Jump to content



Sign up for a free account to remove the pop-up ads

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests and remove the pop-up ads that guests get. Click here to create your free account.

Photo
- - - - -

I told you to remove java and flash from your macs!


  • You cannot start a new topic
  • Please log in to reply
53 replies to this topic

#21 of 54 OFFLINE   Ken Chan

Ken Chan

    Producer



  • 3,302 posts
  • Join Date: Apr 11 1999

Posted April 10 2012 - 02:55 PM

On Lion, Java does not silently auto-install, it will prompt you if you launch it from the shell. It does not auto-install at all from within Safari; you get "Missing Plug-In" as usual.

So as long as you go to known sites your pretty safe.

By some measure of "pretty" safe. The problem is that your known sites can get hacked and malware gets inserted. Of course, your known sites can also store your credentials in an insecure way. Plenty of ways to get burned. You can also reduce your chances of getting in an auto accident by never leaving your house....

#22 of 54 OFFLINE   dmiller68

dmiller68

    Supporting Actor



  • 667 posts
  • Join Date: Sep 29 2009

Posted April 10 2012 - 03:57 PM


I agree as an owner of a website and Architect for a major on-line brokerage there are a million ways to have your computer infected or identity compromised. I was trying to not get into a battle about how safe MAC's are as there are people with very strong opinions here. I have been down this path a few times.
 


Quote:

Originally Posted by Ken Chan /t/319852/i-told-you-to-remove-java-and-flash-from-your-macs#post_3915174

On Lion, Java does not silently auto-install, it will prompt you if you launch it from the shell. It does not auto-install at all from within Safari; you get "Missing Plug-In" as usual.
By some measure of "pretty" safe. The problem is that your known sites can get hacked and malware gets inserted. Of course, your known sites can also store your credentials in an insecure way. Plenty of ways to get burned. You can also reduce your chances of getting in an auto accident by never leaving your house....



 

Equipment: Panasonic TC-P65VT25, Panasonic DMP-BDT100, Pioneer Elite SC-37, TiVo Premiere XL, Limited Edition MW3 XBOX 360s with Kinect, Apple TV
Speakers: Definitive Technology Mythos XTR60 (3), Definitive Technology Mythos XTR20BP (4), Definitive Technology SuperCube II


#23 of 54 OFFLINE   DaveF

DaveF

    Moderator



  • 14,565 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted April 10 2012 - 04:25 PM

My issue -- and why I don't care who's fault it really is -- is it erodes the easiness of a Mac.   I bought in 2007 and I didn't worry about this. There simply wasn't any in-the-wild threats to worry about. Even the first iteration of this malware in 2010(?) vectored through pirated iWork software.   But this development of drive-by malware, simply view a website and your computer is infected, it brings back bad memories of the bad old days of Windows 95, where simply viewing an email or visiting a bad website and your computer was compromised.    I'm not wringing my hands in active worry, but this is a watershed for OS X systems in my view. I now have to think about viruses and trojans on my Mac. I have to actively think about the installation of bog-standard stuff from major companies. I'm not abandoning my Mac for this (and definitely not my wife). This doesn't change my daily home use, though I'll have to pay better attention to virus news and think more carefully about AV software on our machines. It nibbles a bit at my enthusiasm for the brand.   Nothing like finding out OS X 10.9 will be codenamed "Jar Jar", but still, not a pleasing development ;)

#24 of 54 OFFLINE   mattCR

mattCR

    Executive Producer



  • 10,126 posts
  • Join Date: Oct 05 2005
  • Real Name:Matt
  • LocationOverland Park, KS

Posted April 10 2012 - 05:05 PM




Quote:

Originally Posted by Ken Chan /t/319852/i-told-you-to-remove-java-and-flash-from-your-macs#post_3915174

On Lion, Java does not silently auto-install, it will prompt you if you launch it from the shell. It does not auto-install at all from within Safari; you get "Missing Plug-In" as usual.
By some measure of "pretty" safe. The problem is that your known sites can get hacked and malware gets inserted. Of course, your known sites can also store your credentials in an insecure way. Plenty of ways to get burned. You can also reduce your chances of getting in an auto accident by never leaving your house....



Ken, I agree.. I think that's why I kept saying "on 10.6"  (IE, NOT Lion).   Prior to Lion, it did Auto install, and in fact, the installables were present on discs up until 2011.   So, that's a big difference.   But you can't assume all Mac users are on 10.7.   Hell, you've still got a lot of people on Non-Intel Macs, believe it or not ;)

trakt.tv

Ask Me about HTPC! (Threads in HTPC / PMs always responded to)

This signature is povided by MediaBrowser 3 Trakt Plugin: Media Browser 3


#25 of 54 OFFLINE   DaveF

DaveF

    Moderator



  • 14,565 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted April 10 2012 - 05:28 PM

http://www.marco.org...lashback-trojan   Quoting Marco Arment (whom I find agreeable in reviews, but half of you don't :)    
Quote:
I’ve already had a few normal people (non-geeks) ask me about Flashback. It’s huge. It has significantly damaged the Mac’s reputation among consumers of being a safe, malware-free platform.   Apple has always been embarrassingly slow to issue patches for known vulnerabilities. This one’s inexcusable. It’s time for Apple to make significant personnel and policy changes around software security.
   

