can we talk about the elephant in the room? (Mac virus/trojan/malware thread)

[Raul3]

I know, I know, let's try to keep it at decent level.

One link: http://www.macrumors.com/2012/04/10/...security-team/

600K+ infected computers.

From some other links, Apple working on a tool to remove it, another company already released a tool to remove it, etc.

So basically Apple needs to believe that they are not secure anymore, they need to create a Security department and take it seriously.

[SomethingMore]

Those 600k users were just ex-Windows users who don't know how to use Macs properly, right?


On a serious note, I think Apple's big focus in the next year or two is going to be on security. That's one area they've never truly addressed since they never really needed to.

[RoboDad]

I think it is also worth noting a few things:

a) This is not a virus, but a trojan. That may be a subtle distinction to some, but it is still a distinction. And this does not imply that a Mac cannot be infected with a virus, but only that this specific case was not one.

b) In order for the trojan to gain a foothold, a system must either be vulnerable by not being up-to-date (Java), or vulnerable by way of the user not taking the time to actually read the "self-signed" certificate prompt, which actually says that it is not trusted.

c) The trojan aborts its own installation in the event that security software is present and running on a system. Apparently the "developers" of the trojan did this to stay under the radar for as long as possible.

So, while this is a very real problem, it is also a ridiculously easy problem to avoid.

[Todd B.]

Quote:

Originally Posted by RoboDad

b) In order for the trojan to gain a foothold, a system must either be vulnerable by not being up-to-date (Java)

The problem is that Apple sat on the security patch for a known vulnerability for months, and didn't release it only until a couple weeks ago, and only after several hundred thousand computers had already been infected when someone began actively exploiting the vulnerability.

Another problem is that Apple refuses to make an exception to their security policy and release an update for the vulnerability for Mac OS X 10.5. This means that all PowerPC Macs will be vulnerable to this exploit permanently, regardless of the vector (today it's a webpage, tomorrow it could be something else). Even Microsoft made exceptions to its policies for NT4 and Win2K for especially virulent worms.

Apple needs to have a security epiphany like Microsoft had a few years ago.

[Matthew Chmiel]

I'm sorry, but I agree with Apple's "unwilling-ness" to make a patch for those running 10.5. Customers using Leopard need to upgrade their hardware and/or software. Plain and simple.

If you're running a PowerPC-based Mac, which haven't been manufactured since 2005, you need to stop being cheap and upgrade your hardware (especially as Apple and Apple Authorized Service Providers deem those computers as vintage). Most software currently being made for the Mac is Intel-only and it's a matter of time before Apple themselves stops supporting Leopard at all. In fact, I wouldn't be surprised if Apple cuts off all support when Mountain Lion is released later this summer.

For those still running Leopard on Intel-based machines, you had two years to upgrade to Snow Leopard before the launch of Lion (which is still available, but only from Apple's online store). You know how much it cost? $29 and it was an upgrade that actually improved performance. As RoboDad mentioned, the operating system informs the user when installing non-trusted software (at least Lion does). For those users who installed the Trojan using the fake Flash installer, a few seconds of reading would've prevented them from installing it at all.

Waxy wrote the following on the Flashback trojan:

Quote:

Originally Posted by Waxy.com

On execution, the malware checks if the following path exists in the system:

/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.

I've been using a Mac for nearly a decade and I have ClamXav installed on my iMac. I'm not worried about security in general as Apple has been great in the past in releasing patches, but ClamXav is an amazing piece of software. Not only is it free, but unlike most security software, it uses very minimal system resources. It's light years ahead of Avast's port for the Mac that's another free option for consumers.

It also helped matters as I also use Xcode.

As long as customers keep their Mac up-to-date and take an extra step to research security options, there's still nothing to worry about. Apple released two patches to Java last week and there are third party options on removing the trojan for those who are infected with it.

[RichC2]

Quote:

Originally Posted by Matthew Chmiel

I'm sorry, but I agree with Apple's "unwilling-ness" to make a patch for those running 10.5. Customers using Leopard need to upgrade their hardware and/or software. Plain and simple.

