Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.mac.apps > #8899 > unrolled thread

Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java?

Started byANTant@zimage.com (Ant)
First post2012-04-04 19:03 -0500
Last post2012-04-12 09:13 +1200
Articles 20 on this page of 69 — 24 participants

Back to article view | Back to comp.sys.mac.apps


Contents

  Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? ANTant@zimage.com (Ant) - 2012-04-04 19:03 -0500
    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-04 19:54 -0700
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Malcolm <malcolm@invalid> - 2012-04-04 23:33 -0400
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-05 00:38 -0700
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? SY <205sk@accessforall.invalid> - 2012-04-05 16:35 +0200
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 12:19 -0700
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:40 -0700
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:52 -0700
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Bread <BreadWithSpam@Fractious.net> - 2012-04-11 15:22 -0700
                  Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-12 19:10 +0200
                    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Calum <com.gmail@nospam.scottishwildcat> - 2012-04-13 01:55 +0100
                      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-13 13:51 +1200
                        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-12 23:52 -0400
                          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-12 21:31 -0700
                          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-13 20:02 +1200
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Warren Oates <warren.oates@gmail.com> - 2012-04-06 08:31 -0400
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? rijk <rijk@blah.invalid> - 2012-04-06 21:20 +0200
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-05 00:06 -0400
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 00:24 -0700
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-05 16:10 -0400
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:33 -0700
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:51 -0700
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 19:16 -0400
                  Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-06 14:48 +1200
                    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 23:21 -0400
                      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-06 18:19 +1200
                        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:09 +0200
                        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Howard.not@home.com (Howard) - 2012-04-09 18:17 +0100
                          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? PhillipJones <pjones1@kimbanet.com> - 2012-04-09 14:20 -0400
                            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Howard.not@home.com (Howard) - 2012-04-10 17:46 +0100
                              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-11 10:18 +0200
                                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? John McWilliams <jpmcw@comcast.net> - 2012-04-11 15:13 -0700
                    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:01 +0200
                      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-07 01:46 +1200
                        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-06 12:15 -0400
                          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-09 09:11 +0200
                            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-09 11:42 -0400
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 13:51 +0200
                  Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:28 -0700
                    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 21:51 +0200
                      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 16:43 -0700
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-05 21:27 -0400
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:19 +0200
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:29 -0700
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-06 12:22 -0700
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-06 17:40 -0400
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-06 12:11 -0400
    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-05 10:01 +0200
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-05 01:55 -0700
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-05 11:40 +0200
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:30 -0700
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Dave Allen <kneeljung@gmail.com> - 2012-04-06 19:03 -0500
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-07 12:48 +1200
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Dave Allen <kneeljung@gmail.com> - 2012-04-07 13:56 -0500
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-07 09:53 -0700
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? SY <205sk@accessforall.invalid> - 2012-04-07 19:01 +0200
                  Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 14:10 -0400
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-21 13:18 -0700
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Warren Oates <warren.oates@gmail.com> - 2012-04-05 08:20 -0400
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? George Kerby <ghost_topper@hotmail.com> - 2012-04-05 08:38 -0500
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Jolly Roger <jollyroger@pobox.com> - 2012-04-05 15:51 -0700
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? George Kerby <ghost_topper@hotmail.com> - 2012-04-05 18:49 -0500
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Jolly Roger <jollyroger@pobox.com> - 2012-04-05 16:54 -0700
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-08 13:38 +0200
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? J.J. O'Shea <try.not.to@but.see.sig> - 2012-04-09 14:03 -0400
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 19:10 -0400
    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? J.J. O'Shea <try.not.to@but.see.sig> - 2012-04-09 14:00 -0400
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-11 10:37 +0200
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-12 09:13 +1200

Page 1 of 4  [1] 2 3 4  Next page →


#8899 — Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java?

FromANTant@zimage.com (Ant)
Date2012-04-04 19:03 -0500
SubjectIs there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java?
Message-ID<Xaqdnd_fvMXPfOHSnZ2dnUVZ_s6dnZ2d@earthlink.com>
Hello.

I read the recent Flashback trojan with Apple's Java. I have a client 
who is still running Mac OS X 10.5.8 and noticed Apple released an 
updated Java for Mac OS X 10.6. I assume there is none for unsupported 
10.5.8. Is there a way to remove its Java or protect it without 
upgrading the OS?

Thank you in advance. :)
-- 
Quote of the Week: "If ants are such busy workers, how come they find 
time to go to all the picnics?" --Marie Dressler
  /\___/\   Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site)
 / /\ /\ \                 Ant's Quality Foraged Links: http://aqfl.net
| |o   o| |
   \ _ /           Please nuke ANT if replying by e-mail. If crediting,
    ( )          then please kindly use Ant nickname and AQFL URL/link.

[toc] | [next] | [standalone]


#8900

FromMichael Vilain <vilain@NOspamcop.net>
Date2012-04-04 19:54 -0700
Message-ID<vilain-7537B2.19544504042012@news.individual.net>
In reply to#8899
In article <Xaqdnd_fvMXPfOHSnZ2dnUVZ_s6dnZ2d@earthlink.com>,
 ANTant@zimage.com (Ant) wrote:

> Hello.
> 
> I read the recent Flashback trojan with Apple's Java. I have a client 
> who is still running Mac OS X 10.5.8 and noticed Apple released an 
> updated Java for Mac OS X 10.6. I assume there is none for unsupported 
> 10.5.8. Is there a way to remove its Java or protect it without 
> upgrading the OS?
> 
> Thank you in advance. :)

Java is deeply embedded into MacOS.  I don't know what you'd break if 
you removed it.  I suppose you could reverse engineer the patch that 
Apple created from the Oracle sources, if you had them.  How good are 
you with Java development tools and coding?  Unless you get paid T&M to 
fix this, I'd tell the client "Life is unsure.  Live it it.  Or 
upgrade."  but they're not my client.  That's the downside of being on 
such an old version of the OS.  They essentially have to pay you to take 
Apple's place for support.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]

[toc] | [prev] | [next] | [standalone]


#8901

FromMalcolm <malcolm@invalid>
Date2012-04-04 23:33 -0400
Message-ID<2012040423335998610-malcolm@invalid>
In reply to#8900
On 2012-04-05 02:54:46 +0000, Michael Vilain said:

> In article <Xaqdnd_fvMXPfOHSnZ2dnUVZ_s6dnZ2d@earthlink.com>,
>  ANTant@zimage.com (Ant) wrote:
> 
>> Hello.
>> 
>> I read the recent Flashback trojan with Apple's Java. I have a client
>> who is still running Mac OS X 10.5.8 and noticed Apple released an
>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
>> 10.5.8. Is there a way to remove its Java or protect it without
>> upgrading the OS?
>> 
>> Thank you in advance. :)
> 
> Java is deeply embedded into MacOS.  I don't know what you'd break if
> you removed it.  I suppose you could reverse engineer the patch that
> Apple created from the Oracle sources, if you had them.  How good are
> you with Java development tools and coding?  Unless you get paid T&M to
> fix this, I'd tell the client "Life is unsure.  Live it it.  Or
> upgrade."  but they're not my client.  That's the downside of being on
> such an old version of the OS.  They essentially have to pay you to take
> Apple's place for support.

Java can be disabled in Safari's Security preferences.

[toc] | [prev] | [next] | [standalone]


#8907

FromAnt <ant@zimage.comANT>
Date2012-04-05 00:38 -0700
Message-ID<ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>
In reply to#8901
On 4/4/2012 8:33 PM PT, Malcolm typed:

>>> I read the recent Flashback trojan with Apple's Java. I have a client
>>> who is still running Mac OS X 10.5.8 and noticed Apple released an
>>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
>>> 10.5.8. Is there a way to remove its Java or protect it without
>>> upgrading the OS?
>>
>> Java is deeply embedded into MacOS. I don't know what you'd break if
>> you removed it. I suppose you could reverse engineer the patch that
>> Apple created from the Oracle sources, if you had them. How good are
>> you with Java development tools and coding? Unless you get paid T&M to
>> fix this, I'd tell the client "Life is unsure. Live it it. Or
>> upgrade." but they're not my client. That's the downside of being on
>> such an old version of the OS. They essentially have to pay you to take
>> Apple's place for support.
>
> Java can be disabled in Safari's Security preferences.

