Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.mac.apps > #8899 > unrolled thread
| Started by | ANTant@zimage.com (Ant) |
|---|---|
| First post | 2012-04-04 19:03 -0500 |
| Last post | 2012-04-12 09:13 +1200 |
| Articles | 20 on this page of 69 — 24 participants |
Back to article view | Back to comp.sys.mac.apps
Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? ANTant@zimage.com (Ant) - 2012-04-04 19:03 -0500
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-04 19:54 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Malcolm <malcolm@invalid> - 2012-04-04 23:33 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-05 00:38 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? SY <205sk@accessforall.invalid> - 2012-04-05 16:35 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 12:19 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:40 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:52 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Bread <BreadWithSpam@Fractious.net> - 2012-04-11 15:22 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-12 19:10 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Calum <com.gmail@nospam.scottishwildcat> - 2012-04-13 01:55 +0100
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-13 13:51 +1200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-12 23:52 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-12 21:31 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-13 20:02 +1200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Warren Oates <warren.oates@gmail.com> - 2012-04-06 08:31 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? rijk <rijk@blah.invalid> - 2012-04-06 21:20 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-05 00:06 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 00:24 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-05 16:10 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:33 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:51 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 19:16 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-06 14:48 +1200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 23:21 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-06 18:19 +1200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:09 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Howard.not@home.com (Howard) - 2012-04-09 18:17 +0100
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? PhillipJones <pjones1@kimbanet.com> - 2012-04-09 14:20 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Howard.not@home.com (Howard) - 2012-04-10 17:46 +0100
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-11 10:18 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? John McWilliams <jpmcw@comcast.net> - 2012-04-11 15:13 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:01 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-07 01:46 +1200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-06 12:15 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-09 09:11 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-09 11:42 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 13:51 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:28 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 21:51 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 16:43 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-05 21:27 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:19 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:29 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-06 12:22 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-06 17:40 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-06 12:11 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-05 10:01 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-05 01:55 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-05 11:40 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:30 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Dave Allen <kneeljung@gmail.com> - 2012-04-06 19:03 -0500
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-07 12:48 +1200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Dave Allen <kneeljung@gmail.com> - 2012-04-07 13:56 -0500
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-07 09:53 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? SY <205sk@accessforall.invalid> - 2012-04-07 19:01 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 14:10 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-21 13:18 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Warren Oates <warren.oates@gmail.com> - 2012-04-05 08:20 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? George Kerby <ghost_topper@hotmail.com> - 2012-04-05 08:38 -0500
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Jolly Roger <jollyroger@pobox.com> - 2012-04-05 15:51 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? George Kerby <ghost_topper@hotmail.com> - 2012-04-05 18:49 -0500
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Jolly Roger <jollyroger@pobox.com> - 2012-04-05 16:54 -0700
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-08 13:38 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? J.J. O'Shea <try.not.to@but.see.sig> - 2012-04-09 14:03 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 19:10 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? J.J. O'Shea <try.not.to@but.see.sig> - 2012-04-09 14:00 -0400
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-11 10:37 +0200
Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-12 09:13 +1200
Page 1 of 4 [1] 2 3 4 Next page →
| From | ANTant@zimage.com (Ant) |
|---|---|
| Date | 2012-04-04 19:03 -0500 |
| Subject | Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? |
| Message-ID | <Xaqdnd_fvMXPfOHSnZ2dnUVZ_s6dnZ2d@earthlink.com> |
Hello.
I read the recent Flashback trojan with Apple's Java. I have a client
who is still running Mac OS X 10.5.8 and noticed Apple released an
updated Java for Mac OS X 10.6. I assume there is none for unsupported
10.5.8. Is there a way to remove its Java or protect it without
upgrading the OS?
Thank you in advance. :)
--
Quote of the Week: "If ants are such busy workers, how come they find
time to go to all the picnics?" --Marie Dressler
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / Please nuke ANT if replying by e-mail. If crediting,
( ) then please kindly use Ant nickname and AQFL URL/link.
