The New Mac Virus, Apple Anti-Virus Software and Virus Scan Options

We've gotten a lot of queries about the current widespread Mac malware infection. Here's a quick list of answers to frequently asked questions.

What's in the new Mac virus and when did it strike?

 The malware, called Flashback or Flashfake, isn't actually a virus, strictly speaking. Rather, it's a "Trojan horse" that's taken on several forms since it was first spotted last fall.

 Back then, Flashback used a fake Adobe Flash installer to infect Macs. But it's evolved to become a drive-by download that hides in legitimate websites and infects machines unlucky enough to visit those sites.

How does the new Mac virus work?

 Right now, Flashback exploits a known flaw in Oracle's Java runtime engine (not to be confused with Javascript), a mini-operating system that runs within OS X, Windows or Linux to handle various applications.

 Flashback does not need you to type in an administrative password in order to install itself. It infects your machine silently and without human assistance.

What can I do to protect my Mac?

 Apply the security updates for Mac OS X 10.6 Snow Leopard and 10.7 Lion that Apple released last week. If you have an Intel-based Mac running OS X 10.5 Leopard, upgrade to Snow Leopard and apply all security patches. However, there's a chance you may already be infected.

How do I find out if my Mac is infected?

 Use two AppleScripts that the social-networking-news site Mashable wrote. Here's the download link, and here are the instructions. If the scripts return pop-up boxes saying that each searched-for file "does not exist," you're in the clear for now.

What should I do if I am infected?

 Fire up your Mac's Terminal command-line utility. The Finnish security firm F-Secure has posted detailed instructions on how to remove the malware, but they're not for the faint of heart.

 If you're not comfortable with obscure Unix commands, then take your Mac into the nearest Apple Store and have the Geniuses clean it up. They may try to charge you for the service, but remind them that much of this problem can be considered Apple's fault.

 (Update: Moscow-based Kaspersky Lab has just released a removal tool. We haven't yet had a chance to try it ourselves.)

Why is this Apple's fault?

 It isn't entirely, but Apple was egregiously slow to respond to this threat. Its delay gave the operators of Flashback plenty of time to incorporate the Java flaw into the Trojan's exploit toolkit and infect hundreds of thousands of Macs.

 A quick timeline: The Java flaw was discovered in mid-January. Oracle patched the flaw for Windows and Linux machines on February 17. Apple insists on doing its own security updates, and did not have a patch ready until April 2.

 Apple has also, deliberately or not, led Mac users to believe they are inherently immune from viruses and other forms of malware. That has never been true — some of the first viruses were written for Macs — but Apple has done nothing to correct that false belief.

 In fact, other than issuing the two Java patches, and updating one of them a few days later, Apple has said nothing publicly about the current Flashback outbreak.

Do I really need Mac antivirus software?

 You absolutely do. You needed it a year ago, when the MacDefender scareware drive-by download was flooding users' browsers with porn. You needed it six months ago, when the DNSChanger Trojan was redirecting browsers on PCs and Macs alike to scam sites.

 And you really need it now, because Flashback is no joke. It will literally open the door to all sorts of other malware.

What if I have a PowerPC Mac or other old Apple computer?

 You should disable the Java runtime engine. (Open the Java Preferences app in the Utilities folder.) Apple no longer supports PowerPC Macs and is no longer issuing security updates for Mac OS X 10.5 Leopard.

 Disabling Java can cause problems if you're running Adobe software, such as Photoshop, Illustrator or InDesign, since those programs need Java to run properly. If so, it's time to upgrade to an Intel-based Mac.

How many Macs are infected?

 Two Russian security firms, including the well-known Kaspersky Lab, estimate that 600,000 Macs are infected with Flashback worldwide, most of them in the U.S., Canada, Britain and Australia. That's a significant chunk of the Mac user base.

Will I have to worry about other Mac malware in the future?

 Almost certainly. Apple's share of the personal-computer market has been growing steadily for the past few years, riding on the coattails of the iPhone and iPad.

 It's arguably hit the malware "critical mass" — the point at which the Mac share of the overall PC market is large enough to make it a worthwhile target for malware writers and cybercriminals.

 The fact that a shockingly low percentage of Mac users, estimated at somewhere between 15 and 25 percent, has anti-virus software installed just makes the market segment even more ripe for the picking.

0 Response to "The New Mac Virus, Apple Anti-Virus Software and Virus Scan Options"

Post a Comment