Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Version of Flashback Trojan Targets Mac Users

timothy posted more than 2 years ago | from the for-more-shiny-enter-password dept.

Security 160

wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."

cancel ×

160 comments

Sorry! There are no comments related to the filter you selected.

First (-1, Troll)

Anonymous Coward | more than 2 years ago | (#39161853)

Apples are for homosexuales, le fruitcaques. Also, Bonch is a faggot.

Re:First (-1)

Anonymous Coward | more than 2 years ago | (#39161861)

sounds like someone who will say in the next sentence "BTW: this was written on a MAC"

Re:First (0)

jjjhs (2009156) | more than 2 years ago | (#39162369)

You can surely fit that sentence in 48-bits. Or help you send that message. Mandatory Access Controls wont prevent you from saying that either. In Biology we learned about the Membrane Attack Complex. Mid Air Collisions aren't very common.

Re:First (-1)

EdIII (1114411) | more than 2 years ago | (#39162119)

Apples are for homosexuales, le fruitcaques. Also, Bonch is a faggot.

You do realize the irony right? Nothing sounds manly, or heterosexuale, when you say it in French.

Re:First (-1, Troll)

Ethanol-fueled (1125189) | more than 2 years ago | (#39162173)

Sorry, fellas.

I posted that from a bar, using a Mac(it wasn't a gay bar, but apparently Macs are in style everywhere now). OSX has its own autocorrect algorithm, and it's their way or the highway. I didn't pay attention to the autocorrect when I submitted the post.

My original post was about how Dying Fetus [wikipedia.org] is a good band. Somehow the Mac autocorrect feature misinterpreted my words.

Apologies to the offended homosexuals.

Re:First (-1)

Anonymous Coward | more than 2 years ago | (#39162315)

Sorry, fellas. I posted that from a bar, using a Mac(it wasn't a gay bar, but apparently Macs are in style everywhere now). OSX has its own autocorrect algorithm, and it's their way or the highway. I didn't pay attention to the autocorrect when I submitted the post. My original post was about how Dying Fetus [wikipedia.org] is a good band. Somehow the Mac autocorrect feature misinterpreted my words. Apologies to the offended homosexuals.

What about all the offended gay niggers? Do you apologize to them too?

Re:First (0)

Anonymous Coward | more than 2 years ago | (#39162665)

You do realize the irony right?

Well maybe.

But the Trojans were actually from Troy, which is in Turkey, not France, though apparently they didn't mind it Greek style occasionally.

Coincidentally, Mac users are also the group most likely to be familiar with Trojans in their back ends, so it's more a lifestyle choice than malware for them.

Re:First (1)

TheRaven64 (641858) | more than 2 years ago | (#39163259)

But the Trojans were actually from Troy, which is in Turkey, not France, though apparently they didn't mind it Greek style occasionally.

Way off topic, but the Greeks actually refer to that as 'Turkish style'...

But I thought... (0, Troll)

Anonymous Coward | more than 2 years ago | (#39161859)

I thought Macs were completely immune to viruses and worms! Steve Jobs told me so!

Re:But I thought... (5, Informative)

jo_ham (604554) | more than 2 years ago | (#39161887)

I know you're trolling, but no he didn't.

He did say they were much less likely, but it has never been the case that Macs were immune. There has been a history of malware on the Mac since the pre-OS X days.

Far fewer viruses in the OS X era though (relative to earlier Mac OSes), but several trojans - usually in pirate software (like the infamous "pretends to be MS Office installer but really destroys your home folder" one).

Vigilance is necessary on all platforms, especially against trojans, since they tend to exploit the common weak link in computer security - the user of the system.

Re:But I thought... (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39161935)

If you remember the "I'm a PC" and "I'm a Mac" commercials, the gist of several of the ads was that Macs COULDN'T be compromised like PCs.

While geeks always new better, I think the point the OP was trying to make is that the majority of Mac users, those who "just want it to work", were sold on the idea that they weren't succeptibal to viruses and malware.

Re:But I thought... (1, Informative)

Anonymous Coward | more than 2 years ago | (#39161993)

Susceptible.

You're obviously on a computing device connected to the Internet so why not take a few seconds to look up a word if you don't know how it's spelled?

Re:But I thought... (1)

Taty'sEyes (2373326) | more than 2 years ago | (#39162137)

You missed his usage of the word "new"...

Re:But I thought... (4, Informative)

Sancho (17056) | more than 2 years ago | (#39162139)

I don't think they ever said "couldn't" or "can't", but instead said, "don't."

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162881)

potaeto, potato

Re:But I thought... (5, Insightful)

hal2814 (725639) | more than 2 years ago | (#39161967)

Vigilance is very important on all platforms. The worst infection I ever had was on a Solaris 9 box. Some piece of garbage zombie bot took advantage of a weakness in CDE. Who the hell targets CDE?!

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162325)

Seems to me I remember a CDE vulnerability from way back.
http://www.iss.net/security_center/reference/vuln/RPC_Cmsd_Overflow.htm

Re:But I thought... (1)

stephanruby (542433) | more than 2 years ago | (#39162859)

Who the hell targets CDE?!

Blind people?

Re:But I thought... (4, Insightful)

LordLimecat (1103839) | more than 2 years ago | (#39162009)

The "Im a PC ads" certainly made that statement. Youre not going to look at this ad...
http://www.youtube.com/watch?v=GQb_Q8WRL_g [youtube.com] ...and tell me that the implication isnt supposed to be that "Macs are immune to viruses".

I also find it telling that folks who are not very technical and not qualified to comment on the security of an OS somehow have this idea that Macs cant get viruses. Now where do you suppose that assumption comes from?

Re:But I thought... (3, Insightful)

Anonymous Coward | more than 2 years ago | (#39162045)

That commercial did not, in fact, make the statement that "Macs are immune to viruses."

It did say that there were "114,000 known viruses for PCs" to which the Mac replies "PCs. Not Macs."

It's worded in such a way that your casual listener will likely believe "Oh, Macs don't get PCs", but it's ALSO worded so that Apple could easily argue that they merely meant that there are simply *not* 114,000 viruses for Macs. Maybe there's 100,000. Maybe 150,000. Maybe 0. But they didn't say outright, "Macs don't get viruses."

It's their fault that everyone heard it that way and that everyone assumes that, but really. They never said Macs don't get viruses.

And yes, I agree. Fuck Apple and their wordplay.

Re:But I thought... (4, Insightful)

I(rispee_I(reme (310391) | more than 2 years ago | (#39162405)

That commercial did not, in fact, make the statement that "Macs are immune to viruses."

It did say that there were "114,000 known viruses for PCs" to which the Mac replies "PCs. Not Macs."

What about this one [youtube.com] ?

It says, "I run Mac OS X, so I don't have to worry about your spyware and viruses."

I suppose the argument could be made that the commercial meant that the person running OS X didn't have to worry about anyone's spyware and viruses but his own (due to the word "your"), but only someone who was already on guard against Apple's duplicitous salesmanship would interpret the commercial in that way.

**** BEGIN PEDANTRY DETERRENCE ****
**** REASONABLE READERS MAY DISREGARD ****

Also, because the Mac representative has spent the previous entirety of the commercial scoffing at the PC representative's paranoia, there is a much more obvious and likely meaning of "your spyware and viruses", as in, "Take your average virus, for example. It doesn't worry me." This usage of "your" does not convey possession (by the PC representative), and thus does not distinguish between viruses and spyware by platform.

**** END PEDANTRY DETERRENCE ****

The commercial clearly suggests that Mac OS X boasts some special resistance or protection (immunity, perhaps?) against spyware and viruses that saves its users the trouble of worrying about same.

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162551)

>It says, "I run Mac OS X, so I don't have to worry about your spyware and viruses."

And I don't. Yours, as in Windows, or yours, as in generally. This is a TROJAN. Do you even understand the difference?

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162797)

This is a SPYWARE TROJAN. Do you even understand what spyware means?

QED, Mac users don't know shit about security, they know that "it just works" and "don't have to worry about spyware and viruses".

Re:But I thought... (1)

mikael_j (106439) | more than 2 years ago | (#39163075)

Spyware is software, the SPIES on you. A virus is a self-propagating program. A trojan is a piece of malware disquised as something else. Ergo, spyware trojan is not the same as a spyware virus. Semantics, yes, but it's better than calling everything a virus.

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162483)

That commercial did not, in fact, make the statement that "Macs are immune to viruses."
It's their fault that everyone heard it that way and that everyone assumes that, but really. They never said Macs don't get viruses.

They never uttered that phrase, but that was exactly the message the ads were intended to deliver.

There is more than one definition of the word "statement", it can be a literal phrase or the general idea which is conveyed. So it is not entirely incorrect to say that Apple did in fact make such a statement or claim... just not verbatim.

But the end is the same- most Mac users really do think they have some special kind of protection. To the point where they often refuse to accept that an internet connection with a Mac on one end can fall victim to any sort of attack at all.

Re:But I thought... (0)

Barsteward (969998) | more than 2 years ago | (#39162759)

they should have been a lot more specific and say "Windows PC" as the Mac is a Personal Computer as well.

"not immune" != "just as bad as a PC" (1)

Brannon (221550) | more than 2 years ago | (#39162049)

Security has always been and will always be a question of reducing the frequency and impact of escapes--anyone who thinks otherwise is "not very technical and not qualified to comment."

Macs are safer than Windows PCs. IOS is safer than Android.

Re:"not immune" != "just as bad as a PC" (0)

Anonymous Coward | more than 2 years ago | (#39162165)

Since the moment that opening a PDF can gain total control of your phone... I would rethink that statement

Re:"not immune" != "just as bad as a PC" (1, Informative)

EdIII (1114411) | more than 2 years ago | (#39162175)

I'm sorry, with all due respect, that is bullshit.

The only reason why Macs are perceived as more secure is because they have less market share, and therefore less interest to those who make the malware. Period.

So if I go out in the middle of nowhere in the desert and build a house, it is kind of stupid for me to claim that my house is safer just because nobody tried to rob it in 15 years.

Sony was thought of as impenetrable with their PS3. Pissed the wrong people off when they removed the OtherOS support... and lo and behooooold.... security was destroyed. I can download over 200 PS3 games right now with all sorts of firmware and methods to "pwn" the PS3. I hate Sony so I have no interest in giving them money for that POS.

It's about interest and if the "right" people have an interest in compromising security on an operating system, it gets compromised.

You can sit there all you want and "think" FreeBSD, and specifically Apple's variant, is more secure by design... but just wait and see what happens. Success will be Apple's greatest enemy on that front.

No operating system is without flaws and no operating system can withstand a sustained attack from millions of people looking for one. All you can do is best practices, pay attention to critical updates, and actually pay attention to logs. Basically don't treat security as something passive that requires no work on your part.

P.S - Look up the PwnToOwn contest and try telling us again that Macs are safer than Windows. Based on what??

Re:"not immune" != "just as bad as a PC" (5, Insightful)

Daniel Dvorkin (106857) | more than 2 years ago | (#39162265)

The only reason why Macs are perceived as more secure is because they have less market share, and therefore less interest to those who make the malware.

-1, Security Through Obscurity.

I'll remind you yet again that in the pre-OS X era, there was quite a bit of Mac malware floating around; never as much for DOS/Windows PCs, to be sure, but still a lot of it. At a rough guess, it existed about in proportion to the relative market share of the Mac OS ... which kind of gives credence to the market share argument, except that when OS X became the standard, the number dropped to damn near zero, and stayed there for many years. There's more OS X malware out there than there used to be, now, but the proportion is still nowhere near the market share of OS X relative to Windows. And the vast majority of exploits are, like this one, browser-based, rather than targeting the OS itself.

In short, the market share argument is just as much bullshit as security-through-obscurity arguments always are.

Re:"not immune" != "just as bad as a PC" (2)

Ameryll (2390886) | more than 2 years ago | (#39162429)

"The only reason why Macs are perceived as more secure is because they have less market share, and therefore less interest to those who make the malware."

That may be why techies believe it, but then they tell their non-techie friends who just spread the word that macs are immune to viruses. I know a lot of people who tell others that they're immune to viruses without knowing why that might be.

Worst I had a teacher, whom I was a TA for, telling freshmen that macs couldn't get viruses. If I recall correctly his logic was they they were unix and therefore the open source nature had eliminated all bugs.

Re:"not immune" != "just as bad as a PC" (1, Offtopic)

philip.paradis (2580427) | more than 2 years ago | (#39162339)

So if I go out in the middle of nowhere in the desert and build a house, it is kind of stupid for me to claim that my house is safer just because nobody tried to rob it in 15 years.

You might want to pick a better analogy. Many criminals have specifically targeted houses built in remote/rural locations, because of a perceived lessening of the odds that neighbors will notice their activities (there aren't any neighbors, or they're half a mile down a dirt road), coupled with greatly increased police response times.

The understood risk with such plans is the somewhat increased likelihood that the residents will own firearms and know how to use them, but rural homes getting assaulted, the inhabitants being raped and murdered, and the homes getting burned to the ground afterward aren't exactly unheard of.

Side note: Yes, there's a dirt road in front of my residence. There's also a rifle ten feet away from me.

Re:"not immune" != "just as bad as a PC" (1, Insightful)

optimism (2183618) | more than 2 years ago | (#39163101)

The only reason why Macs are perceived as more secure is because they have less market share, and therefore less interest to those who make the malware. Period.

Nah. Macs are perceived as more secure because Apple ~advertises~ them that way.

PCs are perceived as less secure because the mainstream (Windows/PC) software ecosystem, including FUD miscreants like Symantec, McAfee, and Trend Micro, market their products and maintain their control via scare tactics. They make malware sound more pervasive and damaging than it is. Ironically, most of the damage comes from their products.

The reality is that Macs and PCs are of approximately equal value to malware authors. PCs, because there are more of them. Macs, because they are generally higher-value targets.

Don't kid yourself based on the advertising and marketing.

fwiw I supported hundreds of Macs in the late 80s/early 90s, and viruses were a huge issue even then. We spent almost as much time removing viruses, as we did recovering files from corrupted floppies. :)

Re:But I thought... (0)

jo_ham (604554) | more than 2 years ago | (#39162073)

Look at it carefully. It does not make that statement. As I mentioned in another comment, they lie by omission, because they're talking about the PC.

The phrase "last year there were 114,000 known viruses for PC... yeah but not Mac..." is accurate. What it doesn't mean is that it's immune. They can't state that (and don't) because it isn't true.

And the idea that less tech savvy people believing that Macs can't get viruses is probably from personal experience. There have been a handful of viruses for OS X in the decade that it's been the primary OS for the Mac, and most of them were proof of concept efforts.

Plenty of trojans though, some of which have been quite sophisticated, most of them have simply been installers that claim to be for another program, downloaded from torrent sites.

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162767)

Shut the fuck up.

Re:But I thought... (-1)

MeNeXT (200840) | more than 2 years ago | (#39162127)

On a Mac and a typical UNIX system the apps are run in a sandbox with limited permissions keeping them tied to the user. If the user gets compromised the system is not affected. On Windows there is a user called System and most programs need to be installed/run as the system user which gives a virus Trojan unlimited access to the full system.

Macs can get viruses but they will be limited to the user. If you have a knowledgeable user on a Mac he can run the system securely with out a need for a virus scanner. Unfortunately on Windows you do not have this option. Yes Windows has improved considerably but most applications will not install unless Administrator installs them and they then can be run as system. This is only one simple example of how the two systems are different but it makes a big difference. There are many others.