Forcing a customer to buy an upgrade for regular, secure use (with no new features) is bullshit. Plain and simple. This is especially true for an OS that isn't even 5 years old. I will say though, this is par for the course with Apple and to be expected (not that most other companies are any better)

While Leopard isn't the security equivalent of swiss cheese (like say Windows XP) they should still be actively supporting it.

[Todd B.]

Quote:

Originally Posted by Matthew Chmiel

If you're running a PowerPC-based Mac, which haven't been manufactured since 2005, you need to stop being cheap and upgrade your hardware

This is a BS attitude. There are plenty of legitimate reasons to still be running PPC hardware that have nothing to do with being cheap. Also, one of the selling points of Macs is the longer usable hardware lifespan than PC's.

Quote:

Originally Posted by Matthew Chmiel

As RoboDad mentioned, the operating system informs the user when installing non-trusted software (at least Lion does). For those users who installed the Trojan using the fake Flash installer, a few seconds of reading would've prevented them from installing it at all.

This is incorrect. For this vulnerability that was exploited, no user interaction was required on vulnerable systems. If you read what RoboDad wrote, you'll see that he's saying it only prompts for confirmation if you've patched the vulnerability.

Quote:

Originally Posted by Matthew Chmiel

I'm not worried about security in general as Apple has been great in the past in releasing patches

I don't know how you could possibly classify them as "great" in releasing security patches. They are consistently months late in releasing patches for known security holes in third party software that they ship with the OS. They're lucky that they've avoided issues in the past, but this one has bitten them squarely in the ass.

Quote:

Originally Posted by Matthew Chmiel

As long as customers keep their Mac up-to-date and take an extra step to research security options, there's still nothing to worry about.

They have a serious attitude problem. Please look at this page and tell me where on it there is the recommendation that I need extra security options beyond what is built into the OS:

http://www.apple.com/macosx/what-is/security.html

Even the very last item on that page says: "However, since no system can be 100 percent immune from every threat, here are some other ways to help keep your information as safe as possible:" but does not recommend any additional security software or options. If I followed every single recommendation on that page, I still could have been infected by Flashback during the period between when this variant became prevalent and when Apple released the months old Java security patch.

[Matthew Chmiel]

Quote:

Originally Posted by RichC2

While Leopard isn't the security equivalent of swiss cheese (like say Windows XP) they should still be actively supporting it.

Agree to disagree.

I'll use an example. My wife still rocks a four-year-old Sony Vaio that I helped her upgrade her hardware and software on last fall. Sony hasn't provided updates to any of the software that came installed and some of it had issues running on Windows 7. (That software, thanks to me, is no longer installed as I made sure not to re-install it when I replaced her hard drive.) In addition, Intel has killed support to her second-generation Intel Core 2 Duo processor that carries their unfortunate GMA imtergrated graphics card. I would be safe to say none of the hardware inside her machine, other than the memory and hard drive that I replaced, are still covered or supported. Everything is left to software.

Don't get me wrong, for a four-year-old machine that's mainly used as a glorified netbook, it does its job. However, my wife loves games like CityVille. I don't know why, but she does. However, any Flash intensive game sucks on it. Any sort of software (video, flash, whatever) that requires use of video processing sucks. She's limited to her hardware and when I'm not around or on my iMac, it's used as her computer to do her "gaming" on. She knows she needs a new computer, however we're waiting on a refresh on the 13" MacBook Pros before she finally makes the switch to Mac.

I had a 13" MacBook, late-2006 model, that worked like a charm even with Intel's GMA solution inside of it (I sold it and replaced it with an iPad 2 last March). If I still had it, it would be able to run the latest operating system with no problems despite being six-years-old. While it won't be supported on Mountain Lion to whomever owns it now, at least Apple will still support it for another few years as support for Lion keeps up.

For those customers who are running Tiger or Leopard on machines clearly capable of running Snow Leopard and/or Lion, is it in Apple's best interest to keep their older, out-of-date software? Maybe, but as an educated customer, I disagree and they've had plenty of opportunities to upgrade their software within the past few years. Unlike Microsoft, Apple has kept pricing for their OS upgrades to under $30 since Snow Leopars and the upgrading process is relatively easy as one just needs to push the Upgrade button and they're done. It's so simple a caveman can do it. I don't see why a customer who has already paid more than $1000 for a computer a few years ago can't be bothered to pay $30 for an upgrade that'll actually help them out in the long run.

