What should one do about this - in SIMPLE words please:
quote "Half a million Mac computers 'infected with malware" unquote
This is very alarming! As for the rest of the article on http://www.bbc.co.uk/news/science-environment-17623422
I simply do not understand all the JARGON!
Mac OS X (10.7.2), Various
There's a fairly significant disparity between the probabilities there. And turning off Java is hardly comparable to digging a hole 10 miles deep.
Uninstalling Java is not an option for a lot of people.
Disabling it in the browser is the only option. If one
uses any of the Adobe suite (photoshop, etc.), Java
is required.
There are also several cross platform development tools
that are Java based.
Therefore, disabling in the browser is the only option, which
is how the infection starts anyway.
Digging a hole 10 miles deep isn't difficult. It's already been done, right here in this thread.
I'd rather take my statistics right here in ASC. Is there one post by anyone whose Mac has been compromised by this? Smells much like other over-the-top stuff drummed up by the AV companies.
As woodmeister says, turning off Java is NOT an option for many. Also, there is a lot of misunderstanding between Java and the Java plug-in. I run a Java applet all day, everyday. There is no issue on Java applets, it is a web browser exploit, which the latest security update addresses.
I agree 200%
As Macs and Apple become more popular in the user environment, of course they will be subject to attact. Macs are still far safer than PCs and no doubt will remain so for many years to come, if not "forever."
The Mac OS is quite secure - the break is the result of "3rd" party software - in this case Java.
Notice that Apple chose not to install Java in Lion by default - most likely for this very reason.
And similiarly in the iPad, Flash is not allowed.
That being said, there is a free A/V - ClamXav2 available. Is it safe? Well, a more limited version is available free from the Apple store.
Here is their URL: http://www.clamxav.com/
I'd rather take my statistics right here in ASC. Is there one post by anyone whose Mac has been compromised by this? Smells much like other over-the-top stuff drummed up by the AV companies.
I swear, I hate this head-in-the-sand attitude that some of the experts here display when it comes to malware! But, ask and you shall receive. Off the top of my head (ie, meaning this is not a comprehensive list by any means):
https://discussions.apple.com/thread/3759625
https://discussions.apple.com/thread/3738863
https://discussions.apple.com/thread/3757584
https://discussions.apple.com/thread/3752508
https://discussions.apple.com/thread/3751817
https://discussions.apple.com/thread/3754976
https://discussions.apple.com/thread/3754976
https://discussions.apple.com/thread/3752739
https://discussions.apple.com/thread/3751705
https://discussions.apple.com/thread/3750116
https://discussions.apple.com/thread/3747332
https://discussions.apple.com/thread/3747855
https://discussions.apple.com/thread/3749210
The truth is that Macs have been so virus/trojan free for so many years, many of us have become complacent about such attacks.
I also have several PCs and because of that, my guard is always up, no matter what computer I run.
Years ago on these boards, some of us "predicted" that the day would come, when Macs became very popular, that the attacks would start in earnest.
I suspect that this is just the beginning, but the first protection against a threat is intelligence - the User.
Many of us run our machines as Administrator all the time and this may also pose a problem. Once, we were told to create a Standard account and use that except when installing software or actually doing administrative tasks. Most of us simply ignored the warning.
Again, it is always recommended to create and use a Standard user account for 99% of the time - browsing, emailing, etc.
We are probably going to have to get used to these kinds of attacks now and start thinking and acting as we should have been all along.
Again, the first and primary defense against malware is the user.
My eyes are glazing over from all those threads...
In the first the OP was on Limewire, which is like being on a public toilet seat. They picked up something but it was never established what. The following 3 threads do NOT establish that this malware is present on the OP's mac. That's where I stopped reading.
The vulnerablity has been addressed by the latest security update and as far as I'm concerned that is that.
Sure there's malware out there, I'm not disputing that. There always has been. All I'm saying is that this one is way overblown.
And sadly those who participate in Limewire, and any server based application file sharing that leaves their machine open is almost asking to be attacked. To carry the meteor metaphore even further, it is as if they put a gigantic magnet out there saying, come to me! Web based applications are less intrusive than that, as most on the Mac are completely under the user control. It is one thing to run the machine in administrator mode, it is another to actually turn on root. Even an administrator offers more control than root, as you can deliberately close certain ports, or open them as you choose and when you choose. It is one thing to leave one way communication open, it is another to leave two way communication open and leave all your doors unguarded and open. I encourage anyone who wishes to download software for the Mac, to use only FTP and web based sites that contact the developer directly. Many of these file sharing sites hold pseudo copies of unreleased betas, sometimes disguised as final release software, or worse. I'd be more worried about those who use file sharing, then those who run Java applets. If an applet unexpectedly asks for a password, I'd have to seriously ask why before I'd ever give it.
The malware menace these days go after what I call
the "Clickamatons". These are the folks that will
mindless click on any request that looks even vaguely
official and even some that don't. Some attackers even
come up with really convincing scare tactics to get them
to do it.
As has been said, if you didn't ask for it, don't accept it.
To really see if you need it, go to the actual vendor site
to find out, and download it there and only there.
Years ago, when we cautioned people about Limewire and other "sharing" services, some users scoffed at us.
"File-sharing" services such as Limewire are open cesspools connected to open sewers. Using that service turns the user's computer into another sewer line.
You get what you pay for. There are no "free" downloads of copyrighted material.
I swear, I hate this head-in-the-sand attitude that some of the experts here display when it comes to malware!
Not just here, but Mac users in general are not taking this anywhere near seriously enough. Couple of very good articles at eWeek. If you haven't heard of this publication before, they are all about IT security and systems.
Mac OS X Security Must Become a Priority
This one is more troubling:
Botnet Infects More Than 600,000 Macs
Most worrying in that second article is they note only one of two known serious flaws in Java were fixed in the April 3rd update. And there's another unknown one that is being sold to hackers. The crooks are jumping on these flaws as fast as possible before they can be fixed.
Don't believe for a second you are invulnerable just because you're using a Mac.
Hi Kurt,
I for one, never said Macs were invulnerable. In fact, I stated malware has always been around in one form or another. Methinks the press and the AV companies are having a field day with this, while very few users will be effected.
Macs don't even come with Java installed anymore.
What we may see are a lot more posts with issues related to AV software that users installed becasuse they were scared to death and are now hosing their systems.
a brody wrote:
Many people depend on Java for Chat engines. There are a lot of lonely people out there.
Many use Java for radar weather reports.
Many use Java checking their internet speed.
So for those people, it is important Java is secured.
All of those things can be done better with Javascript or, even better, and app.
True. But not every chat site has learned that. I don't use those anymore, but I'm just giving that as an example.
From the news article linked to by the OP:
"Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user's permission."
In some of these cases no action was required by the user other than visiting the web site.
I've always had a little concern for cross-platform program technologies being able to infect a computer so I keep Java and Flash locked down and enable the minimum level needed to work.
That said, if you update your software and verify your computer isn't affected as described by other posters I think it's too early to raise the flag and say everyone needs to start using AV software.
What should one do about this - in SIMPLE words please: quote "Half a million Mac computers 'infected with malware" unquote
