A Week After Apple's Fix, Flashback Still Infects Half a Million Macs

Sparrowvsrevolution writes "Security firm Dr. Web released new statistics Friday showing that the process of eliminating Flashback from Macs is proceeding far slower than expected: On Friday the security firm, which first spotted the Mac botnet earlier this month, released new data showing that 610,000 active infected machines were counted Wednesday and 566,000 were counted Thursday. That's a slim decrease from the peak of 650,000 to 700,000 machines infected with the malware when Apple released its cleanup tool for the trojan late last week. Earlier in the week, Symantec reported that only 140,000 machines remained infected, but admitted Friday that an error in its measurement caused it to underestimate the remaining infections, and it now agrees with Dr. Web's much more pessimistic numbers."

first

post?

Oh look

Apple users are even dumber than first thought. Ha.

Re:Oh look

Aww, looks like somebody can't afford a Mac. Boohoo for you.

Re:Oh look

Actually I make quite a bit of money buying and reselling Macs and other fashion accessories,but I've never found a reason to keep one.

Re:Oh look

Aww, looks like someone has buyer's remorse and is now trying to desperately justify wasting money on a Mac.

Well clearly

All half a million of those idiots are running jailbroken versions of OS X on their hackintosh netbooks and thus they cant do a magic auto-update. Psh.

Re:Well clearly

[jhoegl]

I figure it is because they dont feel they need to update since Apple products are soooo secure.

Re:Well clearly

I figure it is because they dont feel they need to update since Apple products are soooo secure.

Brilliant! Insightful and original! How long did it take you to think up that material?

Re:Well clearly

[__aaqvdr516]

That's what TFA says. The infected machines haven't had the updates installed. That implies that the owners either don't know that they are infected or don't care. I'm leaning towards the former.

With the number of machines that remain, it seems clear also that Mac users aren't using auto updates. What's up with that?

Re:Well clearly

[Moridineas]

With the number of machines that remain, it seems clear also that Mac users aren't using auto updates. What's up with that?

You're surprised that users dont install updates? Or choose to skip updates when they are offered? You must be new here... (and by here, I mean, anywhere) This is hardly a problem that is unique to mac users or even ignorant users.

Re:Well clearly

[zippthorne]

auto updates only work automatically if you're logged in as an admin user....

Re:Well clearly

[symbolset]

When some people say that Macs don't have "that problem" they're not talking about being utterly immune. They're talking in relative terms. And in that context they are right.

Re:Well clearly

I always wait a week or two after an update comes out for them to fix whatever they broke with the first one.
Apple is known for publishing Beta-level updates.

Re:Well clearly

[kybred]

The Software Update only notifies you of an available update and optionally downloads it in the background. It does not install the update automatically, a user has to click to start the update (and would have to provide admin authentication if they weren't logged into an admin account).

Re:Well clearly

[BronsCon]

My hackintosh gets all the updates.

Re:Well clearly

No, most of them are talking about being utterly immune. And they were always wrong.

Re:Well clearly

[zippthorne]

And once again, it doesn't do even the above if you're logged in as a regular user. You have to manually kick it off to even find out there *are* updates.

It's not hard to kick it off, but it is something you have to bother to remember to do. Which, "your parents" probably do not ever really think about.

Re:Well clearly

Especially when the OS was advertised largely to that lazy breed of users.

Re:Well clearly

[WebCrapper]

I'm not infected (checked), but perhaps about 50% of those that "haven't installed the updates" is because people refuse to upgrade? I refuse to pay for an upgrade that will no doubt slow my Macbook Pro down and cause random issues.

You might be shocked at the amount of "automatic" updates the mac doesn't install. Air doesn't get patched by Adobe's own patches, MSFT Office only gets patched by it's own update program, etc...

Re:Well clearly

[Darinbob]

They don't know. How would they? Not everyone reads the news or understand what it means in cases like this. Maybe the nerds do but that's a tiny fraction. I was even confused by this as I got no explicit update pushed, though it turned out it was part of the Java update, and it only applies to Lion anyway. Maybe people just have auto-update of software turned off (which is normally a good idea, always have it ask you first)? Maybe they haven't rebooted the macs yet, which is required before infected macs will get cleaned?

Re:Well clearly

[nblender]

It's even more retarded than that. It tells you there's a handful of updates and makes you log off. Then you have to sit and watch while it downloads the updates on your now incapacitated desktop. Then you have to watch as it updates itunes or quicktime... Why does upgrading a media player mean you have to reboot your computer? So not only do I lose all the context in all of my terminal sessions, I have to sit and watch it download, and then watch it reboot. Then after the reboot, after I start working again, it does another software update and discovers yet more things that it can now update...

infuriating, I tells ya.

Re:Well clearly

[tofubeer]

I maintain 6 macs, and then are always up to date... I have never seen what you described (save the occasionally having to reboot with updates)...

Re:Well clearly

Your description is generally accurate, but the Java update described works in the background - no reboot required.

Re:Well clearly

Like another person stated, updating does not force a logout and does not render your system unusable while running them. Also, software update, like the update regiment for other operating systems, does not force any of updates to be selected. Any or all updates can be unselected, including iTunes and Quicktime. As for repeatedly finding new updates after an update/reboot sequence, that sounds very much like par for the course for a different operating system, not one from Apple. Apple updates are not the layers upon layers upon layers of fragmented tiny updates that a Redmond based company chooses to use as it's release model.

Re:Well clearly

[FormOfActionBanana]

This is not the typical update cycle, although I remember that one in recent memory.

Usually, a popup informs me there are updates available. I ignore it for a while, and finally click "OK". It does some updating, in the background, and finally displays a dialog box for me to reboot. I ignore that for about a day, and when I'm free and relaxed, and the battery is fully charged or whatever, I let it reboot.

Re:Well clearly

[FormOfActionBanana]

...and as far as the mystery reboots, I am fairly certain these are due to security updates that Apple doesn't tell us about. Not that I think that's a terribly good idea, but you know... the amount of headache I get from Apple Computer, in terms of preventing me from being productive, is actually pretty slim compared to the equivalent from Microsoft. And I think that's significant considering how locked down the Apple OS is. To be fair, I'm including Mac Office and Windows Office in with Microsoft Windows....

Re:Well clearly

... mostly it is because of Apple's arrogant OSX policy. Case in point, I can did not recieve this update, since I own 3 years old Mac with OSX v 10.5.8

Way to go Apple, you are no going to see my money again.

Re:Well clearly

[jeffmeden]

I maintain 6 macs, and then are always up to date... I have never seen what you described (save the occasionally having to reboot with updates)...

I have seen EXACTLY what he described in the most recent update with Snow Leopard (maybe the magic intrusion-free update feature was only introduced in Lion?) The system prompted about needing to reboot for updates and after it was OKed, it probably spent at least 10 minutes in "update mode".

Re:Well clearly

[arkhan_jg]

The updates are only available for Snow Leopard and Lion. If you're on Leopard (10.5) (still sold up until summer 2009) or older, you don't get the security patches OR the latest fixes to remove infection. Apple only support current and previous OS versions for security. Once Mountain Lion comes out in a couple of months, anyone who's running an OS older than october 2010 goes under the bus. Note, they're still selling snow leopard right now, as you need to install it first to go to lion - you can't jump from leopard to lion direct, as leopard don't have the app store needed. You can of course download and make a USB clean installer from an existing lion Mac, but if you've only got one physical machine and no-one can help you make an install, leopard -> snow leopard -> lion it is (pre-made lion install usb keys not available here)

We criticise microsoft for ending support for XP after 13 years, and Apple drops all support after TWO and get a pass? Something like 25% of mac users are using Leopard or older - not least due the removal of PPC support in snow leopard. Mountain Lion looks pretty pointless unless you're also an icloud user, and the steady of killing off of carbon library support in Lion and Mountain Lion means you may have to stick to snow leopard if a key app doesn't run on Lion yet - and you'll be in the same boat as Leopard users right now, running an 'obsolete' unsupported OS with no security patches that's still for sale right now!

Now apple are switching to an annual OSX release, they REALLY need to still support older OSes - such as the soon to be EOL'd snow leopard - longer than they do for critical security patches, such as this one. Apple decided they wanted to control java installation on OSX, they should have the decency to get security patches out for it in a prompt timescale. Don't forget, the whole reason this happened is Apple sat on upstream java security patches for months for even current OSX users - if they'd pushed out the patches THEN, instead of waiting for half a million + users to get infected...

Re:Well clearly

[semi-extrinsic]

What the hell is this rebooting you speak of? I thought Macs were Unix-based? You only reboot when you install new hardware or when you do a kernel update. (I should add that on a random-joe-system, kernel updates should be pretty infrequent since they don't need bleeding edge kernels). This sounds not much better than windows, IMHO.

Also, I wonder how Apple, the paragon of UI design, has never been able to implement a good window manager? It makes my eyes bleed every time I try to place Firefox and a terminal window side-by-side on a friends machine.

Re:Well clearly

[burne]

You didn't read the question asked in the dialog? The one asking *your* permission to download and install updates and reboot your computer? You didn't understand that 'Continue' means 'yeah, go ahead, install and reboot'? You didn't see the 'not now' button next to it, allowing you to continue working without interruption?

Helpful tip: read the dialog and make sure you understand the question asked before clicking any button.

(You can configure Software Update to download updates in the background, in which case the wording of the question is slightly different and since you get prompted when everything is sucessfully downloaded, the interruption will be shorter. But the default is to prompt before downloading, so you can postpone downloading, perhaps saving you a huge mobile data bill.)

Re:Well clearly

[uglyduckling]

I'm not really shocked that OSX doesn't install third-party updates. That's the case on all three mainstream OS families. Linux distros appear to be an exception, but that's only because most people generally use software from the distro repositories.

Re:Well clearly

[w.hamra1987]

but... but... i install every single update i ever get wind of... i have a very bad case of Obsessive Compulsive Aptitude Disorder... or am i weirdo?:$

Re:Well clearly

[w.hamra1987]

not familiar with this particular malware's design, or Mac malware in the first place, but didnt it require admin privileges to get this, malware inside? or was it abusing some vulnerability to gain admin privs itself?

Re:Well clearly

[hackertourist]

The default setting for auto-updates is that the machine checks once a week. Then I tend to postpone the actual installation a few times if it requires a reboot (and security updates generally do). So I'm not surprised that not everyone has installed the update in the 4 days between release and the day the stats were taken.

Re:Well clearly

[FormOfActionBanana]

One of the reasons I reboot is that OS X has a virtual memory file (kind of like the buffer cache) that grows but never shrinks again until a reboot.

OS X has a lot of headaches, but not as many as Windows, and I like it better than Linux. I never compile device drivers or wonder which version of $FOO is more stable than the other.

I agree, the window manager is one of the bugbears in this OS. I do a lot of window management and filesystem manipulation with trackpad gestures now... this lowers my stress level considerably.

Re:Well clearly

[archen]

Your assuming that it's running at the system level. It probably requires admin priveleges to install to remove all infections for all users. In years past (ala win98) things buried themselves deep in the system, but I've seen a surprising amount of crap on the user level in Windows. A computer which was literally unusable became virtually clear just by switching to a new clean profile. Macs are also rather friendly when it comes to the things users are allowed to do in their enviornment without requireing administrator privleges. Being able to install local fonts for instance.

Re:Well clearly

[AmiMoJo]

That's why Windows 7 pretty much just silently downloads and installs updates unless you go out of your way to tell it otherwise. They realized that it was worth drawing the wrath of nerds who hate not being in control to help the vast majority of clueless users.

Re:Well clearly

[Skuld-Chan]

In doing actual front desk/helpdesk support (at a University no less) I've found most Mac/Windows end users to be pretty much totally clueless when it comes to security.

Re:Well clearly

[fermion]

We criticise(sic) microsoft for ending support for XP after 13 years, and Apple drops all support after TWO and get a pass? Something like 25% of mac users are using Leopard or older - not least due the removal of PPC support in snow leopard.

First, the 13 years of MS support for MS WIndows XP is not a good metric. MS actually only supported retail XP for less than a year after retail sales ended, and it might have been possible for a consumer to buy a new XP machine with no support.

Since all machines Apple sell come with a current OS, Apple will even provide free upgrades if an upgrade occurs a short time after a purchase, using the MS metric, consumer support should not even extend past the retirement of the old OS.

In reality Leopard became the 'Old OS' in August 2009, with a total life time of less than two years, and old just now has support ended this year. Apple should be criticized because Leopard coverage should go to the end of the year.

Apple says that it will provide support for three years if a user pays, but what is support without software updates for the OS that came with the machine. If the updates were free that would be one thing, but the Snow Leopard was not free, and was not $30. This is particularly critical for Leopard as it is the last version that will run on PPC machines. Although in fairness these machines have not been sold since 2008.

Re:Well clearly

lets see here
200$ computer
+
open source OS
+
shitty UI for morons
= 1200$ mac

yay!

Re:Well clearly

[ninetyninebottles]

I'm not infected (checked), but perhaps about 50% of those that "haven't installed the updates" is because people refuse to upgrade?

That's an interesting possibility. Netmarketshare.com puts 10.6 and 10.7 users as 82% of all Macs. 10.5 is 14%, but Apple is now offering a free upgrade to those users to 10.6. so 96% of Mac users can get this security update for free without manually installing Java (lets assume most users aren't technical enough to understand how). That means there are maybe 30 million Macs out there connected to the net that can't get free updates (All of them at least 6 years old).

I refuse to pay for an upgrade that will no doubt slow my Macbook Pro down and cause random issues.

Macbook Pro were introduced in 2006, 6 months before Leopard, so I guess it is possible you have one of the machines released in the first 3 months of 2006 that did not get a free update to Leopard and thus can't get a free update to Snow Leopard to get these security updates. I'm not sure why you think an upgrade would make your system slow or cause random issues.

You might be shocked at the amount of "automatic" updates the mac doesn't install.

Automatic updating of third party software sucks on all major OS's. Even Linux is pretty bad for commercial software (although Ubuntu is making great strides in this area, credit where it is due).

Re:Well clearly

[ninetyninebottles]

Canonical and Apple both now offer proper stores for selling, installing, and updating third party software. They both need work and many publishers don't use them, but at least we're making some, slow progress.

Re:Well clearly

He didn't think it up, he was just reading some of Apple's marketing material.

Re:Well clearly

[_xeno_]

So not only do I lose all the context in all of my terminal sessions

They fixed (that much) in Lion. Now, when you quit Terminal with terminals still open, restarting it brings back those terminals and all the context with them.

It's still actually closing the shell, so if you had three terminals open, your .bash_history is still "who the fuck knows," but you'll at least still have the last page or so of terminal output, and the terminals resume in the same directory they were in. Even after reboots. It's nice.

I think they also fixed the "iTunes update requires reboot" thing, but I haven't used Lion long enough to be sure of that. I know they fixed "Safari updates require reboot." Well, at least for the few I've done so far...

Of course, I'm still using Snow Leopard at home, because my three year old MacBook isn't new enough to run Lion. And everything you said applies to that.

Re:Well clearly

[bryan1945]

Once I upgraded to Lion the software upgrades went much smoother. The only required reboot is for security updates, which are not so large as to do the multi-minute "waiting to reboot" spin cycle.

