Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: jacquej; Swordmaker
> Please quit bashing Macs. It gets tiresome.

You must be joking. I'm regularly called a Macbot for my defense of Apple against untrue attacks.

Swordmaker, help me out here! :)

Jacquej, you misunderstand. I've had Macs since 1984 (and worked on an Apple ][ and Lisa before that). I like Apple's hardware products -- they make terrific workstation platforms and virtual machine hosts. I run OS-X on them along with Win7, XP, Linux, and NetBSD. I'm typing this on a MacBook, which is sitting next to my iPad, and I'm listening to the stereo playing MP3s off my iPod Touch. The Mac Mini (bootcamped Snow Leopard and Win7) is presently turned off. The older PPC Mini which runs Fedora 10 Linux is likewise off at the moment.

AHEM.

Now with all the above said, I refuse to stick my head in the sand, either. This particular attack based on Java vulnerabilities seems to have escaped Apple's attention for long enough that it got pretty widespread. That's a new thing.

I'm not going to deny that one of the main reasons I use OS-X as my personal favorite interactive operating system is that it is quite robust against malware. (The other reason is that it's based on BSD Unix, my favorite system OS.)

But I'm also not going to deny that ALL operating systems can have vulnerabilities, and that those problems require addressing in a timely fashion.

Meanwhile, I found these pages useful to determine whether one is infected, and what to do about it.

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

Run the following in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If you're not infected you should see:
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you're not infected you should see:
The domain/default pair of (/Users/rff/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

If you see other stuff, follow the instructions on the linked page above to clean it out.
120 posted on 04/06/2012 7:18:31 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 119 | View Replies ]

To: Swordmaker
Hi Swordmaker,

I followed F-Secure's instructions (the two Terminal commandline commands above) on my main MacBook and came out clean.

I noticed a curious thing on the F-Secure page: 

On execution, the malware checks if the following path exists in the system:

    * /Library/Little Snitch
    * /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
    * /Applications/VirusBarrier X6.app
    * /Applications/iAntiVirus/iAntiVirus.app
    * /Applications/avast!.app
    * /Applications/ClamXav.app
    * /Applications/HTTPScoop.app
    * /Applications/Packet Peeper.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
Well, I don't run any anti-virus on my Macs. But I install the developer package Xcode on all my machines by default because it gives me the C compiler, RCS version control, etc. Who would have guessed that it gave me an inoculation against this nasty piece of malware too!! :)
121 posted on 04/06/2012 7:25:28 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 120 | View Replies ]
To: dayglored

Thank you!

I’m clean. :)


122 posted on 04/06/2012 7:27:21 PM PDT by thecodont
[ Post Reply | Private Reply | To 120 | View Replies ]
To: dayglored

Sorry, dayglo. My brain must have in a blender.

Not thinking very clearly these days.


166 posted on 04/07/2012 8:18:53 AM PDT by jacquej
[ Post Reply | Private Reply | To 120 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson