Oh my....
The shadenfreude...is just too delicious to bear......
The Mac-specific Flashback Trojan created a zombie army of 550,000 Mac machines by exploiting a Java hole that Apple only patched on Tuesday, six weeks after Microsoft plugged it up on Windows machines. This is according to Russian anti-virus firm Dr Web, which arrived at the figure after it successfully managed to sinkhole …
My recollections of crocodile meat, from when Sainsburys sold it as precut strips, around 1998 or so, I think, are:
1. It has a distinct texture that vaguely looked like it would go in flakes (like white fish does) as I cooked it, but was meat-like rather than fish-like, and didn't flake at all. The texture was more like beef or lamb than it was like chicken.
2. It was nearly white in colour, which added to its resemblance to fish.
3. It had distinct, but not particularly strong, flavour that was not very much like chicken.
I have to admit it is so veeeery tempting. However, I hope that Cupertino really take this as a warning and get their collective arses into gear. None of us is served by this kind of shit (I know, I smiled as well) and it is best (in my humble opinion) that we recognise that we are all in this together (whether we like it or not) and act accordingly.
And I have been a Windows NT user since 1993.
Number of malware so far (not counting that awful PowerDVD crapware that came with my burner): 0.
Most of that time I have surfed with Javascript disabled. That fended off quite a few threats in the early years.
I also avoid installing any antivirus products. They lead to a false sense of security. Case in point: I've helped people clear trojans that their AV software only managed to pick up on after quite some time (I kept a sample at work where we are forced to use AV software).
OSX has grown in popularity. Welcome to your worst nightmare.
erm no you don't. RTFA:
"The Flashback malware was capable of installing itself on unprotected Mac machines without user interaction, a factor that goes a long way in explaining the success of its spread. Users become infected simply by visiting a site loaded with exploit code, in drive-by-download-style attacks."
Besides, I would think the best response to something like this happening is "Gee, I should make sure my software is up to date and I have a working antivirus."
Not
"They're making this up!" or "Oh yeah, well Windows gets viruses too, so there!"
"MacOS AV software is an even more pathetic scam than Windows AV is..."
I figured that out after about four or five years of struggling with Virex, and pretty much everything from Norton or McAfee. Also, by that time (early '90s), the Web was just starting to become widespread, and so there was a whole new set of common-sense do's and don'ts for how to handle things like Java, JavaScript and unsolicited downloads, not to mention all the attention of malware authors seemingly shifting to Windows. Back then, I was still using a scanner to check my downloads for viruses, but I'd ditched my automatic self-running AV suite -- the stuff that would run at boot time, and barge in to check every file I opened -- because it was slowing my system to a crawl and was getting to be a bigger pain in the ass than it was worth.
erm you have to type in your admin password for it to install...
Yeah, that's right; almost forgot that...
and if it detects any software like little snitch (and even Xcode!!) it won't install!
I'd like to see where they got these numbers from - are they selling anything?
Good point. Also -- for some reason -- I'm suspicious of that outfit simply because they're Russian. Makes no sense, I know, but...
"erm you have to type in your admin password for it to install"
Actually, you don't.
It's a bit of an odd duck, this one. It asks you for an administrator password, but you don't actually have to type it.
When the malicious Java applet runs, it attempts to download additional code. To do this, it prompts the user for an administrator password. If the user is gullible enough to type it, the downloader installs a payload in the Mac's Applications folder, and (I believe) sets it to run automatically at startup.
If the user *doesn't* type the administration password, the downloader installs a hostile payload in the user's home folder. This payload runs in userland, without administrator privileges, and I'm not certain but I don't believe it runs on restart (and it certainly doesn't if the user restarts and logs in to a different account). It's a lot more limited in what it can do, but it does still run, and (if the user doesn't have the firewall enabled) does seem to have the capability of making outside connections.
So the upshot is: No, you don't have to type an admin password. If you don't, the infection is somewhat mitigated, but it is still effective.
I've been a "true believer" since '85 and, iirc, one of the first major viruses discovered in the wild -- or at least the first that got any media attention -- was a Mac virus, around 1988 or '89.
I won't speak for other "fanbois" -- jeezus, I hate that goddamn' word -- but one of the first things I learned twenty-odd years ago was to not be complacent. I still think criticism of Windows for its defaults being set to "hack me, root me, trojan me, pwn me" out of the box, but I've always paid close attention to virus/malware reporting in the Reg and elsewhere as I knew sooner or later some miscreants would get around to doing a Mac virus or trojan, and I wanted to be sure I was ready for them (Firefox/NoScript/Adblock/Flashblock/LittleSnitch FTW).