Re:Well clearly

[Deekin_Scalesinger]

Also, I wonder how Apple, the paragon of UI design, has never been able to implement a good window manager? It makes my eyes bleed every time I try to place Firefox and a terminal window side-by-side on a friends machine.

Agreed, BetterSnapTool solves this issue, though it should be integrated into the OS from the get-go...

makes more sense

[sribe]

I had wondered how in the hell it got that low that fast--a couple of days after Symantec reported 140,000, they or someone else reported 30,000. But checking the Java vulnerability against versions installed with Mac OS X, it seems that 10.4 and 10.5 should also be vulnerable, while Apple only patched for 10.6 and 10.7. That alone should prevent the numbers dropping so far so fast. Sigh. Smooth move Apple.

Re:makes more sense

If you're too poor to upgrade your Mac every year you shouldn't own one.

What kind of hipster are you?

Re:makes more sense

[toxygen01]

That's right. However, according to Adium developers' statistics [1], only 13% of OS X users run 10.5 and 3.33% run 10.4. If you do the math and calculate probability with which someone can get infected, you will reach, I believe, very low numbers. 10.5 being apple's equivalent of vista, is dying every day and will be lost in the dust soon.

[1] http://www.adium.im/sparkle/#osVersion

Re:makes more sense

you would know!

Re:makes more sense

In fact Apple is mailing out free Snow Leopard CDs to mobile me users i.e. people still on 10.5 and 10.4 so anybody who still has a vulnerable machine probably doesn't care at this point.

Re:makes more sense

[NemoinSpace]

dammit, I paid for that damn upgrade!
Screw it, my Mac mini died years ago. POS.

Re:makes more sense

[hairyfeet]

Wow...10.5 was released in 2007 and its ALREADY unsupported according to the wiki? damn maybe folks shouldn't have marked the AC a troll that made the joke about buying a new Mac every year. I thought the big selling point on the Mac was how "high quality" Macs were? Yet the support drops after less than 5 years? I guess that's why I never really got into macs, i just don't get it.

As for TFA can we FINALLY acknowledge and admit that what the windows guys have been saying all these years is true, that you become a big enough target and you WILL get malware? After all we've seen this with both Apple and Linux with Android, and frankly it should have been incredibly obvious with just a moment's thought. I mean where do Windows viruses come from? Well since Vista made running as a limited user mandatory the vast majority I've seen has been PEBKAC, so how can switching OSes magically turn a PEBKAC user into an admin? Answer...it can't and that was the point.

In the end one can't escape the simple fact that ALL OSes are extremely complex collections of very advanced programs and as we all know the more advanced something is the easier it is for a clueless person to break it. Sadly in this case the clueless user was Apple for not pushing out the bog standard version of Java and instead insisting on rolling their own, which would have been fine if it could do so VERY quickly but instead the apple version of java fell farther and farther behind the mainstream. At that point a major attack was inevitable, the only question was when.

If I was a paranoid person i'd have to wonder if this wasn't by design, after all who would fault Apple if they restricted or outright banned Java as a security risk now? Of course Java like Flash allows one to run web based apps which bypasses the appstore which Apple has sunk so much into so a pessimist might say that Apple wants java to go the way of flash and what better way than to remove it to better protect the user?

Re:makes more sense

[Yaztromo]

Wow...10.5 was released in 2007 and its ALREADY unsupported according to the wiki? damn maybe folks shouldn't have marked the AC a troll that made the joke about buying a new Mac every year. I thought the big selling point on the Mac was how "high quality" Macs were? Yet the support drops after less than 5 years? I guess that's why I never really got into macs, i just don't get it.

10.5 was the last version that ran on PowerPC machines. People with older PowerPC machines who wanted to keep up to date with the OS needed to upgrade to Intel hardware to run 10.6.

10.6 for existing Intel Mac owners was $25. From what I've read and seen, a massive percentage of the user base upgraded to 10.6 pretty quickly. 10.6 wasn't a massive upgrade, but by shedding all of the PowerPC support and through compiler optimization, threading and multi-core support improvements (Grand Central Dispatch, and its use by most of the core applications), improved 64 bit support (including a 64-bit kernel and 64-bit apps), and various Intel-specific improvements, 10.6 was a pretty massive upgrade from 10.5 in terms of speed. According to this press release, OS X 10.6 saw twice as many purchases in its first week of release as 10.5 (four times more than 10.4's first week), with sales declining by only 25% in the second week. As such, from a practical standpoint for most Mac users, it's a non-issue, as the majority are now running 10.6 or 10.7 (roughly 78% according to the Adium page quoted by the GP post). 10.6 was such a massive improvement and so cheap (relative to other commercial OS's) that the only real reason to stick with 10.5 was if you're still on PowerPC hardware.

In terms of hardware support according to Apple systems go into "Vintage" classification if they're between 5 and 7 years old (which for most of the world means "obsolete/unsupported").

If I was a paranoid person i'd have to wonder if this wasn't by design, after all who would fault Apple if they restricted or outright banned Java as a security risk now?

Apple already dropped Java from OS X 10.7. It isn't included at all, but can download and install itself if it's needed (it will typically offer to do so if you try to run anything that requires it).

The latest Java updates disable Java applet support in Safari and other browsers that use Apple's Java plug-in. You can re-enable this if you need it, however it will disable itself again after a period of disuse. To be honest, while I've long been a Java developer and have no problem with rich Java applications, Java applets are a dead technology anyhow. I haven't come across one in many, many years now.

Point being, Apple has been moving in this direction for a while. At one point (back in 10.1 IIRC) Java was supposed to be one of the top-level development languages for the Mac. Apple developed and provided the Java Cocoa bindings, which allowed UIs designed in their Interface Builder tool to be bound to Java applications, and Cocoa objects to be easily accessed via Java (and vice-versa). This was deprecated in 2005. Then Apple decided not to support Java in iOS (smart move IMO). Now it's no longer included with the OS, is only available as a downloadable add-on, and applet support is disabled by default. I don't predict they'll be getting rid of it entirely (there are a lot of Java developers on OS X, yours truly included) -- IIRC they're trying to transition to having Oracle maintain it alongside the Linux and Windows versions, instead of doing it themselves. They just want to move into a model more akin to Window's Java support -- it works fine, and applications run just fine, but you have to get it from Oracle as a separate install.

All of which reminds me -- my parents are the type who continually ignore the pop-ups that software updates are available for their Mac (no matter how many times I've told them they need to stay up-to-date). I should call them this

Re:makes more sense

[TheRaven64]

Doesn't help if you've got a PowerPC Mac, of course, since it will only run 10.5, and is still fast enough for a lot of things, especially if it's something like a dual 2GHz G5 (although even a 1.5GHz G4 is faster than the old PC my mother still uses).

Still, I'm sure that these numbers will make someone at Oracle happy: at least half a million people still have machines set up to run Java applets...

Re:makes more sense

[thetoadwarrior]

Technically Java was the target and the malware was cross platform. Of course Java is a big target and probably why Apple would like to do away with Java for good.

Re:makes more sense

[arkhan_jg]

Symantec have admitted their 140,000 was too low. The trojan uses DNS generation partly based on date on where to look for C&C servers. AV companies are building honeypots on those DNS names to 'capture' infected machines - and then use that to estimate how many machines in the wild are still infected. Turns out, some ISPs are also blocking the DNS names from resolving at all - so not only don't they connect to the dodgy C&C controllers, they don't connect to honeypots either. On top of that, the infected machines don't keep attempting to connect after a DNS fail, they get stuck till the next round. So a good way to help protect infected machines, but it means AV companies such as symantec are having trouble estimating how many macs are still infected; current estimates are that the numbers haven't really fallen much from peak infection, so new macs are getting infected almost as fast as ones are cleaned up.