You can have stupid users on Mac who install everything from everywhere and run their system as root or the main user but once burnt they learn and have a means to protect themselves. Now I've never ran an anti-virus on an UNIX system I own, including my Macs, but I would never run a Windows system without it. The stupid users may grow but the knowledgeable users will not be affected.

Re:But I thought... (0)

Attila Dimedici (1036002) | more than 2 years ago | (#39162183)

You have the option on Windows of not running as Administrator. And starting with Vista, if the user gets infected it is only that user profile that is infected (unless they were running as Administrator) and knowledgeable users will not get the entire system infected.

UAC Virtualization also (by user) (0)

Anonymous Coward | more than 2 years ago | (#39162331)

It's doable by application/processes running in taskmgr.exe with the "UAC Virtualization" column selected & visible there (isolating ANY contact with the registry into a single profile only, 'sandboxed'):

http://sourcedaddy.com/windows-7/uac-virtualization.html [sourcedaddy.com]

* Interesting stuff... I use it here with webbrowsers the most.

APK

P.S.=> Now, if Microsoft would/could only go a bit further, and do what SandBoxie does!

(Even if it meant buying them out for the idea, because it's not an 'unimaginably difficult' one to create when it comes right down to it with a filtering driver intercepting & redirecting I/O for various inputs/outputs of a program)... -

So, it's NOT like "the techs not there", it is, just a matter of incorporating it into the OS, literally!

Yes, one COULD say "but it's there already", as there's VM tech in Windows via its own hypervisor type tech, & those of 3rd parties too, so in a way, it's native, but... not like how Sandboxie has the 'chroot jail" type effect that it has, which *NIX's have had for ages!

Also - yes, there's tools that can get further along than SandBoxie, like pstools' psexec that help process isolation/sandboxing (but that's beyond the scope of the std. oem tools in the OS already)

It'd be nice to see Sandboxie type tech native to Windows is what I am saying...

Now, I've actually got SandBoxie running pretty fast (not usually off std. HDD's @ least), via running it and the sandboxes up off a TRUE SSD with their incredible low-latency & seek/access (based on 4gb DDR2 RAM, Gigabyte IRAM)...

Performance now, in SandBoxie? Hey - setup like THAT?? Truthfully it's not bad, + much better than on std. HDDs & with FLASH based SSD's picking up write speeds, & size? Doable & decent enough performance as well...

... apk

Re:But I thought... (1)

drsmithy (35869) | more than 2 years ago | (#39162657)

And starting with Vista, if the user gets infected it is only that user profile that is infected (unless they were running as Administrator) and knowledgeable users will not get the entire system infected.

No, this has been true for every version of Windows NT.

Re:But I thought... (4, Informative)

LordLimecat (1103839) | more than 2 years ago | (#39162291)

On Windows there is a user called System and most programs need to be installed/run as the system user which gives a virus Trojan unlimited access to the full system.

Thats just plain not accurate on several levels.

For starters, I have never in my life seen an installer that needed to run as System. Administrator, yes, but thats not the same thing. For another, you need to install system programs on Mac as root, which IS the same thing as "the system user", as it has the highest rights on the system.

Third, most programs do NOT need to be installed as an admin-- you can install them to the local user's folder. I assume you could pull this off in a Mac, but Im not sure.

If you have a knowledgeable user on a Mac he can run the system securely with out a need for a virus scanner. Unfortunately on Windows you do not have this option.

Baloney. If youre downloading random executables from the net, I suppose you might want that scanner; but if your browser plugins are out of date it wont matter terribly much what OS you use or whether you have a scanner, as each year's Pwn2Own proves (with Mac getting hacked first each time).

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162359)

Thank you! I hate the freaking zealots (is why I'm posting AC....you know everyone posting anything besides Apple rhetoric is about to get modded to oblivion).

It has gotten to the point that I hate seeing a story about the almighty Apple on Slashdot. The fucking zealots spread retarded misinformation and opinion as absolute truth and mod everyone else to hell. They're all sticking their fingers in their ears and yelling 'LALALALALA! IT'S THE BEST! I CAN'T HEAR YOU!'

It's a fucking tool, people. Just like a Windows workstation or a Linux workstation are tools. Just like a hammer, a screwdriver, an Android phone, an iOS phone, a Windows Mobile phone, or a freaking soldering gun. However, I never hear people talk about how much better hammers are than screwdrivers. Why? They're just fucking tools. Just like the zealots are tools.

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162559)

Ryobi, Bosch or Dewalt?

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162949)

Third, most programs do NOT need to be installed as an admin-- you can install them to the local user's folder. I assume you could pull this off in a Mac, but Im not sure.

WTF are you talking about, on macs applications by default are installed on the Applications folder which is in the home folder, they don't even have installers, you just drug the self-contained excecutable to the Applications folder or wherever else in your system you like, no root password or anything else is needed.

If you have a knowledgeable user on a Mac he can run the system securely with out a need for a virus scanner. Unfortunately on Windows you do not have this option.

Baloney. If youre downloading random executables from the net, I suppose you might want that scanner; but if your browser plugins are out of date it wont matter terribly much what OS you use or whether you have a scanner, as each year's Pwn2Own proves (with Mac getting hacked first each time).

Well, OS X already has built-in antivirus since Snow Leopard IIRC. Just google XProtect.

