1. Guest,
    If you need help getting to know Xenforo, please see our guide here. If you have feedback or questions, please post those here.
    Dismiss Notice

I told you to remove java and flash from your macs!

Discussion in 'Apple' started by Sam Posten, Apr 6, 2012.

  1. Ken Chan

    Ken Chan Well-Known Member

    Joined:
    Apr 11, 1999
    Messages:
    3,302
    Likes Received:
    0
    On Lion, Java does not silently auto-install, it will prompt you if you launch it from the shell. It does not auto-install at all from within Safari; you get "Missing Plug-In" as usual.
    By some measure of "pretty" safe. The problem is that your known sites can get hacked and malware gets inserted. Of course, your known sites can also store your credentials in an insecure way. Plenty of ways to get burned. You can also reduce your chances of getting in an auto accident by never leaving your house....
     
  2. dmiller68

    dmiller68 Well-Known Member

    Joined:
    Sep 29, 2009
    Messages:
    667
    Likes Received:
    3
    Real Name:
    David Miller
    I agree as an owner of a website and Architect for a major on-line brokerage there are a million ways to have your computer infected or identity compromised. I was trying to not get into a battle about how safe MAC's are as there are people with very strong opinions here. I have been down this path a few times.



     
  3. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    16,618
    Likes Received:
    1,160
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    My issue -- and why I don't care who's fault it really is -- is it erodes the easiness of a Mac.

    I bought in 2007 and I didn't worry about this. There simply wasn't any in-the-wild threats to worry about. Even the first iteration of this malware in 2010(?) vectored through pirated iWork software.

    But this development of drive-by malware, simply view a website and your computer is infected, it brings back bad memories of the bad old days of Windows 95, where simply viewing an email or visiting a bad website and your computer was compromised.

    I'm not wringing my hands in active worry, but this is a watershed for OS X systems in my view. I now have to think about viruses and trojans on my Mac. I have to actively think about the installation of bog-standard stuff from major companies. I'm not abandoning my Mac for this (and definitely not my wife). This doesn't change my daily home use, though I'll have to pay better attention to virus news and think more carefully about AV software on our machines. It nibbles a bit at my enthusiasm for the brand.

    Nothing like finding out OS X 10.9 will be codenamed "Jar Jar", but still, not a pleasing development ;)
     
  4. mattCR

    mattCR Well-Known Member
    HW Reviewer

    Joined:
    Oct 5, 2005
    Messages:
    10,472
    Likes Received:
    368
    Location:
    Overland Park, KS
    Real Name:
    Matt
    Ken, I agree.. I think that's why I kept saying "on 10.6" (IE, NOT Lion). Prior to Lion, it did Auto install, and in fact, the installables were present on discs up until 2011. So, that's a big difference. But you can't assume all Mac users are on 10.7. Hell, you've still got a lot of people on Non-Intel Macs, believe it or not ;)
     
  5. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    16,618
    Likes Received:
    1,160
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    http://www.marco.org/2012/04/10/flashback-trojan

    Quoting Marco Arment (whom I find agreeable in reviews, but half of you don't :)




     
  6. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,980
    Likes Received:
    1,590
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    As noted in that discussion page, Apple is working on a (presumably) easy to use removal tool:
    http://www.loopinsight.com/2012/04/10/apple-developing-flashback-malware-removal-tool/
     
  7. Michael_K_Sr

    Michael_K_Sr Well-Known Member

    Joined:
    Aug 14, 2005
    Messages:
    1,358
    Likes Received:
    26
    Location:
    Chicago 'burbs
    Real Name:
    MichaelK
  8. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,980
    Likes Received:
    1,590
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Another possible major rutroh, too early to tell:
    http://www.theregister.co.uk/2012/08/27/disable_java_to_block_exploit/
    Good and bad news:
    http://www.macrumors.com/2012/08/28/newly-discovered-java-7-security-vulnerability-poses-risks-to-macs/
     
  9. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,980
    Likes Received:
    1,590
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Derp. http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/
     
  10. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    16,618
    Likes Received:
    1,160
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    I'm back to using both flash and java. I was forced to admit the web isn't usable on the desktop without flash (and switching to Chrome for flash use is impractical). And I had to have java for the harmony one software. Sigh.
     
  11. Ken Chan

    Ken Chan Well-Known Member

    Joined:
    Apr 11, 1999
    Messages:
    3,302
    Likes Received:
    0
    You can still have Java installed for "desktop" applications. The important thing is to disable the Java plugin in your browser(s), which enables the drive-by malware. Recent versions of OS X disable it automatically, and re-disable it if you haven't used it in a week or two.
     
  12. Keith Plucker

    Keith Plucker Premium
    Supporter

    Joined:
    Feb 4, 1999
    Messages:
    1,119
    Likes Received:
    41
    Location:
    Sacramento/Seattle
    Real Name:
    Keith Plucker
  13. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,980
    Likes Received:
    1,590
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Easier to just kill it with fire.
     
  14. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,980
    Likes Received:
    1,590
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Despicable, http://www.zdnet.com/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates-7000010038/
     
  15. Ted Todorov

    Ted Todorov Well-Known Member

    Joined:
    Aug 17, 2000
    Messages:
    2,944
    Likes Received:
    20
    It should be said that these "wonderful bonuses" are PC (Windows) only -- I guess Mac users are less likely to fall for such crap.
    Speaking of Flash removal -- I never really consciously removed it -- other than not installing it on my 2011 Mac Mini in the first place, but as my other Macs' Flash version got out of date, and Safari/OS X started blocking it, I realized I really didn't need it -- indeed I now had a terrific ad blocker -- so I never updated, and have been Flash free for over a year now. So no missed...
     
  16. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,980
    Likes Received:
    1,590
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    This one affects Mac users too. http://arstechnica.com/security/2013/02/adobe-issues-emergency-flash-update-for-attacks-on-windows-mac-users/
     
  17. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    16,618
    Likes Received:
    1,160
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    Yep. Need to update. Would be happy to,see flash die. But web still isn't usable without it.
     
  18. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,980
    Likes Received:
    1,590
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    So how do you get past that? You will forever be making excuses for it. You must be the change you want to see in the world. -Ghandi
     
  19. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    16,618
    Likes Received:
    1,160
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    I tried the Chrome backup idea, but having to launch Chrome, manually copy and paste the web address from Safari to Chrome, and reload a page of interest is too cumbersome. And I'm still using Flash, just in a more secure manner. Me being unable to get stuff done online does nothing to help the web and only wastes my time. So, Flash and Java it is.
     
  20. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,980
    Likes Received:
    1,590
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Use Open with!
     

Share This Page