Quote:

Originally Posted by Todd B.

This is a BS attitude. There are plenty of legitimate reasons to still be running PPC hardware that have nothing to do with being cheap.

Name me one that's actually legitimate to everyday use because I can't even think of one and I've owned numerous PPC and Intel-based Macs.

Quote:

This is incorrect. For this vulnerability that was exploited, no user interaction was required on vulnerable systems. If you read what RoboDad wrote, you'll see that he's saying it only prompts for confirmation if you've patched the vulnerability.


I don't know how you could possibly classify them as "great" in releasing security patches. They are consistently months late in releasing patches for known security holes in third party software that they ship with the OS. They're lucky that they've avoided issues in the past, but this one has bitten them squarely in the ass.


They have a serious attitude problem. Please look at this page and tell me where on it there is the recommendation that I need extra security options beyond what is built into the OS:

http://www.apple.com/macosx/what-is/security.html

Even the very last item on that page says: "However, since no system can be 100 percent immune from every threat, here are some other ways to help keep your information as safe as possible:" but does not recommend any additional security software or options. If I followed every single recommendation on that page, I still could have been infected by Flashback during the period between when this variant became prevalent and when Apple released the months old Java security patch.

1. Read more up on the Flashback trojan as it originally started out as a fake Flash installer before being sent out through an exploit in Java.

2. Learn how to use Google so you'd be able to find out additional ways to keep your computer safe and secure.

3. As someone who has owned Macs for nearly a decade, I still haven't encountered any security breaches or issues. While I might be more ahead of the curve than most, it's not hard to secure your Mac more either based upon your System Perferences by enabling firewalls, FileVault, whatever alongside additional software. Intego (the makers of VirusBarrier) have been putting out security software for the Mac for years as well as other companies.

Also, did I mention ClamXav yet?

[fumanstan]

While I openly admit that Windows PC's have been historically far more susceptible to security issues, it's funny to hear the "easy" solutions to fixing the problems on a Mac are really no different from those that would keep a Windows machine running healthy all this time.

[Todd B.]

Quote:

Originally Posted by Matthew Chmiel

I had a 13" MacBook, late-2006 model, that worked like a charm even with Intel's GMA solution inside of it (I sold it and replaced it with an iPad 2 last March). If I still had it, it would be able to run the latest operating system with no problems despite being six-years-old. While it won't be supported on Mountain Lion to whomever owns it now, at least Apple will still support it for another few years as support for Lion keeps up.

You just made the point right there. You compared your wife's 4-year old Vaio which is near-unusable as you seem to describe it, and your 6-year old MacBook which was perfectly usable. Macs have always been usable for much longer periods of time than PC's, so why is it so hard to believe that a 7-year old PPC Mac from 2005 is still in general service and usable?

Or what about, say, Core Duo/Solo Macs from 2005-2007 which cannot run Lion, and will lose security patches on Snow Leopard once Mountain Lion comes out later this year, in accordance with Apple's security policies. Core Duo Mac Minis were being sold as of Aug. 2007. When the next Flashback-type incident happens after Snow Leopard security support is dropped (say, late 2012), are those people also being cheap for not upgrading to a newer Intel processor?

Quote:

Originally Posted by Matthew Chmiel

Name me one that's actually legitimate to everyday use because I can't even think of one and I've owned numerous PPC and Intel-based Macs.

Grandma uses a PowerPC Mac because it does what she needs (E-mail, light web browsing (no video)) without any issues. Is she "cheap" because she doesn't want to spend her fixed income on a new computer when this one serves her needs perfectly fine?

Quote:

Originally Posted by Matthew Chmiel

1. Read more up on the Flashback trojan as it originally started out as a fake Flash installer before being sent out through an exploit in Java.

I'm well aware of that. We're not talking about the fake Flash installer variant, which was one of the original variants. We're talking about the Java exploit variant, which is the one that infected 600,000+ computers, and does NOT require user interaction on vulnerable systems.

Quote:

Originally Posted by Matthew Chmiel

2. Learn how to use Google so you'd be able to find out additional ways to keep your computer safe and secure.

3. As someone who has owned Macs for nearly a decade, I still haven't encountered any security breaches or issues. While I might be more ahead of the curve than most, it's not hard to secure your Mac more either based upon your System Perferences by enabling firewalls, FileVault, whatever alongside additional software. Intego (the makers of VirusBarrier) have been putting out security software for the Mac for years as well as other companies.

Also, did I mention ClamXav yet?

Yes, anyone COULD theoretically go out and do all these things and have been proctected. But Apple presents it as unnecessary, as evidenced on that Security page. If I'm not a savvy computer user and don't do those things, I'm relying on Apple's claims that the operating system is secure. However, in this specific Java vulnerability instance, I could have done every single thing that Apple recommends security-wise and still been infected.

[shadowhawk2020]

Quote:

Originally Posted by RoboDad

I think it is also worth noting a few things:

a) This is not a virus, but a trojan. That may be a subtle distinction to some, but it is still a distinction. And this does not imply that a Mac cannot be infected with a virus, but only that this specific case was not one.

I agree with you about there being a difference. But most people infected don't know and don't care about the difference. They just know there is something wrong with the machine they were told they wouldn't have to worry about.

Quote:

b) In order for the trojan to gain a foothold, a system must either be vulnerable by not being up-to-date (Java), or vulnerable by way of the user not taking the time to actually read the "self-signed" certificate prompt, which actually says that it is not trusted.

That is true of a lot of trojans. Even though Windows is a more vulnerable OS I would guess a good number of the vulnerabilities are due to software directly released by Microsoft.

Quote:

c) The trojan aborts its own installation in the event that security software is present and running on a system. Apparently the "developers" of the trojan did this to stay under the radar for as long as possible.

But the reason the Trojan has been as successful is because of Apple's own salesmanship when it comes to Macs. Users have been told they were secure with their Macs (which to Apple's credit they mostly have been) and they have not felt the need to run security.

Quote:

So, while this is a very real problem, it is also a ridiculously easy problem to avoid.

Final couple points.

1. I would argue that most trojans/viruses are easy to avoid if you know a little about what you are doing. My first computer was an 80286, and in all the times I have used PCs I have had one issue, which was Malware.

2. I would also say that up to recently (last few years) Macs have had the luxury of being an enthusiast machine. If you owned a Mac you knew spent enough money on the thing so you took interest keeping it protected. Now that people are buying these for their parents because it "just works" I can see this type of thing happening more often.

[Matthew Chmiel]

Quote:

Originally Posted by Todd B.

You just made the point right there. You compared your wife's 4-year old Vaio which is near-unusable as you seem to describe it, and your 6-year old MacBook which was perfectly usable. Macs have always been usable for much longer periods of time than PC's, so why is it so hard to believe that a 7-year old PPC Mac from 2005 is still in general service and usable?

Sadly, if someone is using an iBook/PowerBook G4, they might as well just "upgrade" to an iPad when their time comes as it'll actually give them better processing power than those machines.

Yes, Macs are always useable for much longer periods of time than a PC. However, I had first-generation 12" iBook G4 for two years before I upgraded to an iMac. During those two years, I had to replace the hard drive on the iBook twice. Not the best Mac experience, but not the worst.

Quote:

Or what about, say, Core Duo/Solo Macs from 2005-2007 which cannot run Lion, and will lose security patches on Snow Leopard once Mountain Lion comes out later this year, in accordance with Apple's security policies. Core Duo Mac Minis were being sold as of Aug. 2007. When the next Flashback-type incident happens after Snow Leopard security support is dropped (say, late 2012), are those people also being cheap for not upgrading to a newer Intel processor?

1. Core Solo processors only existed in 2006 on the Mac with the first-generation Intel-based iMacs, MacBooks and Mac minis. I didn't have my first-generation Intel-based 20" iMac for more than 16 months before Apple replaced it due to numerous logic board and display issues. A buddy of mine had similar issues on his and Apple replaced it as well.

2. Core 2 Duo Macs existsted until 2010. Mountain Lion still has support for Core 2 Duo processors, but not specific intergrated graphics cards. Any of the Intel GMA solutions along with the intergrated ATI cards (that were used briefly) will not be supported.