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162647)

On a Mac and a typical UNIX system the apps are run in a sandbox with limited permissions keeping them tied to the user. If the user gets compromised the system is not affected. On Windows there is a user called System and most programs need to be installed/run as the system user which gives a virus Trojan unlimited access to the full system.

Macs can get viruses but they will be limited to the user. If you have a knowledgeable user on a Mac he can run the system securely with out a need for a virus scanner. Unfortunately on Windows you do not have this option. Yes Windows has improved considerably but most applications will not install unless Administrator installs them and they then can be run as system. This is only one simple example of how the two systems are different but it makes a big difference. There are many others.

You can have stupid users on Mac who install everything from everywhere and run their system as root or the main user but once burnt they learn and have a means to protect themselves. Now I've never ran an anti-virus on an UNIX system I own, including my Macs, but I would never run a Windows system without it. The stupid users may grow but the knowledgeable users will not be affected.

Speaking of stupid users....

Re:But I thought... (0)

Arrepiadd (688829) | more than 2 years ago | (#39162753)

If you have a knowledgeable user on a Mac he can run the system securely with out a need for a virus scanner. Unfortunately on Windows you do not have this option.

Now I've never ran an anti-virus on an UNIX system I own, including my Macs, but I would never run a Windows system without it.

Stop spreading FUD, please.
When I used Windows XP I didn't have an antivirus for extensive periods. When I did, I kept it off all the time. I must certainly have had periods of over between 6 months between scans. And I never found viruses, adware, spyware and so on.

I didn't install random crap I found on the internet. I used an account without privileges. I had the standard firewall on. I updated my software. That's all there is!
And before you say it was impossible to have a standard privilege account back then, I never had usability problems. It made installing software slightly harder but nothing that a knowledgeable user can't do. And that's less than 1% of a typical user's time in front of the computer anyway.

Is Windows immune to viruses? No.
Is Windows going to get destroyed with viruses no matter what you do so that you need antivirus, antispyware, antiadware and so no? Hell, no!

I know this is all anecdotal evidence, but one case should be more than enough to disprove that "awesome" theory you had there...
What you should have said is "I'm not knowledgeable enough to run a Windows without an antivirus." But that's not really a Windows problem, is it?

Disclaimer (to avoid being called a fanboi): Nowadays I use Linux all the time, I haven't had a computer with Windows (except on VMs) for several years now.

Re:But I thought... (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39162281)

The fact that this is even considered a story makes the point that Macs are still less afflicted by this stuff than Win boxes. Can you imagine if Slashdot were to post a story for every new Windows malware variant that appears?

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39162453)

I know you're trolling, but no he didn't.
He did say they were much less likely, but it has never been the case that Macs were immune. There has been a history of malware on the Mac since the pre-OS X days.

Jobs was in fact responsible for a good part of their marketing campaign. They did not actually use those exact words, but did a very good job of spreading the idea to the general public that Macs are immune to all Malware.

The point is that what most average users got out of the marketing is that their system is 100% safe and secure, not just from malicious software but from targeted hacking attempts as well. And this is about as far from the truth as you can get. The point is, Apple (under the direction of Jobs) spent a lot of money to get this idea to the masses, and has made a ton of cash as a result. The marketing is at the very least misleading, and frankly I find it to be somewhat unethical.

Far fewer viruses in the OS X era though (relative to earlier Mac OSes), but several trojans

Same for Windows, Linux, and all other OS's. It's because in the early days most malware was released out of curiosity or a desire to cause mischief. These days the authors don't want to trash a system or take down a network... they want to use it and/or harvest information from it so using worms and viruses is counterproductive.

Re:But I thought... (-1)

Anonymous Coward | more than 2 years ago | (#39162535)

Shut the fuck up bonch. Go suck an AIDS infected cock and die, faggot.

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39161893)

They are! That's why people let Apple decide whey should be allowed to run on their own hardware, right? ... right????

The shield is lost (0)

Anonymous Coward | more than 2 years ago | (#39161911)

For the immortal Jobs has passed onto a blessed plane, for he sorrowed with the plight of this world, and could no more withstand the call of Paradise.

All hail the Turtleneck!

Re:But I thought... (0)

Anonymous Coward | more than 2 years ago | (#39161971)

that is what the one "I'm a Mac" ad said also.

Re:But I thought... (5, Informative)

MikeMo (521697) | more than 2 years ago | (#39162027)

Regardless, this is neither a virus nor a worm. It's a trojan. You're supposed to know the difference.

Re:But I thought... (4, Funny)

symbolset (646467) | more than 2 years ago | (#39162129)

If you have to deliberately install it, it's neither a virus nor a worm. It's an app.

If you want to lose all your accounts' credentials (1)

Anonymous Coward | more than 2 years ago | (#39162209)

... there's an app for that.

Even worse (2)

formfeed (703859) | more than 2 years ago | (#39162141)

It is a "new variant of Flashback"

A new variant??

something made with parts that have been used previously?
maybe even on a PC?
code parts that could run on any grey unspectacular computer?
a modified version of something coded for the masses?

Please tell me, they at least improved it so it would use functions only genuine apple hardware could provide.

Re:But I thought... (-1)

Anonymous Coward | more than 2 years ago | (#39162217)

Yes, well, Steve Jobs isn't exactly immune to worms right now, so he shouldn't talk...(?)

