 |
 |
Cyber attack infects 550,000 of Apple's 'virus free' machines - UK and U.S. worst hit (Page 3)
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Originally Posted by besson3c 
Why doesn't Apple, for instance, have 10.6+ only updates appear in Software Update, but mark them as being for 10.6+ only with a link to some sort of machine eligibility page, along with the description of what the bug fixes so that the user can make semi-informed decisions? This might actually be a catalyst for sales.
You mean have them appear for 10.5 users?
Ooo, that would be annoying. Nothing like getting rubbed in your face that you're running a $5000 workstation that was obsoleted after three and a half years...
I see your point, though, for upgrade-eligible users, but I think it would come across as slightly pushy to drive people to a paid upgrade every time a security breach was found. "Hey, your system is insecure, and WE'RE NOT GONNA FIX IT! Buy the upgrade!"
Hm.
|
|
|
| |
|
|
|
|
|
|
|
Moderator  Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Originally Posted by besson3c
While I'm empathetic to the impracticality of Apple backporting fixes in perpetuity, Apple absolutely *HAS* to do a better job communicating to users that they need to upgrade in order to be secure, and that their OS is out of support status.
++ on this. An extended support phase would be golden, but this is what is really needed. Everyone but Apple does this these days.
Originally Posted by andi*pandi
I use PHP and while I've done some things with terminal, I am leery of anything that requires compiling, terminal, etc. Asking anyone like my Dad to do so is silly.
I get that, but it's mostly because it has such a scary name. These days it's easier than installing Office, but perhaps it's even easier to use a package manager such as MacPorts.
Originally Posted by andi*pandi
Me: Dad, did you do that software update I emailed you about? So you don't get that trojan?
Dad: Hon, I didn't know how to update my software so I didn't do it.
Me: Dad, the instructions were in the email.
I recognize this. Mom usually forwards me any email from Apple and asks how to do it, and all I do is check the link that is inevitably in the mail somewhere and copy the text from there. I guess I'm a spam filter, if nothing else.
|
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Ham Sandwich
|
|
This crap is still going on?
I don't get it. What exactly is the biggest danger from having this malware on your computer?
[1] Does someone see your credit card details?
[2] Does it start erasing your data?
[3] Does it start changing your program preferences?
[4] Does someone hack your computer a while afterwards?
If none of the above... then I can see why half a million people still have the malware, because none of them care! "Oh my Mac works fine so just leave it."
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Originally Posted by P
On a semi-related note, I dug through Apple's security docs to looked in to what it would take to make 10.5 secure up to the level of security updates released for 10.6. While making certain assumptions (mainly that any bug that showed up in 10.7 and does not exist in 10.6 will also not be present 10.5), it seems that you can make yourself secure to the level of 10.6 if you:
* Disable Java
* Replace Safari with an updated browser (such as Firefox)
* Replace Quicktime with an updated video player (such as VLC)
* Update libpng (which seems to be the root of a lot of the vulnerabilities) yourself by compiling it from source
* Update python and PHP yourself
* Make sure to not enable the web server or mail server, or if you do, update Apache and postfix
And here's the kicker...
* Disable the application firewall. There is an odd bug in there that it does not seem possible to patch yourself. Obviously that should be replaced with some other firewall solution
Not too bad, so far.
Just for my own amusement, I went over the 10.7.4 update for possible vulnerabilities. That makes things considerably darker - many defects from upstream code. Bugs in libpng, libxml, libarchive, ruby and curl have been patched, and at least some of those libs are included in Apple frameworks that it may be beyond the average user to update.
|
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status:
Offline
|
|
10.5 gets a pair of Security Updates:
The Leopard Security Update disables older versions of Adobe Flash Player that don’t contain the latest security updates, prompting you to upgrade instead.
Leopard Security Update 2012-003
The Flashback Removal Security Update finds and removes the most common variants of that insidious malware.
Flashback Removal Security Update
I've tried to install these on my G4. Got a 'this software update can't be installed on this computer' sort of message; I guess these are intel only. 
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
I think that Flashback itself was Intel only?
|
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Wasn't the last version of Flash that runs on Leopard was 10.3, which is ancient anyway?
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Correct, I didn't think of that - and given how Adobe treats security updates, it's probably a nest of bugs by now. All the more reason for Apple to push SL as a free download for all x86 Leopard users. They're giving it away anyway - why not just push it through Software Update?
|
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Agreed. I wonder what sort of bandwidth we're talking, though. Apple would probably have to go back and strip down the 10.6 install in a manner similar to 10.7 (cut intro videos, etc) to keep the bandwidth manageable.
The other question being whether people still on 10.5 have the means to download such a massive upgrade.
In addition, you NEED backup install media for 10.6, as it doesn't have a built-in recovery mode like 10.7. So you'd have to pretty much re-engineer the installer to prompt people to burn a DVD...
Does not sound feasible.
The Adobe thing is all the weirder, though: pushing an update that will disable outdated versions of Flash and prompt users to update—to a version that doesn't exist...
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Why would you need backup media for 10.6? If you need to reinstall, just use the 10.5 disc and then run Software Update again - same as if it were 10.5.8 you had to get to. As for bandwidth... Given that the size of the installed base of 10.5 x86 has to be tiny now, and the updates for the mainline OS (which all Mac users will install fairly soon) are as large as they are, I don't think a few 10.5 users downloading a couple of gigs of 10.6 will even make a dent in their bandwidth budget.
BTW: those still stuck on Leopard PPC can at least update their Safari installation to something resembling 5.1.x now.
|
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Originally Posted by P
Why would you need backup media for 10.6? If you need to reinstall, just use the 10.5 disc and then run Software Update again - same as if it were 10.5.8 you had to get to.
Point...you make one.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status:
Offline
|
|
I have backup media for every OS. Having physical media locally is a big benefit.
1) One doesn't always have internet access.
2) Even when one has internet access, one doesn't always want to wait an hour or whatever for the download.
3) One may want to install the OS on more than one machine.
Meanwhile:
Mac-based Flashback click fraud campaign was a bust
The hackers in charge of the Flashback botnet managed to generate $14,000 from their click fraud campaign, but have not been paid, Symantec said today.
New analysis of the Flashback botnet and the traffic between infected Macs and command-and-control (C&C) servers exposed the earnings and the lack of payment, Liam O Murchu, manager of operations at Symantec's security response center, said in an interview today.
O Murchu credited security companies' efforts for preventing the botnet's handlers from generating more money through click fraud.
Starting in early April, antivirus vendors, including Symantec, snatched potential C&C domains before the attackers did, effectively blocking orders from reaching many of the estimated 600,000 infected Macs. The commands fall down a metaphoric "sinkhole" instead.
Part of the Flashback botnet survived those efforts, however. The hackers retained control of at least 10,000 Macs, which they infected with additional code that steals clicks from ads that Google's search engine displays alongside search results.
Altogether, Flashback's creators were able to use less than 2% of the botnet to crank out ghost clicks.
Even though the percentage seems small, those Macs displayed more than 10 million ads in a three-week span; 400,000 of those ads were clicked by users. The 400,000 clicks were worth approximately $14,000.
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Originally Posted by Eug
I have backup media for every OS. Having physical media locally is a big benefit.
Sure, but the discussion about making 10.6 free boils down to two options.
1) You have 10.5 on a disc and can maximally update to 10.5.8.
2) You have 10.5 on a disc and can maximally update to 10.6.8 (or whatever we end up at).
There are no downsides to being able to update further. If you don't want to download the update, then don't do so. If you want to burn the Combo update to a DVD, then do so.
|
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top