NORMAN — Recent reports show that a high-powered hacker group called “Comment Crew,” under the control of Unit 61398 of the Peoples Liberation Army of China, has been engaged in a long-term campaign of cyber-attacks against over 120 American companies, as well as United States government and military installations.
These reports coincide with attacks over the past few weeks that have successfully invaded, compromised and infected computer systems at Facebook, Apple Computer, and Twitter. Other attacks have targeted companies ranging from Coca-Cola, the New York Times and the Wall Street Journal, to oil and gas pipeline companies, military contractors, mining companies, telecommunications corporations, chemical plants, and the United States Departments of State and Defense.
Many of the attacks succeeded through the use of so-called “spear phishing” emails. Spear phishing emails are specially-crafted, legitimate-looking messages using a person’s actual name, company name, and even street address. The messages often contain a website link that, when clicked, infects the user’s computer with nasty software that allows the attacker to control the computer to steal information and attack other computers.
While big-shot corporate executives and top-gun government security agents battle Chinese cyber-spies, you may be wondering, “Hey, what about me? How am I supposed to deal with this?” Those are very good questions. While Ethan Hunt dukes it out with Unit 61398, what are regular mom-and-pop computer users supposed to do in the mean time?
Most computer attacks and viruses work by exploiting flaws that exist in programs we use every day. The primary way to protect your computer is through software updates and upgrades that repair the flaws the bad guys attack.
One program flaw the Chinese super-spies used to hack into computer networks is in Java. Java is a programming language used on thousands of websites. We have Java on our computers so we can use and interact with these websites. New flaws are found in Java all the time, and need to be fixed. If you do not install Java updates, your computer is a sitting duck.
To fix the latest Java problems, most folks simply need to run Java Update. While Java usually updates itself automatically, it’s often a good idea to check for updates manually, rather than waiting around for a scheduler to trigger an update. Users of Microsoft Windows should go to Control Panel, make sure that “View” is set to “Classic” or “Small Icons,” and then double-click the Java icon. Click the update tab at the top and tell it to “Update Now,” then follow the instructions. Avoid any marketing add-ons you may be offered.
Apple Mac users need to update Java, too. Normally, this would be done by clicking the Apple symbol in the upper left-hand corner and running Software Update. However, for some strange reason, doing so in this case installs a crippled version of Java 6, instead of the latest, most-secure and fully-enabled version of Java, which is Mac Java 7.
Stranger still, Mac Java 7 only runs on certain Macs that use “Lion,” and not on others. If your Mac uses Lion, go to java.com and get Mac Java 7. Otherwise, brace yourself as I explain the odd world of Mac operating system versions, all named after large, predatory wild felines, and what they mean to you, the end Mac user.
Modern Macs use an operating system called OS X, as in, “Operating System Ten.” Various versions of OS X have been released over the years, named after wild jungle cats, with version numbers attached. They include Cheetah (10.0), Puma (10.1), Jaguar (10.2), Panther (10.3) and Tiger (10.4). To see which version of OS X your Mac uses, click the Apple symbol in the upper left-hand corner and select “About This Mac.”
If your version begins with “10.5,” then you have “Leopard.” A fully-updated version of Leopard will read, “10.5.8.” If your version begins with 10.6, you have Snow Leopard. 10.7 is Lion, and the latest version, 10.8, is Mountain Lion.
Unfortunately, Apple, just like Microsoft, discontinues support for earlier versions of its operating systems. That means no more updates, no more security patches, no more anything. You are on your own. No more help from Apple.
With this latest Java snafu, millions of 10.5 Leopard users have been hung out to dry. It may sound crazy, but if you use Leopard, then you have now officially been abandoned by Apple, because the latest and best Java versions will not work on your computer. Other products, like Google Chrome and Mozilla Firefox, bailed out of Leopard last year. Now, you have been abandoned by the mother ship, itself.
That means, to be truly up-to-date and safe, you need to upgrade to at least 10.7 Lion. I would skip 10.6, because it only allows a crippled version of Java to run, and will be the next version Apple will abandon. I would also avoid 10.8, Mountain Lion, as it too new and needs more bugs ironed out. To use the best version of Java, Mac Java 7, and to insure longevity for your machine, upgrade to 10.7 Lion.
I’ve got some Apple Mac updating to do, and maybe you do, too. There’s more to this story than newspaper space will allow, so, if you get stuck, contact me and I’ll try to point you in the right direction.
Dave Moore has been performing computer consulting, repairs, security and networking in Oklahoma since 1984. He also teaches computer safety workshops for public and private organizations. He can be reached at 405-919-9901 or www.davemoorecomputers.com.