Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Cyber attack infects 550,000 of Apple's 'virus free' machines - UK and U.S. worst hit

Cyber attack infects 550,000 of Apple's 'virus free' machines - UK and U.S. worst hit (Page 2)
Thread Tools
Demonhood
Administrator
Join Date: Mar 2000
Location: Land of the Easily Amused
Status: Offline
Reply With Quote
Apr 10, 2012, 11:35 PM
 
Found one on a machine today. I'm guessing the user fell for the "hey, flash needs updating" trick.
     
Demonhood
Administrator
Join Date: Mar 2000
Location: Land of the Easily Amused
Status: Offline
Reply With Quote
Apr 10, 2012, 11:38 PM
 
I put together a simple automator app for people averse to Terminal (you know, relatives, the average Mac user, etc.).

FlashCheck - Here it is.

Nothing fancy. It just runs a shell script, checks the 3 known places for the virus, then outputs a text file. If the file is empty, you're golden. If not, it's time to run some anti-virus utilities (ClamAV is nice and simple). Feel free to pass along.

This is what it does, btw:

Code:
set +e defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES sleep 2 defaults read /Applications/Safari.app/Contents/Info LSEnvironment sleep 2 defaults read /Applications/Firefox.app/Contents/Info LSEnvironment set -e
Simple huh.
( Last edited by Demonhood; Apr 11, 2012 at 12:24 PM. Reason: Made the download a disk image)
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Apr 11, 2012, 03:40 AM
 
Nice work Demonhood.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
angelmb
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status: Offline
Reply With Quote
Apr 11, 2012, 03:41 PM
 
Thanks. A note of caution, though. This method finds just one variant of the malware. Other variants put files of different names in different locations of the hard disk.
     
Demonhood
Administrator
Join Date: Mar 2000
Location: Land of the Easily Amused
Status: Offline
Reply With Quote
Apr 11, 2012, 04:37 PM
 
True. Anything more is going to require authorization. I had considered removing the java plist file and adding the two known IP addresses that host the payload to localhost instead. Tho, like I said, those would both require a password.
     
MacNNUK  (op)
Grizzled Veteran
Join Date: Aug 2007
Location: U.K.
Status: Offline
Reply With Quote
Apr 12, 2012, 02:58 AM
 
Find And Remove Flashback Trojan From Your Mac Using F-Secure’s Flashback Removal Tool


Find And Remove Flashback Trojan From Your Mac Using F-Secure’s Flashback Removal Tool | Redmond Pie)




Mac security software sales jump in wake of Flashback

Mac security software sales jump in wake of Flashback | Macworld




This very comprehensive one is free ...

Free Antivirus for Mac OS X Download | Sophos Free Tools







Approx one hour to scan 170GB first use




The Mac does slow down quite considerably whilst the first comprehensive scan is being performed

iMac Intel Core i5, 2.5GHz, 4GB RAM, 500GB 21.5" Monitor 10.8.3.
iMac 17" 2.0ghz Intel Core 2 Duo w 3gb memory (White one) 10.6.8.
Internal 500gb / 8x external HDD's 250GB - 3TB (4x Time Machine)
     
Pierre B.
Grizzled Veteran
Join Date: Feb 2003
Status: Offline
Reply With Quote
Apr 12, 2012, 03:19 PM
 
Hm, this is really strange. I tried the Kaspersky web page to check my Mac and it was found infected. However, the available tools say that it is clean. What this means? Shameless liars? Wrong detection method?

I would ask everyone to try the same and report back. This is pretty serious if it is repeated to other users also.
     
Thorzdad
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status: Offline
Reply With Quote
Apr 12, 2012, 03:41 PM
 
Why would the Kaspersky page require your Mac's UUID just to run a scan?
     
Pierre B.
Grizzled Veteran
Join Date: Feb 2003
Status: Offline
Reply With Quote
Apr 12, 2012, 04:11 PM
 
Originally Posted by Thorzdad View Post
Why would the Kaspersky page require your Mac's UUID just to run a scan?
From my understanding their method to count the infected Macs is based on the UUID of the machines that tried to talk back to the servers.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 12, 2012, 05:30 PM
 
Originally Posted by Thorzdad View Post
Why would the Kaspersky page require your Mac's UUID just to run a scan?
Could it be that the UUID merely tells Kaspersky if the FlashUpdate has been done or not, and if it hasn't, the vulnerability is reported as "infected" ?

