact same way. That seems to reveal a certain lack of style. Or perhaps I am just being a curmudgeon.

Because files are long or big, so if you were to say "it is 365 KB," you would also have to say "long" or "big." You can't just say "it is 365 KB," because it's a file, not Kilobytes.

But saying "it is 365 KB long/big/in size" is a bit kludgey, and, while definitely overused, "it weighs in at" rolls off the proverbial tongue easier, IMO.

 

[macsmurf]

True, but they created Java which is what was flawed and allowed this whole malware to work.

So now Apple is supposed to not only port the software overnight they are supposed to verify that the software has no flaws that could cause a security issue etc before they do it.

Hyperbolic much?

No one is expecting Apple to verify that a piece of software has no bugs. All software has bugs. Since everybody in the industry knows that and knows that bugs sometimes cause security issues, one could reasonably expect Apple to react in a timely manner when such a flaw is found.

And here comes the lawsuits etc over Apple having and using the ability to do such things on customer computers. If they can do that what other things can they do to violate customer's privacy.

And yet that's exactly what the update from yesterday did. It inactivates the plugin if you have Java enabled, warns you if you try to reactivate it, and inactivates it again after a period of time if you don't use it.

So I guess the lawsuits will be rolling in now?

 

[GGJstudios]

Oh, and opening "safe" files after downloading isn't dangerous. What's it going to do, infect your computer by opening a ZIP or DMG? Just don't agree to any installations that randomly appear when you're browsing some shady site, loading plugins on the site.

This is how many were caught by the MacDefender malware. Granted, they should have closed the installer when it launched, but unchecking that option in Safari prevents even the installer from launching. It never should have been checked in the first place.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Uncheck "Enable Java" in Safari > Preferences > Security. This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges. You can run scans when you choose, rather than leaving it running all the time, slowing your system. ClamXav has a Sentry feature which, if enabled, will use significant system resources to constantly scan. Disable the Sentry feature. You don't need it. Also, when you first install ClamXav, as with many antivirus apps, it may perform an initial full system scan, which will consume resources. Once the initial scan is complete, periodic on-demand scans will have much lower demands on resources.

 

[Zaphodsplanet]

Whenever I need an excuse for something, I know I can count on some of the members of MacRumors.

The fan boys here can justify or explain away anything. It never ceases to amaze me. Lessons in denial are free. No wonder Apple has it's way.

Hypocrisy reigns supreme

I often wonder why PC trolls feel the need to post in Mac forums. Kind of like Atheists posting in Christian forums. In both cases, Christians have done little to offend or bother Atheists and Mac users do little to offend PC users. The common characteristic seems to be that both ******s feel the need to try and bully or intimidate. Kind of obvious where you stand here.

When I have been forced to use a PC.... viruses, malware or spyware are never ending issues.... I've been using Mac's since OS 8.... And for the first time in what?... something like 17 years I have to dick with this and my main machine doesn't even look to be infected. Bash Apple all you want.... they're still all aces in my book as they have built their OS's to make this crap less of an issue for we users to have to deal with.

Go run a virus check on your PC.... or spend more time looking at all the annoying pop up windows for God knows what.... I'm going to go back to doing some more work learning Drupal theming on my Mac.

 

[DeepIn2U]

Thanks Apple?

Hello? What are you thinking?

It's Apples responsibility to step up, too bad they had to get busted publicly, before taking action to resolve this.

how so? is Java not Sun's (ahem Oracle's) responsibility?! They take the code and mate it to OSX with Apple. Apple doesn't create the code for Java themselves, do they?

 

[GGJstudios]

how so? is Java not Sun's (ahem Oracle's) responsibility?! They take the code and mate it to OSX with Apple. Apple doesn't create the code for Java themselves, do they?

As has been stated dozens of times in these threads, Java was updated to secure these vulnerabilities months ago. Apple was slow in issuing those updates to the Java version that it provides to Mac users.

 

[Winni]

Sorry, but that is complete nonsense.

Microsoft give away a complete anti-virus software suite named "Microsoft Security Essentials" FOR FREE (for up to ten computers in your household) - and the Security Essentials suite has been tested to be on eye level with competing commercial products like ESET NOD32. They just cannot bundle it with Windows because that would effectively kill the market for anti-virus software and they would face another anti-trust lawsuit.

Also, there is Windows Defender already built into the operating system - and it -does- find malware and remove it when you actually take the time to use it and study its log files.

Also, like it or not, since Vista the Windows family of operating systems has become MORE secure and harder to hack than OS X. Microsoft invested A LOT to make Windows more secure while Apple still does not take security important enough.

Apple's biggest weakness is that they seem to believe in their own marketing.

----------

When I have been forced to use a PC.... viruses, malware or spyware are never ending issues.... I've been using Mac's since OS 8.... And for the first time in what?... something like 17 years I have to dick with this and my main machine doesn't even look to be infected. Bash Apple all you want.... they're still all aces in my book as they have built their OS's to make this crap less of an issue for we users to have to deal with.

