8 Replies Latest reply: Apr 7, 2012 12:41 PM by etresoft
seanhingston Level 1 Level 1 (0 points)

My mac is 10.7.3 should I be concerned about the Java malware scare?

  • etresoft Level 7 Level 7 (26,550 points)

    No. However, there is a reason Apple no longer installs Java by default. If you don't need Java, don't install it. If you don't need to run Java applets in Safari, then turn that feature off in Safari's Preferences. If you do require both Java and Java applets, then you need to make sure that your Java software functions properly in the new update. I know that my corporate VPN doesn't. So, I could either be safe from a milltion-to-one exploit or keep earning money and paying bills. Big decision there.

  • MrHoffman Level 6 Level 6 (13,020 points)

    Concern over computer security should not be conditional on what the press and the social-media echo chamber is reporting.  Or what the press and the echo chambers are not reporting.

     

    Concern over security is an on-going requirement.

     

    This means complete backups, multiple ("deep") copies (as backup media can fail), and preferably disconnected.  Your backups are one of the easiest and best paths to recovery when your system is breached, and preferably a copy of the backup that predates the breach, and has been kept offline.

     

    Using proper passwords and/or certificates, of course.  On all users.

     

    Not downloading "codecs" or "players" from any site other than the original source of the tool.  There are a number of download sites around, and various of those sites are busily optimizing themselves to the top of Google search results.  Downloading tools from sources other than from the original producer or from producer-designated sites can have additional risk; you're not necessarily getting (just) what you expect.  If you didn't go looking for the tool yourself, do not download it.  With OS X, look to use the Mac App Store as your source.

     

    Don't click on links embedded in mail you've received, even if it looks to be a trusted source.  This includes social media messages received via mail, including LinkedIn mail, etc.

     

    Firewalls and VPNs, as well as checking logs.

     

    Maintaining current versions of Java, Safari and Adobe Flash Player, as well as other installed software.  Verifying that any web-facing tools you're using (client or server) are current.

     

    Disabling the automatic opening of "safe" files, and disabling Java access in the browser (or not installing it), and disabling (or removing) Adobe Flash Player, are all normal and expected practice, here.

     

    As for your original question, there's a Terminal.app sequence that's been posted by F.Secure to investigate whether your clients have been infested by the so-called OSX/Flashback.K malware.  It's a little arcane, if you're not familiar with Terminal.  It's not the first Mac malware that's been around, and it certainly won't be the last.

  • etresoft Level 7 Level 7 (26,550 points)

    What's this? A sane voice of reason in the hysteria? Oh yeah, MrHoffman, that figures.

     

    Those instructions are way too arcane. Just do this:

    cat -/.MacOSX/environment.plist

     

    If it says anything about DYLD_INSERT_LIBRARIES, then delete that file.

     

    Next, see if anyone has modified Safari with:

    code sign -v /Applications/Safari.app

     

    If so, quit Safari and restore Safari from backup

     

    Log out and then back in. Mischief managed.

  • etresoft Level 7 Level 7 (26,550 points)

    So much for posting from my iPad. This is what you should type and see as a result:

     

    user227-135:~ jdaniel$ cat ~/.MacOSX/environment.plist

    cat: /Users/jdaniel/.MacOSX/environment.plist: No such file or directory

  • MrHoffman Level 6 Level 6 (13,020 points)

    FWIW, there's a shell script here that looks to be reasonable, for those that are comfortable in the shell.  That script would need to be downloaded into a plain-text-format text file (using vim, emacs, nano, TextWranger, etc), then chmod +x invoked to to allow the script to execute, and then invoke the script with sudo.

  • Leslie260 Level 1 Level 1 (0 points)

    I'm not a programmer, so I'm not sure what it means to "just do this."  How do I "cat-/MacOSX/environment.plist" Do I type that somewhere?

  • Leslie260 Level 1 Level 1 (0 points)

    I have OS 10.5.8.  Do I need to worry about the Java malware?

  • etresoft Level 7 Level 7 (26,550 points)

    Here is a much better and easier-to-use tool: lhttps://discussions.apple.com/docs/DOC-3271