-t
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Apr 12, 2012, 05:42 PM
 
Java update including removal in Software Update now.
     
Pierre B.
Grizzled Veteran
Join Date: Feb 2003
Status: Offline
Reply With Quote
Apr 12, 2012, 05:54 PM
 
Originally Posted by turtle777 View Post
Could it be that the UUID merely tells Kaspersky if the FlashUpdate has been done or not, and if it hasn't, the vulnerability is reported as "infected" ?

-t
Whatever the case, this is not a scan. You know it by the speed it displays the result. I think it just reads a database of Mac's UUID known to have tried to connect to certain servers. I have confirmation from another forum that there are other users also with this false alarm, so I am not alone.
     
MacNNUK  (op)
Grizzled Veteran
Join Date: Aug 2007
Location: U.K.
Status: Offline
Reply With Quote
Apr 12, 2012, 07:55 PM
 
Apple Releases Java Update To Officially Fix Flashback Trojan Vulnerability, Update Now!

Apple Releases Java Update To Officially Fix Flashback Trojan Vulnerability, Update Now! | Redmond Pie)



iMac Intel Core i5, 2.5GHz, 4GB RAM, 500GB 21.5" Monitor 10.8.3.
iMac 17" 2.0ghz Intel Core 2 Duo w 3gb memory (White one) 10.6.8.
Internal 500gb / 8x external HDD's 250GB - 3TB (4x Time Machine)
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 13, 2012, 03:36 AM
 
Not really. The vulnerability was fixed in the first of these - this update will also actively remove the Trojan if it finds it.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
TETENAL
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Apr 13, 2012, 06:24 AM
 
So Apple screws everybody who does not have Java installed, but got manipulated into installing this as a Flash update?

That is a stupid, condescending and outright mean action of Apple.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Apr 13, 2012, 06:27 AM
 
Doesn't the Flashback trojan rely on Java? I thought it was a Java vulnerability. If you don't have Java installed you can't install Flashback, right?

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
TETENAL
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Apr 13, 2012, 06:38 AM
 
It relies on a Java vulnerability to automatically infect Macs. But it relies on social engineering otherwise (pretending to be a Flash update). Hence the name I think.

It might not be Apple's "fault" if users infected themselves like this, but I find it quite arrogant not to help those users also.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Apr 13, 2012, 06:42 AM
 
But I don't fully understand the point you're making. If the user doesn't have Java installed, the trojan can't be installed, right? You're objecting to Apple only removing the trojan upon updating Java, which doesn't help people who don't have Java installed - but if they don't have Java installed in the first place they have no chance of installing the trojan, correct or incorrect?

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
TETENAL
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Apr 13, 2012, 06:52 AM
 
Variants of the Flashback malware pretend to be a Flash updater, and of course these can be installed without Java.

INTEGO SECURITY MEMO: Mac Flashback Trojan Horse Masquerades as Flash Player Installer Package - The Mac Security Blog
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 13, 2012, 07:16 AM
 
Exactly - but I believe Xprotect is supposed to take care of those.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
TETENAL
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Apr 13, 2012, 12:11 PM
 
XProtect naturally comes after malware has been found in the wild, and the Flashback makers have been releasing new variants rapidly (including ones that disable XProtect). And if you browse the web with anything other than Safari, XProtect is completely useless anyway.

Microsoft releases malware removal tools with Windows update that remove the malware regardless of whose "fault" the infection was. So why is Apple's malware removal routine tied to Java as if the other infections are not their business?
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 13, 2012, 04:57 PM
 
Microsoft's tool (Malicious Software Removal Tool) is released once a month, no matter how many issues have been discovered since - it is never released in response to a threat, as this update was. IS that nay less reactive?