Ah thanks. So no way to update it from Oracale/Sun, right?
-- 
"Oh, good morning, my little worker ants! That's just a figure of 
speech; I would NEVER compare you to insects. At least not after that 
sensitivity training seminar those maggots at the network forced me to 
attend!" --Kay, Murphy Brown
    /\___/\         Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
   / /\ /\ \                Ant's Quality Foraged Links: http://aqfl.net
  | |o   o| |
     \ _ /        If crediting, then use Ant nickname and AQFL URL/link.
      ( )         If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

[toc] | [prev] | [next] | [standalone]


#8922

FromSY <205sk@accessforall.invalid>
Date2012-04-05 16:35 +0200
Message-ID<4f7dadad$0$26546$e4fe514c@dreader34.news.xs4all.nl>
In reply to#8907
In article <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>,
 Ant <ant@zimage.comANT> wrote:

> On 4/4/2012 8:33 PM PT, Malcolm typed:
> 
> >>> I read the recent Flashback trojan with Apple's Java. I have a client
> >>> who is still running Mac OS X 10.5.8 and noticed Apple released an
> >>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
> >>> 10.5.8. Is there a way to remove its Java or protect it without
> >>> upgrading the OS?
> >>
> >> Java is deeply embedded into MacOS. I don't know what you'd break if
> >> you removed it. I suppose you could reverse engineer the patch that
> >> Apple created from the Oracle sources, if you had them. How good are
> >> you with Java development tools and coding? Unless you get paid T&M to
> >> fix this, I'd tell the client "Life is unsure. Live it it. Or
> >> upgrade." but they're not my client. That's the downside of being on
> >> such an old version of the OS. They essentially have to pay you to take
> >> Apple's place for support.
> >
> > Java can be disabled in Safari's Security preferences.
> 
> Ah thanks. So no way to update it from Oracale/Sun, right?

Here's a good article:

http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-di
sable-java-in-os-x/

SK.

[toc] | [prev] | [next] | [standalone]


#8928

FromMichael Vilain <vilain@NOspamcop.net>
Date2012-04-05 12:19 -0700
Message-ID<vilain-B9D02F.12194805042012@news.individual.net>
In reply to#8922
In article <4f7dadad$0$26546$e4fe514c@dreader34.news.xs4all.nl>,
 SY <205sk@accessforall.invalid> wrote:

> In article <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>,
>  Ant <ant@zimage.comANT> wrote:
> 
> > On 4/4/2012 8:33 PM PT, Malcolm typed:
> > 
> > >>> I read the recent Flashback trojan with Apple's Java. I have a client
> > >>> who is still running Mac OS X 10.5.8 and noticed Apple released an
> > >>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
> > >>> 10.5.8. Is there a way to remove its Java or protect it without
> > >>> upgrading the OS?
> > >>
> > >> Java is deeply embedded into MacOS. I don't know what you'd break if
> > >> you removed it. I suppose you could reverse engineer the patch that
> > >> Apple created from the Oracle sources, if you had them. How good are
> > >> you with Java development tools and coding? Unless you get paid T&M to
> > >> fix this, I'd tell the client "Life is unsure. Live it it. Or
> > >> upgrade." but they're not my client. That's the downside of being on
> > >> such an old version of the OS. They essentially have to pay you to take
> > >> Apple's place for support.
> > >
> > > Java can be disabled in Safari's Security preferences.
> > 
> > Ah thanks. So no way to update it from Oracale/Sun, right?
> 
> Here's a good article:
> 
> http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-di
> sable-java-in-os-x/
> 
> SK.

I emailed the author to see if this really great article applies for 
10.4 and 10.5.  If he responds, I'll post a reply.

I'm still not convinced that some applications might break if you remove 
Java.  Your client may have to choose between them at some point.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]

[toc] | [prev] | [next] | [standalone]


#8936

FromMichael Vilain <vilain@NOspamcop.net>
Date2012-04-05 13:40 -0700
Message-ID<vilain-33C1FF.13401105042012@news.individual.net>
In reply to#8928
In article <vilain-B9D02F.12194805042012@news.individual.net>,
 Michael Vilain <vilain@NOspamcop.net> wrote:

> In article <4f7dadad$0$26546$e4fe514c@dreader34.news.xs4all.nl>,
>  SY <205sk@accessforall.invalid> wrote:
> 
> > In article <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>,
> >  Ant <ant@zimage.comANT> wrote:
> > 
> > > On 4/4/2012 8:33 PM PT, Malcolm typed:
> > > 
> > > >>> I read the recent Flashback trojan with Apple's Java. I have a client
> > > >>> who is still running Mac OS X 10.5.8 and noticed Apple released an
> > > >>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
> > > >>> 10.5.8. Is there a way to remove its Java or protect it without
> > > >>> upgrading the OS?
> > > >>
> > > >> Java is deeply embedded into MacOS. I don't know what you'd break if
> > > >> you removed it. I suppose you could reverse engineer the patch that
> > > >> Apple created from the Oracle sources, if you had them. How good are
> > > >> you with Java development tools and coding? Unless you get paid T&M to
> > > >> fix this, I'd tell the client "Life is unsure. Live it it. Or
> > > >> upgrade." but they're not my client. That's the downside of being on
> > > >> such an old version of the OS. They essentially have to pay you to take
> > > >> Apple's place for support.
> > > >
> > > > Java can be disabled in Safari's Security preferences.
> > > 
> > > Ah thanks. So no way to update it from Oracale/Sun, right?
> > 
> > Here's a good article:
> > 
> > http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-di
> > sable-java-in-os-x/
> > 
> > SK.
> 
> I emailed the author to see if this really great article applies for 
> 10.4 and 10.5.  If he responds, I'll post a reply.
> 
> I'm still not convinced that some applications might break if you remove 
> Java.  Your client may have to choose between them at some point.

In another thread, someone posted a terrific article on disabling and 
removing the JVM runtime.  But it all pertains to 10.6 and 10.7.  While 
MacOS doesn't depend on the JVM runtime, other applications might.  I 
tend to not use Java-based applications because they're not quite MacOS 
UI compliant.  None of the major vendors (M$, Adobe, or others) use them 
to my knowledge but something might break if you remove Java.  The OP's 
customer will have to take that into consideration--I can't run <X> on 
this older version of the OS because of Java bugs.

Now there's this article:

<http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in-
mac-os-x/>

which shows how to actually check to see if a machine is infected.  If 
it works with 10.4 and 10.5, someone should post that here.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]

[toc] | [prev] | [next] | [standalone]


#8938

FromMichael Vilain <vilain@NOspamcop.net>
Date2012-04-05 13:52 -0700
Message-ID<vilain-4E259C.13521505042012@news.individual.net>
In reply to#8936
In article <vilain-33C1FF.13401105042012@news.individual.net>,
 Michael Vilain <vilain@NOspamcop.net> wrote:

> In article <vilain-B9D02F.12194805042012@news.individual.net>,
>  Michael Vilain <vilain@NOspamcop.net> wrote:
> 
> > In article <4f7dadad$0$26546$e4fe514c@dreader34.news.xs4all.nl>,
> >  SY <205sk@accessforall.invalid> wrote:
> > 
> > > In article <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>,
> > >  Ant <ant@zimage.comANT> wrote:
> > > 
> > > > On 4/4/2012 8:33 PM PT, Malcolm typed:
> > > > 
> > > > >>> I read the recent Flashback trojan with Apple's Java. I have a 
> > > > >>> client
> > > > >>> who is still running Mac OS X 10.5.8 and noticed Apple released an
> > > > >>> updated Java for Mac OS X 10.6. I assume there is none for 
> > > > >>> unsupported
> > > > >>> 10.5.8. Is there a way to remove its Java or protect it without
> > > > >>> upgrading the OS?
> > > > >>
> > > > >> Java is deeply embedded into MacOS. I don't know what you'd break if
> > > > >> you removed it. I suppose you could reverse engineer the patch that
> > > > >> Apple created from the Oracle sources, if you had them. How good are
> > > > >> you with Java development tools and coding? Unless you get paid T&M 
> > > > >> to
> > > > >> fix this, I'd tell the client "Life is unsure. Live it it. Or
> > > > >> upgrade." but they're not my client. That's the downside of being on
> > > > >> such an old version of the OS. They essentially have to pay you to 
> > > > >> take
> > > > >> Apple's place for support.
> > > > >
> > > > > Java can be disabled in Safari's Security preferences.
> > > > 
> > > > Ah thanks. So no way to update it from Oracale/Sun, right?
> > > 
> > > Here's a good article:
> > > 
> > > http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-di
> > > sable-java-in-os-x/
> > > 
> > > SK.
> > 
> > I emailed the author to see if this really great article applies for 
> > 10.4 and 10.5.  If he responds, I'll post a reply.
> > 
> > I'm still not convinced that some applications might break if you remove 
> > Java.  Your client may have to choose between them at some point.
> 
> In another thread, someone posted a terrific article on disabling and 
> removing the JVM runtime.  But it all pertains to 10.6 and 10.7.  While 
> MacOS doesn't depend on the JVM runtime, other applications might.  I 
> tend to not use Java-based applications because they're not quite MacOS 
> UI compliant.  None of the major vendors (M$, Adobe, or others) use them 
> to my knowledge but something might break if you remove Java.  The OP's 
> customer will have to take that into consideration--I can't run <X> on 
> this older version of the OS because of Java bugs.
> 
> Now there's this article:
> 
> <http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in-
> mac-os-x/>
> 
> which shows how to actually check to see if a machine is infected.  If 
> it works with 10.4 and 10.5, someone should post that here.

