Apple Quietly Pulls Claims of Virus Immunity

pparks1 said:

Wordsworth said:

I just got a virus this week, after having not had one since the mid 90s and that one coming off a floppy from work. The virus this week is called Live Security Platinum. I'm making another thread concerning it so as not to hijack this thread, but I was looking for some weight lifting advice and clicked on a link in Bing search which then took me to a site that did not look suspicious. As I started to read, Malwarebytes came up with a message that an attack had been attempted and I then clicked on the Quarantine button, and left the site quickly. Still, the damn thing infected this box. I've been on the Net solidly since 1996 so my run of 16 clean years ended this week.

Thanks for sharing. These are the types of things that always make me skeptical of the person who says they have NEVER had an issue and the only protection they need is common sense.

A friend of mine at work, got hit, just like you did searching the web for sunglasses. The only questionable thing they did, (IMHO) was use IE for that search.

An IT buddy at work was googling and Exchange error and clicked on a link and a picture of Emma Watson on a crapper popped up on his screen and his machine was hosed. Once again, IE was the browser being used.

Around 2.5 years ago, i got hit with something when I was searching on a local radio station talk show that was going away in my area. (So, you think you are secure and don't need precautions). It didn't ultimately really damage anything and I didn't have to start over, but I won't claim that it didn't happen.

Using something like Sandboxie "could" have helped to prevent something like this from happening...but always keeping my environment sandboxed while at work trying to accomplish tasks quickly isn't always convenient. Plus, my issues are so few and far between, that going to extra lengths usually means I spend more time protecting myself than actually fixing myself if a problem "were" to arise.

I've been thinking of using Sandboxie of late then this happens. Thankfully this box appears to be clean now. I've always been careful with websites and emails sometimes to the point of absurdity; I think the law of averages just played a hand.

lehnerus2000 said:

Stratos said:

I did not imply such in that context, that's just your unique interpretation.

Here's what you said:

Stratos said:

It requires several user inputs thus not passive.

You're confusing my comments with the wrong context. This reply was in regards to your comment that I faulted Mac users because they plugged their computers in, turned it on and surfed the internet. I made no such implications, that was your unique assumption.

The comment "it requires several inputs..." is in regards to how it's not a true drive-by, passive attack. Flashback does present itself as an applet (exploiting a weakness in Java code for Macs) which needs the user to click either "Ok" or "Update" in order to run the code.

lehnerus2000 said:

You keep saying, "the user did something, therefore it's not a passive attack".

Your definition of a "passive attack" must therefore mean "Worm".
If not, what is a "passive attack"?

A true passive "drive by" attack would only require the user to visit a booby trapped website. In other words just loading up that particular web page is all that's needed. In many pwn2own hacking contests, the contestants would show up with a script that was prepared days, weeks, months ahead of the contest and attempt to run existing code that's on the system (for example Calculator). What this demonstrates is that a rogue executable could be anywhere within the computer and the web page provides the catalyst in order to run it. This demonstrates how browsers are a common attack vector for exploitation. Plug ins, addons and extensions are weaknesses if written poorly (i.e. Flash, Java).

A worm by definition is a standalone, self-replicating code that (unlike a true virus) need not be part of another application/program. Must it be a worm? No. Worms are one of the most easily detectable types of malware and the component that allows itself to self replicate is not necessary if the delivery method was through a rogue website. It would be easier for a malware coder to deliver a seemingly innocent code which contained dormant, malicious code and have the trigger provided through a website.

lehnerus2000 said:

You have constantly blamed the Mac users for getting infected ("it's their own fault").

OTOH, I am not blaming the Mac users for getting hit by a Drive-by attack.
Especially since they were told that their systems are immune to malware.

There were no blame put upon anyone, that was your assumption again, I'm not sure why you insist that there's any kind of blame since I did not mention it. When I said you think in such binary terms, that means you think in absolutes or "it must be this or that". Situations present itself in many ways whether its faulted to you or not, what matters is your level of preparation and your ability to deal with it. If you didn't get my Forrest Gump comment, all it means is "____ happens".

lehnerus2000 said:

Problems don't occur without a cause (Cause and Effect).

The cause in the case of malware might be:

• Bad design
• Sloppy coding
• User foolishness/ignorance

A perfect OS (or other software package) would have no exploits and therefore no security updates.
As such, the only way to hijack such a system would be to trick users into installing malware.

The only thing users can really do (assuming they actually want to use their computers) is make sure they have:

• All the latest security patches for their OS and other software.
• Their firewall turned on.

If they run Firefox, they should install NoScript.

Again you're taking context and skewing it completely off the mark, not sure why you need to discuss "cause and effect" here since it wasn't mentioned. It's your insistance that I'm placing fault upon the user, I made no such claim, stated it and yet you keep clinging onto it.

Malware's effectiveness lies in a multitude of possibilites. It starts with the knowledge the coder has with its projected target systems. Then in combination it uses existing vulnerabilities which may or may not be known (such as zero days) and unresolved (unpatched applications). It often relies on steering users to an area in which the code awaits delivery (booby trapped website, IRC, torrents, emails, etc.) and as such exploits the user's level of awareness (in varying degrees) in order to complete the delivery and execution of the rogue code.

There's no such thing as a perfect OS, not sure why you felt it needed to be mentioned. OSX has one major advantage in the area regarding malware over Windows and it's due to how malware is most often profit-driven and it goes hand in hand with just how large the actual Windows marketshare is (in comparison to OSX in all flavors). If the Windows to OSX marketshare ratio were, for example 1:1 I believe you'd see a much larger explosion of malware occurrence with OSX.

lehnerus2000 said:

Stratos said:

If you walked outside your home and a rogue lightning bolt hit you, you think there has to be some fault involved?

You obviously do.

Stratos said:

It requires several user inputs thus not passive.

I don't. A common user has a need to use the internet and you can't realistically expect to block something the user must use as in providing a patch to disable the internet. You need to understand that with all things, risks are involved. If you can eliminate all risks then I think your solution of simply not using the computer may be one of the most effective but it's my belief that it's an excessive, overreaction. Since no OS is perfect and the internet practically endless, there's always some sort of risk using it.

People could easily implement controls like running antivirus/antimalware software to reduce some of the risks. You could also check on websites which help educate you on what's considered risky and how to deal with them in order to further reduce your risk. The goal is to minimize the risk level to the lowest point. Risks are assessed and dealt with the combination of its severity and likelihood of it happening.

jimbo45 said:

Hi Guys

What are you people actually running

I still say with minimal AV (currently MSE on W7, WD on W8 and NONE on SUSE linux 11) I've NEVER had a virus.

(And I have used some torrent sites in the past too)

So please --what are you actually doing that gets your machine(s) infected.

I have only ever had one rule in all the years I've been using the internet

NEVER OPEN an e-mail attachment that you don't know where it's coming from or open links within legit emails unless you are sure the url is genuine.

Might be simple but this has NEVER given me a problem over years and years of using the Internet.

Cheers
jimbo

Jimbo on my normal PC's, I currently use Kaspersky. It's a tad heavy on resource use but I had a 3 yr subscription that doesn't end until 2014. On my ultralight portable Thinkpads, I use the latest MSE.

On my Macs I tried several (there's not a whole lot of choices unlike the Windows platforms) and discovered that ClamXAV is a very good, robust yet simple application. It is currently set to run on-demand only. I like how it doesn't require anything beyond user level access and a compromised signature file will have no access to key system files and processes (meaning recovering from such a compromise would be very easy), should it happen.

Coram Daes said:

Seems you are forgetting the scenario with poisoned ads on innocent sites. meh

Depending on how you look at things, many sites (even legit ones) may involve "poisoned" ads.

Coram Daes said:

The whole reasoning behind having or not having Java is ludicrous.

As Oracle claims: 3 billion devices runs Java. Java is almost a must on any pc or mac. Lots of software apps are based on Java, the software you use to be able to communicate between many cell phones and the computer is Java. I could also bring up the example of a multi billion dollar global corporation within car manufacturing that bases just about all its applications on Java. Maybe others do as well, I really dont know. You go service your car, the application used to update your cars ECU firmware and read stuff from it is most likely based on Java.

Ah, just the comment I was waiting for, thanks for that Coram Daes.

Yes there's a huge abundance of Java and yes many people use them. The problem with what's said is how either PC or Mac computers must use Java and that's not entirely true. There's a need for Java "if" you need to access to their controls and/or content. I don't believe in installing components onto any machine that you have no use for.

Speaking for myself, I have had no need for Java on my Macbook (yet) however should there be a need for it, the software's readily available. The reason for me not having it in the first place had less to do with how it's Java than it was about how I had a small 128GB SSD and decided to trim out everything I thought I did not need in order to conserve space. Since trimming out Java I discovered I did not need it and knew how to access typical Java services in other ways. Since then I doubled the capacity of my SSD and still found no need to have Java on the Mac. In any case if there's a need for it, I would likely reinstate/reinstall Java then disable or remove it when I no longer need it.

However even in the case of having Java installed (I could easily reinstall it on my machine but chose to leave it out), there's mitigation you as a user are able to implement. You could go into Java preferences and disable its ability to hang onto temporary files for example. It may have the residual effect of slowing Java interaction down a tad but if you're like me using a decent internet connection and a SSD (solid state drive), the performance hit is not noticeable.

Java itself is not bad, that is has many exploitable holes (as proven in the past) is.

Coram Daes said:

Not forgetting the explosion of iPads on several corporate networks (driven by Business, not by IT) and there you have loads of Macs needing Java to be able to logon the company network (just take Citrix as example). IBM runs Java. Lots of corporate intra- and extranets are built upon IBM WebSphere which is...ah! Java.

iPads don't support Java, never has, but that may not be what you were saying but I felt it needed to be said for the following.

Corporate networks (unlike your home network) is often based on a managed system. Such managed systems may employ domain access controllers, user account permissions, custom browser settings, antivirus/antimalware server, mail (MS Exchange) server, intranet web page (internal company website), firewall(s) and a limit to what kind of applications can be installed on client-side computers. These are all controls meant to mitigate risks. iPad users can use separate client apps to login and/or use VPN to access the corporate/company network (if it's setup to accept VPN logins). Since there are more mobile device use out there to include smartphones and tablets, there has to be other ways to access the network besides using Java.

For example US Gov't computers on their network won't allow the user to go out and install anything that's not already on the computer. If they need a particular program that's missing, they must call their local help desk, present their case and if they agree that they need additional software, it will be pushed from the help desk via remote access onto that machine and that machine only (and only for that user that's currently logged on) on a case-by-case basis. To an administrator that keeps things controllable and predictable.

Very true. Honestly I can't wait for the next major malware to affect a large amount of OSX users. I'm always curious to see what exploit each malware uses.