How the OS vendor responds to a threat is always problematic. It is not the vendor's fault, per se - a trojan is by definition something that tricks the user into doing what it wants. Apple's one-two punch in response is the App Store and Gatekeeper. Microsoft's method - the tool - has seen very limited success, so I can hardly fault Apple for trying to come up with a better answer.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
pigmode
Junior Member
Join Date: Jul 2004
Status: Offline
Reply With Quote
Apr 13, 2012, 09:22 PM
 
I've just had a 10.6.8 system start up an Acrobat Reader update, directly after Java Security Update install/restart. The Acrobat Reader update was run (unfortunately), and has popped back up at least one more time.

Hopefully this is just a small bug from the Java Security Update.



Edit: There is now "Flashback malware removal tool 1.0" @ Software Update for my 2011 MBP ( recently upgraded to 10.7.3) and which did not access the Java Security Updates.
( Last edited by pigmode; Apr 13, 2012 at 11:51 PM. )
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Apr 14, 2012, 05:13 AM
 
Originally Posted by TETENAL View Post
Microsoft releases malware removal tools with Windows update that remove the malware regardless of whose "fault" the infection was. So why is Apple's malware removal routine tied to Java as if the other infections are not their business?
Well, as it turns out, they did the Java-related version first, as that was the most common attack vector, and then added a generic removal tool after that.

Fair enough.
     
TETENAL
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Apr 14, 2012, 08:03 AM
 
Yes, they did the right thing by releasing this for those who don't have Java installed as well.

     
Thorzdad
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status: Offline
Reply With Quote
Apr 14, 2012, 08:11 AM
 
Originally Posted by pigmode View Post
I've just had a 10.6.8 system start up an Acrobat Reader update, directly after Java Security Update install/restart. The Acrobat Reader update was run (unfortunately), and has popped back up at least one more time.

Hopefully this is just a small bug from the Java Security Update.
I know Adobe pushed-out an Acrobat update yesterday. There was a Reader update available as well.
     
Eug
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Apr 15, 2012, 12:40 AM
 
Norton now has a free Flashback detection and removal tool:

Flashback Trojan - Mac Virus | Norton

OSX.Flashback.K Technical Details | Symantec

BTW, I don't think the descriptions are correct. Flashback is supposed to delete itself if ClamXAV is on the system. Well I had ClamXAV (and Sophos anti-virus) installed on my system, and it was still infected.

P.S. It was installed under one user account. Does that mean the trojan couldn't see info from the other user accounts?
     
pigmode
Junior Member
Join Date: Jul 2004
Status: Offline
Reply With Quote
Apr 15, 2012, 02:32 AM
 
Originally Posted by Thorzdad View Post
I know Adobe pushed-out an Acrobat update yesterday. There was a Reader update available as well.

Roger that. It was scary for a moment, though.
     
hyteckit
Addicted to MacNN
Join Date: May 2001
Status: Offline
Reply With Quote
Apr 15, 2012, 08:31 AM
 
MacOS update told me to update Java today. It found flack back malware on one of my computers. Holy cr*p. I'm surprise.
Bush Tax Cuts == Job Killer
June 2001: 132,047,000 employed
June 2003: 129,839,000 employed
2.21 million jobs were LOST after 2 years of Bush Tax Cuts.
     
hyteckit
Addicted to MacNN
Join Date: May 2001
Status: Offline
Reply With Quote
Apr 15, 2012, 08:34 AM
 
I wonder if my login and passwords have been compromised. I don't use safari to store passwords. I use 1password.
Bush Tax Cuts == Job Killer
June 2001: 132,047,000 employed
June 2003: 129,839,000 employed
2.21 million jobs were LOST after 2 years of Bush Tax Cuts.
     
Eug
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Apr 18, 2012, 12:27 PM
 
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 18, 2012, 01:25 PM
 
On a semi-related note, I dug through Apple's security docs to looked in to what it would take to make 10.5 secure up to the level of security updates released for 10.6. While making certain assumptions (mainly that any bug that showed up in 10.7 and does not exist in 10.6 will also not be present 10.5), it seems that you can make yourself secure to the level of 10.6 if you:

* Disable Java
* Replace Safari with an updated browser (such as Firefox)
* Replace Quicktime with an updated video player (such as VLC)
* Update libpng (which seems to be the root of a lot of the vulnerabilities) yourself by compiling it from source
* Update python and PHP yourself
* Make sure to not enable the web server or mail server, or if you do, update Apache and postfix

And here's the kicker...

