Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: dayglored
We'll all know in a few months whether this was real or not. In the meantime, it appears to me that it COULD be real. We won't know for a while how it progresses. Perhaps like the Y2K event, if it is handled sufficiently well, the aftermath will be minimal and most people will say, "What was that all about? Nothing went wrong!". That would be a nice outcome for this malware.

It could be real... I have always tempered my advice with "yet..." I have never said, as for-q-clinton claims, that it was impossible. The Macs have YET to be breached. This may be the first successful attempt. But I am not seeing the real world evidence that there are THAT MANY infected Macs out there.

EVERY exploit used against the Mac in CANSEC West has been a JAVA exploit through Safari. Every single one an exploit that Sun did not know about as well. That is why Apple dropped Java as a default inclusion of the installation more than two years ago for OSX Snow Leopard and Lion. Even before, it was an optional install, one of the reasons I have my doubts about the large numbers they are claiming for the infected Macs. Now, if you want Java, you have to download it as a free app from the OSX App Store! Javascript is OK and is still included.

The easiest method of protection from this exploit is to go into Safari and FireFox and any other browser you run's preferences and turn off JAVA. Done. Safe. No body needs JAVA to run for surfing the Internet.

Then, the only other vulnerable Mac users are those that have automatic updates turned off. They don't get the pushed security updates when they are ready, or the new Trojan definitions that come out every 24 hours or sooner as necessary. But you can't protect the terminally stupid... they took a deliberate step to TURN OFF the updates. Why? I haven't got a clue.

136 posted on 04/06/2012 8:51:27 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 125 | View Replies ]

To: Swordmaker
> The easiest method of protection from this exploit is to go into Safari and FireFox and any other browser you run's preferences and turn off JAVA. Done. Safe. No body needs JAVA to run for surfing the Internet.

Ah, would that it were that easy!

Java is required by all the Citrix tools we use everyday at work (and I use from home) -- GoToMeeting, GoToWebinar, GoToMyPC/Mac.

It's also required for talking to the Cisco firewalls, routers, switches, etc. in my networks. And it is worse yet -- the poorly written Cisco code in some of the units requires OLD versions of Java!!! Newer Java versions throw errors on some of the device code.

*SIGH*

Granted, that might be atypical for average home users, but it's not uncommon for tech professionals and business users who rely on communications software like GoToMeeting. A surprising amount of stuff is written with the Java environment in mind.

138 posted on 04/06/2012 9:00:57 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 136 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson