Feeds

back to article Mac malware Crisis as Apple lets slip its Mountain Lion

Miscreants have developed a sophisticated multi-platform attack dog designed to maul Windows and Mac OS X computers. The malware comes bundled in an Java Archive file which pretends to be Adobe Flash Player, named AdobeFlashPlayer.jar. Inside the malicious archive is a .class file named WebEnhancer, and two files named win and …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Misleading Title

As my post history would show, no fan of Apple, but the title of this piece is more misleading than most!

Is a Java based nasty, not yet seen in the wild, really worthy of the word Crisis (Yes I know it's supposed to be a play on words).

I only ask, because it's the first time I've felt the need to change the text to something less click-baity when using the 'Tweet' button.

Of course, you can't view my post history as an admission of being a Twitter user demands that I post AC! Those bothered enough could quite quickly suss out who I am by checking Twitter though (if you want to waste your time, go ahead!)

4
3
Gold badge

Re: Misleading Title

Actually, El Reg is only repeating the offense - the real nasty is the Sophos blog which strikes me as trolling for hits (I don't think it's a coincidence that it contains the words "mountain Lion" on the day that is launched - to me that says "search engine bait")..

5
1
Bronze badge

Lions don't drink coffee

Java isn't included by default in OS X Lion or Mountain Lion. This considerably reduces the number of potential victims: from all users to just those who have gone to the trouble of downloading Java. I can't remember the last time I needed to use Java on my home computer.

2
0
Anonymous Coward

Re: Lions don't drink coffee

Is there a way to restrict Java to only work with some programs? I have Java loaded for LibreOffice and FreeMind, as far as I know there is nothing else that needs it (and I am seriously *NOT* OK with having it anywhere near Safari and Firefox)..

0
0
Happy

Re: Lions don't drink coffee

Firefox with 'Quick Java" extension?

0
0

Re: Lions don't drink coffee

you can disable java on the Safari preferences, which makes it a lot safer in this regard. still won't protect you if you open .jar files you downloaded, though.

1
0
Facepalm

Re: Lions don't drink coffee

You obviously don't have a Norwegian bank account. Java is required to log into internet banking websites in Norway. This means that a ten year old PC running XP is more secure than five year old Macbook running Leopard.

1
1
Silver badge
Linux

Wow, cross platform compatibility and no linux variant! Shame on you malware coders.

5
0

This post has been deleted by its author

Anonymous Coward

As if no games or decent apps wasn't bad enough, now even the malware coders don't want it.

3
5
Bronze badge
Mushroom

But why bother with ~0% market share. At least OS-X has a couple of percent....

1
7
Bronze badge
FAIL

Playing in the shadows

Apple assumes their users are dumb so they have come up with various ways to hide and disguise important files from casual access. Bundles make directories sometimes appear to be files. A shocking amount of critical data is placed into hidden directories starting with a period. 10.7+ even goes ludicrously far by hiding your personal "Library" folder from normal view. These areas are normal user directories so any application written in any language has permission to alter them. Essentially, Apple has gifted malware with big play areas without the assumedly dumb users being able to easily spot them.

4
3
Anonymous Coward

Just for technically illiterate sheep

Stupidity, lack of technical savvy and sheep mentality will get 'em.

In 5, 4, 3, . . .

Have fun Mac sheeples.

0
4
Silver badge
FAIL

Re: Just for technically illiterate sheep

(sigh)

"Sheep mentality"? Really? You're accusing Steve Jobs, the late Douglas Adams and even Richard Dawkins of having placid, ovine natures?

Yes, Apple have deliberately gone for a "gated community" approach. They've made no secret of this. Anyone who thinks otherwise clearly hasn't been paying attention.

Of course, if you're going to rip the piss out of a group of people on the grounds that they don't know much about your pet obsession, I assume you don't mind if those same people take the piss out of you for knowing sod all about police work, military tactics, education, writing, management, golf, 3D modelling, graphic design, rocket science, or neurosurgery.

3
1
Silver badge
FAIL

Java VM = malware portal

This has less to do with Mac vs Windows security as it has to do with Oracle continuing Sun's tradition of a bloated insecure slow memory hungry crap VM implementation. Really the only bigger unintentional malware portal you can install on your computer is Adobe Flash and Reader.

1
1
Bronze badge
Facepalm

Re: Java VM = malware portal

Applications have no security except for those placed on the current user. That goes for Java, Scala, Applescript, C, C++, Objective-C, PHP, Ruby, Bash, and everything else. Be happy that the viruses aren't being hand-coded in lean and mean x86-64 yet.