I must be doing something wrong then, because I have been using Windows professionally for more than 20 years and in all that time I can only remember ONE serious malware issue - and that was the W32.Blaster worm back in 2003 that attacked unpatched Windows Servers and shut them down.

Apple did do nothing to make "this crap less of an issue". Most of the stuff that gives a certain level of security to their platforms is the Open Source UNIX that they based their software on. However, they castrated that platform A LOT to make it "more user friendly" - they actually had to, because UNIX is not the sort of software that non-technical users could actually use.

 

[sha4000]

I often wonder why PC trolls feel the need to post in Mac forums. Kind of like Atheists posting in Christian forums. In both cases, Christians have done little to offend or bother Atheists and Mac users do little to offend PC users. The common characteristic seems to be that both ******s feel the need to try and bully or intimidate. Kind of obvious where you stand here.

When I have been forced to use a PC.... viruses, malware or spyware are never ending issues.... I've been using Mac's since OS 8.... And for the first time in what?... something like 17 years I have to dick with this and my main machine doesn't even look to be infected. Bash Apple all you want.... they're still all aces in my book as they have built their OS's to make this crap less of an issue for we users to have to deal with.

Go run a virus check on your PC.... or spend more time looking at all the annoying pop up windows for God knows what.... I'm going to go back to doing some more work learning Drupal theming on my Mac.

I haven't seen a virus on my windows machine in over ten years so please stop feeding the hype. I also have several macs in the household and have never been infected to this date. Since MSE was released I don't even worry about any kind of malware, whatever it does catch it removes it instantly. I just like the Mac experience more than Windows but Windows does have its place in the market. Apple was late in addressing this problem so lets not deny that and just move on. Hopefully they have learned something and will push out patches quicker in the future. Some mac users are quick to bash Windows as much as some Windows users are quick to bash apple so lets not act like it's an exclusive club. I mean both sides act like they're blood relatives to each company and it's sickening at times.

 

[Rocketman]

I didn't intend to start a firestorm. I think it is cool Apple has 4 updates in 4 days. It shows respect for their users. However the fact this is so rare also shows how much attention they place on security quietly and beforehand. I seem to recall they released a recent version of OSX to a set of hackers and dared them to break it. The results were immediately added to that version and one hack was so successful it actually took a couple of months for them to address it, but they did.

Rocketman

 

[Renzatic]

Microsoft give away a complete anti-virus software suite named "Microsoft Security Essentials" FOR FREE (for up to ten computers in your household) - and the Security Essentials suite has been tested to be on eye level with competing commercial products like ESET NOD32. They just cannot bundle it with Windows because that would effectively kill the market for anti-virus software and they would face another anti-trust lawsuit.

I don't know if it's a permanent thing, but on Windows 8, Security Essentials is bundled as a part of Defender. It's the same interface and everything, you just no longer get the notification area icon, or call it Security Essentials.

 

[coolfactor]

All of these people holding Apple accountable for this trojan successfully infesting hundreds of thousands of Macs need to realize that the open door was a Java flaw in the first place. Yes, Apple was relatively slow to send out a fix, but what real damage was done by the presence of this trojan? Was it sending out spam anonymously like thousands of Windows PCs are right now? Was it issuing a DDoS attack on a website? I may have missed it, but my understanding is that this trojan was dormant. Feel free to point me to news about its real-world impact.

Apple took action on a timely basis. Maybe not overnight, but timely enough to avoid a disaster like Windows is.

 

[coolfactor]

Sorry, but that is complete nonsense.

Apple's biggest weakness is that they seem to believe in their own marketing.

Most of the stuff that gives a certain level of security to their platforms is the Open Source UNIX that they based their software on. However, they castrated that platform A LOT to make it "more user friendly" - they actually had to, because UNIX is not the sort of software that non-technical users could actually use.

Total amateur response. Mac OS X is a certified version of UNIX.

http://arstechnica.com/apple/news/2007/08/mac-os-x-leopard-receives-unix-03-certification.ars

You're right that Microsoft makes a valiant effort to issue security fixes for Windows, but that's only because there are so many to fix! I've spent the last 10 hours getting a Windows 7 laptop to be functional again. Windows is crap.

 

[kiljoy616]

Thanks Apple?

Hello? What are you thinking?

It's Apples responsibility to step up, too bad they had to get busted publicly, before taking action to resolve this.

And exactly how did Apple drop the ball. How many people have gotten this trojan 4 macs nothing, friend who own macs nothing. Most people except a few who I doubt since they are always posting negative comments are about it.

Apple has done what MS is unable to do, they put together as soon as possible a solution that people who have auto download has become a non issue, not including its a Java issue made by another company. Lets not forget Flash issue made by Adobe.

Only issue is who owns these macs and where are they, now that I would love to know.

 

[Renzatic]

You're right that Microsoft makes a valiant effort to issue security fixes for Windows, but that's only because there are so many to fix! I've spent the last 10 hours getting a Windows 7 laptop to be functional again. Windows is crap.

10 hours? Geez, man. I can wipe and reinstall the entire OS, plus get all my files and folders back in place in less than 2. I don't know if it's Windows that's crap so much as your technical skills.

