Mac malware Crisis as Apple lets slip its Mountain Lion
Miscreants have developed a sophisticated multi-platform attack dog designed to maul Windows and Mac OS X computers. The malware comes bundled in an Java Archive file which pretends to be Adobe Flash Player, named AdobeFlashPlayer.jar. Inside the malicious archive is a .class file named WebEnhancer, and two files named win and …
This topic is closed for new posts.
Misleading Title
As my post history would show, no fan of Apple, but the title of this piece is more misleading than most!
Is a Java based nasty, not yet seen in the wild, really worthy of the word Crisis (Yes I know it's supposed to be a play on words).
I only ask, because it's the first time I've felt the need to change the text to something less click-baity when using the 'Tweet' button.
Of course, you can't view my post history as an admission of being a Twitter user demands that I post AC! Those bothered enough could quite quickly suss out who I am by checking Twitter though (if you want to waste your time, go ahead!)
Re: Misleading Title
Actually, El Reg is only repeating the offense - the real nasty is the Sophos blog which strikes me as trolling for hits (I don't think it's a coincidence that it contains the words "mountain Lion" on the day that is launched - to me that says "search engine bait")..
Lions don't drink coffee
Java isn't included by default in OS X Lion or Mountain Lion. This considerably reduces the number of potential victims: from all users to just those who have gone to the trouble of downloading Java. I can't remember the last time I needed to use Java on my home computer.
Re: Lions don't drink coffee
Is there a way to restrict Java to only work with some programs? I have Java loaded for LibreOffice and FreeMind, as far as I know there is nothing else that needs it (and I am seriously *NOT* OK with having it anywhere near Safari and Firefox)..
Re: Lions don't drink coffee
Firefox with 'Quick Java" extension?
Re: Lions don't drink coffee
you can disable java on the Safari preferences, which makes it a lot safer in this regard. still won't protect you if you open .jar files you downloaded, though.
Re: Lions don't drink coffee
You obviously don't have a Norwegian bank account. Java is required to log into internet banking websites in Norway. This means that a ten year old PC running XP is more secure than five year old Macbook running Leopard.
Wow, cross platform compatibility and no linux variant! Shame on you malware coders.
As if no games or decent apps wasn't bad enough, now even the malware coders don't want it.
But why bother with ~0% market share. At least OS-X has a couple of percent....
Playing in the shadows
Apple assumes their users are dumb so they have come up with various ways to hide and disguise important files from casual access. Bundles make directories sometimes appear to be files. A shocking amount of critical data is placed into hidden directories starting with a period. 10.7+ even goes ludicrously far by hiding your personal "Library" folder from normal view. These areas are normal user directories so any application written in any language has permission to alter them. Essentially, Apple has gifted malware with big play areas without the assumedly dumb users being able to easily spot them.
Just for technically illiterate sheep
Stupidity, lack of technical savvy and sheep mentality will get 'em.
In 5, 4, 3, . . .
Have fun Mac sheeples.
Re: Just for technically illiterate sheep
(sigh)
"Sheep mentality"? Really? You're accusing Steve Jobs, the late Douglas Adams and even Richard Dawkins of having placid, ovine natures?
Yes, Apple have deliberately gone for a "gated community" approach. They've made no secret of this. Anyone who thinks otherwise clearly hasn't been paying attention.
Of course, if you're going to rip the piss out of a group of people on the grounds that they don't know much about your pet obsession, I assume you don't mind if those same people take the piss out of you for knowing sod all about police work, military tactics, education, writing, management, golf, 3D modelling, graphic design, rocket science, or neurosurgery.
Java VM = malware portal
This has less to do with Mac vs Windows security as it has to do with Oracle continuing Sun's tradition of a bloated insecure slow memory hungry crap VM implementation. Really the only bigger unintentional malware portal you can install on your computer is Adobe Flash and Reader.
