We all know these religious zealots hate pornography! This must mean the reason they are doing this is instead to terrorize US citizens!!! How? From now on the TSA will request all pornography in your laptop or smartphone be carefully analyzed, frame by frame, before you board your flight!!! They may simply force you to trash your smartphones, laptops and tablets just like they do with your coke!

Conspiracy Theory B:
This was hoaxed by the TSA themselves so they have legal reasons to confiscate cool looking laptops, new top of the line smart phones, and expensive tablets!

I got to say, it sounds extremely odd that there were no more eyes. Google is a company that has a price tag on how much every signle web search executed by a user cost them, in energy and equipment degradation. They have specially manufactured cpus that can run hot so they can conserve as much heat as they can. ... but in all those years, even in the initial test run... no one noticed the cars where filling their hard-drives WAY too fast?

This takes me back about 7 years ago in a contract involving 3 parties. Client, contractor and a sub-contractor. In a meeting, the usually incompetent IT manager employed by the client to run their data center, asks our sub-contractor "why is the database growing at a rate of 1GB per day?" The sub-contractor was clueless and we shocked. Sure, we perhaps should had noticed.... (BTW, reason for the growth: zero normalization. I kid you not, these guys had absolutely no normalized tables at all, and nearly every field indexed.)

My point is: unexpected bursts in data storage are too easy to notice, because the first time hard drives fill up and windows (or whatever OS they use) shouts for air... well... some one will notice.

But these are not morons... these are Google engineers... the ones that have quantified the cost of a search to the atomic level. I'm sure more than just an unnamed "rogue engineer" was very aware of this.

Interesting tidbit I noticed: only about 1% of macs were infected by flashback.

From the users than installed the free antivirus (that appears to also be spyware) 2.7% had flashback.

My theory? Users that installed this thing re 170% more likely to get infected by a trojan than the average mac user. They are also likely to have an inbox full of exe attachments.

I uninstalled Chrome from my computer because I got pissed off at their virus-like approach at updates. I guess I can now also uninstall Firefox for the same (or worse) reason.

That leaves me with IE, Safari and Opera...

1) Macs install java in a nearly transparent fashion the first time you encounter it (I have it on my new iMac with Lion and have no clue when it got installed.)

2) Your setting for Java applets is not the default (or at least not the default at the time of the virus spreading, the defaults changed due to the virus)

BTW, this iMac did not get infected with Flashback, Im certain due to it avoiding me since I run Xcode.

Oracle is not to blame on this one, Apple is not supporting it but they are still the ones distributing the updates. It was reported that Oracle did it's part and provided Apple with the update back in February. Apple dragged it's feet on releasing it. Thats why this story is so annoying. I'm one that will usually take Apple's side on arguments (because I honestly think they are right in those topics) but I can't stand by Apple on this one. They really fucked up.

How can you be sure you have no virus hiding away? If you have Microsoft Security Essentials I'd say your chances are high of having a safe Windows installation, since it's as good of a virus scanner as any other out there. If you update often also you are low risk.

But without any virus scanner, how can you be sure you don't have a silent virus? It seems many think that they are virus free if they don't have porn pop-ups showing up every few minutes.

It didn't. It attempted the user to enter a password to dive deeper into the system, but it was perfectly functional without the extra priviledges.

These are not all really security practices. Just having XCode (Apple's IDE) installed (something every single MacOSX developer will do) was enough to avoid Flashback. But this is not because the tools added any security at all; instead this was the virus being "smart" and staying away of any machine that had the tools that would more likely expose its own existence.

Basically "this guy MAY be smart, let me get out of here." And it worked; the virus was spotted 2 months late by someone in Russia monitoring botnets, not by anyone from a Mac.

At the end of the day, despite the gargantuan security hole (and it was huge) the virus only infected 1% of active Macs. No anti-virus was able to detect the thing. I dare bet this has more to do with the virus avoiding coders. Had it gone free-for-all, it may had been discovered earlier but it also likely had affected up to 10% of the macs out there.

The only actual security measure anyone would had been able to do to avoid something like this would had been to disable Java entirely, something few Mac users do. On the other hand, OSX does not come with Java. On the other other hand, it will happily download it from Apple (not Sun) the first time the browser meets a Java applet.

What to get out of this? Apple fucked up, and third party code execution environments are huge security holes.

Nice roundup of articles, but at the end of the day anyone that uses a blanket statement like "Linux = secure" is as stupid as anyone that says Macs are virus-proof.

I know Linux server admins, and all of them take security seriously and acknowledge they are as vulnerable as any other OS if you just lay back and look at them pretty. You have to make sure they are updated, secure, and properly configured for your needs with minimal permissions granted to processes that need them.

To add (thanks for the edit button, slashdot!)

Source of the numbers

I'm sorry; I love my Macs BUT this last Flasback virus would easily get into your computer without doing anything. All you had to do was visit a page with the virulent java applet for your computer to be infected. Once infected it may attempt to ask a password off you to dive further into your system, but even ignoring it did nothing, the virus was fully active in your system.

Some tech geeks love to think "I'm too smart for me to be infected", and blame anyone with a virus of being stupid. Ironically, those tech geeks" tend to be some of the most vulnerable users for real virus infections, since they refuse to use any anti-virus solution because it will "slow down their system" or patch their systems with latest updates because "it's working fine and I know what I'm doing."

That’s how viruses actually work. Everything that requires you to do something to accept it is qualified as a Trojan. No amount of tech savvinnes makes anyone less likely to get virus infections (unless you are savvy enough to update asap and run some form of antivirus.)

THAT being said:
0.7% flashback victims were Linux machines
0.6% flashback victims were Windows 7 or Windows 8 PCs
0.3% flashback victims were FreeBSD
0.5% flashback victims were machines running an unidentified OS.

How on Earth does Linux got more Flashback infections than Windows??? Hint: I said why above. At least Macs have the excuse of Apple negligence at patching the vulnerability.

Although you can say I'm technically inclined, I didn't touch a computer until I was 20, my older brother was about 26 when he first touched one.

My mother just started using computers two years ago, at 65, and has the common sense of refusing to enter cc information anywhere without first consulting with someone to make sure "the coast is clear." Similar story with my father.

Seeing how I am surrounded by people that didnt grow with computers, I can say that alone is no excuse. Even if you don't get computers, everyone "gets" the vulnerability of credit cards, unless the individual is drastically stupid.

And remember: at the end of the day Apple gave this guy his money back, as they should. This entire argument is over how far should any entity be forced to nanny retarded people so they don't ever feel any form of distress, even of its reparable.

Obviously, this is slashdot, there is no room for objective Apple comments here, and anything that does not insult Apple is the result of rabid chronic fanboism.

Scan the entire page and you will see a bunch of trolls, one that even dares bring up Mike Daisey's "testimonials" as evidence that Apple is eeeeeeeviillllll.

They know they put their credit card on the device. It takes a huge retard to just give out a credit card number without looking up every way it may be used.

Nice, was trying to hunt down at what point In-App purchase blocking came in!