3. The benefit that Snow Leopard, Lion, and Mountain Lion all share is they're based off the same coding (ahem, Grand Central Dispatch, ahem). Leopard doesn't share this coding and thus why it's not (as) supported. As long as the coding is relatively the same, I don't see Apple cutting off support to 10.6 until there's a drastic change in how they build their Mac OS.

Quote:

Grandma uses a PowerPC Mac because it does what she needs (E-mail, light web browsing (no video)) without any issues. Is she "cheap" because she doesn't want to spend her fixed income on a new computer when this one serves her needs perfectly fine?

And what happens when it breaks tomorrow and she can't get the parts to fix it as they're no longer made and cost a boatload to get? Is she without a computer? Do you switch to Windows? Do you get her an iPad? Computers, like most electronic equipment, isn't built to last forever.

Quote:

We're talking about the Java exploit variant, which is the one that infected 600,000+ computers, and does NOT require user interaction on vulnerable systems.

I love how people keep bringing up 600,000 as its a large number when it's not. Apple sold over 15 million Macs in 2011 and over 5 million in Q1 2012 alone. Even if Apple's customer base was that 20 million alone, less than 3% have been affected by this virus. If anything, less than 1% of the Mac population is affected and still have nothing to worry about. I'm also sure Grandma doesn't have Java installed on her machine, and if she does, probably rarely visits websites that use Java (as JavaScript is an entirely different thing and not affected by Flashback).

Quote:

Yes, anyone COULD theoretically go out and do all these things and have been proctected. But Apple presents it as unnecessary, as evidenced on that Security page. If I'm not a savvy computer user and don't do those things, I'm relying on Apple's claims that the operating system is secure. However, in this specific Java vulnerability instance, I could have done every single thing that Apple recommends security-wise and still been infected.

No, you're not computer savvy, you're just ignorant.

Anytime I purchase anything that is going to cost more than a few hundred dollars, I ask:

1. How do I protect my investment? What warranties or service options exist and which is the best one? In the case for most, it's usually from the maker itself. I own AppleCare on my Apple devices, HondaCare on my Honda Fit, whatever Microsoft offers on the Xbox 360, etc. I use SquareTrade, when needed, on those products when an extended warranty/service plan is not available from the maker on (like my Amazon Kindle).

2. How do I secure my investment? If its a computer, what are the best options for antivirus, firewall, etc? Google, like 99.9% of the time, will be what I use to find an answer. Let it be from news articles, blogs, or message boards. Research will lead me to the solution I'll need to secure my products.

[Todd B.]

Quote:

Originally Posted by Matthew Chmiel

2. Core 2 Duo Macs existsted until 2010. Mountain Lion still has support for Core 2 Duo processors, but not specific intergrated graphics cards. Any of the Intel GMA solutions along with the intergrated ATI cards (that were used briefly) will not be supported.

I didn't say Core 2 Duo. I said Core Duo. Those were sold until Aug. 2007. Are those people also "cheap"? They cannot run Lion, and have no support beyond Snow Leopard.

Quote:

Originally Posted by Matthew Chmiel

3. The benefit that Snow Leopard, Lion, and Mountain Lion all share is they're based off the same coding (ahem, Grand Central Dispatch, ahem). Leopard doesn't share this coding and thus why it's not (as) supported. As long as the coding is relatively the same, I don't see Apple cutting off support to 10.6 until there's a drastic change in how they build their Mac OS.

You haven't been paying attention. If Apple DIDN'T cut off Snow Leopard updates, THAT would be a drastic change. For all the OS X releases, they have always supported the current OS, and the previous release. Although they don't have an official policy stating this (which is another point of contention), this is what they've always done. Assuming they continue that, that means Snow Leopard stops getting security updates this summer when Mountain Lion is released. So again, those 2005-2007 Core Solo/Duo computers, are those also "cheap" people who need to upgrade?

Quote:

Originally Posted by Matthew Chmiel

And what happens when it breaks tomorrow and she can't get the parts to fix it as they're no longer made and cost a boatload to get? Is she without a computer? Do you switch to Windows? Do you get her an iPad? Computers, like most electronic equipment, isn't built to last forever.

That is absolutely no rebuttal to the fact that she is still using it successfully TODAY, and that it is vulnerable. You asked for a legitimate everyday use, and you got one.

Quote:

Originally Posted by Matthew Chmiel

I love how people keep bringing up 600,000 as its a large number when it's not. Apple sold over 15 million Macs in 2011 and over 5 million in Q1 2012 alone. Even if Apple's customer base was that 20 million alone, less than 3% have been affected by this virus. If anything, less than 1% of the Mac population is affected and still have nothing to worry about.

Even though it's less than 1%, 600,000 is a significant number of compromised machines. And Flashback is designed to steal personal information. That's a lot of bank accounts, gmail accounts, etc. that can be used for bad things. Let's say they got bank account information from just 5,000 of those compromised machines (less than 1% of the compromised machines). Let's say they stole just $100 from each of those accounts. That's $500,000 of stolen money. That's not "nothing to worry about," especially to the people who got stolen from.

Quote:

Originally Posted by Matthew Chmiel

I'm also sure Grandma doesn't have Java installed on her machine, and if she does, probably rarely visits websites that use Java (as JavaScript is an entirely different thing and not affected by Flashback).

Perhaps you've forgotten that Java was installed and active by default until Lion, including on the still-vulnerable Leopard. Also, she doesn't have to visit a website that uses Java. The hackers are HIJACKING legitimate websites and putting the Java exploits on there.

Quote:

Originally Posted by Matthew Chmiel

No, you're not computer savvy, you're just ignorant.

So, of the 15 million Macs sold in 2011, Apple (and you) are banking on the fact that all the owners are computer savvy and not ignorant, to keep their computers secure? Good luck with that. That worked really well for Microsoft in the early 2000's.

I think there are 2 things that have been proven with this incident:

1. Apple is lackadaisical with its patches. I looked this info up. This Java security vulnerability (CVE-2011-3544) was generally reported in Sept. 2011. Oracle patched it in Java on Oct. 18, 2011. Apple posted a preview of this Java update in mid-February 2012 to the Developer channel. Apple didn't make it generally available until April 3, 2012. Almost 6 months to rectify a critical remote code execution vulnerability? And if Flashback hadn't been actively exploiting it, who knows how long it actually would have been until the patch would have been released under normal circumstances. There is no other way to characterize this than a lack of urgency and priority.

2. Apple has fostered a false sense of security. They've implied that the built-in security in Mac OS X is great. Most people aren't like you, and they won't have taken additional security precautions. That why 600,000 computers got infected.

[Matthew Chmiel]

Quote:

Originally Posted by Todd B.

That is absolutely no rebuttal to the fact that she is still using it successfully TODAY, and that it is vulnerable. You asked for a legitimate everyday use, and you got one.

Surfing the internet and checking your email isn't a legitimate everyday use on why she would require a PowerPC-based Mac. I can surf the internet and check my email on half the electronic devices I have in my house, but am I going to? No. I want a specific, "I need a PowerPC-based Mac to do X, Y and Z" legitimate response.

Also, while 600,000 is a decent number, will the team of people who made the trojan actually have the time or resources to attack each of those individuals? No. I wouldn't be surprised if the individuals behind the Flashback trojan get caught similar to the ones who created the MacDefender bug last year sooner rather than later.

Quote:

So, of the 15 million Macs sold in 2011, Apple (and you) are banking on the fact that all the owners are computer savvy and not ignorant, to keep their computers secure? Good luck with that. That worked really well for Microsoft in the early 2000's.

No, but again, as someone who owned Windows-based machines prior to a decade ago, we still had McAfee or Norton AntiVirus installed on all of our PCs in the house because we knew better regardless of who knew and didn't know how to use the machines. I would say up until the launch of iOS, most who purchased Macs were more savvy than your normal computer customer. To reiterate shadowhawk2020's point, those who purchase a Mac for themselves or their parents because "it just works," will be the ones in trouble here.

I bought my mom an iPhone 4S for Christmas. She hasn't used a smartphone in her life, but wanted the iPhone because it "looks cool." I purchased the iPhone, but I also purchased AppleCare+, a Speck CandyShell case and an extra power adapter for her. I made sure she had everything she needed to protect her new phone for the next few years, but if she needs help, she has resources available to her. When I gave her the phone, I gave her a tutorial in how to use the device, but I also saved the AppleCare phone number as a favorite so she has someone she can ask questions to. I went out of my way to make sure my mom is aware and protected for the next few years (and doesn't bug me about it). If someone doesn't do that for their own parents, they're kind of a dick.

