I told you to remove java and flash from your macs! (1 Viewer)

Do it today if you haven't already!
http://allthingsd.com/20120406/whats-this-a-mac-virus-no-actually-its-a-weakness-in-java/

Java has traditionally been the root of the majority of windows virus as well. This is just the first one that tried to target Mac using java as the way in.

Either way,no time like the present to give it the boot. I haven't missed it once.

Oh , good. I do not even have it installed on my Mac. Thanks for the heads up, and the link!

I tried for six months and had to reinstall it. The web isn't usable without Flash.

And Java was needed for something I use online. I don't recall what, maybe OWA, but I had to keep it installed.

I guess I need to install an A/V app now. (sigh) (Which, allegedly, didn't catch this malware until well after it was in the wild.)

OWA doesn't use java. But your right, there are tons of sites that rely on it still

DaveF said:

I tried for six months and had to reinstall it. The web isn't usable without Flash.

And Java was needed for something I use online. I don't recall what, maybe OWA, but I had to keep it installed.

I guess I need to install an A/V app now. (sigh) (Which, allegedly, didn't catch this malware until well after it was in the wild.)

Click to expand...

Chrome and you are done. No machine wide flash.
Please do not bother to install an a/v program. Worse than useless.

I tried switching to Chrome.
Chrome doesn't sync by iCloud with .iOS Safari
Chrome's Flash also goes bonkers and crushes my CPU.

Chrome is a good desktop browser, its UI was just a bit weirder and less integrated into the Apple whole.

Detailed info on the issue.
http://www.macworld.com/article/1166254/what_you_need_to_know_about_the_flashback_trojan.html

Originally Posted by DaveF /t/319852/i-told-you-to-remove-java-and-flash-from-your-macs#post_3914478
I tried switching to Chrome.
Chrome doesn't sync by iCloud with .iOS Safari
Chrome's Flash also goes bonkers and crushes my CPU.

Chrome is a good desktop browser, its UI was just a bit weirder and less integrated into the Apple whole.

Click to expand...

Dave. if you want to continue to use Safari & Flash at least go install the Safari extension ClickToFlash. It will block all Flash content unless you specifically enable it. You can easily whitelist all trusted sites you use that require Flash.

I checked, and realized I had turned off Java in Safari after the first go 'round of this malware.

I should put ClickToFlash back on. I used it for a while, but it become so annoying have to click things twice to play videos, that I gave up and removed it. Then I tried removing Flash completely. But that turned out to be even more annoying. There's no trivial way to switch to Chrome to open a website to play a video.

And even if I do switch, my wife isn't going to switch from Safari without a real hard sell on my part. And then she'll be annoyed at me for making her switch from her preferred tool for the next year. It would be like switching her from Excel to Numbers, and that's not happening either.


(And look, as I type, having just played a Flash video in Safari and closed the tab, "Safari Web Content" is going nuts and at 85% of CPU.)

Ultimately, Apple has to deal with this. If they get painted with malware worries like Windows, their brand will suffer.

It's an Epidemic
http://daringfireball.net/2012/04/flashback_eword

I’d say a Mac malware outbreak that is more common, on a percentage basis, than the largest-ever Windows infection1 is without question more cases than expected, and thus, I was wrong: epidemic is indeed the right word. Cause for hysteria? No. But an epidemic? Yes.

Click to expand...

DaveF said:

Ultimately, Apple has to deal with this. If they get painted with malware worries like Windows, their brand will suffer.

Click to expand...

You chose to install Java. It does not ship with the OS.

Originally Posted by Sam Posten /t/319852/i-told-you-to-remove-java-and-flash-from-your-macs#post_3914946
You chose to install Java. It does not ship with the OS.

Click to expand...

Apple has it with 10.6. And it auto-installs when it detects it needs it. Apple was notified of the flaw which Oracle addressed 2 weeks ago. They didn't release the patch via update when it did. *shrug* Apple shipped it with all of their OS's until last year; so yes, for people who constantly update to the newest/latest/greatest OS, they got it.. but odds are, if you have 10.6 or before, you have Java.

Because Apple handles the update system for it, which is nice, they should update it.

*shrug* My gut tells me, though, that Mac has for a long time been not a target of those who wanted to send virus because it wasn't a big enough % of the desktop space, and thus it wasn't as hip.. yes, more secure also, but less attempts also factors in. We'll have to see how 2012 factors the whole thing in.. as a %, Daring Fireball has it right.. at no point in raw % did Windows have a virus this widespread (period). Though in sheer numbers, of course more. It all depends on how you look at it

What do I need to do to disable Java?

David-

Apple's response and info, including Java disable/etc.

https://discussions.apple.com/thread/3858557?start=0&tstart=0

Well I checked my machines and I'm not infected. As has been pointed out you have to a site that has the malware to get the infection. So as long as you go to known sites your pretty safe. I was using chrome for a while but I have had too many issues so I'm back to Safari.

Thanks for the Link mattCR

Originally Posted by Sam Posten /t/319852/i-told-you-to-remove-java-and-flash-from-your-macs#post_3914946
You chose to install Java. ....

Click to expand...

You do not understand how brand perception works...

Thanks Matt.
Do I need to disable both Java and JavaScipt?

The last thing Apple will say is "You chose to install Java" when they provided it through 10.6, and it auto-downloads on detection. It ranks up there with "you're holding it wrong"