"I won't speak for other "fanbois" -- jeezus, I hate that goddamn' word "
..........on the basis of your posting, do not remotely fall within the definition "fanboi" - in contrast to a certain number of the postings we get here at El Reg from a particular proportion of Cupertino's fan-base. I work with a number of "Mac-folk", amongst others, graphic designers and scientists - I would not describe any of them as "fanbois", serious people all of them for whom I have a great deal of time.
-:)
AF.
Thanks. The first computer I ever used or owned was a Mac; the design shop I was working got some in early '85, and I bought my own shortly after that. I think that if I'd used any system other than a Mac, I would be totally fearing and hating computers now. As it was, I was able to explore and experiment and learn about how computers and networks work because the Mac "just worked"; I could concentrate on my work and on self-education with my computer because I wasn't spending half the day ripping my hair out trying to figure out why stuff wasn't working.
But, aaaa-aaaanyway... long story short... yeah, I hate being tagged as a "fanboi" because I've used a Mac for over 20 years and really like it, but I can still dig where people are coming from when they fling that word around whenever I glance at the TV and see all those goddamn' hipsters lining up at 3:00 in the goddamn' morning to pay too much for iPhones and iPads... and I catch myself mumbling "jeezus, what a bunch of fanbois!"
I am very tempted to say "find a Mac in my area in less than 24 hours and I'll buy you a drink".
In my circles, there is about 1 Mac user for every 50 Windows user. True, it would not be hard for me to find an infected Windows machine, but it is because I know which particular user is most likely to have an infection at any given time. (OTOH maybe he has cleaned up his act by now, in that case I'd be hard pressed to find an infected Windows machine)
The thing is I can definitely remember clearing a virus from about 20 production Macs over 20 years ago in System 7 - no idea what it was called now.
Anyone who ever said Macs can't get a virus was an idiot, same as anyone who either repeats or claims such nonsense now
Just shows Mac users have the same level of stupidity as PC users. So what's new...
"Users that have been visiting a site with the malware will first be asked for an administrator/root password, if the users decides to enter the password the Flash Trojan will be installed in the application folder. "
D'uh... what if I just enter my password here...
Just shows Mac users have the same level of stupidity as PC users. So what's new...
D'ahh, not so fast. See my previous comment re: encountering my first Mac virus in the late '80s.
"Users that have been visiting a site with the malware will first be asked for an administrator/root password, if the users decides to enter the password the Flash Trojan will be installed in the application folder. "
Hey, c'mon, I'd have to be totally rock stupid to give the admin password to something trying to execute which I don't even recall asking to download. Add to this the fact that I installed NoScript, AdBlock Plus, FlashBlock and LittleSnitch ASAP after upgrading to OSX would indicate a level of stupidity approaching zero.
Amazing how much a "fanboi" like myself can learn from paying close attention to the news about Windows viruses, trojans, malware and "social engineering" tricks in El Reg.
This post has been deleted by its author
It's well known that Unix/Linux systems can get viruses - the difference has been that they've never become a widespread problem.
In any case if you want to be more sure in a Unix type OS use different accounts for different things.
I have an account I ONLY use for really important stuff like banking and another for for visiting sites that MIGHT be dubious. It's so easy to switch why not. Unless you can't be ars*d in which case you deserve all you get.
@Chemist
Separate accounts don't stop you getting a virus/trojan and if you get infected with your "dodgy stuff" account, you're still infected. If you used your "dodgy stuff" account and were silly enough to enter your root password or have software which runs as root (or even just a bit elevated) which has a vulnerability, you still have a seriously compromised system.
"dodgy stuff" account, you're still infected."
"dodgy account " is still infected true but it's all just still extra layers of defence. Other accounts will not be so 'safe' account is still less vulnerable. Of course if a further vuln. allow escalation then that is a different matter.
"dodgy account" by the way is deleted/recreated at weekly intervals
Too complex a topic to describe in detail here but LONG complex passwords, multiple accounts, firewalls, NAT routers, Firefox/Noscript/ABP and a lot of other techniques alongside using Linux have kept me safe over the years.
Keeping an eye on the logs is useful. I esp. look for SSH attempts which is my only open port ( protected by unusual port number, one unusual account name and a long, difficult password)
I don't buy that argument about anti-virus and never have. It's good at detecting stuff that's been around the traps a while but none of them score 100% in tests so you're just flying under the assumption of protection. Avoiding these things requires a multi-faceted approach and I find anti-virus decidedly ex-poste. I've never ever run it on Linux and have never had an issue.
>>Basically if you're running without antivirus on any system, you're an idiot.
Basically, If you rely on an antivirus to protect you against the weaknesses of your operating system, you are an idiot. If you knowingly running an OS that fails to address many security problems on its own to require some murky, obscured tools, you are an idiot squared.
>>There are Linux viruses in the wild and there have been for a while now.
It would be nice to support this claim presenting names of the alleged viruses with the estimated numbers of infected Linux users, each linked to the corresponding sources. Otherwise, it is a never-ending FUD of an MS Windows fanboy.
