Slashdot Mirror
A Week After Apple's Fix, Flashback Still Infects Half a Million Macs
Sparrowvsrevolution writes "Security firm Dr. Web released new statistics Friday showing that the process of eliminating Flashback from Macs is proceeding far slower than expected: On Friday the security firm, which first spotted the Mac botnet earlier this month, released new data showing that 610,000 active infected machines were counted Wednesday and 566,000 were counted Thursday. That's a slim decrease from the peak of 650,000 to 700,000 machines infected with the malware when Apple released its cleanup tool for the trojan late last week. Earlier in the week, Symantec reported that only 140,000 machines remained infected, but admitted Friday that an error in its measurement caused it to underestimate the remaining infections, and it now agrees with Dr. Web's much more pessimistic numbers."
I figure it is because they dont feel they need to update since Apple products are soooo secure.
That's what TFA says. The infected machines haven't had the updates installed. That implies that the owners either don't know that they are infected or don't care. I'm leaning towards the former.
With the number of machines that remain, it seems clear also that Mac users aren't using auto updates. What's up with that?
I had wondered how in the hell it got that low that fast--a couple of days after Symantec reported 140,000, they or someone else reported 30,000. But checking the Java vulnerability against versions installed with Mac OS X, it seems that 10.4 and 10.5 should also be vulnerable, while Apple only patched for 10.6 and 10.7. That alone should prevent the numbers dropping so far so fast. Sigh. Smooth move Apple.
I had no idea, that's almost 500 per coffee shop!
You are not alone. This is not normal. None of this is normal.
According to wikipedia, Flashback uses web redirects and javascript to automatically load a Java applet that contains the vulnerability.
In my book, it's only a Trojan if a real person is duped into executing it, and IMHO an infected legitimate website redirecting someone to a malicious website that automatically runs something that infects the user's computer does not count as duping a person into executing something.
TL;DR: Flashback is not a trojan. We need a new term for this type of threat.
10.5 makes up 16.5% of Mac users, sure a lot are on PPC and the Flashback isn't targeting it, or is it?
Also about 4-5% are still on 10.4%
Apple didn't issue Diginotar Root certs fixes for these older OS X version neither.
Come when 10.8 is released, a whopping 65% of Mac users on 10.4-10.6 will be ripe for the pickings
Because Apple only updates the last two OS X versions in circulation, then is now releasing a new OS X version every year.
Microsoft on the other hand issues updates for their OS for 10 years?
Mac's a better value? Less prone to malware? Not for too much longer...
... and yet I find it hilarious when I read all the angry rants on wired.com and here on how poor old XP is going to lose support in 2 years a mere 13.5 years after launch.
This dwells into the more serious issue of the security nightmare that will come when all internet enabled computers that are more used like XP become abandonded. Personally I think it would be a good idea to disable port 80 on all devices 3 months after support ends to keep the upcoming security nightmare. It will anger many users but many malware writters will target XP if MacOSX has so many infections yet remains so small marketshare wise still. We do not allow vehicles with rags for a gas cap to go on the road right?
I understand Apple losses money to support users but something should be done. If not after a few billion lost dollars in bank accounts will create some nasty lawsuits.
http://saveie6.com/
> ... and yet I find it hilarious when I read all the angry rants on wired.com and here on how poor old XP is going to lose support in 2 years a mere 13.5 years after launch.
When is the last time a new PC was sold with some version of XP installed by the hardware vendor?
THAT is your starting point for "support", not when the first version was originally released.
A Pirate and a Puritan look the same on a balance sheet.
With the number of machines that remain, it seems clear also that Mac users aren't using auto updates. What's up with that?
You're surprised that users dont install updates? Or choose to skip updates when they are offered? You must be new here... (and by here, I mean, anywhere) This is hardly a problem that is unique to mac users or even ignorant users.
auto updates only work automatically if you're logged in as an admin user....
Can you be Even More Awesome?!
I understand Apple losses money to support users but something should be done. If not after a few billion lost dollars in bank accounts will create some nasty lawsuits.
Apple has been getting more serious about security for awhile (in comparison to, "we're unix, we're ok"). Sandbox, gatekeeper, removal of automatic execution, malware removal tool, etc. They need to gt a LOT better in how they respond though.
Apple clearly understands support in general though. They routinely get excellent marks on their support. See the genius bars as an example. I personally have had out of warranty macs repaired for free. My sister had an out of warranty Macbook case top replaced when it chipped. And so forth. Support is one of the big reasons to buy an Apple, imho.
The Software Update only notifies you of an available update and optionally downloads it in the background. It does not install the update automatically, a user has to click to start the update (and would have to provide admin authentication if they weren't logged into an admin account).
My hackintosh gets all the updates.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
The article is here.
I think many people who assume they are invulnerable and have older macs probably have no clue they are even infected. I am curious what the percentage of older MacOSX installations are? Not everyone can afford or want to buy an expensive iMac/Powerbook every 3 years.
http://saveie6.com/
Windows and even IE has been getting harder and harder to crack in after the laughing bad issue with XP pre SP1 and IE 6. Windows 7 has ASLR, DEP with all services, special VC2010 exception checking at runtime executable support, and sanboxing. Windows 8 and IE 10 have 2 sandboxes to get an exploit pass.
Ask any enterprise who migrated from XP to Windows 7 and they all say a drop in malware and virus infections is the first thing they notice.
Maybe MacOSX is an easier target?
The fact that most MacOSX users do not run anti virus software is also troubling. I say its essential now as a good one will look at behaviors and sandbox critical files and processes. Avast has a beta for MacOSX already if you hate Norton.
http://saveie6.com/
To be fair, Apple users may have more important things to do than install hotfixes. For example, engaging in a love that dare not speak its name can be very time-consuming.
I've heard...
You are welcome on my lawn.
I for one welcome our Mac brethren to the world of Real Computing, where your device will get infected if you don't have any anti-virus protection, and will still get infected even if you do have anti-virus protection if you're ignorant.
Occasionally living proof of the Ballmer peak.
PPC macs have not been sold since 2006. They are no longer supported (we still run 2 power pc macs running 10.4 at work, fwiw, running legacy applications). They were supported through the end of 10.5 (early 2011). 5+ years.
OSX 10.6 and 10.7 are being actively updated. I hate 10.7 and have stuck with 10.6.
First generation Intel Macs were released running 10.4. First generation Intel macs can run OSX 10.7, so they are still supported. They will no longer be supported with 10.8. ~6 years.
Apple seems to roughly support hardware for at least 5 years (given that we've gone through a PPC->Intel transition AND a 32-bit to 64-bit transition in the last ~7 years, not too shabby). I hope they will keep updating 10.6 now that they are hurrying up their OS release schedules.
Ask any enterprise who migrated from XP to Windows 7 and they all say a drop in malware and virus infections is the first thing they notice.
Flash drive Autorun viruses!
By default XP SP1 and newer (IIRC) while not automatically running autorun.inf files from flash drives, will give you the "What do you want to do" prompt including the autorun option. If you decline that, but double click the drive in my computer it will go ahead and run the autorun with no warning or indication. The default action on Windows 7 is to not even try to run autorun from flash drives.
On any computer I have control over (personal or for work) I completely disable autorun because:
a) It's annoying
b) It's dangerous.
Two large corporations I've worked for recently (still using XP) did not disable autorun! It's amazing how much autorun malware runs rampant. Crappy overpriced Symantec or McAfee don't pick them up either. I alert people when I stick their flash drive in my computer and notice hidden autorun.inf files, and hidden mischievous folders with random file names. I usually get stunned looks from them.
I also get stunned looks from IT when I point out the gaping, tractor-trailer sized hole in their security.
No, most of them are talking about being utterly immune. And they were always wrong.
I'm not discrediting these guys and I'm honestly curious: How to they arrive at these numbers? How does one determine if a computer is infected without access to said computer?
Do they port scan 1000 random machines and extrapolate from there? I'm genuinely curious to know their methods. How could they arrive at such a precise number? Surely they must only have a sample of macs and use statistical models to extrapolate, right? They can't scan all the macs, right? right?
How do they do it?!?!
-Glitch "We all know Linux is great...it does infinite loops in 5 seconds." - Linus Torvalds
And once again, it doesn't do even the above if you're logged in as a regular user. You have to manually kick it off to even find out there *are* updates.
It's not hard to kick it off, but it is something you have to bother to remember to do. Which, "your parents" probably do not ever really think about.
Can you be Even More Awesome?!
I'm not infected (checked), but perhaps about 50% of those that "haven't installed the updates" is because people refuse to upgrade? I refuse to pay for an upgrade that will no doubt slow my Macbook Pro down and cause random issues.
You might be shocked at the amount of "automatic" updates the mac doesn't install. Air doesn't get patched by Adobe's own patches, MSFT Office only gets patched by it's own update program, etc...
...would hire those two dudes from the "I'm a Mac and I'm a PC" commercial for a reunion commercial. I'm sure Apple would sue, though, because Apple only has a sense of humor when they are making fun of other people.
First generation Intel Macs are not supported on 10.7.
It's even more retarded than that. It tells you there's a handful of updates and makes you log off. Then you have to sit and watch while it downloads the updates on your now incapacitated desktop. Then you have to watch as it updates itunes or quicktime... Why does upgrading a media player mean you have to reboot your computer? So not only do I lose all the context in all of my terminal sessions, I have to sit and watch it download, and then watch it reboot. Then after the reboot, after I start working again, it does another software update and discovers yet more things that it can now update...
infuriating, I tells ya.
I maintain 6 macs, and then are always up to date... I have never seen what you described (save the occasionally having to reboot with updates)...
There actually was an article on Slashdot that had a link to the information you mentioned. It said how to check to see if you were infected and told how to remove it. By asking why something something that was posted wasn't posted, you are doing little to improve our collective opinion of Mac users.
If you bought your Mac three years ago and never bought an OS upgrade, you are likely running Leopard.
Apple has still not provided any fix or upgrade that addresses this malware for Leopard. Only for Snow Leopard and Lion.
)9TSS
The relevant period here would be extended support rather than mainstream, since extended support still includes security fixes. And extended support lasts either 5 more years after mainstream support ends, or 2 years after the second next version is released, whichever is longer.
So, basically, you'll keep getting security fixes for the product for at least 10 years.
I maintain 6 macs, and then are always up to date... I have never seen what you described (save the occasionally having to reboot with updates)...
I have seen EXACTLY what he described in the most recent update with Snow Leopard (maybe the magic intrusion-free update feature was only introduced in Lion?) The system prompted about needing to reboot for updates and after it was OKed, it probably spent at least 10 minutes in "update mode".
The updates are only available for Snow Leopard and Lion. If you're on Leopard (10.5) (still sold up until summer 2009) or older, you don't get the security patches OR the latest fixes to remove infection. Apple only support current and previous OS versions for security. Once Mountain Lion comes out in a couple of months, anyone who's running an OS older than october 2010 goes under the bus. Note, they're still selling snow leopard right now, as you need to install it first to go to lion - you can't jump from leopard to lion direct, as leopard don't have the app store needed. You can of course download and make a USB clean installer from an existing lion Mac, but if you've only got one physical machine and no-one can help you make an install, leopard -> snow leopard -> lion it is (pre-made lion install usb keys not available here)
We criticise microsoft for ending support for XP after 13 years, and Apple drops all support after TWO and get a pass? Something like 25% of mac users are using Leopard or older - not least due the removal of PPC support in snow leopard. Mountain Lion looks pretty pointless unless you're also an icloud user, and the steady of killing off of carbon library support in Lion and Mountain Lion means you may have to stick to snow leopard if a key app doesn't run on Lion yet - and you'll be in the same boat as Leopard users right now, running an 'obsolete' unsupported OS with no security patches that's still for sale right now!
Now apple are switching to an annual OSX release, they REALLY need to still support older OSes - such as the soon to be EOL'd snow leopard - longer than they do for critical security patches, such as this one. Apple decided they wanted to control java installation on OSX, they should have the decency to get security patches out for it in a prompt timescale. Don't forget, the whole reason this happened is Apple sat on upstream java security patches for months for even current OSX users - if they'd pushed out the patches THEN, instead of waiting for half a million + users to get infected...
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
What the hell is this rebooting you speak of? I thought Macs were Unix-based? You only reboot when you install new hardware or when you do a kernel update. (I should add that on a random-joe-system, kernel updates should be pretty infrequent since they don't need bleeding edge kernels). This sounds not much better than windows, IMHO.
Also, I wonder how Apple, the paragon of UI design, has never been able to implement a good window manager? It makes my eyes bleed every time I try to place Firefox and a terminal window side-by-side on a friends machine.
for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
You didn't read the question asked in the dialog? The one asking *your* permission to download and install updates and reboot your computer? You didn't understand that 'Continue' means 'yeah, go ahead, install and reboot'? You didn't see the 'not now' button next to it, allowing you to continue working without interruption?
Helpful tip: read the dialog and make sure you understand the question asked before clicking any button.
(You can configure Software Update to download updates in the background, in which case the wording of the question is slightly different and since you get prompted when everything is sucessfully downloaded, the interruption will be shorter. But the default is to prompt before downloading, so you can postpone downloading, perhaps saving you a huge mobile data bill.)
That's why Windows 7 pretty much just silently downloads and installs updates unless you go out of your way to tell it otherwise. They realized that it was worth drawing the wrath of nerds who hate not being in control to help the vast majority of clueless users.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Not quite true.
I'm running Lion on a MacPro 1,1 (1st gen, early 2007) right now. It works quite well! It will not be supported for 10.8, but that's because of the video card (stupid to not support an X1900XT).
So, I should have tempered my statement by saying that some 1st gen macs remain supported for Lion, and, afaik, all macs sold after January 2007 are still supported for Lion.