Previous 1 2 Next 27 Replies Latest reply: Jan 12, 2013 9:33 AM by Agent Elrond
MacinNW_Brent Level 1 Level 1 (90 points)

Is there way to tell which apps use Java, similiar to checking System Information?

 

With the fury about the Flashback Trojan, I would like to turn off Java. Unfortunately, my password safe app uses Java. I would like to see how many apps I might have to replace to be Java-free.


Mac OS X (10.7.3), iPhone 3GS, iOS 5+
  • Kappy Level 10 Level 10 (247,310 points)

    You are over-thinking the issue. A trojan requires you to download and install something. See:

     

    Flashback Trojan User Tip

    Malware Checker Dowload Link


  • Topher Kessler Level 6 Level 6 (9,565 points)

    Kappy, while true for trojans, this one has morphed to take advantage of a Java vulnerability that has been open for a few months in OS X, and does not require the user do anything in order to install. It's been called a "drive-by-download" attack that does not fool the user or try to trick him, and as such has changed from being a true "trojan horse" malware.

     

    As for Java applications, I'm not sure of a way to list them all, but you can disable Java in the Java Preferences utility and then try opening your programs to see which ones give you and error about requiring Java, and catalogue them that way.

  • Kappy Level 10 Level 10 (247,310 points)

    But, how does it get on one's computer? I assume by your terminology that one must "drive by" in order to download, and that a download should be apparent to a user?

  • Linc Davis Level 10 Level 10 (150,525 points)

    Is there way to tell which apps use Java, similiar to checking System Information?

     

    Good question. There isn't as easy a way as that, but there is a crude way.

     

    Launch the Terminal application in any of the following ways:

     

    Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

     

    In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

     

    If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Terminal in the page that opens.

     

    Drag or copy — do not type — the following line into the Terminal window, then press return:

     

    find /Applications -type f -name *.jar

     

    All the applications that are listed in the output have Java components.

  • MacinNW_Brent Level 1 Level 1 (90 points)

    Kappy, you are not being helpful. And I am not overthinking it.

     

    Apple has stated that they are moving away from Java. And for a clean install of 10.7, the default is not to install Java.

     

    I want to turn off Java, but apparently I have some apps that use Java. I would like to easily find out which ones I may need to replace. Very similar to the situation when moving to 10.7, when every one was trying to figure out which apps they used would have to be replaced.

  • Kappy Level 10 Level 10 (247,310 points)

    Well, E X C U S E  M E for even caring to try.

  • MacinNW_Brent Level 1 Level 1 (90 points)

    Thank you Linc. That was the answer.

     

    And the results were: Adobe Bridge CS3 with 4 votes, Callpod Keeper (as I knew) with about a dozen votes, Evernote with one vote, LibreOffice (had about 100 votes), OpenOffice (with a couple of dozen), and Stanza tying for last place with one vote.

     

    Since I hardly ever use LibreOffice, OpenOffice, Adobe Bridge, and Stanza, I'm pretty happy. I'm a little upset with Evernote since I just got it. But Callpod Keeper, my password safe makes me very upset. Its funciton is critical to me and I hate moving to another one.

  • Topher Kessler Level 6 Level 6 (9,565 points)

    The "drive-by" aspect means people just need to be redirected to a site containing the malicious java applet, and then provided their systems are not patched the applet will break the Java sandbox and execute the malware downloader. While in some cases it might be obvious that the applet has run or "something" has happened, in other cases a person might just see a Web page (or a blank one) they didnt intend and close it, not thinking twice about it, but not realizing they've been infected.

  • MacinNW_Brent Level 1 Level 1 (90 points)

    Linc, I forgot to say thank you for including the Terminal command. While I can find the Terminal window, I am not a regular user and so leery to type in a line like that. You hit the right skill level in your solution.

  • Kappy Level 10 Level 10 (247,310 points)

    Still sounds like practical user diligence to avoid sites that would result in the redirect is the most effective way to avoid the issue.

     

    I know in my situation I have Java enabled, I have Adobe Flash installed, etc. but I'm careful to avoid unfamiliar websites. So far I haven't been infected explicitly or implicitly.

     

    This might become a more malicious issue if the trojan turns into a full-fledged virus.

  • Linc Davis Level 10 Level 10 (150,525 points)

    Here's a less-crude version of the command:

     

    find /Applications -type d -name *.app -prune -exec sh -c 'ls -R "$1" | grep -q \.jar\$' {} {} \; -print
    
  • Topher Kessler Level 6 Level 6 (9,565 points)

    Very true, but then again such Web-based attacks have in the past resulted in even legitimate sites like MSN resulting in the MacDefender popups. Those were easier to track, but this being a more subtle attack makes it harder to determin where the attack originated.

     

    It would be much harder for the malware to develop into a virus that infects files, executes, and spreads itself. I dont see much avenue for this happening in OS X, but I guess somehow it might be possible; however, that's a bit of speculation (where anything could be possible if you think about it long enough ).

  • Kappy Level 10 Level 10 (247,310 points)

    Thanks for the discussion, Tophler.

  • MacinNW_Brent Level 1 Level 1 (90 points)

    I get no response to that command. It moves to the next line and gives me ">" or the greater than symbol.

Previous 1 2 Next