Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Windows 'Snake' Malware Ported to Mac, Imitates Adobe Flash Player Installer
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not sure why you seem to be one of the few other people to notice the serious differences between the two at the moment. Flash will make its way out but it's a slow painful exit.
Right now flash is like a V6 engine, and HTML is like a poorly optimized V4. No one wants it, even though it has the potential to be more efficient and better overall. The only reason they became more and more common in cars is regulations and turbos. Likewise, eventually flash will die once HTML5 gets better optimized.
I assume what pisses people off the most is that HTML5 has 80% of what it needs to replace flash, but people outside the tech community just won't jump on board.
The only reason to use flash was porn. But the porn industry moved over to html5, so why are you still holding on to flash?
Buy an ipad
[doublepost=1494078633][/doublepost]
I see that installer all the time in KickAssTorrent.
That’s how OS X is by default. But if you change the Gatekeeper setting, you can install software from other places.
[doublepost=1494086841][/doublepost]
That’s how OS X is by default. But if you change the Gatekeeper setting, you can install software from other places.
Many online training courses also use Java.
I was thinking of the filenames that make no sense whatsoever to the average user. Like the uninterpretable error codes and messages used by most OS's, these hark back to the early days of computing when plain language couldn't be used because the strings for filenames and error messages were too short. It just seems to me that n a modern OS filenames (and error messages) should be interpretable be mere mortals as well as computer nerds. After all, it's not like Apple has risen in popularity because of the esoteric complexity of its products... Besides, it is not as though it is a bad idea, for filename extensions (e.g., .txt) are used, and that is an example of a naming convention.
Flash? Isn't that a DC superhero? Using "flash" as bait to install malware is just as enticing as a embedding it in a invitation to join MySpace.
So anyone can recommend a Flash alternative from like the Mac App store? I need it to use it on tntdrama.com to watch some nba playoffs. Any recommendations? Thanks
[doublepost=1494091969][/doublepost]
So is there any alternatives from the Mac App store? I use tntdrama.com for nba playoffs at times. Thanks
[doublepost=1494091969][/doublepost]
So is there any alternatives from the Mac App store? I use tntdrama.com for nba playoffs at times. Thanks
Um. I may be naïve in responding to this, but I have poor impulse control. Caveat Asperger's, it's a brain dump it'd take me hours to condense…
"Artificial Intelligence" is not an incantation. It is mathematically impossible for a program to do that kind of work perfectly. It may do well against a random challenge, but once the weakness is found (as in time it will be, to a motivated attacker), they are specifically aimed at the part that fails.
Also, not every user is perfectly careful, and not every user can live with the safeguards at full force. Developers often have to relax them: macOS comes with rigid guards against potentially-risky behavior that some benign software has to perform. Threre are several layers; developers may turn some off on their own machines; users may waive protection for a particular app or across the board. (Until recently Kerbal Space Program was a very tempting app that was not signed.)
The latter gets you into the realm of "social engineering:" The malware author plays on the user's impulses (I have to see that movie/play that game/get rich quick/spy on my partner/you-know-the-rest NOW). And the user opens the door. The exploit doesn't have to be foolproof, technically or personally. The attacker doesn't care about you, he cares about lots of somebodys. The defense does have to be foolproof.
A few stray points and corollaries:
The ship sailed on forbidding "untrusted" software across-the-board in the mid-1980s. It's not in Apple's interest to make it harder for developers to hand out software to a small circle of friends and clients — it's a minority platform, Apple isn't in Microsoft's position (or culture) of making demands. Apple was burned badly by its legal team's proposal in 1987(?) after-the-fact to license the right to create Mac software. The openings were baked-in from the start, and Apple would rather not absolutely break existing products.
So why not make the trusted developer program free? Apple loses money on the $99 registration fee, I guarantee it. The main purpose is to prove you have enough of a relationship with a bank to transfer a small but nontrivial amount of money. Once that happens Apple "knows where you live." (It's no more perfect than anything else, but it filters out most of the hax0r d00dz who aren't the masterminds behind dozens of banking cutouts.)
Just as AI would have false negatives it would have false positives. The only alternative is to catch some cases and counter them by human intervention. That's what Apple does by revoking trust for apps that are signed. It has macOS poll Apple for fresh malware rules every few days. It issues security updates every few months that outright ban earlier versions of Flash. (Okay, not just that, but Flash is usually a marquee feature of the update.)
If you want an "app store only" policy, it's available in the Security panel.
If by cryptic file names you mean things like "com.example.exampleapp.syncd.plist," they're unavoidable. Developers can't risk using the same names as others. Some names are imposed by the OS to group related files — they are coordinated to the extent possible, just not so it's obvious to amateurs. "syncd" is not cryptic to people who know enough to monkey with that kind of file; the professional jargon says that this is for a background task that does some kind of synchronization for Example App Pro. Or so it says. Many, many apps have to create multiple files which have to have unique names; the best way to do so is to use a UUID (large-ish partly-random but nonsensical number) for the name.
Blindly removing such files may work, or work well enough, or not work at all, or do harm, depending on whether they depend upon, or are depended upon by, system registries or other services that you do not want to kill or let eat into performance and behavior while good software thrashes to find them. Meanwhile the malware vestiges you left (did they graft themselves into your video driver?) re-create the files, possibly under different names in hopes of finding ones you won't suspect.
Besides, it does occur to hacker masterminds to use names like com.microsoft.office.common instead of ru.legion.of.evil.passwordstealer.
Exactly, the new web standards aren't ready. IDK if it's a hardware optimization issue or just crappy programmers at work, but webpages hog resources now. It's also so easy to make media in Flash. My friends and I used to mess around with it in middle school. Adobe recently transitioned to software for creating media for the new web standards. Dunno what the progress is on that, but otherwise, it seems way harder to make anything without Flash. Don't get me wrong, though; I hate that Flash is/was a standard. Proprietary standards tend to suck.
[doublepost=1494097052][/doublepost]
AFAIK Adobe's Flash Player is really the only one to use. Chrome bundles it in there, but it's still Adobe's.
[doublepost=1494097625][/doublepost]
Isn't the default to allow from anywhere but only from identified developers?
Last edited:
That's kinda my point, and I don't except that a modern operation system requires filenames like 'WXDAzzz0011WTFisthis.exp.???whoknows'. That's just laziness on the part of the OS and app developers, and as I stated above, the same applies to error messages. In most cases when people don't know whether a file name represents a legitimate file, they go online, and given that hackers and people who don't know what they're talking about are on mac help forums, that's not optimal, is it? Again, the same thing holds true for error messages. The whole point of a personal computer is to empower the user.
Suppose there was a system whereby only Microsoft, as a registered Apple developer, would be allowed by the OS to start any file name within the relevant application folder(s) with 'Microsoft...' or 'MS...', like a local trade mark?
exactly but if the person is going to install adobe they should download and install directly from adobe web site so they can at least avoid this from happening, another thing is to use adblockers because sometimes people don't know and they get pop outs telling them to install the infected version of flash player, but option # 1 definitely is what you wrote and mentioned, flash player is not need it in you tube if the person is using safari, the good thing is that sierra blocks flash player until the user decides if the want to allow the control to run or not, adobe flash is like windows a vulnerability itself, adobe flash been having this problem for the longest so this is nothing new. sorry adobe but flash player truly sucks, old outdated technology that do more harm than good, they should put a banner, avoid at all cost.
Last edited:
NO! JUST NO!
That would make the Mac little more than a glorified fracking iPad. Maybe YOU want that, but I would abandon the Mac entirely if they do that. Not all software is "Apple approved" including ALL software that's not "family friendly". This would DESTROY the Mac forever (but then Tim Cook is halfway there already so you may get your wish.
There is a little trick that I use:
If there are website that insists you use Flash, and are using Safari, BUT you know that they work on your iPhone or iPad fine, then do the following:
1. Enable the developer menu in Safari
2. In the developer menu, change the User Agent String to iPad
I have never once be presented with anything other than the FULL desktop version of the website (for whatever reason), but then content will run via HTML5.
The best website to test this on is the BBC News website, go try find a video that 'needs flash', and then try the trick. Works on all manner or websites actually!
I don't have Flash installed, and I do have Google Chrome there just in case; but I might use that once a month at very most.
If there are website that insists you use Flash, and are using Safari, BUT you know that they work on your iPhone or iPad fine, then do the following:
1. Enable the developer menu in Safari
2. In the developer menu, change the User Agent String to iPad
I have never once be presented with anything other than the FULL desktop version of the website (for whatever reason), but then content will run via HTML5.
The best website to test this on is the BBC News website, go try find a video that 'needs flash', and then try the trick. Works on all manner or websites actually!
I don't have Flash installed, and I do have Google Chrome there just in case; but I might use that once a month at very most.
i personally don't use google chrome, i don't like it but i respect the person decision if they use GC. me if i have to use another browser i use firefox but most of the time i use safari, i'm not sure but i think GC already includes FP when you install GC. i don't know if FP is add as an extra option when you download GC or if is already included in GC installer. windows 10 includes flash player by default already integrated into the system, poor windows users.
In your consumer world, that might be true. Try managing a VMWARE cluster without Flash on your system -- vCenter still relies on Flash, and the pure HTML5 version is crippled at best and lacks too many features to be useful.
We have a similar situation with Java applets in the data center world.
Both technologies are far from dead and obsolete.
in a way apple already did this in mac os sierra, up to El Capitan we had the option to allow apps from anywhere but in Sierra that option disappear, apple thinks that by hiding or removing that option that will make os "more secure" the only way to turn that option back on is by using a terminal command that enable that hidden option or feature
i won't be surprise if someone finds a way to do the same with w10 S
make the os accept apps other than just the ones from the WS
Clearly there seem to be a great need for people to talk about the pros and cons of Flash.
Great. Enjoy that discussion, but where do I go too find out what can be done to detect and eliminate this malware?
Suggesting not to install Flash when a Mac might be already infected is really not helpful.
Not a bit. Nope. Zilch. Nada.
Great. Enjoy that discussion, but where do I go too find out what can be done to detect and eliminate this malware?
Suggesting not to install Flash when a Mac might be already infected is really not helpful.
Not a bit. Nope. Zilch. Nada.