Help
Post your comments for What you need to know about the Flashback trojan here
What you need to know about the Flashback trojan
#2
bradhurley 
- Member
-
- Group: Members
- Posts: 44
- Joined: 17-September 10
Posted 06 April 2012 - 12:35 PM
Safari Security Preferences have an option for disabling Java, and also for disabling JavaScript. I disabled Java but should I also disable JavaScript?
The main reason I'd like to keep JavaScript enabled is that many websites (including most of the ones I manage) encrypt contact email addresses with JavaScript to block them from spam robots.
The main reason I'd like to keep JavaScript enabled is that many websites (including most of the ones I manage) encrypt contact email addresses with JavaScript to block them from spam robots.
#4
jdb8167
- Veteran
-
- Group: Members
- Posts: 2,533
- Joined: 30-August 04
Posted 06 April 2012 - 12:40 PM
bradhurley, on 06 April 2012 - 12:35 PM, said:
Safari Security Preferences have an option for disabling Java, and also for disabling JavaScript. I disabled Java but should I also disable JavaScript?
The main reason I'd like to keep JavaScript enabled is that many websites (including most of the ones I manage) encrypt contact email addresses with JavaScript to block them from spam robots.
The main reason I'd like to keep JavaScript enabled is that many websites (including most of the ones I manage) encrypt contact email addresses with JavaScript to block them from spam robots.
You don't have to disable JavaScript. JavaScript and Java are completely separate environments and have very little to do with each other. JavaScript has become increasingly part of how the internet runs and disabling it would break many if not most web sites. Disabling Java applets via Safari's preferences is a good idea if you don't need it. If you don't know if you need it, you probably don't.
#5
skazzyskills
- Member
-
- Group: New Members
- Posts: 29
- Joined: 10-August 11
Posted 06 April 2012 - 12:44 PM
that java - version command doesn't work
#6
deemery
- Member
-
- Group: Members
- Posts: 491
- Joined: 22-January 05
Posted 06 April 2012 - 12:47 PM
MacWorld should do a lot better than just 'believing the vendor' on this. It -is- a serious vulnerability and Apple -was unacceptably slow- in fixing it. But I still see no credible objective evidence for the claim of "600,000 infected machines."
How many readers/followers does John Gruber have, who weren't infected? No evidence of this on the 4 active Macs in my household.
How many readers/followers does John Gruber have, who weren't infected? No evidence of this on the 4 active Macs in my household.
#8
markbyrn
- Member
-
- Group: Macworld Insiders
- Posts: 143
- Joined: 18-May 11
Posted 06 April 2012 - 01:24 PM
len5, on 06 April 2012 - 12:47 PM, said:
Who even uses Java on a Mac anymore? I haven't for years.
I do - there's a popular indie game called Minecraft and it requires Java. Whether or not people have a need for Java does not excuse Apple for slow-rolling a security patch, and Apple needs to be more proactive when it comes to security issues. For example, last year when digital SSL certificates were compromised due to negligence by DigiNotar, guess which company and platform was the last to address the issue and remove the compromised certs? That's right, Apple and Mac/iOS.
#10
zmarc
- Newbie
-
- Group: New Members
- Posts: 1
- Joined: 06-April 12
Posted 06 April 2012 - 01:34 PM
For those scared of the command-line, there's a free simple app at http://rsdeveloper.c...t4flashback.zip that will tell you if you're infected or not.
#11
jcwelch
- Writer
-
- Group: Macworld Insiders
- Posts: 261
- Joined: 24-September 09
Posted 06 April 2012 - 01:35 PM
deemery, on 06 April 2012 - 12:47 PM, said:
MacWorld should do a lot better than just 'believing the vendor' on this. It -is- a serious vulnerability and Apple -was unacceptably slow- in fixing it. But I still see no credible objective evidence for the claim of "600,000 infected machines."
How many readers/followers does John Gruber have, who weren't infected? No evidence of this on the 4 active Macs in my household.
How many readers/followers does John Gruber have, who weren't infected? No evidence of this on the 4 active Macs in my household.
Well, as most of the research into malware is done by security vendors, I guess you're kind of hosed.
There's a good writeup here: http://www.securelis...otnet_confirmed
But, that's by a guy who works for an AV vendor, so he's probably lying.
Brian Krebs, a solid source of security info talks about it here, http://krebsonsecuri...-mac-java-flaw/, but hey, he BELIEVES Dr. Web. So can't trust him.
I've been cleaning up machines on my network with it, so far, about 5, but that's mostly due to luck. They're the folks who don't have Skype or Office 2011 installed.
But I'm probably lying too. Wow, I guess you can't believe anyone.
#12
jcwelch
- Writer
-
- Group: Macworld Insiders
- Posts: 261
- Joined: 24-September 09
Posted 06 April 2012 - 01:36 PM
len5, on 06 April 2012 - 12:47 PM, said:
Who even uses Java on a Mac anymore? I haven't for years.
If you use Adobe CS, you use Java. Also a lot of internal enterprise applications are written in Java.
#13
jcwelch
- Writer
-
- Group: Macworld Insiders
- Posts: 261
- Joined: 24-September 09
Posted 06 April 2012 - 01:39 PM
zmarc, on 06 April 2012 - 01:34 PM, said:
For those scared of the command-line, there's a free simple app at http://rsdeveloper.c...t4flashback.zip that will tell you if you're infected or not.
You might want to post the source for this too, so people can do the whole "trust, but verify" thing. Unfortunately, a few people like to take advantage of situations like this to distribute their own trojans. Making the source available can be a help to people who are cautious.
#14
sensi
- Newbie
-
- Group: Members
- Posts: 9
- Joined: 17-October 07
Posted 06 April 2012 - 02:01 PM
deemery, on 06 April 2012 - 12:47 PM, said:
MacWorld should do a lot better than just 'believing the vendor' on this. It -is- a serious vulnerability and Apple -was unacceptably slow- in fixing it. But I still see no credible objective evidence for the claim of "600,000 infected machines."
How many readers/followers does John Gruber have, who weren't infected? No evidence of this on the 4 active Macs in my household.
How many readers/followers does John Gruber have, who weren't infected? No evidence of this on the 4 active Macs in my household.
Kaspersky at least confirms the magnitude of the infection, putting the number at around 600.000
http://www.pcmag.com...,2402715,00.asp