You can follow this procedure from the Terminal to check and remove the 
Trojan if the machine is infected:

<http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml>

But you won't be able to patch the Java on the 10.5.8 system.  If you 
have /Applications/Utilities/Java Preferences, you can disable the JVM 
runtimes.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]

[toc] | [prev] | [next] | [standalone]


#9164

FromBread <BreadWithSpam@Fractious.net>
Date2012-04-11 15:22 -0700
Message-ID<jm507d$j6m$1@reader1.panix.com>
In reply to#8936
On 2012-04-05 20:40:12 +0000, Michael Vilain said:

> In aIn another thread, someone posted a terrific article on disabling and
> removing the JVM runtime.  But it all pertains to 10.6 and 10.7.  While
> MacOS doesn't depend on the JVM runtime, other applications might.  I
> tend to not use Java-based applications because they're not quite MacOS
> UI compliant.  None of the major vendors (M$, Adobe, or others) use them
> to my knowledge but something might break if you remove Java.

A quick glance at the output of ps shows me that at least on this 10.7 
system that I'm typing from, CrashPlan and Wuala both run /usr/bin/java.

Not sure if either of these run in 10.5 or earlier (my machines are all 
10.6 and 10.7), but it's likely that there are other apps which use it 
and that it's not going to be obvious, especially to someone who only 
knows from the GUI.

FWIW.

[toc] | [prev] | [next] | [standalone]


#9199

FromPaul Sture <paul@sture.ch>
Date2012-04-12 19:10 +0200
Message-ID<7tej59-82h.ln1@news.sture.ch>
In reply to#9164
On Wed, 11 Apr 2012 15:22:37 -0700, Bread wrote:

> On 2012-04-05 20:40:12 +0000, Michael Vilain said:
> 
>> In aIn another thread, someone posted a terrific article on disabling
>> and removing the JVM runtime.  But it all pertains to 10.6 and 10.7. 
>> While MacOS doesn't depend on the JVM runtime, other applications
>> might.  I tend to not use Java-based applications because they're not
>> quite MacOS UI compliant.  None of the major vendors (M$, Adobe, or
>> others) use them to my knowledge but something might break if you
>> remove Java.
> 
> A quick glance at the output of ps shows me that at least on this 10.7
> system that I'm typing from, CrashPlan and Wuala both run /usr/bin/java.
> 
> Not sure if either of these run in 10.5 or earlier (my machines are all
> 10.6 and 10.7), but it's likely that there are other apps which use it
> and that it's not going to be obvious, especially to someone who only
> knows from the GUI.
> 
> FWIW.

Apparently both Kaspersky and F-Secure have tools to download for those 
who are scared of going near Terminal:

From Ars Technica:

http://bit.ly/HD3hj5



-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


#9211

FromCalum <com.gmail@nospam.scottishwildcat>
Date2012-04-13 01:55 +0100
Message-ID<jm7ti3$2r3$1@speranza.aioe.org>
In reply to#9199
On 12/04/2012 18:10, Paul Sture wrote:

> Apparently both Kaspersky and F-Secure have tools to download for those
> who are scared of going near Terminal:

And Apple have tonight released a software update that checks for and 
removes Flashback infections, as well as disabling automatic running of 
Java applets.

