experts by and large agree that security via obscurity is not a wise
model for protecting customers over the long term. That's
exactly the model Apple has employed
successfully for some time now. However, its luck finally
appears to be running short.Hot on the heels of a newly
discovered iOS exploit that allows access to locked iPhones,
new reports   from
security research firms SecureFirm and Intego reveals
that a new trojan is targeting Mac users using a vulnerability in OS
X's Java player.According to the Intego report
the new malware, trojan.osx.boonana.a, is really a reworked version
of the Koobface malware, which has attacked Windows in the past.
The malware acts
as a worm when it spreads and as
a trojan when it is infecting your computer.Users
may encounter the worm via links posted on Facebook, MySpace,
Twitter, and other websites. When clicking the link, the applet
attempts to run. Users can stop the infection before it starts
by denying the applet permission to run when OS X's Java player pops
up a dialogue.If they allow the applet to run, they may get
another warning if they have a Mac antispyware program like
VirusBarrier X6’s Anti-Spyware installed. If they don't get
the warning, or choose to disregard it, the applet will attempt to
make a connection with a remote server and installs a rootkit,
backdoor, command and control, and other elements. These files
are copied to an invisible folder -- .jnana -- in the user's home
directory.If the virus is allowed to carry out its infection
process, the unsuspecting Mac user may find themselves part
of a botnet. When they log on social networks, the virus
will post links to spread the infection. It may also send spam
e-mail via their logged-in accountsOther variants of this
virus target Windows and Linux, making it a rare true cross-platform
virus. All these viruses share the fact that they use the Java
player as a route of attack. According to Intego,
other OS X-specific versions of the virus have shown up, but most are
broken or try to connect to offline servers.The malware could
become potentially more dangerous in the future if it is able to
eliminate the warnings from the Java player and/or change the
name/location of the infection directory, making it hard for virus
removal software to find it.While it does not appear that
this virus takes advantage of any unique flaws in Apple's version of
Java, some security experts say that Apple's Java player may have
more vulnerabilities than Window's. That's because Apple makes
its own Java player, which according to an
e-mailreportedly attributed to Apple Chief Executive Steve Jobs,
is always a version behind the official Linux/Windows builds from Sun
and Oracle.Apple is reportedly considering ditching its Java
player in future versions of OS X, such as OS X 10.7 "Lion".
Similarly it's considering
rejecting Flash, another multimedia web technology.
Ultimately these efforts may eliminate some routes of attack, but now
that Apple is being targeted it must realize -- there is always a
quote: This does not take away from the fact that it's still a mac exploit.
quote: should be able to install whatever i want on my own computer. I will not be told what i can and can not install by jobs or anyone else. Doing away with java and flash is retarded and shouldn't be job's choice to make. If they don't want to put it on by default that's one thing but block me from installing it is insane!
quote: Actually, it's a user exploit. In fact, it doesn't even work correctly on many Macs. It doesn't do anything unless the user allows it and enters an administrator password so it can install. It's classic social engineering. A trojan that tries to trick the user into installing it. Nothing more, nothing less.
quote: Jobs isn't choosing for you, they're just choosing not to install it for you. You're free to install Flash and Java yourself if you choose. No one is blocking you from installing it. Pure FUD.
quote: MS Windows doesn't install either one for you, you have to go install it yourself. Linux doesn't install flash for you, and may or may not install Java.
quote: You're welcome to hate Apple/Jobs, just quit spouting inaccurate info and FUD.
quote: See ipod, iphone, ipad... now there's talk of a mac store opening up for the mac computers. If they go completely to a mac store for software distribution on the mac then how long until you "can't" install it. As i stated above, this is a growing trend with apple and while this might not ever become a reality i certainly wouldn't put it passed them.
quote: my point is that these types of viruses will only get worse from here on...
quote: if you want to stay in a sugar coated bubble, or frolic in a meadow of denial... fine.
quote: I don't like the way that apple does business sometimes and i don't particularly care for the amount of control i feel apple/jobs have over what i can and can't do with the computer/devices i paid for. seeing as this exact thing has been a reoccurring theme in just about every apple/mac article I've read in the last year or two i really don't think this statement is too far off.
quote: They won't lock down the Mac the way they have iOS devices.
quote: nothing objectively significantly better or worse as far as business practices go.
quote: I'm glad Apple switch to x86 based systems 4 years ago
quote: Apple recommends AV software for Mac OS X
quote: If you understand that windows has it's place and that people are morons for choosing it then ever better!
quote: This should read: If you understand that windows has it's place and that people are NOT morons for choosing it then ever better! :-)