[toc] | [next] | [standalone]
| From | Michael Vilain <vilain@NOspamcop.net> |
|---|---|
| Date | 2012-04-04 19:54 -0700 |
| Message-ID | <vilain-7537B2.19544504042012@news.individual.net> |
| In reply to | #8899 |
In article <Xaqdnd_fvMXPfOHSnZ2dnUVZ_s6dnZ2d@earthlink.com>, ANTant@zimage.com (Ant) wrote: > Hello. > > I read the recent Flashback trojan with Apple's Java. I have a client > who is still running Mac OS X 10.5.8 and noticed Apple released an > updated Java for Mac OS X 10.6. I assume there is none for unsupported > 10.5.8. Is there a way to remove its Java or protect it without > upgrading the OS? > > Thank you in advance. :) Java is deeply embedded into MacOS. I don't know what you'd break if you removed it. I suppose you could reverse engineer the patch that Apple created from the Oracle sources, if you had them. How good are you with Java development tools and coding? Unless you get paid T&M to fix this, I'd tell the client "Life is unsure. Live it it. Or upgrade." but they're not my client. That's the downside of being on such an old version of the OS. They essentially have to pay you to take Apple's place for support. -- DeeDee, don't press that button! DeeDee! NO! Dee... [I filter all Goggle Groups posts, so any reply may be automatically ignored]
[toc] | [prev] | [next] | [standalone]
| From | Malcolm <malcolm@invalid> |
|---|---|
| Date | 2012-04-04 23:33 -0400 |
| Message-ID | <2012040423335998610-malcolm@invalid> |
| In reply to | #8900 |
On 2012-04-05 02:54:46 +0000, Michael Vilain said: > In article <Xaqdnd_fvMXPfOHSnZ2dnUVZ_s6dnZ2d@earthlink.com>, > ANTant@zimage.com (Ant) wrote: > >> Hello. >> >> I read the recent Flashback trojan with Apple's Java. I have a client >> who is still running Mac OS X 10.5.8 and noticed Apple released an >> updated Java for Mac OS X 10.6. I assume there is none for unsupported >> 10.5.8. Is there a way to remove its Java or protect it without >> upgrading the OS? >> >> Thank you in advance. :) > > Java is deeply embedded into MacOS. I don't know what you'd break if > you removed it. I suppose you could reverse engineer the patch that > Apple created from the Oracle sources, if you had them. How good are > you with Java development tools and coding? Unless you get paid T&M to > fix this, I'd tell the client "Life is unsure. Live it it. Or > upgrade." but they're not my client. That's the downside of being on > such an old version of the OS. They essentially have to pay you to take > Apple's place for support. Java can be disabled in Safari's Security preferences.
[toc] | [prev] | [next] | [standalone]
| From | Ant <ant@zimage.comANT> |
|---|---|
| Date | 2012-04-05 00:38 -0700 |
| Message-ID | <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com> |
| In reply to | #8901 |
On 4/4/2012 8:33 PM PT, Malcolm typed:
>>> I read the recent Flashback trojan with Apple's Java. I have a client
>>> who is still running Mac OS X 10.5.8 and noticed Apple released an
>>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
>>> 10.5.8. Is there a way to remove its Java or protect it without
>>> upgrading the OS?
>>
>> Java is deeply embedded into MacOS. I don't know what you'd break if
>> you removed it. I suppose you could reverse engineer the patch that
>> Apple created from the Oracle sources, if you had them. How good are
>> you with Java development tools and coding? Unless you get paid T&M to
>> fix this, I'd tell the client "Life is unsure. Live it it. Or
>> upgrade." but they're not my client. That's the downside of being on
>> such an old version of the OS. They essentially have to pay you to take
>> Apple's place for support.
>
> Java can be disabled in Safari's Security preferences.
Ah thanks. So no way to update it from Oracale/Sun, right?
--
"Oh, good morning, my little worker ants! That's just a figure of
speech; I would NEVER compare you to insects. At least not after that
sensitivity training seminar those maggots at the network forced me to
attend!" --Kay, Murphy Brown
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.
[toc] | [prev] | [next] | [standalone]
| From | SY <205sk@accessforall.invalid> |
|---|---|
| Date | 2012-04-05 16:35 +0200 |
| Message-ID | <4f7dadad$0$26546$e4fe514c@dreader34.news.xs4all.nl> |
| In reply to | #8907 |
In article <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>, Ant <ant@zimage.comANT> wrote: > On 4/4/2012 8:33 PM PT, Malcolm typed: > > >>> I read the recent Flashback trojan with Apple's Java. I have a client > >>> who is still running Mac OS X 10.5.8 and noticed Apple released an > >>> updated Java for Mac OS X 10.6. I assume there is none for unsupported > >>> 10.5.8. Is there a way to remove its Java or protect it without > >>> upgrading the OS? > >> > >> Java is deeply embedded into MacOS. I don't know what you'd break if > >> you removed it. I suppose you could reverse engineer the patch that > >> Apple created from the Oracle sources, if you had them. How good are > >> you with Java development tools and coding? Unless you get paid T&M to > >> fix this, I'd tell the client "Life is unsure. Live it it. Or > >> upgrade." but they're not my client. That's the downside of being on > >> such an old version of the OS. They essentially have to pay you to take > >> Apple's place for support. > > > > Java can be disabled in Safari's Security preferences. > > Ah thanks. So no way to update it from Oracale/Sun, right? Here's a good article: http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-di sable-java-in-os-x/ SK.
[toc] | [prev] | [next] | [standalone]
| From | Michael Vilain <vilain@NOspamcop.net> |
|---|---|
| Date | 2012-04-05 12:19 -0700 |
| Message-ID | <vilain-B9D02F.12194805042012@news.individual.net> |
| In reply to | #8922 |
In article <4f7dadad$0$26546$e4fe514c@dreader34.news.xs4all.nl>, SY <205sk@accessforall.invalid> wrote: > In article <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>, > Ant <ant@zimage.comANT> wrote: > > > On 4/4/2012 8:33 PM PT, Malcolm typed: > > > > >>> I read the recent Flashback trojan with Apple's Java. I have a client > > >>> who is still running Mac OS X 10.5.8 and noticed Apple released an > > >>> updated Java for Mac OS X 10.6. I assume there is none for unsupported > > >>> 10.5.8. Is there a way to remove its Java or protect it without > > >>> upgrading the OS? > > >> > > >> Java is deeply embedded into MacOS. I don't know what you'd break if > > >> you removed it. I suppose you could reverse engineer the patch that > > >> Apple created from the Oracle sources, if you had them. How good are > > >> you with Java development tools and coding? Unless you get paid T&M to > > >> fix this, I'd tell the client "Life is unsure. Live it it. Or > > >> upgrade." but they're not my client. That's the downside of being on > > >> such an old version of the OS. They essentially have to pay you to take > > >> Apple's place for support. > > > > > > Java can be disabled in Safari's Security preferences. > > > > Ah thanks. So no way to update it from Oracale/Sun, right? > > Here's a good article: > > http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-di > sable-java-in-os-x/ > > SK. I emailed the author to see if this really great article applies for 10.4 and 10.5. If he responds, I'll post a reply. I'm still not convinced that some applications might break if you remove Java. Your client may have to choose between them at some point. -- DeeDee, don't press that button! DeeDee! NO! Dee... [I filter all Goggle Groups posts, so any reply may be automatically ignored]
[toc] | [prev] | [next] | [standalone]
| From | Michael Vilain <vilain@NOspamcop.net> |
|---|---|
| Date | 2012-04-05 13:40 -0700 |
| Message-ID | <vilain-33C1FF.13401105042012@news.individual.net> |
| In reply to | #8928 |
In article <vilain-B9D02F.12194805042012@news.individual.net>, Michael Vilain <vilain@NOspamcop.net> wrote: > In article <4f7dadad$0$26546$e4fe514c@dreader34.news.xs4all.nl>, > SY <205sk@accessforall.invalid> wrote: > > > In article <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>, > > Ant <ant@zimage.comANT> wrote: > > > > > On 4/4/2012 8:33 PM PT, Malcolm typed: > > > > > > >>> I read the recent Flashback trojan with Apple's Java. I have a client > > > >>> who is still running Mac OS X 10.5.8 and noticed Apple released an > > > >>> updated Java for Mac OS X 10.6. I assume there is none for unsupported > > > >>> 10.5.8. Is there a way to remove its Java or protect it without > > > >>> upgrading the OS? > > > >> > > > >> Java is deeply embedded into MacOS. I don't know what you'd break if > > > >> you removed it. I suppose you could reverse engineer the patch that > > > >> Apple created from the Oracle sources, if you had them. How good are > > > >> you with Java development tools and coding? Unless you get paid T&M to > > > >> fix this, I'd tell the client "Life is unsure. Live it it. Or > > > >> upgrade." but they're not my client. That's the downside of being on > > > >> such an old version of the OS. They essentially have to pay you to take > > > >> Apple's place for support. > > > > > > > > Java can be disabled in Safari's Security preferences. > > > > > > Ah thanks. So no way to update it from Oracale/Sun, right? > > > > Here's a good article: > > > > http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-di > > sable-java-in-os-x/ > > > > SK. > > I emailed the author to see if this really great article applies for > 10.4 and 10.5. If he responds, I'll post a reply. > > I'm still not convinced that some applications might break if you remove > Java. Your client may have to choose between them at some point. In another thread, someone posted a terrific article on disabling and removing the JVM runtime. But it all pertains to 10.6 and 10.7. While MacOS doesn't depend on the JVM runtime, other applications might. I tend to not use Java-based applications because they're not quite MacOS UI compliant. None of the major vendors (M$, Adobe, or others) use them to my knowledge but something might break if you remove Java. The OP's customer will have to take that into consideration--I can't run <X> on this older version of the OS because of Java bugs. Now there's this article: <http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in- mac-os-x/> which shows how to actually check to see if a machine is infected. If it works with 10.4 and 10.5, someone should post that here. -- DeeDee, don't press that button! DeeDee! NO! Dee... [I filter all Goggle Groups posts, so any reply may be automatically ignored]
[toc] | [prev] | [next] | [standalone]
| From | Michael Vilain <vilain@NOspamcop.net> |
|---|---|
| Date | 2012-04-05 13:52 -0700 |
| Message-ID | <vilain-4E259C.13521505042012@news.individual.net> |
| In reply to | #8936 |
In article <vilain-33C1FF.13401105042012@news.individual.net>, Michael Vilain <vilain@NOspamcop.net> wrote: > In article <vilain-B9D02F.12194805042012@news.individual.net>, > Michael Vilain <vilain@NOspamcop.net> wrote: > > > In article <4f7dadad$0$26546$e4fe514c@dreader34.news.xs4all.nl>, > > SY <205sk@accessforall.invalid> wrote: > > > > > In article <ONWdnVj096pu1uDSnZ2dnUVZ_uadnZ2d@earthlink.com>, > > > Ant <ant@zimage.comANT> wrote: > > > > > > > On 4/4/2012 8:33 PM PT, Malcolm typed: > > > > > > > > >>> I read the recent Flashback trojan with Apple's Java. I have a > > > > >>> client > > > > >>> who is still running Mac OS X 10.5.8 and noticed Apple released an > > > > >>> updated Java for Mac OS X 10.6. I assume there is none for > > > > >>> unsupported > > > > >>> 10.5.8. Is there a way to remove its Java or protect it without > > > > >>> upgrading the OS? > > > > >> > > > > >> Java is deeply embedded into MacOS. I don't know what you'd break if > > > > >> you removed it. I suppose you could reverse engineer the patch that > > > > >> Apple created from the Oracle sources, if you had them. How good are > > > > >> you with Java development tools and coding? Unless you get paid T&M > > > > >> to > > > > >> fix this, I'd tell the client "Life is unsure. Live it it. Or > > > > >> upgrade." but they're not my client. That's the downside of being on > > > > >> such an old version of the OS. They essentially have to pay you to > > > > >> take > > > > >> Apple's place for support. > > > > > > > > > > Java can be disabled in Safari's Security preferences. > > > > > > > > Ah thanks. So no way to update it from Oracale/Sun, right? > > > > > > Here's a good article: > > > > > > http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-di > > > sable-java-in-os-x/ > > > > > > SK. > > > > I emailed the author to see if this really great article applies for > > 10.4 and 10.5. If he responds, I'll post a reply. > > > > I'm still not convinced that some applications might break if you remove > > Java. Your client may have to choose between them at some point. > > In another thread, someone posted a terrific article on disabling and > removing the JVM runtime. But it all pertains to 10.6 and 10.7. While > MacOS doesn't depend on the JVM runtime, other applications might. I > tend to not use Java-based applications because they're not quite MacOS > UI compliant. None of the major vendors (M$, Adobe, or others) use them > to my knowledge but something might break if you remove Java. The OP's > customer will have to take that into consideration--I can't run <X> on > this older version of the OS because of Java bugs. > > Now there's this article: > > <http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in- > mac-os-x/> > > which shows how to actually check to see if a machine is infected. If > it works with 10.4 and 10.5, someone should post that here. You can follow this procedure from the Terminal to check and remove the Trojan if the machine is infected: <http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml> But you won't be able to patch the Java on the 10.5.8 system. If you have /Applications/Utilities/Java Preferences, you can disable the JVM runtimes. -- DeeDee, don't press that button! DeeDee! NO! Dee... [I filter all Goggle Groups posts, so any reply may be automatically ignored]
[toc] | [prev] | [next] | [standalone]
| From | Bread <BreadWithSpam@Fractious.net> |
|---|---|
| Date | 2012-04-11 15:22 -0700 |
| Message-ID | <jm507d$j6m$1@reader1.panix.com> |
| In reply to | #8936 |
On 2012-04-05 20:40:12 +0000, Michael Vilain said: > In aIn another thread, someone posted a terrific article on disabling and > removing the JVM runtime. But it all pertains to 10.6 and 10.7. While > MacOS doesn't depend on the JVM runtime, other applications might. I > tend to not use Java-based applications because they're not quite MacOS > UI compliant. None of the major vendors (M$, Adobe, or others) use them > to my knowledge but something might break if you remove Java. A quick glance at the output of ps shows me that at least on this 10.7 system that I'm typing from, CrashPlan and Wuala both run /usr/bin/java. Not sure if either of these run in 10.5 or earlier (my machines are all 10.6 and 10.7), but it's likely that there are other apps which use it and that it's not going to be obvious, especially to someone who only knows from the GUI. FWIW.
[toc] | [prev] | [next] | [standalone]
| From | Paul Sture <paul@sture.ch> |
|---|---|
| Date | 2012-04-12 19:10 +0200 |
| Message-ID | <7tej59-82h.ln1@news.sture.ch> |
| In reply to | #9164 |
On Wed, 11 Apr 2012 15:22:37 -0700, Bread wrote: > On 2012-04-05 20:40:12 +0000, Michael Vilain said: > >> In aIn another thread, someone posted a terrific article on disabling >> and removing the JVM runtime. But it all pertains to 10.6 and 10.7. >> While MacOS doesn't depend on the JVM runtime, other applications >> might. I tend to not use Java-based applications because they're not >> quite MacOS UI compliant. None of the major vendors (M$, Adobe, or >> others) use them to my knowledge but something might break if you >> remove Java. > > A quick glance at the output of ps shows me that at least on this 10.7 > system that I'm typing from, CrashPlan and Wuala both run /usr/bin/java. > > Not sure if either of these run in 10.5 or earlier (my machines are all > 10.6 and 10.7), but it's likely that there are other apps which use it > and that it's not going to be obvious, especially to someone who only > knows from the GUI. > > FWIW. Apparently both Kaspersky and F-Secure have tools to download for those who are scared of going near Terminal: From Ars Technica: http://bit.ly/HD3hj5 -- Paul Sture
[toc] | [prev] | [next] | [standalone]
| From | Calum <com.gmail@nospam.scottishwildcat> |
|---|---|
| Date | 2012-04-13 01:55 +0100 |
| Message-ID | <jm7ti3$2r3$1@speranza.aioe.org> |
| In reply to | #9199 |
On 12/04/2012 18:10, Paul Sture wrote: > Apparently both Kaspersky and F-Secure have tools to download for those > who are scared of going near Terminal: And Apple have tonight released a software update that checks for and removes Flashback infections, as well as disabling automatic running of Java applets. -- Xbox: GallusNumpty Steam: scottishwildcat
[toc] | [prev] | [next] | [standalone]
| From | dempson@actrix.gen.nz (David Empson) |
|---|---|
| Date | 2012-04-13 13:51 +1200 |
| Message-ID | <1kihs84.jumtoh1j4op90N%dempson@actrix.gen.nz> |
| In reply to | #9211 |
Calum <com.gmail@nospam.scottishwildcat> wrote: > On 12/04/2012 18:10, Paul Sture wrote: > > > Apparently both Kaspersky and F-Secure have tools to download for those > > who are scared of going near Terminal: > > And Apple have tonight released a software update that checks for and > removes Flashback infections, For 10.6.8 and 10.7. Anyone running 10.6.0 through 10.6.7 must update to 10.6.8 before they can install this Java update. > as well as disabling automatic running of Java applets. For 10.7 only. Re the subject of this thread, Apple is not providing any update or Flashback removal tool for users of 10.5.8 or earlier. You'll have to resort to anti-virus vendors, other third party software or manually entered commands to detect and remove Flashback (and any future malware). You should disable Java in your web browser. A local Mac developer I know found he was infected (prior to the release of this latest update) and he sent me a copy of the "updater" component of Flashback so I could have a closer look at it. This copy is an Intel-only executable, which makes it more likely that PowerPC Macs are immune to this particular infection (unless the malicious Java applet does a processor check and downloads a PowerPC updater instead of an Intel one). If I was still using a PowerPC Mac for web access I wouldn't like to assume it will continue to be immune to future malware. Intel Macs still running 10.5.x are definitely vulnerable, since they have Java 6 with the known exploit. Intel Macs running 10.4.x are probably vulnerable, depending on exactly which exploit this malware uses, some of which affected Java 5 and Java 1.4.2 as well as Java 6. -- David Empson dempson@actrix.gen.nz
[toc] | [prev] | [next] | [standalone]
| From | nospam <nospam@nospam.invalid> |
|---|---|
| Date | 2012-04-12 23:52 -0400 |
| Message-ID | <120420122352313740%nospam@nospam.invalid> |
| In reply to | #9213 |
In article <1kihs84.jumtoh1j4op90N%dempson@actrix.gen.nz>, David Empson <dempson@actrix.gen.nz> wrote: > > And Apple have tonight released a software update that checks for and > > removes Flashback infections, > > For 10.6.8 and 10.7. > > Anyone running 10.6.0 through 10.6.7 must update to 10.6.8 before they > can install this Java update. which is very irresponsible. all that should matter is the version of java, not the os itself.
[toc] | [prev] | [next] | [standalone]
| From | Ant <ant@zimage.comANT> |
|---|---|
| Date | 2012-04-12 21:31 -0700 |
| Message-ID | <yL-dnY4L1JHWMRrSnZ2dnUVZ_sOdnZ2d@earthlink.com> |
| In reply to | #9214 |
On 4/12/2012 8:52 PM PT, nospam typed:
>>> And Apple have tonight released a software update that checks for and
>>> removes Flashback infections,
>>
>> For 10.6.8 and 10.7.
>>
>> Anyone running 10.6.0 through 10.6.7 must update to 10.6.8 before they
>> can install this Java update.
>
> which is very irresponsible. all that should matter is the version of
> java, not the os itself.
Apple probably doesn't want to test Java in older Mac OS X 10.6 versions. :/
--
"I used to command a battalion of German ants." --Tom
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.
[toc] | [prev] | [next] | [standalone]
| From | dempson@actrix.gen.nz (David Empson) |
|---|---|
| Date | 2012-04-13 20:02 +1200 |
| Message-ID | <1kihzw8.1tgszsv19qbqhvN%dempson@actrix.gen.nz> |
| In reply to | #9214 |
nospam <nospam@nospam.invalid> wrote: > In article <1kihs84.jumtoh1j4op90N%dempson@actrix.gen.nz>, David Empson > <dempson@actrix.gen.nz> wrote: > > > > And Apple have tonight released a software update that checks for and > > > removes Flashback infections, > > > > For 10.6.8 and 10.7. > > > > Anyone running 10.6.0 through 10.6.7 must update to 10.6.8 before they > > can install this Java update. > > which is very irresponsible. all that should matter is the version of > java, not the os itself. Apple's Java updates aren't just a copy of the mainstream Java release (for Windows and Linux). They also have Mac-specific code, which depend on frameworks and libraries elsewhere in Mac OS X. There is an interlock between Java updates and Mac OS X updates, because sometimes they update the same files, and sometimes the Java updates require files that were in a general update of Mac OS X. In general, each Java update has required that Snow Leopard be out of date by no more than about four months, which works out to either one or two minor versions behind the current minor version at the time the Java update was released. Java update 6 was released about five months after 10.6.8, and that and later updates have required 10.6.8. -- David Empson dempson@actrix.gen.nz