* Disable the application firewall. There is an odd bug in there that it does not seem possible to patch yourself. Obviously that should be replaced with some other firewall solution

Not too bad, so far.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 18, 2012, 02:35 PM
 
Originally Posted by P View Post
Not too bad, so far.


-t
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Apr 18, 2012, 02:54 PM
 
For someone who's stuck on a G5, that is indeed manageable.
     
Eug
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Apr 18, 2012, 03:28 PM
 
^^ That doesn't make much sense. 10.6 only came out 2.5 years ago. ie. Someone could have bought 10.5 well under 3 years ago.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Apr 18, 2012, 04:41 PM
 
Originally Posted by Eug View Post
^^ That doesn't make much sense. 10.6 only came out 2.5 years ago. ie. Someone could have bought 10.5 well under 3 years ago.
All Intel machines have the option of upgrading to 10.6, which is arguably less effort.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 18, 2012, 05:08 PM
 
Exactly - the point was a G4 or G5 that might still be required for something, especially now that Lion no longer supports Rosetta. I checked up on it because I have an old iMac G5 that I may want to use now and then, and obviously I'd like it to be secure. I forgot one point on the list: you have to eliminate the root certificates for Diginotar, as they are no longer trusted and the update to disable them was not made for 10.5.

As for time: the first MP launched on August 7th, 2006. The first security update that would not run on 10.5 was released on September 5th, 2011 - just over 5 years later.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Eug
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Apr 18, 2012, 06:05 PM
 
Originally Posted by Spheric Harlot View Post
All Intel machines have the option of upgrading to 10.6, which is arguably less effort.
True, buying a new machine is less effort, but if you have a machine that can run an OS less than 3 years old, you'd hope that the OS would actually be secure. 3 years is not a long time, even in today's hyperaccelerated technology world.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Apr 18, 2012, 06:09 PM
 
Originally Posted by Eug View Post
True, buying a new machine is less effort, but if you have a machine that can run an OS less than 3 years old, you'd hope that the OS would actually be secure. 3 years is not a long time, even in today's hyperaccelerated technology world.
I don't get what you're talking about?

EVERY MACHINE that has been sold as new in the past 5 1/2 years (since August 2006) is upgradeable to at least 10.6, and SHOULD be upgraded to 10.6. No new machine necessary. There's no reason to be running 10.5 on any Intel machine.

I was commenting on P's list of things necessary to make 10.5 secure, which turtle somehow thought absurd. I got the relevance and pointed out that, if you're stuck on a G5 (which a number of people are), it's not that absurd, and can still be handled.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 18, 2012, 06:21 PM
 
Originally Posted by Spheric Harlot View Post
which turtle somehow thought absurd.
On a Mac, having to compile libraries from source code to protect your system is absurd.

If not, the word "absurd" has no more meaning.

-t
     
Eug
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Apr 18, 2012, 09:20 PM
 
Originally Posted by turtle777 View Post
On a Mac, having to compile libraries from source code to protect your system is absurd.
Indeed, for a machine supported by Apple's primary and most up to date OS less than 3 years ago. Absurd.
     
angelmb
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status: Offline
Reply With Quote
Apr 19, 2012, 03:28 AM
 
Originally Posted by Spheric Harlot View Post
There's no reason to be running 10.5 on any Intel machine.
Apple offers free Snow Leopard to push MobileMe holdouts
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 19, 2012, 06:51 AM
 
Originally Posted by turtle777 View Post
On a Mac, having to compile libraries from source code to protect your system is absurd.

If not, the word "absurd" has no more meaning.

-t
Having to compile libs to keep your five year old system secure is not really absurd, and anyway you can skip any compiling by yourself if you don't use python, PHP or X11 - not exactly mainstream stuff. I have not checked if those packages are available from a package manager, but it seems likely. In any case, python and PHP are for programmers, who ought to have a clue about how to build a package. Compiling things yourself is also a fairly every-day thing for anyone who uses X11 on a Mac.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 19, 2012, 06:53 AM
 
Originally Posted by Eug View Post
Indeed, for a machine supported by Apple's primary and most up to date OS less than 3 years ago. Absurd.
Wait, what? So if Apple had dropped PPC support from Leopard with one of the point releases, that would somehow be better?
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 19, 2012, 07:04 AM
 
Originally Posted by Eug View Post
True, buying a new machine is less effort, but if you have a machine that can run an OS less than 3 years old, you'd hope that the OS would actually be secure. 3 years is not a long time, even in today's hyperaccelerated technology world.
Actually no, buying a new machine and transferring your data and apps is not less work than the list above. And Leopard was released on October 16, 2007, making it four and a half years old by now - that first patch that was not released for it (the one for disabling DigiNotar) was released just over four years after Leopard's release.

