That’s not how Apple works, Jason (D. O’Grady of ZDNet).

Much entitled-feeling blogger Jason D. O’Grady of ZDNet has another piece of work out. This time about Flashback…somewhat late to the party, but I digress…

Here we go.

If Apple doesn’t act swiftly and decisively on Flashback its squeakily clean image as the virus-free computer platform will quickly become damaged goods.

Flashback is a so called “drive by” malware, not a virus.

On April 4 Russian antivirus company Dr. Web revealed that over 600,000 Macintosh computers are infected with Flashback trojan and Apple reacted somewhat slowly, waiting until April 10 to published a support knowledge base article HT5244 (”About Flashback malware”) which states that it is developing software that will detect and remove the Flashback malware.

This makes it sound like the timeframe is massive. It’s not. Usually companies are notified by the people that find these things before making it public. Sometimes they’re not. The first scenario gives the company time to fix the bug and deploy a fix to it’s users, the latter does not.
Apple doesn’t react in blind panic. Ever. They see a problem, they fix it, and then they deploy it. Which is exactly what they have done. The Java update securing Macs from Flashback (if they weren’t infected by then) was released on April, 3rd. One day before the malware became public knowledge, so O’Grady is misleading his readers, because he doesn’t mention that until later when he quotes Apple’s actual documentation. He talks about a support document…whoppie-frackin-doo.

Apple doesn’t provide a timetable for the release of the disinfectant software but presumably it will come in the form of a Security Update in the coming days or weeks.

Again, this is how Apple works. They say something when they have something to say. They don’t promise something if they can’t do it. We all know that, and Apple says so too:

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.

…but that doesn’t fit into Jason’s article, so he doesn’t mention it.

The problem is that this is simply too long. Apple should have acknowledged the problem within a day or two, then released a patch within a week. Today marks one full week since the announcement of the Flashback malware and Apple still hasn’t released the patch — which is unacceptable.

So let me get this straight: Apple releases a Java update a day prior to the malware becoming public knowledge, tells us that there’s a problem and it’s working on fixing it for infested Macs, but that’s not good enough? Again: The patch was released a day prior to anyone even knowing of the malware – other than the hackers, and that’s “simply too long“? Ok.

Sure, you can update your Java or disable it outright, but non-technical users are unlikely to do this. I know several users that have their Software Update frequency set to “weekly” and many that wait or never install innocuous and generic sounding updates like “Java for Mac OS X 10.6 Update 7.” The problem is that Apple sugarcoats the issue and goes out of its way to hide the fact that Java “Update 7″ fixes a serious malware infestation that steals user names and passwords to popular websites by monitoring your browsing habits.

Wow…so much bullshit in such a short paragraph…
Most people do not have a need for Java, so Appple doesn’t even include it in Lion and above, and almost all Mac users are savy enough to go into Preferences and click a box I would think, but Jason has anectotal evidence, like he has in most of his articles, so it must be so. Also, if those “several users” “never install innocuous and generic sounding updates” they probably didn’t give Flashback their administrator password, no? And wouldn’t those users not be caught dead on the beyond shady websites especially crafted to host Flashback in the first place? Yeah, thought so…
Software update has a pretty good description about what it’s updates contain btw…but he knew that…

The days of Apple’s “security by obscurity” model are over. The company’s profile has been raised to the point that it has officially arrived on hacker’s radar. Apple’s reputation hangs in the balance on how quickly it handles the Flashback (and other) malware and there’s a lot at stake.

Security by obscurity actually refers to a completely different “concept”…this guy simply has no idea…
Anyhow, Flashback is serious, to quote Arik Hesseldahl of AllThingsD:

The trojan targets a vulnerability in software that is not even an Apple product: Java. You’ll recall that Java is add-on software created by Sun Microsystems and now the property of the software giant Oracle. Rather common, it is no longer shipped as a default add-on to Apple’s Mac OS X beginning in 2011, when Apple first shipped Lion.

Through this hole in Java, certain Web sites are serving up malicious Java applets. Once inserted on the machine, the software then prompts the user to enter the password they use to run the machine. It attempts to trick the user by appearing as an update to Adobe’s Flash video and animation software.

If the user doesn’t fall for the trick, it tries something else. Here again it checks to see if there are any Microsoft Office applications on the machine, or Skype. If there are, it deletes itself.

Then it does something interesting. It scans the contents of the Mac’s hard drive to determine if certain applications are present, and if they are, it deletes itself. Among those applications are security tools such as Little Snitch, a networking security tool, or Packet Peeper, another security tool. It also deletes itself if it sees the user has installed XCode Mac developers tools, and any kind of anti-virus software.

Presuming it finds none of them, it proceeds to contact a command-and-control server for the purpose of downloading and installing more malware. That malware is being used to commandeer the Macs and generate Web traffic to boost revenue for some pay-per-click ads on Web sites, making money for someone who’s behind the scheme.

Lots of “ifs” in there. I’m not trying to make this threat appear to be small, because it’s not, but a lot of things have to allign for Flashback to work. Maybe Jason should do some research…I’d hate to read his books if they are anything like his articles.


One comment on “That’s not how Apple works, Jason (D. O’Grady of ZDNet).

  1. […] Apple last week patched all Macs that were potentially affected by the Flashback drive-by malware. I’m sure Jason D. O’Grady is happy about that. […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s