Which implies people aren't applying security updates, and/or aren't getting them in the first place as they're leopard or older. Though if apple hadn't sat on the patches for months in the first place, they could have prevented it spreading so much.

Re:makes more sense

[mortonda]

10.6 for existing Intel Mac owners was $25.

This is the single biggest reason why macs upgrade fast. Apple doesn't overprice their upgrades, and they do a terrific job of advertising them. It makes it much more palatable to upgrade than the budget killer that MS drops on us every so often.

Re:makes more sense

Good points in rebuttal have been made. I'll point out that Apple quality refers to the hardware and if the systems they shipped in 2007 had died off, there wouldn't be any issue about software updates.

The debate about market share and malware is moot. Though folks seem to want to say "Nyah, Nyah, told you." Saw yesterday a group that said, as they predicted using game theory, there is malware for Macs. Now their prediction was it would happen at 16% share. As share is about 9%, they acknowledged that it happened sooner than expected. They attributed that to Microsoft's security improvements. Re-running the numbers they now say 6% is the key point. They did not explain why this happened later than they should have expected. They didn't explain why, as with earthquake prediction, getting the when right is the true trick.

The argument that market share as solitary or primary cause wasn't convincing to me then; I now acknowledge that I undervalued it. At the end of the day, desktop operating systems which allow users to visit strangers' sites and download executables are an easier target and here we are. That it was today as opposed to yesterday or tomorrow is an academic exercise.

As you are not a paranoid person, no need to ask the question about by design. If Apple wants to stop supporting a technology, they do it. They don't sabotage it so as to generate a groundswell of approving popular opinion. They've been moving java to the dog house for awhile, but it is an important technology on the one hand and their server OS, also de-emphasized, offers java-based services. My guess is that Apple will let java stick around in very minimal fashion, perhaps as an additional option at install, much like X11. But I can see them going java free. Development on a Linux virtual machine is so easy for cross-platform work. Apple is rather adamant that its Cocoa environment is the only way an application for OS X should be developed.

Re:makes more sense

[CheerfulMacFanboy]

Wow...10.5 was released in 2007 and its ALREADY unsupported according to the wiki? damn maybe folks shouldn't have marked the AC a troll that made the joke about buying a new Mac every year. I thought the big selling point on the Mac was how "high quality" Macs were? Yet the support drops after less than 5 years? I guess that's why I never really got into macs, i just don't get it.

10.5 was the last version that ran on PowerPC machines. People with older PowerPC machines who wanted to keep up to date with the OS needed to upgrade to Intel hardware to run 10.6.

It's not like Apple was the first to stop support for PPC - many apps did before 10.6 came out. Including of course Flashback.

Re:makes more sense

Symantec have admitted their 140,000 was too low. The trojan uses DNS generation partly based on date on where to look for C&C servers. AV companies are building honeypots on those DNS names to 'capture' infected machines - and then use that to estimate how many machines in the wild are still infected. Turns out, some ISPs are also blocking the DNS names from resolving at all - so not only don't they connect to the dodgy C&C controllers, they don't connect to honeypots either. On top of that, the infected machines don't keep attempting to connect after a DNS fail, they get stuck till the next round. So a good way to help protect infected machines, but it means AV companies such as symantec are having trouble estimating how many macs are still infected; current estimates are that the numbers haven't really fallen much from peak infection, so new macs are getting infected almost as fast as ones are cleaned up.

Which implies people aren't applying security updates, and/or aren't getting them in the first place as they're leopard or older. Though if apple hadn't sat on the patches for months in the first place, they could have prevented it spreading so much.

It also implies that Dr.Web's claims that they have day-for-day numbers (that are continous) for infections at the same time that others AV companies have set up honeypots with wildly differing numbers are bogus. Unless they run the actual C&Cs.

Re:makes more sense

Flashback is incompatible with OS X 10.4.

Re:makes more sense

[toddestan]

10.6 for existing Intel Mac owners was $25.

This is the single biggest reason why macs upgrade fast. Apple doesn't overprice their upgrades, and they do a terrific job of advertising them. It makes it much more palatable to upgrade than the budget killer that MS drops on us every so often.

The real budget killer is periodically having to buy a whole new computer to run a supported OS. It especially has to painful given how expensive the computers are. Microsoft supports older versions of Windows for so long that the support will likely outlast the hardware. I could have bought an XP machine a full 10 years ago, and it will still be getting updates for it for almost another 2 more years, without giving another dime to Microsoft.

Re:makes more sense

1) Generally, major OS X releases (10.5, 10.6, etc) don't suck (as opposed to ME and Vista). Yeah, 10.x.0 is sometimes a little rough, but by 10.x.1 (a few weeks), the major issues are resolved.
2) A new OS X release is often faster and leaner than its predecessor and contains useful productivity enhancements. Note that I'm not saying every feature is useful, but there's usually something good in there. Example: spaces. Sure, you can get multiple desktops on Windows easily, but it's not built in and updated in new releases. I find it to be actually usable now that I can three-finger swipe between screens. Mix that with full-screen apps, cool.
3) Most new OS X releases don't require new hardware. Okay, technically Vista didn't either. Realistically, though, even many brand new machines couldn't run Vista well at first.
4) Recent OS X releases have been $25 and you are allowed to install on a small number of machines in your house (like 5). Vista / Win7 are $150+ per system and enforce that with annoying and insulting activations or authorization or whatever it's called now. Someday MS will turn off the XP activation service and prevent you from installing what you paid for. Apple didn't install activation -- if you have the hardware, you can still install 10.1 or older versions.

Add all this up, and an OS X user is much more likely to upgrade. Not because they are forced to, but because the upgrades offer real value. On the other hand, a large majority of XP users are perfectly happy with it and don't see the need to spend $200 so their machine will run more slowly.

Delight your customer vs exploit your customer. Different business models. I happen to like Apple's version better.

Re:makes more sense

[hairyfeet]

That's why I never understood the complaints. Sure i personally would prefer if MSFT kept that $50 Win 7 Home deal but the simple fact is the vast majority will get Windows on their new PC and the PC itself will be positively ancient before it runs out of being supported. Take my nettop for example, its a circa 2004 Sempron 1.8GHz with 1.5Gb of RAM. That machine is now 8 years old, every single thing about it is horribly out of date, the CPU socket, RAM, even the HDD interface is more than 2 generations behind the curve yet the XP Home on it is STILL supported and will be for another 2 fricking years! and just for shits and giggles i took a spare drive and popped Win 7 on it and guess what? it runs just fine!

So while there are plenty of things to complain about with MSFT support is NOT one of them. Now that they have announced that ALL versions of Windows will get mandatory 10 years support just like the business versions frankly any PC you have that lasts long enough to be EOLed by MSFT is gonna be a real dinosaur, which is why I can't believe the short support cycles on Macs. 5 years? Hell that's Core2Duos with DDR 2 RAM, nothing ancient or unusable about that.

Re:makes more sense

Wow...10.5 was released in 2007 and its ALREADY unsupported according to the wiki?

More to the point, it was still being sold until August 2009, and was no longer supported as of July 2011 (the release date of Lion). Ow.

There are half a milion Macs?

[squiggleslash]

I had no idea, that's almost 500 per coffee shop!

Re:There are half a milion Macs?

[Billly+Gates]

I had no idea, that's almost 500 per coffee shop!

I guess you have not been to a Starbucks in awhile.

Re:There are half a milion Macs?

[BronsCon]

Inorite? Isn't it more like 500 coffee shops per infected Mac?

Re:There are half a milion Macs?

[squiggleslash]

Yep, once I finished my screenplay I sold my Powerbook and stopped hanging out there...

Apple didn't issue fix 10.5, 16.5% of it's users

10.5 makes up 16.5% of Mac users, sure a lot are on PPC and the Flashback isn't targeting it, or is it?

Also about 4-5% are still on 10.4%

Apple didn't issue Diginotar Root certs fixes for these older OS X version neither.

Come when 10.8 is released, a whopping 65% of Mac users on 10.4-10.6 will be ripe for the pickings

Because Apple only updates the last two OS X versions in circulation, then is now releasing a new OS X version every year.

Microsoft on the other hand issues updates for their OS for 10 years?

Mac's a better value? Less prone to malware? Not for too much longer...

semantics of the term "Trojan"

According to wikipedia, Flashback uses web redirects and javascript to automatically load a Java applet that contains the vulnerability.

In my book, it's only a Trojan if a real person is duped into executing it, and IMHO an infected legitimate website redirecting someone to a malicious website that automatically runs something that infects the user's computer does not count as duping a person into executing something.

TL;DR: Flashback is not a trojan. We need a new term for this type of threat.

Re:semantics of the term "Trojan"

[DarwinSurvivor]

I believe they call it a "drive by".

Re:semantics of the term "Trojan"

[Billly+Gates]

It is both a trojan and a malware drive bye.

If you do not click on it, it is malware and will use a memory corruption bug to infect your account. You can delete your account to delete it. If you do click on it the malware turns into a deadlier trojan that runs as administrator and is more difficult to remove.

Most malware these days regardless of type target multiple vulnerabilities. Since IE and Chrome have a sandbox ... what is up with Firefox not having one? ... you need to first get past the sanbox. After that target something in Windows and a bonus if you can do it as a standard user to infect an administrative service or permission on a file. So they use several techniques.

Many infect your machine then use a backdoor installer to do more damage after penetrating the systems defenses so in essence they download and execute trojans

Re:semantics of the term "Trojan"

[timothyf]

Did the user perform an innocuous action that lead to the trojan being run? It sounds like you have to visit a website hosting the trojan with a vulnerable computer (a user-initiated action, btw) and you're infected. That seems to meet the definition of a trojan to me. If you just connect a vulnerable Mac to the network and let it sit, it won't be compromised this way.

So yes, Trojan is accurate. A user is tricked into downloading and running something malicious. A user could theoretically avoid an infection if they knew that the site was hosting the trojan, just like they could avoid running a "porn screensaver" a friend emailed them if they knew it contained a trojan. We've only developed a rule-of-thumb defense against the latter case because it's abused so frequently and exploits are relatively scarce when compared to ignorant humans.

Re:semantics of the term "Trojan"

[ezwip]

If they have some type of backdoor on your machine that places you on a botnet I think it should be called a trojan. How it arrived there is irrelevant.

Re:semantics of the term "Trojan"

TL;DR: Flashback is not a trojan. We need a new term for this type of threat.

Most people just call it a "Virus", although the Pedants call it Malware.

Re:semantics of the term "Trojan"

[vux984]

Did the user perform an innocuous action that lead to the trojan being run?

So if you perform an innocuous action that leads to you getting infected with malware then its a trojan?

Gotcha.

So if the user were to perform an innocuous action like...

If you just connect a vulnerable Mac to the network [a user initiated action, btw] and let it sit...

Then any infection that leads to is a trojan.

QED.

A user could theoretically avoid an infection if they knew that the site was hosting the trojan

True. And a user could also theoretically avoid an infection if they knew the network was teeming with viruses by not connecting to it too.

So yes, even the most classical worm can be accurately described as a trojan if we're willing to contort. After all you can only get a worm if you physically attach your vulnerable PC to an infected network...

Re:semantics of the term "Trojan"

[Raenex]

Most people just call it a "Virus", although the Pedants call it Malware.

The Mac fanboys use the distinction to claim that the Mac has never gotten a virus, despite hundreds of thousands of machines being infected. Technically, they are right, but practically, it's spin.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Billly+Gates]

10.5 makes up 16.5% of Mac users, sure a lot are on PPC and the Flashback isn't targeting it, or is it?

Also about 4-5% are still on 10.4%

Apple didn't issue Diginotar Root certs fixes for these older OS X version neither.

Come when 10.8 is released, a whopping 65% of Mac users on 10.4-10.6 will be ripe for the pickings

Because Apple only updates the last two OS X versions in circulation, then is now releasing a new OS X version every year.

Microsoft on the other hand issues updates for their OS for 10 years?

Mac's a better value? Less prone to malware? Not for too much longer...

... and yet I find it hilarious when I read all the angry rants on wired.com and here on how poor old XP is going to lose support in 2 years a mere 13.5 years after launch.

This dwells into the more serious issue of the security nightmare that will come when all internet enabled computers that are more used like XP become abandonded. Personally I think it would be a good idea to disable port 80 on all devices 3 months after support ends to keep the upcoming security nightmare. It will anger many users but many malware writters will target XP if MacOSX has so many infections yet remains so small marketshare wise still. We do not allow vehicles with rags for a gas cap to go on the road right?

I understand Apple losses money to support users but something should be done. If not after a few billion lost dollars in bank accounts will create some nasty lawsuits.

dr. web needs to stop trying to shakedown apple

fuck off russian mob scumbags

Re:dr. web needs to stop trying to shakedown apple

[BronsCon]

Dr. Web is a legitimate AV vendor; they have been providing AV solutions for Linux for years, mostly to scan for Windows viruses and, now, some OSX malware, as well. I think they might even detect some Linux threats, but I've as yet not encountered one.

Re:dr. web needs to stop trying to shakedown apple

[BronsCon]

Modded overrated? Why? For speaking the truth? If you disagree, post a reply explaining why I'm wrong. I've personally used their Linux AV scanner for the last 5 years, to scan attachments on mail passing through my servers.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[jedidiah]

> ... and yet I find it hilarious when I read all the angry rants on wired.com and here on how poor old XP is going to lose support in 2 years a mere 13.5 years after launch.

When is the last time a new PC was sold with some version of XP installed by the hardware vendor?

THAT is your starting point for "support", not when the first version was originally released.

20 years...

... running Linux, and still haven't got a virus.

I'm starting to feel left out here.

Re:20 years...

The Balmer Boys will tell you that's because Linux is only .002% market share and Windows is for serious users, because they know how to open regedit after they downloaded their monthly gig of vuln patches.

Re:20 years...

[beelsebob]

Nearly 30 years running MacOS and still haven't got a virus... What makes you think your anecdote means jack shit?

Re:20 years...

[Deekin_Scalesinger]

Well, hang on here. I've run some flavor of Mac OS since 1979 (truth be told a bit off and on, but lots more on than off) and I have never suffered a virus either. I'm not caviler about it though...I run Little Snitch, an AV, have inbound firewalls rules set, keep up on my patches and get my pR0n through a sandbox VM. I see no need to tempt fate.

I also do the same on my Nix and Win boxes as well, with the same results (I did get a virus back in 1995 on a Windows box, which is when I started to tighten up the defenses a bit.)

Re:20 years...

[beelsebob]

Right – that was rather my point – all this is is an anecdote, not actual statistical evidence.

Re:20 years...

[Deekin_Scalesinger]

Forgive my misinterpretation - I'm still on my first cuppa joe this morning.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[DarwinSurvivor]

I believe there were still netbooks selling with it at the beginning of last year.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Moridineas]

I understand Apple losses money to support users but something should be done. If not after a few billion lost dollars in bank accounts will create some nasty lawsuits.

Apple has been getting more serious about security for awhile (in comparison to, "we're unix, we're ok"). Sandbox, gatekeeper, removal of automatic execution, malware removal tool, etc. They need to gt a LOT better in how they respond though.

Apple clearly understands support in general though. They routinely get excellent marks on their support. See the genius bars as an example. I personally have had out of warranty macs repaired for free. My sister had an out of warranty Macbook case top replaced when it chipped. And so forth. Support is one of the big reasons to buy an Apple, imho.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Billly+Gates]

I have more sympathy for those who blew $2,000 for an iMac only to be dumped in 3 years vs those in 2009 got a $199 netbook special with XP. 4 to 5 years support for these low end users sounds reasonable. Apple dropped them like a hot potato. Jobs even broke his own promise of supporting powerPC users for 5 more years.

So many corporate users and those who took our advice not to use Vista, and that XP was GOD wont leave. It is like XP became the pinnacle and gold standard in cannon on what the PC is for these people.

Of course it would help if companies like Cisco actually supported newer browsers besides IE 6 and 7. It forces these companies in. 20 million by 2014 will still be on XP or more vs just 500k with old macs will be a big challenge and will get nasty. I think this is a taste of what is to come.

If I were an evil credit card hacker I would write the ultimate new code red and wait until 1 day after MS ends all support and then have a field day getting rich. MS wont do anything about it until I have a few billion in stolen money. Like a license, unsupported machines should not be on the world wide web and need to be disabled. XP users will come out with pitchforks and flaming torches with an army of lawyers sadly.

 

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Billly+Gates]

I haven't seen any in years. The ones I see come with Windows 7 starter edition. I did work at a PC shop as early as the summer of 2010 where all we sold were used machines upgraded with more ram that have XP on them. Windows 7 was still new and cool at the time for those with huge 4 gigs of ram but those days are over.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Billly+Gates]

My issue is Macs are expensive and therefore mac users do not upgrade as often. The old Mac argument was that a PC would go obsolete in 3 years while mac users will use their machines for 7 years or more and still get support.

MacOSX does not get updates if you are just a few years old. Many people buy used macbooks because of the price and are getting let out. Many do not even know they are not supported.

I hope you are right about Apple. They should at least let their users know to upgrade for the latest security threats ... assuming you can if you are first generation intel owners or powerpc.

There has been little else more pleasant in life

[Spiked_Three]

Hackers now attack the mac because it's a) easier and b) the user are more likely have something worth stealing (aka dumber users)
Apple can't even issue a patch fix without fucking it up

a wopping market share of 11% eh? LOL.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

You can sell your Mac for 75% of the price you paid for it a year later, and get the newest one

Ars Technica shows its gone up to 650k

[Billly+Gates]

The article is here.

I think many people who assume they are invulnerable and have older macs probably have no clue they are even infected. I am curious what the percentage of older MacOSX installations are? Not everyone can afford or want to buy an expensive iMac/Powerbook every 3 years.

Re:There has been little else more pleasant in lif

[Billly+Gates]

Windows and even IE has been getting harder and harder to crack in after the laughing bad issue with XP pre SP1 and IE 6. Windows 7 has ASLR, DEP with all services, special VC2010 exception checking at runtime executable support, and sanboxing. Windows 8 and IE 10 have 2 sandboxes to get an exploit pass.

Ask any enterprise who migrated from XP to Windows 7 and they all say a drop in malware and virus infections is the first thing they notice.

Maybe MacOSX is an easier target?

The fact that most MacOSX users do not run anti virus software is also troubling. I say its essential now as a good one will look at behaviors and sandbox critical files and processes. Avast has a beta for MacOSX already if you hate Norton.

otherwise engaged

[PopeRatzo]

A Week After Apple's Fix, Flashback Still Infects Half a Million Macs

To be fair, Apple users may have more important things to do than install hotfixes. For example, engaging in a love that dare not speak its name can be very time-consuming.

I've heard...

Re:otherwise engaged

Yes, there's many an Apple fan that likes to drop anchor in poo bay!

In my day, we called them 'sausage jockeys', but I suppose that's frowned upon now?

Welcome to grown up computing

[sandytaru]

I for one welcome our Mac brethren to the world of Real Computing, where your device will get infected if you don't have any anti-virus protection, and will still get infected even if you do have anti-virus protection if you're ignorant.

Re:Welcome to grown up computing

UNIX has been where grown-ups go to compute for the last 40 years, where have you been?

Re:Welcome to grown up computing

I remember when Windows was for noobs. It's hysterical listening to Windows people go on about how awesome they are. It's like winning the special olympics for whatever it is they think they're awesome at.

Re:Welcome to grown up computing

[tonywestonuk]

You think anti-virus would have protected mac users from this?

It wouldn't.

Re:Welcome to grown up computing

[cbhacking]

Actually, you're completely wrong. Not because the real-time scan would have caught the exploit applet at first (although any decent antivirus has now had the definition for all known variants for a few weeks) but because this malware explicitly targets people who don't give a damn about their computer's security.

The drive-by download's payload is an installer. Before it installs the botnet kit, the installer checks the filesystem for a list of security programs, including antivirus software. If it find any, it aborts the install and erases itself.

Security-conscious people are more likely to detect the malware earlier and raise a fuss. The longer you go undetected, the more money you earn (and botnets - in fact, almost all widespread malware - is about making money).

Re:Welcome to grown up computing

Maybe you should do some Real Computing instead of hanging out on slashdot, idiot.

Re:Welcome to grown up computing

[TheRaven64]

40? Not really. 20 maybe, but in and before the '80s the term 'UNIX security' was something that users of things like VMS and OS/370 said while sniggering. A big part of the success of UNIX was that it ran on cheaper hardware than a real operating system...

Re:Welcome to grown up computing

[bleedingsamurai]

Really? I was always under the "assumption" that the success of Unix had to do with the fact that it was written mainly in C so you could port it to any platform with a C compiler, that it supported a rich programming API even very early on, that it was not bloated allowing it to not waste what was at the time extremely expensive computing resources, and that it actually supported multiple users.
Last time I checked it was Unix that dominated pretty much all markets, except for the desktop market.

But everyone knows OS X isn't a real Unix. Lets face it, they do just enough to pay for their certification.

Re:Welcome to grown up computing

[bleedingsamurai]

It still is for n00bs.

Re:Welcome to grown up computing

[bleedingsamurai]

I have great anti-virus software, it is called, "don't mount my /home or /tmp directories with the executable bit set."

Re:Welcome to grown up computing

>But everyone knows OS X isn't a real Unix. Lets face it, they do just enough to pay for their certification.

Why isn't it a real UNIX?

Re:Welcome to grown up computing

[sandytaru]

And that's why the Appleverse is taking embarrassingly long to clean up this particular mess. It deliberately targeted the weakest users and infected them all before the more savvy users could catch on.

Re:Welcome to grown up computing

[LynnwoodRooster]

Waiting until he's old enough to grow a neck beard...

Re:Welcome to grown up computing

[TheRaven64]

I was always under the "assumption" that the success of Unix had to do with the fact that it was written mainly in C so you could port it to any platform with a C compiler

UNIX emerged at a time when the cost of computer was far greater than the cost of the developer effort to write an OS. Writing an OS from scratch in assembly (or, occasionally, in Algol or similar) was a fairly common task at the time and the OS was often a differentiating feature (e.g. VM/370).

, that it supported a rich programming API even very early on,

Nope, it supported an incredibly limited API. No initial support for shared libraries, no support for structured files, no ACLs. It was very primitive in comparison to mainframe or minicomputer operating systems of the era.

that it was not bloated allowing it to not waste what was at the time extremely expensive computing resources,

One man's bloat is another man's useful feature set. Given that modern UNIX systems now copy almost all of that 'bloat', it seems likely that it was actually useful...

and that it actually supported multiple users.

Again, not a major selling point since all of its competitors did as well. It was only systems at the very low end like CP/M (which appeared a bit later) that didn't.

But everyone knows OS X isn't a real Unix. Lets face it, they do just enough to pay for their certification.

Everyone knows this? I didn't. Paying for their certification doesn't mean that they pay and get to use the UNIX brand, it means that they pay and get to publish the results of running the Single UNIX Specification test suite. The 'just enough' that they do means implementing the Single UNIX Specification well enough to pass all of the tests. For those of us who write low-level code, that means that OS X is one of the few platforms where code written to the spec is actually likely to work as expected, and in my experience it does a lot better than, for example, GNU/Linux (see locale support or things like lio_listio() for examples). Perhaps you could point to some things that a real UNIX does that OS X doesn't?

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[BenoitRen]

Like a license, unsupported machines should not be on the world wide web and need to be disabled.

I find this to be a draconian measure. Their computer may still work perfectly fine but then it gets disabled because some big company decided to. Are you going to give them a free upgrade to Windows 7 (that may not work as well on their machine)?

What about users that can support themselves? I know there are still Windows 95, 98 and Me users out there that do and they're doing a pretty good job.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Moridineas]

PPC macs have not been sold since 2006. They are no longer supported (we still run 2 power pc macs running 10.4 at work, fwiw, running legacy applications). They were supported through the end of 10.5 (early 2011). 5+ years.

OSX 10.6 and 10.7 are being actively updated. I hate 10.7 and have stuck with 10.6.

First generation Intel Macs were released running 10.4. First generation Intel macs can run OSX 10.7, so they are still supported. They will no longer be supported with 10.8. ~6 years.

Apple seems to roughly support hardware for at least 5 years (given that we've gone through a PPC->Intel transition AND a 32-bit to 64-bit transition in the last ~7 years, not too shabby). I hope they will keep updating 10.6 now that they are hurrying up their OS release schedules.

Re:There has been little else more pleasant in lif

[LinuxIsGarbage]

Ask any enterprise who migrated from XP to Windows 7 and they all say a drop in malware and virus infections is the first thing they notice.

Flash drive Autorun viruses!

By default XP SP1 and newer (IIRC) while not automatically running autorun.inf files from flash drives, will give you the "What do you want to do" prompt including the autorun option. If you decline that, but double click the drive in my computer it will go ahead and run the autorun with no warning or indication. The default action on Windows 7 is to not even try to run autorun from flash drives.

On any computer I have control over (personal or for work) I completely disable autorun because:
a) It's annoying
b) It's dangerous.

Two large corporations I've worked for recently (still using XP) did not disable autorun! It's amazing how much autorun malware runs rampant. Crappy overpriced Symantec or McAfee don't pick them up either. I alert people when I stick their flash drive in my computer and notice hidden autorun.inf files, and hidden mischievous folders with random file names. I usually get stunned looks from them.

I also get stunned looks from IT when I point out the gaping, tractor-trailer sized hole in their security.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[PopeRatzo]

I haven't seen any in years.

Today at Woot Sellout section, they're offering 1.8ghz Dell desktops with WinXP for around $125. Two gig of RAM, too!

The numbers

[glitch0]

I'm not discrediting these guys and I'm honestly curious: How to they arrive at these numbers? How does one determine if a computer is infected without access to said computer?

Do they port scan 1000 random machines and extrapolate from there? I'm genuinely curious to know their methods. How could they arrive at such a precise number? Surely they must only have a sample of macs and use statistical models to extrapolate, right? They can't scan all the macs, right? right?

How do they do it?!?!

Re:The numbers

They Run the Botnet that is how they know :-D

Re:The numbers

[Yaztromo]

Do they port scan 1000 random machines and extrapolate from there? I'm genuinely curious to know their methods. How could they arrive at such a precise number? Surely they must only have a sample of macs and use statistical models to extrapolate, right? They can't scan all the macs, right? right?
How do they do it?!?!

My understanding is that infected Macs try to contact a command-and-control server with a unique identifier in order to get the trojan payload. Several of the anti-virus/security companies have ben able to hijack the command-and-control system to insert their own system (probably via DNS entry changes at some major ISPs) that infected Macs then try to connect to. They record the unique ID's in the request messages, and then extrapolate the results accordingly.

Yaz.

Re:The numbers

[AmiMoJo]

They have hacked some of the command and control servers by taking over their DNS entries. They can see Flashback infected Macs trying to phone home for instructions.

Re:The numbers

[Cheech+Wizard]

Or so they say. I tend to agree with one of the ARS posters: "Am I mistaken, are are all the numbers out from antivirus vendors, all people with a monetary stake in finding more infections rather than less? I do not recall seeing an independent verification of any count; did I miss one? Every time I read about an "independent" source "confirming" the numbers, it's another vendor with an obvious bias--the same vendors who have been exaggerating Mac threats for the past 7 years and more. I mean, if Fox News reported on how bad Obama was doing at something, and then was "confirmed" by WND, which was then corrected by NewsBusters which said it was worse than anyone had reported--well, would we really be giving them all much credence? An article I'd like to see is one that explains why any of the numbers any of these vendors has released are reliable and to what degree, with evidence to support that. Does such an article exist, and if so, where? And if not, then why are we trusting obviously biased sources?"

Apple articles always frustrate me

I always come to slashdot first, as an only marginally tech proficient individual. This has always been great when I owned a PC, however, it's useless now that the household went mac. All I see are the same crappy responses. Something about it "just working". Something about the cost of a mac versus PC. Something about mac users being smug. Something about mac users not being smart enough to worry about virus because "mac's don't get them." A screed about closed garden, with a side of open source politics thrown in.

I really do wish that the articles on Apple could actually be useful and we could discuss, if this is hitting computers that were patched, or not. How do you check your computer, with links to whatever that site was that gave a step by step. Whether or not Apple's fix's are actually fixing, or if us Mac folks should look for a third party solution. That kind of information is always abounding on other articles, why not here?

Re:Apple articles always frustrate me

[loosescrews]

There actually was an article on Slashdot that had a link to the information you mentioned. It said how to check to see if you were infected and told how to remove it. By asking why something something that was posted wasn't posted, you are doing little to improve our collective opinion of Mac users.

Re:Apple articles always frustrate me

As a proficient or not proficient reader, you should have noticed this is not a tech forum. It's a news aggregation site. As such, and as pedantic as some commenters may be, I wouldn't expect to find all the solutions to the problems unless nice commenters decide to post some helpful hints. Mainly, what I appreciate the most about /. Is that I don't get only one side in the comments despite some biased articles.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Theaetetus]

Personally I think it would be a good idea to disable port 80 on all devices 3 months after support ends to keep the upcoming security nightmare. It will anger many users but many malware writters will target XP if MacOSX has so many infections yet remains so small marketshare wise still. We do not allow vehicles with rags for a gas cap to go on the road right?

Just out of curiosity, what was your opinion when Sony removed Boot Other OS from the PS3? "It's their right to patch systems if you want to keep using their servers" or "they're removing a valued feature without asking the users, this is fraud and theft!"

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[supremebob]

What's scary is the number of NEW embedded systems like Point Of Sale, ATM, and factory control systems that are still shipping with Windows XP. There are still a bunch of software vendors that STILL have not updated their software to work with Windows 7.... and Windows 8 is right around the corner.

Re:There has been little else more pleasant in lif

Hey genius, the "hidden mischievous files" are probably from other operating systems, GNOME always puts a bunch of hidden files on removable drivers as does OS X. Maybe you should get a clue.

I wish Microsoft...

[sideslash]

...would hire those two dudes from the "I'm a Mac and I'm a PC" commercial for a reunion commercial. I'm sure Apple would sue, though, because Apple only has a sense of humor when they are making fun of other people.

Re:I wish Microsoft...

Yeah but dude if you use Windows you are kind of a loser. I mean any professional in music, film or design is going to be using Mac and any real hardcore geek will be using Linux or FreeBSD...

Re:I wish Microsoft...