> It would be nice to support this claim presenting names of the alleged viruses with the
> estimated numbers of infected Linux users, each linked to the corresponding sources.
I'm starting off this post with "I'm not a Windows Fanboi", I run quite a few Unix systems in my lair (of which three runs different flavors of Linux, and one OpenBSD box acting as a router).
That said: http://ubuntuforums.org/showthread.php?t=1349678
This cropped up back in '09 . It caught my attention by appearing in an issue of LinuxFormat . I think it's proof enough that even friends of penguins aren't safe anymore.
This post has been deleted by its author
Ramchyld, so you're running an OpenBSD? Sure, no kidding? And may I ask, do you know, if a person starting the thread in your link is running plenty of OpenBSDs along with a Debian? And he/she is not kidding either:
"I have installed a deb from a site claiming to be an Screensaver however it looked dodgy however I proceeded."
Just, FYI, try not to install outside of central repositories, especially with sudo/root and/or binary only (even from gnome-looks. website) . With major distros/BSD users have a huge selection of various software, unlike their Windows counterparts. Possible reasons of going against such practices might be either recent switch from Windows, or a low IQ.
Another "not-a-Windows-fanboy" had a similar joke http://forums.theregister.co.uk/forum/containing/1359363 . Yours is good too :)
On a serious note, I've seen names of alleged Linux viruses and trojans on some antivirus makers' websites. All of them had nothing to claim about their relevance in the wild, except for a couple from the early 90s supposedly infected tens or hundreds of Unix users.
As part of their desperate attempts to become relevant again c.1999, Apple built Java directly into OS X and made it an on-the-box feature. The OS hence not only could run standard Java apps exactly as if they were native but included a rich set of bindings so that you could write fully native apps directly with the native frameworks but in Java. Per its designers, Java descends more from Objective-C than from C++ so I guess Apple were positioning themselves to be able to go fully Java if the market embraced it, hence they needed direct control over the thing.
In the end the market chose Objective-C (though revisionists don't seem to remember it this way), Apple worked on advancing that and deprecated the native Java bindings after only a few versions and dumped the default inclusion of the Java runtime at all as of the current version. Cyberduck is the only big OS X app I'm aware of with a Java core, Neooffice/J having once also been quite popular but probably not so much since Open/LibreOffice went native.
It was quite stupid that Apple were still maintaining Java separately and more slowly, and this is exactly the sort of flaw that doing so has exposed. So it's good that they don't do that any more, though it's far from being Apple's only security problem.
This post has been deleted by its author
I'm currently vulnerable to this, as my main install of Java is a bit out of date, but updating it on Windows, when you run as an user, is a pain - even if you authenticate as admin, it fails with a folder creation error, so you have to log out, login as Admin...yeah, I'm lazy.
But not only that - a lot of programs that rely on Java (e.g. SPSS/PASW) use their own JVM to ensure that it is compatible, and these never get updated, which is a bit of a security hole...
It's a shame it's useful, otherwise I'd just get rid of it.
This post has been deleted by its author
So lets examine you English skills
Where in the advert does it say that Macs can't get a virus? - It doesn't, Not even once.
They'r clearly talking about a Windows Virus. Which a Mac cannot get. Yes, they can pass them on.
So you're original comment "they told me Apple computers didn't get viruses!" is actually completely wrong. They never said it at all.
English may be your first language, but you're not very good at it. Stick to picture books
I've noticed a distinct dislike of Mac users on El Reg, nothing wrong with that, anyone who spends double the value because it has a customised version of linux on it deserves to be mocked. I mean really, I've tried using a mac, honestly I have. But its just terrible. Shame Microsoft is trying to copy them now.
*jumps on the Linux boat*
Er, Apple aren't maintaining Java for OS X on their own. As your own article states, Oracle are involved in this release too.
Apple are no more interested in keeping Java limping along than they are in supporting Flash on iOS. Both are obsolete technologies that have lasted well beyond their Use By date.
After checking that my Mac was clean, I thought that I'd see which version of Java is installed. So I typed java -version into bash. The result was:
No Java runtime present, requesting install.
Needless to say, I clicked cancel when it asked me if I wanted to install Java. So unless a user has explicitly installed Java on their Mac, then they're safe (this time).
Nice to see El Reg forums maintaining their usual standards...
For anyone interested, instructions on checking for and removing the malware are here :-
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
The only observation I would make is that, of the number of active OSX computers in use (given the sales of OS updates & etc), 500,000 is actually quite a small percentage. So they've got off lightly, basically.
...then you haven't come across very many Mac users then, have you?
Every Mac user I know (including me) has AV installed - if only to avoid inadvertently forwarding a Windows virus to a windows-using friend.
Shock! Horror!
Some of us Mac users DO have friends who use Windows - and we STILL talk to each other and remain friends...