As for Java's speed - it depends on the quality of the code. Anti-aliased image rendering runs in Java just as well as C if given the same level of optimizations.

0
0
Silver badge
FAIL

Re: Java VM = malware portal

>Applications have no security except for those placed on the current user.

Funny that isn't the line Sun used to push Java. Something about being able fine tune permissions on the vm. But then again when your vm sandbox can easily be breached you are correct that your app then has no security (http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx). My point is the JRE is starting to accumulate CVE criticals as fast as Adobe's crap ware.

0
0
Silver badge
FAIL

Re: Java VM = malware portal

You can also include Oracle is bragging how secure java is also. Right on the download page it tells people "Java technology allows you to work and play in a secure computing environment.".

0
0
Silver badge

Re: Java VM = malware portal

>Applications have no security except for those placed on the current user.

Actually especially in windows this is not always true as well. A lot of malware takes advantage also of exploits in the OS to give itself root privileges instead of just the current user privileges.

0
0
Bronze badge
Mushroom

Re: Java VM = malware portal

Or you could install Linux. That has more security holes than even OS-X.

0
3
Bronze badge
Alert

No.....no that's not possible remember, macs are immune to viruses. You must be mistaken.

0
2
Happy

Don't need Java, and don't care.

well then its a good thing I refuse to run Java then isn't it?

0
0
Facepalm

Another "stupidity test" trojan....

So, for Macs, first you need to actually HAVE Java in the first place. Macs do not have this by default, so most end users likely won't have it, and they are weeded out.

Say you *do* have it installed: Then when it tries to run, you get a "bad certificate" warning regarding a program called "WebEnhancer". That's another red flag.

Only when you click through THAT, are you infected.

You need to be REALLY stupid to go THAT far....

0
0
FAIL

How Much Redmond Money Did Flow For This Crap News ??

Once again "malware" which must be installed by entering a root password. One more lame attempt to make everybody look as shitty as windows.

The M$ faction also deploys their shitty memes like "it all depends on critical mass" and "all computers are equally shitty".

This is a FAAAIIIILLLL.

1
0

Re: How Much Redmond Money Did Flow For This Crap News ??

From where did you get the requirement to enter any password? All I see in the article relating to passwords is: "The threat can install itself on Mac systems without requiring a password.". The linked article also makes no mention of requiring passwords.

0
0
Anonymous Coward

"10.7+ even goes ludicrously far by hiding your personal "Library" folder from normal view"

Much like Windows 7 hides the "AppData" folder, or $linux_desktop hides config folders - all have the same issue.

0
0
Anonymous Coward

bahh, iceburgs, nonsense... full steam ahead

0
0
Black Helicopters

I'm wondering if the time has come to disable Java on my machines. Can't really see the point of it anyway.

0
0
Linux

App Stores & Repositories

Desktop Linux Distros normally use Software repositories. They're alot like an App Store but without the corporate arrogance. So although in principle Linux may not be much different to Mac (although it IS vs Windose 'cos of the default Admin level Users), Mac users install from anywhere! Surely this is quite a bit safer (and therefore the Critical Mass argument is wrong).

PS I like the Gated Community Analogy

1
0
Bronze badge
Mushroom

Re: App Stores & Repositories

Yes - and it means that Linuxs servers need internet access to update or install anything new - a big security no no. Servers should never have internet access unless it is part of their function.

0
4
Anonymous Coward

Re: Linux servers need internet access

You're being a little misleading there though aren't you?

To make it simple, they need access to a package repository to update, granted, but that repository can be anywhere you like. You're free to put an up-to-date copy of a repository (preferably just the packages you're interested in) on some trusted storage and use that instead.

If you're going to do it properly you should have your own vetting procedure for what does and does not make the cut for your internal repository, and vet updates against your own security standards.

2
0
Bronze badge
Mushroom

Re: Linux servers need internet access

Yes, done that. Circa 200 vulnerabilities to review for Windows 2008 R2, and 3500 for SUSE 10...

0
4
Anonymous Coward

Re: Linux servers need internet access

If you've done that, then why are you claiming that Linux servers need internet access and are therefore insecure?

We aren't talking about vulnerability counts here, because then someone will point out that comparing discovered bugs in closed- vs open-source software is apples/oranges at best and you'll get upset

0
0
Bronze badge
Mushroom

Both are round fruit that grow on trees - not that far apart....

0
1

Page:

This topic is closed for new posts.