[toc] | [prev] | [next] | [standalone]
| From | Warren Oates <warren.oates@gmail.com> |
|---|---|
| Date | 2012-04-06 08:31 -0400 |
| Message-ID | <4f7ee220$0$2240$c3e8da3$3a1a2348@news.astraweb.com> |
| In reply to | #8928 |
In article <vilain-B9D02F.12194805042012@news.individual.net>, Michael Vilain <vilain@NOspamcop.net> wrote: > I'm still not convinced that some applications might break if you remove > Java. Your client may have to choose between them at some point. I use Vuze; it's a Java-based program. -- ... do not cover a warm kettle or your stock may sour. -- Julia Child
[toc] | [prev] | [next] | [standalone]
| From | rijk <rijk@blah.invalid> |
|---|---|
| Date | 2012-04-06 21:20 +0200 |
| Message-ID | <rijk-430F88.21201406042012@news.xs4all.nl> |
| In reply to | #8901 |
In article <2012040423335998610-malcolm@invalid>, Malcolm <malcolm@invalid> wrote: [...] > Java can be disabled in Safari's Security preferences. That applies only to Java applets embedded in Web sites. K3wl Freeware Game X might also be Java-based, or even a trojan. -- "-- \n"
[toc] | [prev] | [next] | [standalone]
| From | nospam <nospam@nospam.invalid> |
|---|---|
| Date | 2012-04-05 00:06 -0400 |
| Message-ID | <050420120006189551%nospam@nospam.invalid> |
| In reply to | #8900 |
In article <vilain-7537B2.19544504042012@news.individual.net>, Michael Vilain <vilain@NOspamcop.net> wrote: > Java is deeply embedded into MacOS. I don't know what you'd break if > you removed it. it's not and it's no longer included by default, however, it can be downloaded if needed.
[toc] | [prev] | [next] | [standalone]
| From | Michael Vilain <vilain@NOspamcop.net> |
|---|---|
| Date | 2012-04-05 00:24 -0700 |
| Message-ID | <vilain-2C212C.00244105042012@news.individual.net> |
| In reply to | #8903 |
In article <050420120006189551%nospam@nospam.invalid>, nospam <nospam@nospam.invalid> wrote: > In article <vilain-7537B2.19544504042012@news.individual.net>, Michael > Vilain <vilain@NOspamcop.net> wrote: > > > Java is deeply embedded into MacOS. I don't know what you'd break if > > you removed it. > > it's not and it's no longer included by default, however, it can be > downloaded if needed. That's true for 10.7. Not true for 10.6 and this guy's version 10.5.8. I'm sure he could dig deep enough to create a system that ran 10.5.8 but he'd have to forever maintain updates for various stuff on it on a system that would mirror his client's system. I'd do that if I was paid big bucks to be "Apple" for a client. But not otherwise. -- DeeDee, don't press that button! DeeDee! NO! Dee... [I filter all Goggle Groups posts, so any reply may be automatically ignored]
[toc] | [prev] | [next] | [standalone]
| From | nospam <nospam@nospam.invalid> |
|---|---|
| Date | 2012-04-05 16:10 -0400 |
| Message-ID | <050420121610512185%nospam@nospam.invalid> |
| In reply to | #8906 |
In article <vilain-2C212C.00244105042012@news.individual.net>, Michael Vilain <vilain@NOspamcop.net> wrote: > > > Java is deeply embedded into MacOS. I don't know what you'd break if > > > you removed it. > > > > it's not and it's no longer included by default, however, it can be > > downloaded if needed. > > That's true for 10.7. Not true for 10.6 and this guy's version 10.5.8. > I'm sure he could dig deep enough to create a system that ran 10.5.8 but > he'd have to forever maintain updates for various stuff on it on a > system that would mirror his client's system. I'd do that if I was paid > big bucks to be "Apple" for a client. But not otherwise. but the point is that java isn't deeply embedded and *can* be removed, which apple has done.
[toc] | [prev] | [next] | [standalone]
Page 1 of 4 [1] 2 3 4 Next page →
Back to top | Article view | comp.sys.mac.apps
csiph-web