Help
Post your comments for Mac Malware Flashback Retreats here
Page 1 of 1
Mac Malware Flashback Retreats
#3
mishuk3 
- Member
-
- Group: New Member
- Posts: 10
- Joined: 15-September 11
Posted 13 April 2012 - 10:04 AM
It means that hopefully Mac users will be aware that their systems are not immune to viruses or malwares as they previously thought. And hopefully, they will take steps to ensure this does not happen. Ever been to the software aisle on any electronics store lately? There is AVs or Security Suites for Macs. Buy them.
#4
MichaelRousseau
- Advanced Member
-
- Group: Members
- Posts: 141
- Joined: 19-October 11
Posted 13 April 2012 - 10:41 AM
Gives new meaning to Mac Attack! McDonald's is saddened sales haven't increased since the infection was found.
#5
Evildave
- Expert
-
- Group: Members
- Posts: 4,287
- Joined: 24-January 08
Posted 13 April 2012 - 11:01 AM
Just the usual howler monkeys making noise. I suppose we could do some kind of pool to see when the next 'Threat That Proves Apple Has No Security' hits the media. I'll predict 'August'.
Because reporting the same threats against windoze is like reporting global traffic fatalities by name. You could fill the newspaper every day with windoze security threats and report nothing but this all day and night on TV, with no room for other programming. The very insane volume of windoze malware makes it not newsworthy. Like the weatherman dedicating time to report individual snowflakes. Nobody even bothers Microsoft with it.
But oh, an Apple trojan! It's another media phenomenon!
Yeah, the two JAVA patches that plugged the holes over the last week or so, and then the new patch that removes it yesterday couldn't possibly have anything to do with the decreasing numbers. At least for Snow Leopard and higher. Fixes for older versions will probably propagate over the coming weeks.
http://news.google.c...flashback+patch
The list of windoze botnets is long, and conficker and tdl4 and zeus and cutwail and MANY others are all still alive and well in the wild, sending billions upon billions of spam emails, and the media largely ignores 'em. What are they going to do? Report the sun is still working every day?
ZeuS was VERY quietly in the news last month for being 'taken down'.
http://www.inquisitr...n-botnet-video/
But it still appears to be alive and well.
http://www.theregist...rgets_payrolls/
And some are accusing Microsoft of 'Hampering' Zeus investigation.
http://www.informati...ement/232900260
Looks like wikipedia needs an update, though...
http://en.wikipedia.org/wiki/Botnet
All of this means that though 'Flashback' may be down, it may not be down for the count. As long as Apple and Oracle don't go back to sleep, they could make a healthy enough dent in the numbers to not make it worthwhile to continue with this vector... but JAVA exploits, attacking middleware... that could actually a general purpose PC threat. Attacking the java runtime environment with java code makes it possible to attack any computer that has Java. Not just OS X. Write once, run everywhere.
Forbes had some good information, though the author's conclusions are retarded. Yes, 'flashback' was discovered in september, LAST YEAR, but Oracle never released a fix for the problem until February. Being a JAVA exploit (IDENTICAL to recently patched windows JAVA exploits), a large portion of the 'delay' was WAITING for a fix from Oracle and then Apple had to propagate it through whatever internal processes Apple has for reviewing and integrating and testing changes. So between Oracle releasing a patch for THEIR bug in February, and Apple getting the bug fix out took additional time. Microsoft doesn't support JAVA. They have their own collection of interpreted runtimes with their own encyclopedic list of vulnerabilities. Windows Update won't necessarily plug a JAVA hole for you.
http://www.forbes.co...lware-outbreak/
While there certainly could be some improvement in Apple's speed in propagating patches to JAVA from Oracle, keep in mind that any Windoze PC user who is not computer literate enough to update JAVA themselves MAY STILL HAVE THIS SAME, EXPLOITABLE SECURITY HOLES. And there are plenty of ways for malware to kill a third party 'automatic update' (like Java Update) in Windoze, once it's in.
So before you start with the additional derision about 'Apple Security', windoze (and linux) users, be sure to update JAVA, if you use any version of Oracle's JAVA runtime environment, and enable its very annoying automatic update process. Your arse may be hanging in the wind.
Because reporting the same threats against windoze is like reporting global traffic fatalities by name. You could fill the newspaper every day with windoze security threats and report nothing but this all day and night on TV, with no room for other programming. The very insane volume of windoze malware makes it not newsworthy. Like the weatherman dedicating time to report individual snowflakes. Nobody even bothers Microsoft with it.
But oh, an Apple trojan! It's another media phenomenon!
Yeah, the two JAVA patches that plugged the holes over the last week or so, and then the new patch that removes it yesterday couldn't possibly have anything to do with the decreasing numbers. At least for Snow Leopard and higher. Fixes for older versions will probably propagate over the coming weeks.
http://news.google.c...flashback+patch
The list of windoze botnets is long, and conficker and tdl4 and zeus and cutwail and MANY others are all still alive and well in the wild, sending billions upon billions of spam emails, and the media largely ignores 'em. What are they going to do? Report the sun is still working every day?
ZeuS was VERY quietly in the news last month for being 'taken down'.
http://www.inquisitr...n-botnet-video/
But it still appears to be alive and well.
http://www.theregist...rgets_payrolls/
And some are accusing Microsoft of 'Hampering' Zeus investigation.
http://www.informati...ement/232900260
Looks like wikipedia needs an update, though...
http://en.wikipedia.org/wiki/Botnet
All of this means that though 'Flashback' may be down, it may not be down for the count. As long as Apple and Oracle don't go back to sleep, they could make a healthy enough dent in the numbers to not make it worthwhile to continue with this vector... but JAVA exploits, attacking middleware... that could actually a general purpose PC threat. Attacking the java runtime environment with java code makes it possible to attack any computer that has Java. Not just OS X. Write once, run everywhere.
Forbes had some good information, though the author's conclusions are retarded. Yes, 'flashback' was discovered in september, LAST YEAR, but Oracle never released a fix for the problem until February. Being a JAVA exploit (IDENTICAL to recently patched windows JAVA exploits), a large portion of the 'delay' was WAITING for a fix from Oracle and then Apple had to propagate it through whatever internal processes Apple has for reviewing and integrating and testing changes. So between Oracle releasing a patch for THEIR bug in February, and Apple getting the bug fix out took additional time. Microsoft doesn't support JAVA. They have their own collection of interpreted runtimes with their own encyclopedic list of vulnerabilities. Windows Update won't necessarily plug a JAVA hole for you.
http://www.forbes.co...lware-outbreak/
While there certainly could be some improvement in Apple's speed in propagating patches to JAVA from Oracle, keep in mind that any Windoze PC user who is not computer literate enough to update JAVA themselves MAY STILL HAVE THIS SAME, EXPLOITABLE SECURITY HOLES. And there are plenty of ways for malware to kill a third party 'automatic update' (like Java Update) in Windoze, once it's in.
So before you start with the additional derision about 'Apple Security', windoze (and linux) users, be sure to update JAVA, if you use any version of Oracle's JAVA runtime environment, and enable its very annoying automatic update process. Your arse may be hanging in the wind.
Share this topic:
Page 1 of 1