#26 of 54 OFFLINE   Sam Posten

Sam Posten

    Moderator



  • 17,398 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted April 11 2012 - 04:31 AM

As noted in that discussion page, Apple is working on a (presumably) easy to use removal tool: http://www.loopinsig...e-removal-tool/

I lost my signature and all I got was this Nutter t-shirt


#27 of 54 OFFLINE   Michael_K_Sr

Michael_K_Sr

    Screenwriter



  • 1,346 posts
  • Join Date: Aug 14 2005
  • Real Name:MichaelK
  • LocationChicago 'burbs

Posted April 12 2012 - 02:33 PM

And it has arrived...

New Java update from Apple removes Flashback malware

#28 of 54 OFFLINE   Sam Posten

Sam Posten

    Moderator



  • 17,398 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted August 28 2012 - 10:58 AM

Another possible major rutroh, too early to tell:
http://www.theregist..._block_exploit/

Good and bad news:
http://www.macrumors...-risks-to-macs/

Update: CNET noted earlier today that most Mac users are not currently susceptible to the issue, as Java 7 is not installed by default on Macs. The current version of Java installed on Mac remains Java 6 for the time being, so users would have to have manually updated to Java 7 in order for their systems to be vulnerable.


I lost my signature and all I got was this Nutter t-shirt


#29 of 54 OFFLINE   Sam Posten

Sam Posten

    Moderator



  • 17,398 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted January 10 2013 - 03:31 AM

Derp. http://arstechnica.c...ed-in-the-wild/

I lost my signature and all I got was this Nutter t-shirt


#30 of 54 OFFLINE   DaveF

DaveF

    Moderator



  • 14,565 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted January 11 2013 - 12:53 PM

I'm back to using both flash and java. I was forced to admit the web isn't usable on the desktop without flash (and switching to Chrome for flash use is impractical). And I had to have java for the harmony one software. Sigh.

#31 of 54 OFFLINE   Ken Chan

Ken Chan

    Producer



  • 3,302 posts
  • Join Date: Apr 11 1999

Posted January 13 2013 - 10:09 AM

You can still have Java installed for "desktop" applications. The important thing is to disable the Java plugin in your browser(s), which enables the drive-by malware. Recent versions of OS X disable it automatically, and re-disable it if you haven't used it in a week or two.

#32 of 54 OFFLINE   Keith Plucker

Keith Plucker

    Screenwriter



  • 1,055 posts
  • Join Date: Feb 04 1999
  • LocationSacramento

Posted January 14 2013 - 04:09 AM

Oracle has updated Java. -Keith
As far as I'm concerned, it's a damned shame that a field as potentially dynamic and vital as journalism should be overrun with dullards, bums, and hacks, hag-ridden with myopia, apathy, and complacence, and generally stuck in a bog of stagnant mediocrity. - Hunter S. Thompson, 1958, from cover letter he wrote for a newspaper job.


#33 of 54 OFFLINE   Sam Posten

Sam Posten

    Moderator



  • 17,398 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted January 14 2013 - 08:54 AM

Easier to just kill it with fire.

I lost my signature and all I got was this Nutter t-shirt


#34 of 54 OFFLINE   Sam Posten

Sam Posten

    Moderator



  • 17,398 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted January 23 2013 - 01:46 AM

Despicable, http://www.zdnet.com...tes-7000010038/

I lost my signature and all I got was this Nutter t-shirt


#35 of 54 OFFLINE   Ted Todorov

Ted Todorov

    Screenwriter



  • 2,899 posts
  • Join Date: Aug 17 2000

Posted January 26 2013 - 04:26 PM

Originally Posted by Sam Posten 

Despicable,
http://www.zdnet.com...tes-7000010038/

It should be said that these "wonderful bonuses" are PC (Windows) only -- I guess Mac users are less likely to fall for such crap.

Speaking of Flash removal -- I never really consciously removed it -- other than not installing it on my 2011 Mac Mini in the first place, but as my other Macs' Flash version got out of date, and Safari/OS X started blocking it, I realized I really didn't need it -- indeed I now had a terrific ad blocker -- so I never updated, and have been Flash free for over a year now.  So no missed...
Hold on tightly, let go lightly.

 


#36 of 54 OFFLINE   Sam Posten

Sam Posten

    Moderator



  • 17,398 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted February 08 2013 - 01:09 AM

This one affects Mac users too. http://arstechnica.c...dows-mac-users/

I lost my signature and all I got was this Nutter t-shirt


#37 of 54 OFFLINE   DaveF

DaveF

    Moderator



  • 14,565 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted February 08 2013 - 01:37 PM

Yep. Need to update. Would be happy to,see flash die. But web still isn't usable without it.

#38 of 54 OFFLINE   Sam Posten

Sam Posten

    Moderator



  • 17,398 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted February 09 2013 - 10:02 AM

So how do you get past that? You will forever be making excuses for it. You must be the change you want to see in the world. -Ghandi

I lost my signature and all I got was this Nutter t-shirt


#39 of 54 OFFLINE   DaveF

DaveF

    Moderator



  • 14,565 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted February 09 2013 - 01:35 PM

I tried the Chrome backup idea, but having to launch Chrome, manually copy and paste the web address from Safari to Chrome, and reload a page of interest is too cumbersome. And I'm still using Flash, just in a more secure manner. Me being unable to get stuff done online does nothing to help the web and only wastes my time. So, Flash and Java it is.

#40 of 54 OFFLINE   Sam Posten

Sam Posten

    Moderator



  • 17,398 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted February 11 2013 - 04:20 AM

Use Open with!

I lost my signature and all I got was this Nutter t-shirt





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users