What should one do about this - in SIMPLE words please:
quote "Half a million Mac computers 'infected with malware" unquote
This is very alarming! As for the rest of the article on http://www.bbc.co.uk/news/science-environment-17623422
I simply do not understand all the JARGON!
Mac OS X (10.7.2), Various
Martin Pace wrote:
From the news article linked to by the OP:
"Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user's permission."
In some of these cases no action was required by the user other than visiting the web site.
Define "installed" in this case. Using traditional notions of "installation" of "viruses" from the history of Windows PCs, one would think this is the same thing. It is not. Due to the inherently more secure nature of the Mac, "installed" just means copied somewhere in a user's home directory. Any web site can "install" software on your machine. This Java exploit allowed the software to be installed not in the "Downloads" folder, but in special areas where the code would actually get executed.
In all cases, everything is still running under the restricted context of an individual user. To remove it, just delete the file. This is a legitimate exploit, but everyone is repeating the "half a million infections" headline instead of focusing on how this exploit actually demonstrates how the Mac is inherently secure. Even when you have an exploit in 3rd party software that is rarely used and no one wants to update, the Mac still stops it from doing too much damage.
I would define it as placed on the hard drive and able to be executed. I wasn't aware there is some official definition for 'install' when it comes to viruses. 😝 Either way the average user wouldn't check those locations for unnecessary software (I'm not aware of any advanced users that would, but that's not statistically significant). So if they don't run AV software and don't check the locations it is effectively installed.
Rarely used ≠ rarely installed. I haven't seen any statistics to convince me that Java is rarely used and therefore not installed (or installed and turned off). During my Lion install I remember getting the install Java prompt fairly shortly after loading my software, since I use Photoshop. I turned it off in my browser and used the Java Preferences app to review the security settings soon after installing, but again I don't know if the average user would.
As far as too much damage is concern if it collected my banking information I would highly consider that "too much damage," or is there some other official definition for that phrase. 😝
Again, I think it's too early to advise all OS X users to use AV software.
Apologies, macjack. I wasn't trying to single anyone out. By "here" I just meant anyone who doesn't seem to believe Macs can be compromised at all, and pooh-pooh any warnings as fear mongering. Those are the ones who will be hit hardest because they aren't paying attention to the news or respected web sites trying to pass on legitimate concerns and information.
In all cases, everything is still running under the restricted context of an individual user. To remove it, just delete the file. [...] the Mac still stops it from doing too much damage.
Depends on how you define "damage." I doubt that a user would have a similarly blasé opinion after having credit card numbers or financial site passwords stolen by Flashback. But, hey, at least it's easier to remove than Windows malware!
With refernnec to my original question as follows:
Can I PLEASE stop this NOW! I have had about 30 emails on the subject. Whilst I appreciate everyone's input, there are so many contradictions, opinions and "clever" answers that none of it has actually HELPED ME! Do I switch Java ON? Do I switch Java OFF? Is it a hoax,? should Apple sue? are Macs safe? are Mac's not safe? and so it goes on.
I will TRY to read all the emails and do a "clever" analysis of it all - but don't hold out too much hope for a clear cut answer - as, I guess, there isn’t one.
Leciaatapple
No, it is not a hoax. Turn Java (not JavaScript) off in Safari's preferences, or any other web browser you have on your Mac.
Who in the world would Apple sue? The crooks releasing this stuff? Yeah, I'm sure they'd pay up.
Yes, Mac's are generally safe. Much more so than Windows.
Lastly, go under "Your Stuff", then "Notifications" and turn off all check boxes for email alerts.
Whilst I appreciate everyone's input, there are so many contradictions, opinions and "clever" answers that none of it has actually HELPED ME!
Yes, that's the problem with many Mac experts, who scoff at malware even when someone waves it under their noses. I've been trying to educate people, using my blog and Mac Malware Guide, but there are still otherwise knowledgeable people here who blame the user, minimize threats and give people a false sense of security. At the same time, though, there are also people who will have you believe that the world is about to come to an end due to Mac malware. As with most things in life, neither extreme is correct.
See my first post on this topic for the information you need.
(Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)
Leciaatapple wrote:
What should one do about this - in SIMPLE words please:
quote "Half a million Mac computers 'infected with malware" unquote
Or you could read it as
300 million Mac computers NOT infected with Malware, it's a perception problem.
Turn Java off
I created an account just to say thank you.
For users that are not comfortable with the Terminal, download this app to find out if you are infected.
http://rsdeveloper.com/downloads/test4flashback.zip
If you aren't infected follow the recommendations here to disable Java.
Do you know if this test just tests for what's already on https://discussions.apple.com/docs/DOC-3261 or are there other tests it performs?
You can open the app in the AppleScript Editor to see all tests run:
property thefirsttest : ""
property theUser : ""
property theFirstResultTest : ""
property theError : ""
property thesecondtest : ""
property theSecondResultTest : ""
property firsttestgood : true
property secondtestgood : true
tell application "System Events"
set theUser to (name of current user)
end tell
set theFirstResultTest to "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
set theSecondResultTest to "The domain/default pair of (/Users/" & theUser & "/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
try
set thefirsttest to (do shell script "defaults read /Applications/Safari.app/Contents/Info LSEnvironment")
on error theError
if theError contains theFirstResultTest then
try
display dialog "You passed the first test! So far so good!"
set firsttestgood to true
end try
else
try
set firsttestgood to false
end try
end if
end try
try
set thesecondtest to (do shell script "defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES")
on error theError
if theError contains theSecondResultTest then
try
display dialog "You passed the second test! Awesome!"
set secondtestgood to true
end try
else
set secondtestgood to false
end if
end try
if firsttestgood and secondtestgood then
display dialog "you appear to be clean!
if you haven't already done so,
run software update!"
else if (not firsttestgood) or (not secondtestgood) then
display dialog "you failed one or both tests!
Please go to:
https://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
and follow the directions!"
end if
What should one do about this - in SIMPLE words please: quote "Half a million Mac computers 'infected with malware" unquote