This post has been deleted by its author
You may write as many viruses as you want. More interesting is how much chances they will have to infect and spread outside of the lab. For this matter count those viruses for *nix that have been allegedly detected in the wild along with the percentages.
AMOF, This case shows that:
1) Java runtime is a pretty dangerous technology to be allowed in a web browser, nothing to say it is almost always redundant stuff
2) Apple is sloppy
3) Oracle may also be sloppy
I didn't have to clean it up, but our Sr. Tech did.
Back in the early virus fighting days, Sr. Pilot fish installed really good AV that you can't get anymore (It didn't even trust updates it downloaded itself, and unless you'd granted explicit permissions to directories you couldn't write there either) on server for a client. Client got a virus. Virus said you the system was infected and could be cleaned, but the AV needed to be turned off first. AV was configured to quarantine, not delete and had been running for over a year catching many, many viruses and stopping them from infecting the system. Client dutifully turned off AV and proceeded to "clean" the infection. Which of course released EVERY virus from the quarantine.
I was so glad I wasn't Sr. Tech that day.
I have a Windows desktop with a Linux (Mint) VM, an iPhone and an iPad. I don't want viruses on any of my things!
Arguments as to which is intrinsically safer are usually correct insofar as the history of Windows is that of a totally insecure OS having to evolve into a more secure one, leaving plenty of holes behind, coupled with the fact that it's by far the most common OS on desktops.
I honestly don't think any of them are secure against the combination of determined attacker and non-expert users. My advice to anyone and everyone is to store anything important, encrypted, onto a memory key that you only plug in when you need it, never run as Administrator, use complex 128 or 256 bit passwords for all of your online banking activity, which you store in something like a KeePass .db (as there's no way you'll be able to remember them!), saved onto your encrypted memory key and try not to visit dodgy websites!
I don't think you can do much more than that other than unplug your system from the internet or switching it off, whatever OS it is.
For the truly paranoid among us, simply boot from a Fedora "Live" CD or usb stick for banking transactions, or reserve a notebook exclusively for banking, rebooting before use.
This should guarantee a safe connection to your bank, free of any keyloggers, worms, viruses or trojans.
This post has been deleted by its author
If anyone was lazy enough to lookup the install trojan details, it searches for Little Snitch is running on the Mac and if it is detected the trojan installer immediately quits the installer and deletes itself from the Mac running like a scared little girl!
So much for anyone having any of these Windows Anti-Virus based companies Anti-Virus products for Mac product on your system, the trojan installs... Lolz
This post has been deleted by its author
I was hunting around looking for Draqgon 32 viruses, just to amusingly prove you wrong. I can't find any though, and I feel like I have to print something vaguely amusing, so instead you can all have this:
"The Motorola 6809, used in the UK's "Dragon 32" personal
computer, actually had an official "SEX" instruction; the
6502 in the Apple II with which it competed did not.
British hackers thought this made perfect mythic sense; after
all, it was commonly observed, you could (on some theoretical
level) have sex with a dragon, but you can't have sex with an
apple."
Icon for comical reasons.
Exactly! As soon as personal Mac and Unix boxes number the same as Windows on the interwebs, the virus writers will take note, and they will succeed too. Macs or Unix are not really more secure, just not as interesting or numerous to be worth it yet.
http://www.theregister.co.uk/Design/graphics/icons/comment/facepalm_32.png
I'm a Windows users, but I recognize that Linux and Mac (BSD) are actually inherently more secure than my preferred OS, but, and this is a BIG but, any time you dwadle with patches for known security vulnerabilities, the malware bastages are likely to run by and give you drop your drawers. If you look completely oblivious they may even tie your shoelaces together before they drop your drawers. And the Fanbois* have been completely oblivious for the last few years.
*Mike, read your posts, you're NOT a fanboi.
Symantec list this as a very low risk, it's been around for months. it does require a level of social engineering, you choose to download it and then choose to ignore a system warning about it being downloaded, and then if you give it the users password it installs. Most macs have the root account disabled and essentially rely on sudo. The latest release, as mentioned, does not require the password to do a limited install. which presumably means you'll be warned whenever it tries to install it's downloaded payload.
Hopefully Oracle will roll the osx release into their main release cycle soon, Java has been depracated on osx since 2010 and has been in the process of being redacted into the main release ever since.
Macs, like Linux, aren't virus immune. But both are a harder target.
It looks like just having antivirus apps installed means the app self deletes, presumably to hide how far its impregnated. I had AV on my mac for 3 years now and glad of it, anyone who doesn't install antivirus apps on their machines and im including linux guys on this is doing the equivalent of having unprotected sex with as many different people as possible, and not bothering with an STD test the day after.
Also now apple have relinquished control of how java is ported to their machines and it is the responsibility of the open jdk project hopefully security hole fixes will be quicker.