What's Java? (4, Insightful)

fostware (551290) | more than 2 years ago | (#39161913)

Java was an optional extra on 10.6 and is a separate download on 10.7.

Re:What's Java? (2)

SuperSlacker64 (1918650) | more than 2 years ago | (#39161945)

Answered your own question, eh?

Re:What's Java? (1)

DigiShaman (671371) | more than 2 years ago | (#39162163)

My MacBook came preloaded with Leopard. Does that version of OSX come with Java already installed? I'm concerned that Java (if it exists) may have gotten carried over from my previous upgrades of Snow Leopard and now Lion.

Re:What's Java? (1)

fostware (551290) | more than 2 years ago | (#39162397)

Honestly, I wouldn't know... :)

We only perform a "time machine/re-image or reinstall/restore user" when a user gets a hardware or software upgrade. Java is left to the user to request, Casper self-service, or install themselves (all owners are local admins of their own machines).

It's a little harsh, but that's the result of managing Macbooks for 1800 staff and students.

BTW, I get the distinct impression that Java is the next "blight" to purge now that Apple has made a concerted effort to make sure Flash isn't as prolific on the Mac OS X platform.

Re:What's Java? (1)

DigiShaman (671371) | more than 2 years ago | (#39162589)

Java, Acrobat, and Flash are all vectors by which a Windows machine can get infected via drive-by web surfing. And this can happen even if your PC is cought up with the latest updates available.

JRE scares the hell out of me. As a sysadmin, I've see the damage it can do through one of those FakeAV malware programs. Unless Java is needed for a specific application, it should never be installed. Unfortunately I'm not a Mac expert...yet. The whole corporate BYOD policy is making my life difficult in maintaining security and cross compatibility.

Re:What's Java? (1)

TheRaven64 (641858) | more than 2 years ago | (#39163261)

Open a terminal. Type 'java'. Does it say command not found, or does it give you the help info for Java? I have Java installed for a couple of local apps, but you can disable it in Safari easily (preferences, security, uncheck enable java).

Re:What's Java? (1)

stesch (12896) | more than 2 years ago | (#39163207)

It's the Minecraft runtime.

More malware (2)

meerling (1487879) | more than 2 years ago | (#39161917)

Since it's causing instabilities, it's a poorly written piece of malware.
The standard generic symptom of being infected by malware is there are no apparent symptoms. It's just that when people start having problems is when they start looking, but you can bet they were infected LONG before they had those unrelated problems. Obviously that doesn't apply to this one, since it's new and it does cause problems. And yes, you can find others that have recognizable symptoms, but most don't.

Wonder how long until Mac users start claiming the don't have malware again. (Will it be Months, Weeks, Days, or Hours...) :)

No offense meant to Mac users, but find a way to escape the reality distortion field if you are still in it.

Re:More malware (5, Insightful)

jo_ham (604554) | more than 2 years ago | (#39161973)

Who says Mac users claim they don't get malware? It seems to be oft-repeated here on Slashdot, but whenever the topic of Mac security comes up actual Mac users post in the threads that they're well aware that OS X is not invulnerable, and in fact posting examples of trojans and malware that they remember hearing about.

It comes up every time, so the only people who seem to perpetuate the myth of the technology-literate Apple user who claims immunity from security threats are the ones seeking to mock the Reality Distortion Field and the users of Apple software as clueless.

Incidentally, this malware does have some relatively sneaky features - it allegedly avoids trying to install itself if it detects AV software, to attempt to avoid early detection. Crashing browsers is not a good start though. Not very subtle, since Safari doesn't really crash any more - it tends to be the helper process that crashes and that is restarted almost transparently to the user.

Re:More malware (1, Informative)

I(rispee_I(reme (310391) | more than 2 years ago | (#39162005)

Who says Mac users claim they don't get malware? ...
It comes up every time, so the only people who seem to perpetuate the myth of the technology-literate Apple user who claims immunity from security threats are the ones seeking to mock the Reality Distortion Field and the users of Apple software as clueless.

Here [youtube.com] is an Apple commercial that claims that Macintoshes don't get viruses. It is part of a series of commercials that make it seem as though there is some special feature of Apple hardware that makes it less susceptible to viruses.

I would say that the "people perpetuating the myth of the technology-literate Apple user who claims immunity from security threats" are... Apple.

Re:More malware (1, Informative)

paiute (550198) | more than 2 years ago | (#39162021)

Here is an Apple commercial that claims that Macintoshes don't get viruses.

Flashback Trojan. Not a virus.

Re:More malware (2)

I(rispee_I(reme (310391) | more than 2 years ago | (#39162055)

You are as correct here as you are irrelevant, since I was replying to a post that only mentioned "malware".

Since you have decided to play the pedant, I might also point out that the target audience for the Apple advertisement is unlikely to make the fine distinction between trojans and viruses.

Re:More malware (0)

Anonymous Coward | more than 2 years ago | (#39162389)

Who says Mac users claim they don't get malware?

Here is an Apple commercial that claims that Macintoshes don't get viruses

Flashback Trojan. Not a virus.

You are as correct here as you are irrelevant, since I was replying to a post that only mentioned "malware".

Since you have decided to play the pedant, I might also point out that the target audience for the Apple advertisement is unlikely to make the fine distinction between trojans and viruses.