Same concept works for anything in life really. Just a generic example: If I buy a car to get me from point A to point B, but don't consider things like insurance, extended warranties, oil changes, routine maintenance and other options that are out there, I'm probably in for a bad time. I go and take my car in every few months for an oil change or if it's that time of the year, a routine checkup. Why?

1. I want to make sure my car is working.

2. I want to make sure my car doesn't break down and leave me with an outrageous repair that leaves me broke (and that's why I have HondaCare).

At the end of the day, I want to be prepared. I might've had $20,000 to pay for my car, but I don't have an extra thousand or two lying around at the drop of a hat if something were to go wrong.

Another case in point, I could be the best and safest driver in the world, but someone could drive drunk and hit me. It's not my fault, but without the proper preparation, the situation can end up even worse. My car insurance is pretty great so if anything ever happens and I'm in an accident (knock on wood), I'm covered as long as I pay my deductible. Mechanical incidents, under my warranty. It's a win-win.

Again, if you're spending a lot of money on something and/or it involves your well being, you usually want to go the extra mile and make sure you're prepared. Asking questions to others and finding out information on your own to be more well informed is usually a good thing.

Quote:

1. Apple is lackadaisical with its patches. I looked this info up. This Java security vulnerability (CVE-2011-3544) was generally reported in Sept. 2011. Oracle patched it in Java on Oct. 18, 2011. Apple posted a preview of this Java update in mid-February 2012 to the Developer channel. Apple didn't make it generally available until April 3, 2012. Almost 6 months to rectify a critical remote code execution vulnerability? And if Flashback hadn't been actively exploiting it, who knows how long it actually would have been until the patch would have been released under normal circumstances. There is no other way to characterize this than a lack of urgency and priority.

2. Apple has fostered a false sense of security. They've implied that the built-in security in Mac OS X is great. Most people aren't like you, and they won't have taken additional security precautions. That why 600,000 computers got infected.

If this teaches us anything, hopefully it means Apple will be quicker to the draw on patching updates with out much attention this is receiving.

[Todd B.]

Quote:

Originally Posted by Matthew Chmiel

Surfing the internet and checking your email isn't a legitimate everyday use on why she would require a PowerPC-based Mac. I can surf the internet and check my email on half the electronic devices I have in my house, but am I going to? No. I want a specific, "I need a PowerPC-based Mac to do X, Y and Z" legitimate response.

I give up on this. I gave you a real-world, legitimate use case. You obviously don't get it and have a very limited world view of computer usage. You didn't even address the fact that I pointed out that 5-year old Macs that can only run Snow Leopard will lose security updates when Mountain Lion is released. This is just the same as the 5-year old MacBook you were using last year that was working just fine. Imagine that suddenly having no more security updates because of Apple's policy.

Let's try it another way. According to this NetMarketShare report:

http://www.netmarketshare.com/operat...10&qpcustomd=0

For every 6 Snow Leopard and Lion computers on the Internet, there is 1 Leopard computer. Whether you think they're "lazy", "cheap", or "ignorant" it doesn't matter.
Whether you can admit it or not, there are usable computers that are being used out there that are not receiving security updates because of Apple's policy. And I contend that for special situations like this where there is an active exploit in the wild, Apple should make an exception and issue security patch for it. Your contention is that Apple shouldn't make a patch for them? Crazy.

Quote:

Originally Posted by Matthew Chmiel

Also, while 600,000 is a decent number, will the team of people who made the trojan actually have the time or resources to attack each of those individuals? No. I wouldn't be surprised if the individuals behind the Flashback trojan get caught similar to the ones who created the MacDefender bug last year sooner rather than later.

This is just flat-out wrong. Bot herders don't go around giving special attention to each infected machine. Everything is done in automated bulk on compromised botnets. They attack in bulk, they carry out special instructions in bulk, they gather information in bulk, all automated. The Flashback-compromised machines are all automatically gathering personal details and sending them back to a central repository for the hackers. The hackers either do something with that information, or sell it to the highest bidders who have the resources to do something with it.

