Update Java if you haven't already. There's a pretty nasty, widespread malware infection going on.

well, wait a second. I know it may seem like the opposite of what I've been saying, but in the individual case of an infection, it's not Apple that needs to be more vigilant, it's you. You need to have antivirus / security software running on your mac if you want to be protected against internet threats.

The problem with Apple right now is really that they don't encourage users to take measures to protect themselves.

 

There are really no plan to address the issue on Mac OSX 10.5?

 

Apple has pretty much dropped support for 10.4 and 10.5.

If you have an intel mac, you should be running at least 10.6.

 

The plan is to buy 10.6+

 

Which anti-virus software would have protected our Macs prior to last week? I'm pretty sure the answer is none.

But if Apple had promptly patched the known Java vulnerability two months ago, countless fewer people would have been infected. Depending on how long ago it hit the wild, perhaps this variant of Flashback would never have been created.

Anti-virus software will always be a step behind the viruses, so a certain amount of people will unwittingly be infected every time a new virus goes wild. And in cases like the current one, anti-virus software can't stop you from getting infected, it only lets you know after the fact. Overall, it helps reduce the scope of the problem, but it's not a panacea.

I think the first line of defense is a good security architecture, the second is good coding standards and testing, the third is rapidly closing holes when they are discovered. Careful users are the fourth line and anti-virus is the fifth. The top three are the responsibility of the software vendor, and as Windows users from 10 years ago can attest, no amount of anti-virus software can make up for a vendor who isn't vigilant about the first three.

Apple drops support for their older operating systems relatively quickly. 10.6 should be a no-brainer upgrade for anybody running 10.5 on an Intel Mac. Lion is a tougher call.

 

Just a couple of points. First off, I definitely agree with the sentiment. The practicality of the situation, however, is that anti-virus programs don't all work exactly the same way. Although some may only be able to alert you of an infection, most are able to at *least* remove the infection, or even scan your system dynamically, checking files before they are opened and checking for unusual application behavior. Many programs on this tier use heuristics in addition to a registered database of known files and behaviors that are undesirable.

Additionally, many of these anti-virus programs WOULD be able to stop you from getting infected. And, even those that can't stop you from being infected would still be extremely useful if they could remove the infection in addition to alerting you to it.

The fact is, that without anti-virus software, if you were unknowingly infected with the virus, you would still be infected to this date, despite the fact the security hole was finally closed. So, even though patched systems are no longer subject to getting the virus, those users who already have it are still not being accommodated.

 

I think Sophos was updated shortly after the exploit meaning it would have been able to stop this a week ago (and even several weeks ago). Apple just issued another Java update patch so it looks like things are fine for people under OS X Lion. I am not sure if the update covered Snow Leopard as well but it probably did. Anyone holding out for 10.5 (and older) updates should be looking at spending the $30 for Snow Leopard or Lion. That is common Apple practice in that they aren't like MS in having long support cycles for their operating systems.

Apple came out with OS X 10.1 around the same time that Windows XP hit the scene but 10.1 hasn't been supported in years whereas MS has (reluctantly) still supported Windows XP and will continue to do so until 2014. It's just the way the companies operate and, if you are buying a Mac, you should already know this.

Either way, it looks like Apple has issued their fix and a proper anti-virus program would have been able to keep people from getting infected. There are plenty of free tools now to see if you are infected and they will also remove the exploit if it is found.

 

Don't get me wrong, I'm not saying anti-virus software isn't helpful. I just think there needs to be more emphasis from Apple on staying on top of threats and closing doors as soon as possible. Leaving the door open and letting anti-virus software companies deal with the exploits it is like playing whack-a-mole. I've always made sure my family members are using AV software but I still have to periodically clean up after infections, albeit far less since switching them from XP to 7.

In this particular case, versions of Flashback which use the Java exploit have been around since Feb, but AV software has only recently started detecting them after hundreds of thousands of Macs were already infected. Further, new variants of Flashback are still appearing all the time, forcing anti-virus software vendors to constantly catch up. Sophos currently lists 5 different variants on its web site, and protection for the most recent was only available from yesterday.

 

Well, part of the problem is that security is inherently a cat and mouse game.

Some exploits will be detected by people who will report them. At that point, it's a race between the "defender" (Apple in this case) closing the exploit and malicious software developers taking advantage of it. The number of computer systems that are infected will be affected by that race, but some systems will very likely be infected.

Other exploits might be detected by malicious people who will then develop malicious software and infect systems. At this point, many systems will become infected and the security race will largely favor the malicious developers.

Yes, it would be great if Apple didn't slip on the Java exploit. However, in general, there could be cases where the defender doesn't have access to the exploit before it has already largely propagated. From the end-user perspective, being slow to respond to close an exploit is not any different than not knowing about the exploit, and that is why you really need antivirus software, preferably that can use heuristics in addition to a registered database of malicious softwares.

It's pretty good that Sophos was able to get variant #5 of the software protected for as of two days ago. Apple released their first iteration of a malware removal tool just yesterday (the day of your post, one day after Sophos released their security update for variant #5, according to you).

There's just no way Apple can cover all exploits before any systems are infected, even if they operate optimally as far as closing security holes. That's a fact. So what should you do as a user?

 

Coding and testing also takes a bunch of time from both a first party (Apple) and third party (i.e. Sophos) standpoint. It isn't as simple as going into the code of an OS or program and changing one line of text. Each update has to be thoroughly tested in order to make sure that it both stops the issue and doesn't inadvertently cause more (or open another door).

The list of exploits for a program/OS far outweigh the amount of patches available to stop them (along with definitions in an anti-virus database). That has always been the case. I about crapped my pants the first time I saw a list of malicious content that would ruin my Windows XP system (this was back in the day) compared to the list of what MS had been patching to stop along with what my anti-virus would stop (AVG at the time).

This happens irregardless of the desktop OS being used. That is why common sense along with an anti-virus program and patches from the OS developer will allow one to go for a long, long, long time without being infected. I never once had an infection on my Windows 7 VM (which I have had for a solid year now), my Win 7 nettop (2 years), XP netbook (4 years), Win XP notebook (6 years), and now my MBA (3 months, I had my MBP for a year without infection before then).

I have a friend with a Win 7 notebook that they just got back from being serviced. Geek Squad had to re-install the OS along with a few internal components. It got infected with something yesterday when they were surfing around in class simply because they were clicking on links without using a little common sense.

 

I always think it's interesting how people make statements like this. How confident are you in this statement? How would you know with certainty whether or not your computer was compromised?

 

Well, you can't ever be 100% certain that you have never, ever, ever experienced an infection unless a system is never taken online or had any type of connection to an outside device (thumb drive, optical disc even if it comes from a store, etc.). However, I can say with confidence that I have never had an infection on any of my Windows systems for the last 6 years. I could take that back further but when Windows XP first came out, I did something stupid that infected the computer I was trying to install it on.

I also had infections back in the day when I didn't know any better. Either way, I am going to trust the various programs (which keep changing whether I am using AVG, McAfee enterprise, or whatever else). Due to my changing nature, I never kept the same AV program on my Windows systems and migrated from one to another. Now they all run McAfee enterprise as my university supplies it for free.