Loading ...
Sorry, an error occurred while loading the content.

Re: [wpmac] [OT] The sad state of anti-virus protection

Expand Messages
  • Randy B. Singer
    As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they
    Message 1 of 15 , Jan 8, 2013
    • 0 Attachment
      "As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they require dangerous behavior on the user�s part, such as not updating their systems or downloading software from bad sources, such as through most torrent applications. Right now, anti-virus software is still not necessary for most users."
      http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/


      ___________________________________________
      Randy B. Singer
      Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

      Macintosh OS X Routine Maintenance
      http://www.macattorney.com/ts.html
      ___________________________________________
    • John R
      I know very little about this, but couldn t help taking seriously this caution from the Department of Homeland Security:
      Message 2 of 15 , Jan 22, 2013
      • 0 Attachment
        I know very little about this, but couldn't help taking seriously this caution from the Department of Homeland Security:

        http://bits.blogs.nytimes.com/2013/01/14/department-of-homeland-security-disable-java-unless-it-is-absolutely-necessary/

        which includes:

        "Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers with a vicious form of malware in what was the largest-scale attack on the OS X operating system to date. The exploit was particularly disconcerting because it let attackers download a malicious program onto its victims' machines without prompting."

        It's just a guess, but when malware went from being the province of the teenage hacker/vandal to become the province of professional thieves, it was bound to become worse. Mac market share is growing, making Macs increasingly plausible targets.

        According to the article, Apple now ships Macs with Java disabled, and has remotely disabled Java where it has been installed. I disabled Java on my machine as soon as I read this (for whatever reason, it had not been remotely disabled). But a day later I was on the New York Times' chess page, which featured an interactive game; I clicked on it and a dialog said I had to install Java, giving me a button to click to do so. I might not have known about the vulnerability.

        Half a million Macs aren't very many, but I'm glad mine wasn't one of them. Hope this info helps someone.

        John R.
      • Randy B. Singer
        ... That exploit was called Flashback, and whether or not it really infected half a million Macs is a matter of intense debate. I m on about a dozen Mac
        Message 3 of 15 , Jan 23, 2013
        • 0 Attachment
          On Jan 22, 2013, at 8:48 PM, John R wrote:

          > I know very little about this, but couldn't help taking seriously this caution from the Department of Homeland Security:
          >
          > http://bits.blogs.nytimes.com/2013/01/14/department-of-homeland-security-disable-java-unless-it-is-absolutely-necessary/
          >
          > which includes:
          >
          > "Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers...

          That exploit was called Flashback, and whether or not it really infected half a million Macs is a matter of intense debate. I'm on about a dozen Mac discussion lists, frequented by tens of thousands of Mac users, and among all of those users we could not find a single first-hand account of anyone having encountered Flashback.

          It's true that Java is full of security holes and it is risky to have Java installed and active on your Mac. However, that point is moot for the overwhelming majority of Mac users at this point.

          Mountain Lion didn't ship with Java at all. For those who were using an earlier version of OS X with Java installed, Apple has already pushed out patches to all Macs running OS X 10.6 through 10.8 that disables Java.

          http://www.reedcorner.net/about-the-flashback-malware/
          http://www.reedcorner.net/apple-and-mozilla-act-fast-to-secure-java/
          http://www.macobserver.com/tmo/article/apple-remote-disables-java-on-macs-after-major-security-alert

          If you haven't allowed Software Update to update your Mac with security updates, you should. If you have re-enabled/installed Oracle's version of Java on your Mac because you need it to access a particular Web site (some courts require Java to be able to file documents via the Web, for instance), you should turn Java off in your Web browser until, and only when, you specifically need Java.

          In Safari, go to:
          Safari menu --> Preferences --> Security --> uncheck Enable Java

          As before, it's best not to use Web sites written by sources that don't really understand the Macintosh as your primary source of information about what is going on with the Macintosh. Especially with regard to security. They tend to be overly alarmist and not entirely accurate.

          You can always find the latest info, written in language that ordinary folks can understand, and offered by a source that isn't trying to sell you anti-virus software, here:
          http://www.reedcorner.net/mmg/

          ___________________________________________
          Randy B. Singer
          Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

          Macintosh OS X Routine Maintenance
          http://www.macattorney.com/ts.html
          ___________________________________________
        • John Kaufmann
          ... Firefox users have the option of the QuickJava extension, which gives button-based toggling of Java and other potential vulnerabilities (JS, Flash, ...),
          Message 4 of 15 , Jan 23, 2013
          • 0 Attachment
            In a message dated 2013-0123 06:13 -0500, Randy B. Singer wrote:

            > ... If you have re-enabled/installed Oracle's version of Java on your Mac because you need it to access a particular Web site (some courts require Java to be able to file documents via the Web, for instance), you should turn Java off in your Web browser until, and only when, you specifically need Java.
            >
            > In Safari, go to:
            > Safari menu --> Preferences --> Security --> uncheck Enable Java

            Firefox users have the option of the QuickJava extension, which gives
            button-based toggling of Java and other potential vulnerabilities (JS, Flash,
            ...), making it very easy to enable on a per-site, or even per-page, basis.

            John
          • Rick Albright
            ... What about JavaSCRIPT? That s a separate option. Should that be unchecked, as well, Don t a lot of web pages use JavaScript? What are the implications of
            Message 5 of 15 , Jan 25, 2013
            • 0 Attachment
              On Jan 23, 2013, at 6:13 AM, Randy B. Singer wrote:

              > In Safari, go to:
              > Safari menu --> Preferences --> Security --> uncheck Enable Java

              What about JavaSCRIPT? That's a separate option. Should that be unchecked, as well, Don't a lot of web pages use JavaScript? What are the implications of turning this off? Will it cause a lot of problems accessing web pages?

              Thanks,
              Rick

              ===========================================================
              Rick Albright
              logres@...

              Writing the Past, Writing the Future: Time and Narrative in Gothic and Sensation Fiction
              http://www.powells.com/biblio/72-9780980149647-0
            • J.J. McVeigh
              ... No. You can leave that be. Apples and Oranges. -- John Joseph McVeigh, Attorney at Law Butler, Maryland 21023-0128 Practice before the Federal
              Message 6 of 15 , Jan 25, 2013
              • 0 Attachment
                At 23:01 -0500 25.01.2013, Rick Albright wrote:

                > > In Safari, go to:
                >> Safari menu --> Preferences --> Security --> uncheck Enable Java
                >
                >What about JavaSCRIPT? That's a separate option. Should that be
                >unchecked, as well[?]

                No. You can leave that be. Apples and Oranges.

                --
                John Joseph McVeigh, Attorney at Law
                Butler, Maryland 21023-0128
                Practice before the Federal Communications Commission
                Member: NY; DC; and USPTO Bars
              • Sam Storch
                While it is now considered good practice to disable Java (except by you for known specific purposes that you trust) you may need to have Javascript enabled to
                Message 7 of 15 , Jan 26, 2013
                • 0 Attachment
                  While it is now considered good practice to disable Java (except by you for known specific purposes that you trust) you may need to have Javascript enabled to do just about any work beyond text-only websites.

                  Despite having similar names, Java and Javascript are two entirely different things. You can get better clarification than my simple statement by searching recent discussions on macintouch.com which is reliable in this sort of stuff.

                  Cheers!
                Your message has been successfully submitted and would be delivered to recipients shortly.