Quote:

Originally Posted by Matthew Chmiel

If this teaches us anything, hopefully it means Apple will be quicker to the draw on patching updates with out much attention this is receiving.

On this we can agree. Their time to patch on this one was inexcusable, and it all could have been avoided if they had released critical patches in a timely manner. I do still contend that they need to experiencing a seismic shift in security attitude, otherwise the potential will still be there for something like this to happen again.

[orangecrush]

I think the more important question going forward for Apple is how they are going to handle security on iOS.

[Matthew Chmiel]

Quote:

Originally Posted by orangecrush

I think the more important question going forward for Apple is how they are going to handle security on iOS.

iOS gets more frequent updates and is a more closed system (unless one jailbreaks it). Whenever someone has made a security flaw known, like the PDF vulnerabilities from a while ago, they've been quick to patch them.

[Supermallet]

I have a G5 with the old chipset running 10.5 that I use as an HTPC. I didn't realize that made me cheap.

[Pizza]

So how do I know if my mac got infected by the flashback trojan?

[RoboDad]

You can find more information about that here.

[Matthew Chmiel]

Quote:

Originally Posted by Supermallet

I have a G5 with the old chipset running 10.5 that I use as an HTPC. I didn't realize that made me cheap.

Can't be that great of an HTPC considering third-party applications like the following are all Intel-only:

Adobe Flash Player 10.3 (and greater)
Airfoil
Flixster Collections
Handbrake
iVI
Mac Blu-ray Player
MakeMKV
Microsoft Silverlight
Plex
Pulsar
Spotify

Should I go on? Because there's more.

The only software that is still supported for PowerPC-based Macs would be Flip4Mac, Perian and VLC. Everything else has been discontinued and is no longer supported on any of the operating systems (like Boxee).

Quote:

Originally Posted by RoboDad

You can find more information about that here.

Apple has now officially released software to remove the Flashback virus as of a few hours ago. Just check Software Update.

[Todd B.]

Quote:

Originally Posted by orangecrush

I think the more important question going forward for Apple is how they are going to handle security on iOS.

As Matthew says, the closed nature of the system makes it more difficult to exploit. Code signing has been required since day one on the OS, and that makes it more difficult to execute arbitrary code. There have been no major viruses for iOS, but several for Android, an open platform.

Additionally, since it's not general purpose computing platform, it has a lot fewer vectors for exploitation (for example, no Java, no Flash).

Quote:

Originally Posted by Matthew Chmiel

Can't be that great of an HTPC considering third-party applications like the following are all Intel-only:

I don't understand how you can continue to be so dismissive of people's legitimate computer usage, that they are clearly using just fine, just because it doesn't fit your limited computer usage world view.

[Raul3]

iOS being that popular, has been attacked from day one. So Apple has been doing its work there. And it has really improved over time.

[orangecrush]

Quote:

Originally Posted by Matthew Chmiel

iOS gets more frequent updates and is a more closed system (unless one jailbreaks it). Whenever someone has made a security flaw known, like the PDF vulnerabilities from a while ago, they've been quick to patch them.

Quote:

Originally Posted by Todd B.

As Matthew says, the closed nature of the system makes it more difficult to exploit. Code signing has been required since day one on the OS, and that makes it more difficult to execute arbitrary code. There have been no major viruses for iOS, but several for Android, an open platform.

Additionally, since it's not general purpose computing platform, it has a lot fewer vectors for exploitation (for example, no Java, no Flash).


I don't understand how you can continue to be so dismissive of people's legitimate computer usage, that they are clearly using just fine, just because it doesn't fit your limited computer usage world view.

Quote:

Originally Posted by Raul3

iOS being that popular, has been attacked from day one. So Apple has been doing its work there. And it has really improved over time.

Thanks for all the info guys.

[JohnIan]

Got an email about half an hour ago.

My friend's laptop, an iBook G4 was infected and now a brick. He's lucky, he has a newer laptop, already installed the security update.

Both that dead computer and mine are G4s, running the same OS, 10.4.11. I've turned Java off on my browser.

So far my computer isn't infected and I hope it stays that way. All ready made a phone call to another Mac friend, same boat, same OS.

I don't have the money to buy a new computer. Just don't. All of my saving went to getting a new (used) car after a crash and the various repairs on that.

So I guess I'm screwed.