So what you're saying is that gays and people without a life don't use Windows. That's probably why it makes a good choice for the rest of us.

Re:I wish Microsoft...

[jones_supa]

This is a good example of the highly sophisticated discussions for which I come to Slashdot.

Re:I wish Microsoft...

[bryan1945]

Grand, ain't it?

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[6ULDV8]

I have more sympathy for those who blew $2,000 for an iMac only to be dumped in 3 years

I'm not clear on how those iMac users were dumped. The upgrade from Leopard to Snow Leopard was only $29.95. The upgrade from Snow Leopard to Lion was priced the same and I expect Mountain Lion will be too. The PPC crowd will have a different experience, but that production ended about six years ago when the architecture changed. The path from Windows 95 to NT, 2000, XP, Vista and then Windows 7 cost significantly more and it required new hardware along the path as well. Microsoft does go to extraordinary length to support antique software because of user demand, but Apple has the edge on upgrade pricing. It doesn't quite make up for the extra hardware cost, but the OS is priced reasonably.

Of course it would help if companies like Cisco actually supported newer browsers besides IE 6 and 7

Hmm, I work with Cisco gear daily and rarely use a GUI, but when I do, I do it from IE 9, Firefox, Safari, Chrome... Sure, there's a compatibility warning, but it's just another click to get past it. The one device that I had issues with was the CE500, but a newer IOS fixed that and it wasn't a browser limitation anyway.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

First generation Intel Macs are not supported on 10.7.

noooo leave apple alone

nooo, leave apple alone !
i guess its time to bite the dust
they got what they deserved

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[suprem1ty]

Whys he been modded down... hes right. First generation Intel Macs ran the core duo - a 32bit processor. Lion requires 64bit (Core2 and up)

Long has gone the time...

...when Apple could write statements like this:

As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

http://www.apple.com/support/windowsvirus/

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[LoadWB]

I'm RELIEVED to know that new systems are using XP. I can't tell you how many systems I run across still running 2000. Make me think, though, that since the Armageddon predicted over the deprecation of 2000 never materialized, perhaps we'll dodge the bullet with XP, as well.

lol wut?

Nonsense. As a PC Vendor that would mean I can obtain an OEM license for XP in the year 2000 .. sit on my ass and sell a computer in 2012, and somehow MS is on the hook for support starting from 2012? What kind of jackass are you? I suppose.. the anti-ms troll kind.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

THAT is your starting point for "support", not when the first version was originally released.

Says who? MS does not sell computers. Blame the computer manufacturer. Microsoft always details when their support is running out ages before it actually does.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[yuhong]

Except that is not how the MS support lifecycle currently works unfortunately. It guarantees mainstream support for 5 years after this version's release, or 2 years after the next version's release, whatever is later. In other words, the only reason XP is getting more than 10 years of support is the Longhorn delays (I still remember when mainstream support for it was to end in December 31, 2006!).

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[yuhong]

AFAIK Stuxnet was developed before Win2000 ended support and was discovered just after, which means it did target Win2K, but patches for the vulns Stuxnet targeted are not available for Win2k without a CSA. This is a targeted attack though.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

Are you the most interesting admin in the world?

Still no fix for Leopard

[pesc]

If you bought your Mac three years ago and never bought an OS upgrade, you are likely running Leopard.

Apple has still not provided any fix or upgrade that addresses this malware for Leopard. Only for Snow Leopard and Lion.

Re:Still no fix for Leopard

[ninetyninebottles]

Apple has still not provided any fix or upgrade that addresses this malware for Leopard. Only for Snow Leopard and Lion.

They have a fix for Leopard. It's the free upgrade to Snow Leopard.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[shutdown+-p+now]

You could stash one today and (try to) sell it 10 years down the line. But why would it obligate, whether legally or morally, Microsoft to support it?

What can be reasonably counted is the date of the last sale of an OEM license from Microsoft to any hardware manufacturer or reseller. According to Wikipedia, OEM XP was available until October 22, 2010 - and then only for netbooks; for other PCs, no OEM licenses were sold after June 30, 2008.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[shutdown+-p+now]

The relevant period here would be extended support rather than mainstream, since extended support still includes security fixes. And extended support lasts either 5 more years after mainstream support ends, or 2 years after the second next version is released, whichever is longer.

So, basically, you'll keep getting security fixes for the product for at least 10 years.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[thetoadwarrior]

Microsoft can't take money from corporations with their contracts if they're not going to provide longer support. Microsoft also charges hundreds for its OS. Apple charges like £20.99. There is no good reason not to be on a 5 year old operating system unless you're a PPC user and then it's just tough luck because you're on dead hardware.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

I haven't seen any in years.

Today at Woot Sellout section, they're offering 1.8ghz Dell desktops with WinXP for around $125. Two gig of RAM, too!

OEM licenses for XP are not legal to be sold after June 2008. If Woot is selling you software that is 4 years out of date, your beef is with Woot not Microsoft.

There was a further extension for starter edition for netbooks and developing markets to June 2010, but that is not the machine you are describing.

Re:There has been little else more pleasant in lif

[LinuxIsGarbage]

No, they're not. While OSX will put files like .DS_Store on flash drives, those aren't the files I'm talking about. I'm talking about files pointed to in the autorun.inf. Half the time they're hidden in a "Recycler" folder. Recycle bin doesn't exist on removable drives. Files that while overpriced McAfee and Symantec don't pick them up, submitting them to virustotal comes back with some hits.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Billly+Gates]

I have no issue at all with XP in these circumstances. They just should not be used on the internet and internet explorer needs to be disabled on them. A threat to the net and user is key if these machines are ever connected. Lets also think of us who want a better web with css 3 and html 5 with no flash. Developers cant use it asIE 7 & 8 support from these dinosaurs are needed.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[6ULDV8]

Are you the most interesting admin in the world?

I must be; the people in my head talk about me all the time.

I'd welcome discussion of the assertion that users were dumped. They're free to upgrade or select a new OS at any time as long as the hardware is viable. Sometimes hardware reaches the end of life because technology advances in a new direction. It happened for MS/PC/DR-DOS, OS/2, BSD, games, etc. As for the Cisco comment, it isn't entirely accurate. Cisco has a preferred browser, but you're certainly not required to use their choice any more than you have to use the OS that was distributed with your PC.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Moridineas]

Not quite true.

I'm running Lion on a MacPro 1,1 (1st gen, early 2007) right now. It works quite well! It will not be supported for 10.8, but that's because of the video card (stupid to not support an X1900XT).

So, I should have tempered my statement by saying that some 1st gen macs remain supported for Lion, and, afaik, all macs sold after January 2007 are still supported for Lion.

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[toddestan]

They're probably used off-lease corporate machines, given the processor speed and price. There are lots of places that'll sell you an old Dell/HP/Lenovo/whatever P4 or early Core system for $100 - $150 or so with an XP license.

How to KILL Apple

If you hate Apple so much, code some worms and viruses for it. Apple will shit!

Re:Apple didn't issue fix 10.5, 16.5% of it's user

They're probably used off-lease corporate machines, given the processor speed and price. There are lots of places that'll sell you an old Dell/HP/Lenovo/whatever P4 or early Core system for $100 - $150 or so with an XP license.

I suspected too, but couldn't figure out why that was an argument in discussion about Microsoft end-of-life timing of XP. If you count sale of used machines as starting point for counting down, nobody could end-of-life anything ever. If you don't, it is more than 4 years since Microsoft sold the last new normal XP license, and 2 years since the last starter edition.

Re:There has been little else more pleasant in lif

[Spiked_Three]

Only a few days after, and today it is printed that Apple is 10 years behind Microsoft in security.

Hey Apple fan brats, you're idiots!

Please please mod me troll - I love it when you guys make that pig squealing sound.