600,000 Infected Macs Found In Botnet
 

This points out that you need to be careful with your browsing habits, no matter which OS you choose.

600,000 Infected Macs Found In Botnet | PCWorld

"Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.”

This is nonspecific. "attempt" "will affect how" (without describing how.) If a password weren't required for infection, why raise suspicion by prompting for it?

I've still yet to see a single case of a trojan in Mac OS X that didn't require the user to explicitly grant administrator access, despite the repeated media and industry warnings.

"Here's why you should be afraid!!"
"Buy our product and calm your fears!"

News and advertising, one and the same.

No offense mean to the OP. I appreciate the heads up. My issue is with the industry.

I did pass the article on to a couple of people already.

Welcome to our world....

This is not an issue with OS X.

It's a Java issue.

As of 10.7 Java no longer ships with OS X.

That was just the ported version, pretty much everyone installs it from Sun directly now. Hard to find any machine windows or apple that's not running java.

There is an update out to patch the vulnerability. Your system update should show it as being available.

Apple does not use Sun java. They have been slow to react to exploits.

This is partly because java isn't automatically included in the OS upgrade or install.

This may be the first confirmed in-the-wild malware on the OSX platform, but it affects a language that you must make an effort to install in your Safari browser. As I understand it, it there is a patch for Macs running OSX.

In any case, we can't say OSX has never had a verifiable malware attack.

Rule #1 on any OS: do not install stuff you don't expect or recognize.

I use a Mac and:

1. Don't visit questionable sites (i.e. H/P/V/C/A/pr0n...)
2. Don't enable cookies (definitely no third-party, clear often)
3. Don't enable Flash ("click to flash" plug-in helps)
4. Don't run a lot of java stuff
5. Definitely don't enter admin/root PW unless I'm damn sure why I need to

I don't worry too much but will check tonight anyway just to be sure. Most computer security concerns are dealt with by simply not being dumb and lowering your level of exposure. If someone really wants "in" to your computer, they'll get in no matter what. Just why draw attention to yourself or give an opportunist an easy target? It's like locking my car, putting the club on it and parking it next to an unlocked Honda. Thieves/neer-do-wells will go for the easier target 99.999% of the time.

YOU are not the problem. People like our parents are the problem...

+1000000000.

My 85-year old dad gets frustrated anytime something is the least bit slow on his mac and he'll click on pretty much ANYTHING and EVERYTHING that shows up on the screen until he clicks himself into a frickin black hole.

Thank god for iChat and remote screen sharing, so I can fix it without going over there.

I had to nuke the laptop of one of our neighbors. It was so full of viruses, once it was disinfected, it would not boot. I salvaged the files and reloaded the OS.

Same thing used to happen to my mothers PC.

She got so guilty about calling me she started going to the geek squad.

She spent 10x's what that POS was worth getting it fixed numerous times.

Was visiting her one time and she was complaining that it would just hang.

Went upstairs, booted it, came back 15 minutes later and there was so much spyware crap loaded that it was crippled to a crawl.

She asked me "why does this keep happening over and over again", said, "tell your husband to lay off the porn sites".

Left the house, went to the local big box, picked her up a Mac Mini, brought it home, hooked it up and never heard another complaint from her ever again.