Re: Java VM = malware portal
Applications have no security except for those placed on the current user. That goes for Java, Scala, Applescript, C, C++, Objective-C, PHP, Ruby, Bash, and everything else. Be happy that the viruses aren't being hand-coded in lean and mean x86-64 yet.
As for Java's speed - it depends on the quality of the code. Anti-aliased image rendering runs in Java just as well as C if given the same level of optimizations.
Re: Java VM = malware portal
>Applications have no security except for those placed on the current user.
Funny that isn't the line Sun used to push Java. Something about being able fine tune permissions on the vm. But then again when your vm sandbox can easily be breached you are correct that your app then has no security (http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx). My point is the JRE is starting to accumulate CVE criticals as fast as Adobe's crap ware.
Re: Java VM = malware portal
You can also include Oracle is bragging how secure java is also. Right on the download page it tells people "Java technology allows you to work and play in a secure computing environment.".
Re: Java VM = malware portal
>Applications have no security except for those placed on the current user.
Actually especially in windows this is not always true as well. A lot of malware takes advantage also of exploits in the OS to give itself root privileges instead of just the current user privileges.
Re: Java VM = malware portal
Or you could install Linux. That has more security holes than even OS-X.
No.....no that's not possible remember, macs are immune to viruses. You must be mistaken.
Don't need Java, and don't care.
well then its a good thing I refuse to run Java then isn't it?
Another "stupidity test" trojan....
So, for Macs, first you need to actually HAVE Java in the first place. Macs do not have this by default, so most end users likely won't have it, and they are weeded out.
Say you *do* have it installed: Then when it tries to run, you get a "bad certificate" warning regarding a program called "WebEnhancer". That's another red flag.
Only when you click through THAT, are you infected.
You need to be REALLY stupid to go THAT far....
How Much Redmond Money Did Flow For This Crap News ??
Once again "malware" which must be installed by entering a root password. One more lame attempt to make everybody look as shitty as windows.
The M$ faction also deploys their shitty memes like "it all depends on critical mass" and "all computers are equally shitty".
This is a FAAAIIIILLLL.
Re: How Much Redmond Money Did Flow For This Crap News ??
From where did you get the requirement to enter any password? All I see in the article relating to passwords is: "The threat can install itself on Mac systems without requiring a password.". The linked article also makes no mention of requiring passwords.
"10.7+ even goes ludicrously far by hiding your personal "Library" folder from normal view"
Much like Windows 7 hides the "AppData" folder, or $linux_desktop hides config folders - all have the same issue.
I'm wondering if the time has come to disable Java on my machines. Can't really see the point of it anyway.
App Stores & Repositories
Desktop Linux Distros normally use Software repositories. They're alot like an App Store but without the corporate arrogance. So although in principle Linux may not be much different to Mac (although it IS vs Windose 'cos of the default Admin level Users), Mac users install from anywhere! Surely this is quite a bit safer (and therefore the Critical Mass argument is wrong).
PS I like the Gated Community Analogy
Re: App Stores & Repositories
Yes - and it means that Linuxs servers need internet access to update or install anything new - a big security no no. Servers should never have internet access unless it is part of their function.
Re: Linux servers need internet access
You're being a little misleading there though aren't you?
To make it simple, they need access to a package repository to update, granted, but that repository can be anywhere you like. You're free to put an up-to-date copy of a repository (preferably just the packages you're interested in) on some trusted storage and use that instead.
If you're going to do it properly you should have your own vetting procedure for what does and does not make the cut for your internal repository, and vet updates against your own security standards.
Re: Linux servers need internet access
Yes, done that. Circa 200 vulnerabilities to review for Windows 2008 R2, and 3500 for SUSE 10...
Re: Linux servers need internet access
If you've done that, then why are you claiming that Linux servers need internet access and are therefore insecure?
We aren't talking about vulnerability counts here, because then someone will point out that comparing discovered bugs in closed- vs open-source software is apples/oranges at best and you'll get upset
Both are round fruit that grow on trees - not that far apart....
This topic is closed for new posts.