It's really not hard. If you have an Intel machine, you're still being supported if you upgrade to SL - something that is apparently even free now. If you have a PPC machine, Apple effectively supported it for at least 5 years after release (and you are, btw, completely safe from the Java vulnerability in the OP ). Going in to this little investigation, I honestly thought that it would be a lot more bugs left open, but I was pleasantly surprised.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Eug
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Apr 19, 2012, 12:50 PM
 
I guess I should have said (as I said the first time) that 10.5.8 was Apple's primary OS less than 3 years ago.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 19, 2012, 01:07 PM
 
Originally Posted by P View Post
Having to compile libs to keep your five year old system secure is not really absurd, and anyway you can skip any compiling by yourself if you don't use python, PHP or X11 - not exactly mainstream stuff. I have not checked if those packages are available from a package manager, but it seems likely. In any case, python and PHP are for programmers, who ought to have a clue about how to build a package. Compiling things yourself is also a fairly every-day thing for anyone who uses X11 on a Mac.
How many Mac users know how to compile libraries from source code ?

0.01% ? 0.02% ?

To expect that this should be done to protect yourself is absurd. I have no other words for it.

-t
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 19, 2012, 01:36 PM
 
What is the percentage of Mac users that use X11, PHP or python on a 10.5 PPC machine? Can it be assumed they they know something about compiling if they're using a programming language or installing apps in X11?

Leopard was supported for just under 4 years (release Oct 26, 2007, first update to not support Sep 2011). Tiger was supported from its release on April 29, 2005, and the first security update to not support it was on November 2, 2009 - so 4 years, 6 months. Panther was released on October 24, 2003, and the first security update to not support it was on Dec 17, 2007 - call it 4 years and 2 months. Jaguar was released on August 24, 2002, and the first update to not support it was March 21, 2005 - 2 years and 7 months. Further back I suspect the updates were cut off sooner, but it doesn't matter a lot - the market for anyone running 10.1 years after 10.2 was out would have been much too small to target.

Apple's OS support length hasn't really changed. It looks worse now because Safari 5.1 is not available for Leopard while previous updates have supported quite old OSes, but it's more or less the same as it always was.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 19, 2012, 01:41 PM
 
Originally Posted by turtle777 View Post
How many Mac users know how to compile libraries from source code ?

0.01% ? 0.02% ?

To expect that this should be done to protect yourself is absurd. I have no other words for it.

-t

How many Mac users use Python, X11, or PHP?

While I'm empathetic to the impracticality of Apple backporting fixes in perpetuity, Apple absolutely *HAS* to do a better job communicating to users that they need to upgrade in order to be secure, and that their OS is out of support status.

Why doesn't Apple, for instance, have 10.6+ only updates appear in Software Update, but mark them as being for 10.6+ only with a link to some sort of machine eligibility page, along with the description of what the bug fixes so that the user can make semi-informed decisions? This might actually be a catalyst for sales.

As it stands Apple does nothing to communicate the risks of being out of supported status to the user, so one cannot give Apple a complete free pass. Even Linux and BSD operating systems do a better job of making the support status info available.
     
andi*pandi
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Reply With Quote
Apr 19, 2012, 01:53 PM
 
Thank you for that link, of all the nagging emails I've gotten reminding me about this iCloud thing, I didn't get this one. Free Snow Leopard for me!

I use PHP and while I've done some things with terminal, I am leery of anything that requires compiling, terminal, etc. Asking anyone like my Dad to do so is silly.

Me: Dad, did you do that software update I emailed you about? So you don't get that trojan?
Dad: Hon, I didn't know how to update my software so I didn't do it.
Me: Dad, the instructions were in the email.
     
 
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 06:54 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,