Re: AUGD: Flashback Followup
Re: AUGD: Flashback Followup
- Subject: Re: AUGD: Flashback Followup
- From: "Randy B. Singer" <email@hidden>
- Date: Sun, 08 Apr 2012 01:20:47 -0700
I sent this message out today to my user group. Feel free to send
the same message to your user group:
This is a followup to my previous message about Flashback (which, by
the way, at this point is not technically a Trojan, since it can
infect your computer with no warning or user interaction whatsoever,
simply by you visiting a malicious, or just an infected, Web site.) I
thought that everyone would appreciate more information.
I've now sent out a mailing to over 9,000 subscribers of The
MacAttorney Newsletter about Flashback, and I've posted about it on a
dozen Mac discussion lists. So I've reached somewhere around 20,000
Mac users. Users have rushed to check to see if they were infected.
So far, not a single user of the many who have written back has been
infected with Flashback.
While I have no doubt that Flashback is real, and that it is a good
idea to do all that you can to protect yourself from it, I'm
beginning to think that much of this scare was hype invented by anti-
virus software firms in Russia, from whom the original report eminated.
Some research on the Web turns up reports that the "600,000 infected
machines" written about may not have necessarily been Macs. That
number likely includes other OS's, the proportion of which to Macs is
unknown. (i.e. It may be that mostly Windows computers were infected,
and very few Macs.)
Daring Fireball (written by widely respected John Gruber), a very
popular Mac blog, a few days ago posted about Flashback:
<http://daringfireball.net/linked/2012/04/05/flashback>
As of last Thursday, he says he has heard from "about a dozen or so
Daring Fireball readers whove been hit by this."
The problem is that when there is a panic about a new virus, there
will always be a few folks who aren’t deep thinkers who will rush to
tell you that they have been infected based on any change in their
computer, or even in their lives, real or imagined. Once you manage
to elicit the details from them, it becomes obvious that their report
isn't credible.
Also, the media has reported that “security experts” have confirmed
that Flashback is a huge threat. There is a problem with consulting
with security experts. I call it the “to a hammer, everything looks
like a nail” problem. These are folks who have been trained to
recognize the millions of viruses that exist for Windows. To them,
everything in the entire world is a huge security threat. I've never
heard of a security expert who has said: " Just relax; start worrying
if and when there are verifiable reports of computers being infected."
I wouldn't be surprised if, after all is said and done, that not a
single one of us will be infected by Flashback, and not a single one
of us will know anyone first-hand who has been infected by it.
Now, let me be completely clear, all of the above is not to say that
you shouldn’t take all necessary steps to protect yourself from
Flashback. You really should. But you should know that there is no
reason to get paranoid. Your Mac is still the most secure personal
computing platform out there. There isn’t a flood of Mac malware
hitting us. The sky is not falling. It is very important to consider
the source of any information that you hear about the Macinotsh, and
that includes the media which doesn’t generally have a clue about the
Mac. There are, unfortunately, lots of Apple-haters and people with
various questionable motives in the world.
An interesting blog post:
<http://beyondbridges.net/2012/04/apple-and-the-flashback-trojan/>
Various additional bits that might be helpful:
Macworld now has an article about Flashback:
<http://www.macworld.com/article/1166254/
what_you_need_to_know_about_the_flashback_trojan.html>
How to check for and disable Java in OS X
“Java used to be deeply embedded in OS X, but in recent versions of
the OS it's an optional install. Here is how to check to see if it is
installed, and how to disable or remove it.”
<http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-
and-disable-java-in-os-x/>
Some users have asked if there are any applications in common use
that will be effected if they totally disable Java on their
Macintosh. Here are the ones that I know of:
Evernote
MoneyDance
OpenOffice-based suites (i.e. LibreOffice, NeoOffice, OpenOffice/Mac)
I hope that you find this message useful.
___________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html
___________________________________________
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden