Apple Updates Java To Include Flashback Removal 121
Fluffeh writes "In the third update to Java that Apple has released this week, the update now identifies and removes the most common variants of the Flashback malware that has infected over half a million Apple machines. 'This Java security update removes the most common variants of the Flashback malware,' Apple wrote in the support document for the update. 'This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.'"
immature=no java (Score:5, Interesting)
So to fix the problem, they say lets disable java by default. They are new to the security game.
Lets say using adobe photoshop had a vulnerability, apple's defense is disable the running of photoshop when launching a ps file withotut prompting?
It's like preventing your child walking without your permission every time and then when their grown up and able to make their own decisions and decide to walk, you say, oh you have not walked in a while, you can't walk again.
only the beggining (Score:2, Interesting)
apple's "security through scarcity" is starting to fade away as they gain marketshare. any popular OS will get viruses, malware, trojans, etc.
will mac os get a stonger walled garden as a result? i hope not as i was about to buy my first mac.
The core OS is still pretty secure (Score:3, Interesting)
Re:immature=no java (Score:3, Interesting)
You have 3 pieces of software that constantly gets patched for security holes found and they are....
1) Java - Not installed in OS X by default anymore. Doesn't get installed unless its requested like running Adobe Apps, etc.
2) Flash - Not installed anymore by default
3) Quicktime - Rewritten from the ground up starting with QT X. QT 7 and back has always been a security breach.
Re:The core OS is still pretty secure (Score:5, Interesting)
Most of the problems have been related to people installing software from the internet manually and things like Java.
That's pretty much the case with all platforms, compromise the user and you compromise the security of the system. All the email attachment malware, screensavers, etc... are user exploits and it doesn't matter what platform they are on, of course modern operating systems require explicit privilege escalation but again that's up to the user.
Add ons like Java are always going to be a source of headaches.
What do you mean 'Add ons'? You mean 3rd party software? Or in this case not even that since it's Apple that maintains Java releases for OSX.
All I know is I rarely have trouble with my Macs but the PCs are another story. One of mine I had to surrender for internet use because it got nailed by a redirect and I tried everything and short of redoing the OS there was no way to scrub it out. I find it safer to use Mac for web surfing and downloading things like software and I use a lot of licensed photos in my work. It's just my personal experience that I run into far fewer issues with the Macs.
I'm equally as careful whether i'm running Windows or OSX, i'm not going to be naive and just install anything downloaded from the net or visit questionable sites on either platform because - as these recent publicized events have highlighted - neither platform is completely secure and it would be pretty irresponsible to tell users that they don't have to worry about security just because it's OSX, best to be just as careful no matter what you use. Sure there are less known issues with OSX - even less for most linux or BSD distros - but as their marketshare increases we are seeing instances of infection increase so best to take as much care no matter which platform you're on.
Does It Tell You (Score:0, Interesting)
that you were infected? I'd like to know, I checked myself but could have missed it