Believe it or not, there is a meaningful difference between a virus and a trojan. You can get a virus from opening an infected file that comes from a trusted source without any intervention on your part. In this case, you can't get the trojan unless your system isn't up-to-date or you don't pay attention to what's appearing on your screen.

Re:More malware (1)

jo_ham (604554) | more than 2 years ago | (#39162043)

So again, where does it say that Apple computers are immune?

It states that Windows PC are clearly not, but it doesn't actually say that OS X *doesn't* have malware - it actually lies by omission in that respect (the PC gives up and the Mac wins by default, not because it has no viruses).

The reason that they never state that they're immune is because, quite simply, they're not.

Apple can certainly say they're more secure than Windows though, which is what they did.

(this relates to both viruses and trojans, although the former are *much* less common on the Mac than the latter, although the same is likely true for Windows too).

Re:More malware (0)

Anonymous Coward | more than 2 years ago | (#39162075)

> the myth of the technology-literate Apple user who claims immunity from security threats

Where did "technology-literate" come from? Really, all Apple users are automagically technology-literate?

Sure, technology-literate won't make such claims, but they're in minority for any platform.

Re:More malware (1)

jo_ham (604554) | more than 2 years ago | (#39162085)

You are misreading it - I mean the exact opposite; that not all Apple users (or computer users in general) are technology-literate.

In other words, I'm talking about the sort of people who frequent technology websites such as Slashdot.

Re:More malware (0)

Anonymous Coward | more than 2 years ago | (#39162099)

In other words, you're narrowing "Mac users don't claim they don't get malware" to "Technology-literate Mac users who frequent technology websites such as Slashdot don't claim they don't get malware". Got it.

Re:More malware (1, Insightful)

artor3 (1344997) | more than 2 years ago | (#39162203)

Apple, and their fans, have long insinuated that Macs don't get malware. It's a major part of their advertising campaign. Walk up to ten technically illiterate people and ask what the advantages are of Macs over PCs, and I'd wager at least half would say that they don't get viruses. I know that's why my sister bought one, as she flat out told me so (this was during the Vista era, so it wasn't worth correcting her). This belief didn't come from nowhere. Apple and their fans have carefully built it up over the years. Of course, whenever they're called out on this, they turn around and protest, "But we never actually said that it was immune."

It's dishonest marketing in the first place, but the real astounding dishonesty is to then deny it after the fact.

Re:More malware (0)

Anonymous Coward | more than 2 years ago | (#39162445)

Walk up to ten technically illiterate people and ask what the advantages are of Macs over PCs, and I'd wager at least half would say that they don't get viruses.

Walk up to several technically illiterate people who use PCs and ask them if they have had viruses. Walk up to several technically illiterate people who use Macs and ask them if they have had viruses. How many orders of magnitude more PC users than Mac users do you think will say yes?

Just because Macs can get malware and PCs can get malware does not mean that Macs are as likely to get malware as PCs. Just like people are willing to get a flu vaccine even though it doesn't protect against all kinds of flu, I think the plenty of people would still buy a Mac even if they knew it was only immune to nearly all viruses.

Re:More malware (1)

UnknowingFool (672806) | more than 2 years ago | (#39162457)

No they have said there are not as many viruses for Macs as there are PCs and thus users are safer from viruses. Viruses. This is a trojan which requires intervention by the user.

Re:More malware (1)

dbet (1607261) | more than 2 years ago | (#39163245)

Walk up to a bunch of pet owners and ask them the advantage of a cat over a bear. They'll claim cats don't maul you. But we all know cats can theoretically maul you, so by your logic, I have just proven that cats and bears are equally dangerous pets.

For a large majority of Mac users, the only malware they've seen in the last 10 years is extra search bars in Firefox, and you don't even have to run AV software.

Windows still allows changes to the registry without your immediate consent if you're running in admin mode (which some apps inexplicably require).

We said there was none - now there is... (1)

SuperKendall (25149) | more than 2 years ago | (#39162303)

Who says Mac users claim they don't get malware?

They said that because it was true for a while, there was no malware to get.

Now, correctly, we will say "be careful you don't get the malware".

The malware that requires people to download Java by the way, which does not ship with macs now...

Re:More malware (0)

Anonymous Coward | more than 2 years ago | (#39162001)

i don't know any Mac users who claim Macs don't have ANY malware. but this is hardly comparable to the torrent of malware that Windows is subject to.

Re:More malware (0)

Ethanol-fueled (1125189) | more than 2 years ago | (#39162035)

>2012

Who the hell here uses Windows as their primary internet-facing OS? As a secondary OS for gaming or all the other shit Linux can't handle, it's fine, but home users who continue to use Windows as their primary internet-facing OS should be smacked in their mouths with a rolled-up newspaper.

It's funny how the curmudgeons will quickly adapt with smiling faces to OSX from Windows because they paid a lot of money for the pretty device it runs on, but will bitch and moan after a Linux install because the icon is on the wrong side or the start menu is now at the top.

I'm not totally knockin' Windows, my employer is a Microsoft-friendly shop and has the staff and budget to deploy real security solutions. That means I get Office and Visual Studio, both of which let me get shit done quick, even if I'm stupid enough to click on the duck and the monkey.

Re:More malware (0)

Anonymous Coward | more than 2 years ago | (#39162105)

I do and haven't seen a virus on my machine for a least a decade. None. If you are too big of an idiot to keep your Windows box malware free, you are too big of an idiot to install Linux.