-- 
Xbox: GallusNumpty  Steam: scottishwildcat

[toc] | [prev] | [next] | [standalone]


#9213

Fromdempson@actrix.gen.nz (David Empson)
Date2012-04-13 13:51 +1200
Message-ID<1kihs84.jumtoh1j4op90N%dempson@actrix.gen.nz>
In reply to#9211
Calum <com.gmail@nospam.scottishwildcat> wrote:

> On 12/04/2012 18:10, Paul Sture wrote:
> 
> > Apparently both Kaspersky and F-Secure have tools to download for those
> > who are scared of going near Terminal:
> 
> And Apple have tonight released a software update that checks for and
> removes Flashback infections,

For 10.6.8 and 10.7.

Anyone running 10.6.0 through 10.6.7 must update to 10.6.8 before they
can install this Java update.

> as well as disabling automatic running of Java applets.

For 10.7 only.

Re the subject of this thread, Apple is not providing any update or
Flashback removal tool for users of 10.5.8 or earlier. You'll have to
resort to anti-virus vendors, other third party software or manually
entered commands to detect and remove Flashback (and any future
malware). You should disable Java in your web browser.

A local Mac developer I know found he was infected (prior to the release
of this latest update) and he sent me a copy of the "updater" component
of Flashback so I could have a closer look at it.

This copy is an Intel-only executable, which makes it more likely that
PowerPC Macs are immune to this particular infection (unless the
malicious Java applet does a processor check and downloads a PowerPC
updater instead of an Intel one). If I was still using a PowerPC Mac for
web access I wouldn't like to assume it will continue to be immune to
future malware.

Intel Macs still running 10.5.x are definitely vulnerable, since they
have Java 6 with the known exploit. Intel Macs running 10.4.x are
probably vulnerable, depending on exactly which exploit this malware
uses, some of which affected Java 5 and Java 1.4.2 as well as Java 6.

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [next] | [standalone]


#9214

Fromnospam <nospam@nospam.invalid>
Date2012-04-12 23:52 -0400
Message-ID<120420122352313740%nospam@nospam.invalid>
In reply to#9213
In article <1kihs84.jumtoh1j4op90N%dempson@actrix.gen.nz>, David Empson
<dempson@actrix.gen.nz> wrote:

> > And Apple have tonight released a software update that checks for and
> > removes Flashback infections,
> 
> For 10.6.8 and 10.7.
> 
> Anyone running 10.6.0 through 10.6.7 must update to 10.6.8 before they
> can install this Java update.

which is very irresponsible. all that should matter is the version of
java, not the os itself.

[toc] | [prev] | [next] | [standalone]


#9215

FromAnt <ant@zimage.comANT>
Date2012-04-12 21:31 -0700
Message-ID<yL-dnY4L1JHWMRrSnZ2dnUVZ_sOdnZ2d@earthlink.com>
In reply to#9214
On 4/12/2012 8:52 PM PT, nospam typed:

>>> And Apple have tonight released a software update that checks for and
>>> removes Flashback infections,
>>
>> For 10.6.8 and 10.7.
>>
>> Anyone running 10.6.0 through 10.6.7 must update to 10.6.8 before they
>> can install this Java update.
>
> which is very irresponsible. all that should matter is the version of
> java, not the os itself.

Apple probably doesn't want to test Java in older Mac OS X 10.6 versions. :/
-- 
"I used to command a battalion of German ants." --Tom
    /\___/\         Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
   / /\ /\ \                Ant's Quality Foraged Links: http://aqfl.net
  | |o   o| |
     \ _ /        If crediting, then use Ant nickname and AQFL URL/link.
      ( )         If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

[toc] | [prev] | [next] | [standalone]


#9217

Fromdempson@actrix.gen.nz (David Empson)
Date2012-04-13 20:02 +1200
Message-ID<1kihzw8.1tgszsv19qbqhvN%dempson@actrix.gen.nz>
In reply to#9214
nospam <nospam@nospam.invalid> wrote:

> In article <1kihs84.jumtoh1j4op90N%dempson@actrix.gen.nz>, David Empson
> <dempson@actrix.gen.nz> wrote:
> 
> > > And Apple have tonight released a software update that checks for and
> > > removes Flashback infections,
> > 
> > For 10.6.8 and 10.7.
> > 
> > Anyone running 10.6.0 through 10.6.7 must update to 10.6.8 before they
> > can install this Java update.
> 
> which is very irresponsible. all that should matter is the version of
> java, not the os itself.

Apple's Java updates aren't just a copy of the mainstream Java release
(for Windows and Linux). They also have Mac-specific code, which depend
on frameworks and libraries elsewhere in Mac OS X.

