Apple has been getting some grief over the past week or so for their handling of the “FlashBack” trojan which infected over 500,000 Mac users worldwide. Well, yesterday, they released a new Java patch to address Flashback, and it has some interesting properties:
It looks for and removes FlashBack
It requires users to specifically enable Java on their systems
It automatically disables Java if no Java applets are run for “an extended period” – some bloggers are stating that this period is 35 days.
I’m glad Apple is taking these steps – if users are not using Java, disabling it will protect them from the rising tide of Java based malware that is out there. I just hope that the process for re-enabling Java when needed is made easy for the non technical user. It would be nice if Apple added a feature to “Software Update” which would be a little more proactive in nagging users to install security related updates as well.