Re:More malware (0)

Anonymous Coward | more than 2 years ago | (#39163147)

Wonder how long until Mac users start claiming the don't have malware again. (Will it be Months, Weeks, Days, or Hours...) :)

No offense meant to Mac users, but find a way to escape the reality distortion field if you are still in it.

Let me use my own personal experience here versus scientific data :)

I, under duress, administer my family's computers. My mother, son and wife's Windows machines and my daughter's mac. My daughter used to have a Windows machine.

Around every six months I need to wipe the three windows machines and reinstall due to some malfeasant program or another (virus / malware / spyware - who knows?). I don't even bother trying to repair the damage as it is usually very difficult, unsuccessful, and very time consuming. My daughter used to be in this boat also. She got a Mac three years ago. She is still running 10.5 as she isn't interested in upgrading etc... I have not had to touch her Mac in these three years, but HAVE had to reinstall windows vista and yes even windows 7 on the other still windows PCs.

Not scientific, but still my experience.

PS: my daughter was the worst of the infected folks as she seemingly knows absolutely nothing about computer security and doesn't care to learn.

Apple knows the solution (5, Funny)

wannabgeek (323414) | more than 2 years ago | (#39161943)

From now on, all Macs will have a firewall and any download will only happen after being approved by Apple. Like the AppStore makes your computer safe from third-party apps, this will make your computer safe from Web.

Re:Apple knows the solution (0)

Anonymous Coward | more than 2 years ago | (#39162011)

It was funny until it happened.

Got my hopes up... (1)

hal2814 (725639) | more than 2 years ago | (#39161981)

The first words of this post were "New Version of Flashback... [wikipedia.org] " It all went downhill from there. But at least Delphine Software isn't going to bastardize a classic by turning it into yet another FPS. [wikipedia.org]

Re:Got my hopes up... (1)

Osgeld (1900440) | more than 2 years ago | (#39162135)

FLashback .... one of my all time favorites, at one point I would have told you that was the only game my sega could play

Java version? (4, Interesting)

RockMFR (1022315) | more than 2 years ago | (#39161983)

Which versions of Java are vulnerable? Basic details are nice to have...

I am so tired.. (1)

Higgins_Boson (2569429) | more than 2 years ago | (#39162039)

I am so tired of these April Fool's jokes when it isn't even April yet.

Everyone knows Macs don't get trojans or viruses and that this story originated from The Onion!

Gross! (0)

Anonymous Coward | more than 2 years ago | (#39162101)

I would never buy an Apple product! They just don't ever seem to take security seriously.

The real story (1)

Rootkit (2355170) | more than 2 years ago | (#39162113)

is that Skype is known to be stable. That is certainly news to me.

Re:The real story (1)

Samantha Wright (1324923) | more than 2 years ago | (#39162143)

Came here to say more or less the same thing. It must be a Mac-only feature?

Re:The real story (0)

Anonymous Coward | more than 2 years ago | (#39162229)

Yes, it's a Mac-only feature... I have never had it crash on me.

Re:The real story (0)

Anonymous Coward | more than 2 years ago | (#39162329)

Maybe other stuff crashes so often on Macs that skype is seen as stable?

Why is this a trojan horse and not a virus? (1)

evilsofa (947078) | more than 2 years ago | (#39162527)

From the Intego article about the new variant: "This malware is particularly insidious, as users don’t download anything or double-click any file to launch an installer." Yet Intego repeatedly refers to as a Trojan horse. All of the other articles I can find only reference the Intego report, and don't call it a virus either, including those who would know better, such as Ars Technica and the ISC Diary.

But if it requires no interaction from the user, then why is it not the first true Mac OS X virus?

Re:Why is this a trojan horse and not a virus? (0)

Anonymous Coward | more than 2 years ago | (#39162557)

Because it doesn't replicate. Virus attaches to other executables on target system, worm spreads to others from infected computer, trojan does neither.

Virus/worm/trojan classifies by propagation behavior after initial infection, not installation method.

Re:Why is this a trojan horse and not a virus? (1)

JimboFBX (1097277) | more than 2 years ago | (#39162929)

close, a trojan doesn't have a replication method classification, a trojan is just a piece of malware that provides a backdoor to your computer. A trojan could be a worm or a virus or just malware.

Come to think of it, viruses in their "true" form are pretty rare now-a-days. Pretty much everything is just straight-up malware/adware or worms. I wonder if it has to do with the fact all programs are at least 32-bit now and don't run machine code directly.

Re:Why is this a trojan horse and not a virus? (0)

Anonymous Coward | more than 2 years ago | (#39162957)

Backdoor is a backdoor. Trojans can have any payload - backdoor, keylogger, locking system for ransom or just injecting ads - whatever, just like any other malware.

Safari stable? Since when? (2)

dragisha (788) | more than 2 years ago | (#39162635)

First thing to stop using when you get an OSX machine, in my book.
When I first got MBP, fall 2010, I had few hard freezes. They stopped as soon as I stopped using Safari.
It may be a coincidence, but my MBP is definitely more stable without. A lot more stable!

As for users ignoring warnings... It looks like good case for Apple to close OSX as they closed iOS - force us to use single app store. Good thing gnome-shell is really nice env, so current OSX users have upgrade, errr, escape path available.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>