There is an interlock between Java updates and Mac OS X updates, because
sometimes they update the same files, and sometimes the Java updates
require files that were in a general update of Mac OS X.

In general, each Java update has required that Snow Leopard be out of
date by no more than about four months, which works out to either one or
two minor versions behind the current minor version at the time the Java
update was released.

Java update 6 was released about five months after 10.6.8, and that and
later updates have required 10.6.8.

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [next] | [standalone]


#8982

FromWarren Oates <warren.oates@gmail.com>
Date2012-04-06 08:31 -0400
Message-ID<4f7ee220$0$2240$c3e8da3$3a1a2348@news.astraweb.com>
In reply to#8928
In article <vilain-B9D02F.12194805042012@news.individual.net>,
 Michael Vilain <vilain@NOspamcop.net> wrote:

> I'm still not convinced that some applications might break if you remove 
> Java.  Your client may have to choose between them at some point.

I use Vuze; it's a Java-based program.
-- 

... do not cover a warm kettle or your stock may sour. -- Julia Child

[toc] | [prev] | [next] | [standalone]


#9006

Fromrijk <rijk@blah.invalid>
Date2012-04-06 21:20 +0200
Message-ID<rijk-430F88.21201406042012@news.xs4all.nl>
In reply to#8901
In article <2012040423335998610-malcolm@invalid>,
 Malcolm <malcolm@invalid> wrote:

[...]

> Java can be disabled in Safari's Security preferences.

That applies only to Java applets embedded in Web sites. K3wl Freeware 
Game X might also be Java-based, or even a trojan.

-- 
"-- \n"

[toc] | [prev] | [next] | [standalone]


#8903

Fromnospam <nospam@nospam.invalid>
Date2012-04-05 00:06 -0400
Message-ID<050420120006189551%nospam@nospam.invalid>
In reply to#8900
In article <vilain-7537B2.19544504042012@news.individual.net>, Michael
Vilain <vilain@NOspamcop.net> wrote:

> Java is deeply embedded into MacOS.  I don't know what you'd break if 
> you removed it. 

it's not and it's no longer included by default, however, it can be
downloaded if needed.

[toc] | [prev] | [next] | [standalone]


#8906

FromMichael Vilain <vilain@NOspamcop.net>
Date2012-04-05 00:24 -0700
Message-ID<vilain-2C212C.00244105042012@news.individual.net>
In reply to#8903
In article <050420120006189551%nospam@nospam.invalid>,
 nospam <nospam@nospam.invalid> wrote:

> In article <vilain-7537B2.19544504042012@news.individual.net>, Michael
> Vilain <vilain@NOspamcop.net> wrote:
> 
> > Java is deeply embedded into MacOS.  I don't know what you'd break if 
> > you removed it. 
> 
> it's not and it's no longer included by default, however, it can be
> downloaded if needed.

That's true for 10.7.  Not true for 10.6 and this guy's version 10.5.8.  
I'm sure he could dig deep enough to create a system that ran 10.5.8 but 
he'd have to forever maintain updates for various stuff on it on a 
system that would mirror his client's system.  I'd do that if I was paid 
big bucks to be "Apple" for a client.  But not otherwise.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]

[toc] | [prev] | [next] | [standalone]


#8932

Fromnospam <nospam@nospam.invalid>
Date2012-04-05 16:10 -0400
Message-ID<050420121610512185%nospam@nospam.invalid>
In reply to#8906
In article <vilain-2C212C.00244105042012@news.individual.net>, Michael
Vilain <vilain@NOspamcop.net> wrote:

> > > Java is deeply embedded into MacOS.  I don't know what you'd break if 
> > > you removed it. 
> > 
> > it's not and it's no longer included by default, however, it can be
> > downloaded if needed.
> 
> That's true for 10.7.  Not true for 10.6 and this guy's version 10.5.8.  
> I'm sure he could dig deep enough to create a system that ran 10.5.8 but 
> he'd have to forever maintain updates for various stuff on it on a 
> system that would mirror his client's system.  I'd do that if I was paid 
> big bucks to be "Apple" for a client.  But not otherwise.

but the point is that java isn't deeply embedded and *can* be removed,
which apple has done.

[toc] | [prev] | [next] | [standalone]


Page 1 of 4  [1] 2 3 4  Next page →

Back to top | Article view | comp.sys.mac.apps


csiph-web