 

[gotluck]

10 hours? Geez, man. I can wipe and reinstall the entire OS, plus get all my files and folders back in place in less than 2. I don't know if it's Windows that's crap so much as your technical skills.

agreed

 

[iScott428]

Remember when all those Firestone tires started blowing out on Ford Explorers a few years back...not like Ford knew Firestone was giving them a bad product. Ford took a bad rap for how "unsafe" their vehicles were, yet the problem was all caused by Firestone and there was really no way for Ford to predict the events that transpired. Just because Firestone might have fixed the product going forward, does not mean Ford can just ok *snap* and magically every car is fixed because there is a fixed product available. So the whole Java-Cake example has its flaws.

 

[kiljoy616]

[*]Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall


[*]Uncheck "Open "safe" files after downloading" in Safari > Preferences > General Common sense, same for Windows world.

[*]Uncheck "Enable Java" in Safari > Preferences > Security. This will protect you from malware that exploits Java in your browser
(Dude that just to much work for me)



[*]Change your DNS servers to OpenDNS servers by reading this.
(best advice for everyone, put the ip in your router and every computer will be directed to it)


[*]Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
Now you have gone to far, pay for apps how dare you even suggest it

[*]Never let someone else have access to install anything on your Mac.
reminds me of airport security "sir has anyone handle your bag and was out of sight?" reply, sure I love to give my bags to strangers

[*]Don't open files that you receive from unknown or untrusted sources.
That is all the email I ever get!

[*]For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
So God or password will not work?

[*]Always keep your Mac and application software updated.
Wait you want me to trust big brother Apple, never, never, never!
[/LIST]
That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware.
that and a few more brain cells.

Your just asking to much of people.

----------

10 hours? Geez, man. I can wipe and reinstall the entire OS, plus get all my files and folders back in place in less than 2. I don't know if it's Windows that's crap so much as your technical skills.

10 hour? Not going to hold a job in IT if that how long anyone takes to fix a software problem.

----------

Remember when all those Firestone tires started blowing out on Ford Explorers a few years back...not like Ford knew Firestone was giving them a bad product. Ford took a bad rap for how "unsafe" their vehicles were, yet the problem was all caused by Firestone and there was really no way for Ford to predict the events that transpired. Just because Firestone might have fixed the product going forward, does not mean Ford can just ok *snap* and magically every car is fixed because there is a fixed product available. So the whole Java-Cake example has its flaws.

How dare you sir say that magic does not exist. Of course snapping fingers and praying works in our physical world.

Magic is real magic is real, and so are witches. After all how do those people on tv fly, well no answer I tough as much.

 

[Renzatic]

Remember when all those Firestone tires started blowing out on Ford Explorers a few years back...not like Ford knew Firestone was giving them a bad product. Ford took a bad rap for how "unsafe" their vehicles were, yet the problem was all caused by Firestone and there was really no way for Ford to predict the events that transpired. Just because Firestone might have fixed the product going forward, does not mean Ford can just ok *snap* and magically every car is fixed because there is a fixed product available. So the whole Java-Cake example has its flaws.

Replacing tires on a whole line in vehicles already on the road is a helluva lot more difficult than patching a piece of software that's easily updated through Apple's own auto-update service.

And it isn't so much the fact that OSX got hit by a fairly standard software vulnerability. It happens. It was fixed. End of story. Rather, it is all the lame justifications people have come up with so they can continue saying "OSX is completely secure", like they're very livelihood depends on perpetuating the notion that anything made by Apple is perfect in every conceivable way.

It's not Apple's fault, it's Oracles, right? The exploit came through Java. Oracle should've fixed it, despite the fact that Apple distributes their own build of the software on their machines. Apple is completely guiltless here.

OLOL Windows got a virus because someone downloaded fake Flash? Windows sucks OLOL I never have to worry about this stuff on my Mac!

Circular logic and lame reasoning all up ins.

 

[GGJstudios]

Your just asking to much of people.

Yep, I'm totally unreasonable to even suggest a modicum of computer literacy!

 

[batchtaster]

The fan boys here can justify or explain away anything. It never ceases to amaze me. Lessons in denial are free. No wonder Apple has it's way.

Hypocrisy reigns supreme

The hipsters here can justify or explain away any defense of Apple whatsoever, completely independent of its level of reasonableness or non-reasonableness, as fanboyism. Lessons in loving to hate something and hating to love something, while looking down on others and being above it all, are free. No wonder the hipster element grows as Apple grows.

Irony reigns supreme.



Basically, nobody knows the full story of what has happened, least of all Apple's internal operations. So condemnation of Apple and dismissal of the possibilities, in the absence of all the facts, is not any more reasonable than laying it on everyone else (Oracle, etc).

As always, the truth will lie somewhere in the middle.

 

[MatLu]

Just saying, Microsoft doesn't release anything to fix malware on their machines... at least, nothing that actually works. Every Windows user I know has to rely on antivirus software to remove it.

Microsoft has their own free antivirus software for all Windows users: Microsoft Security Essentials.

-Edit- Which other people have already mentioned here, so never mind.