Community Pick: Many members of our community have endorsed this article.
Editor's Choice: This article has been selected by our editors as an exceptional contribution.

Mac Flashback Prevention and Remediation

Jason WatkinsIT Project Leader
Apple's Mac OS X has become an official member of the malware club. The Flashback Trojan has affected over half million Macs, worldwide.

It is behavior that ultimately gets malware onto a person’s computer. Obsolete or out-of-date software helps a great deal, but it is not the total reason for malware infections.

One sure-fire way to not get Flashback on your system is to not install anything. The notion may sound ridiculous, but to those who are not in the know, it is sane advice. Macs pretty much come with everything one needs to do as they want. The biggest third party application for the Mac is Microsoft Office. If you are not sure what it is you are installing, do not proceed. Flashback relies upon tricking the end user into entering an administrative password so that it may install. The default user account on all Macs is an administrative account and it does not force one to use a password, unlike Windows. Point Windows…

A few simple tips for keeping your Mac virus-free

If you see a password prompt that you did not initiate, cancel it.

If you are unsure about the prompt, don’t enter the password.

Don’t let other people install software on your Mac (this includes children).

Run your Mac as a standard user, and not as an admin. In this case, a username AND password is required for any software to install.

Use Time Machine with an external hard drive to make nightly backups of your Mac. This way if you become infected, just roll things back to a previous date.

Install an antivirus program on your Mac and keep it up to date. F-Secure, Sophos, Symantec, and ESET all offer antivirus products for the Mac. Sophos and ClamAV offer free products, which work reasonably well.

Keep your Mac up to date with Apple’s Software Update. Apple will, eventually, provide patches for all vulnerabilities. Additionally, using a current version of OS X is very important. As OS X progresses, successive versions get less support in patches and updates.

OS X 10.5 "Leopard" will not be receiving any security updates for the recent Java vulnerabilities. There will be no more point releases (10.6.8, for example) for any version of OS X, other than the current 10.7. I am very confident of the fact that OS X 10.6 "Snow Leopard" will start to receive less support when OS X 10.8 "Mountain Lion" is released this summer.

To determine if you are infected, open up the Terminal and enter the following commands. There are three different commands.

1. defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
2. defaults read /Applications/ LSEnvironment
3. defaults read /Applications/ LSEnvironment

If any of these commands produce an output other than "...does not exist", you have the virus.

Removing the virus is an in-depth and complicated operation. F-Secure has the best online tutorial for the process at the link below.

The folks in the Apple store pride themselves on customer service. Apple Geniuses are given significant leeway to make a situation right by the customer. As long as you are honest and clearly explain the situation to the person in the Apple store, they will do as much as possible to fix the issue. Apple sales associates often use the resistance to viruses as a selling point for the Mac. I can't imagine the store not helping an infected user, who may have or may not have been sold a Mac under that premise. Apple Stores helped remove malware from the Safari infection last year, but just that. Store associates and Geniuses did not fix problems with antivirus software, or viruses on Windows computers. I think anyone with Flashback on their Mac and in no position to fix it themselves can go to an Apple store with the problem.
Jason WatkinsIT Project Leader

Comments (7)

Jason WatkinsIT Project Leader


Apple may very well be legally compelled to patch all vulnerabilities, the question is when. Despite their massive cash reserves, a bad headline can be very expensive. Not to mention, anyone can walk into an Apple store and have this problem addressed. Most times they include these with point updates, but in this Java case, they did so out of cycle. Apple does not have a prescribed release cycle for OS X, but does so at least once every six months. Using either OS X 10.6 or 10.7 will keep one in the safe area as far as support is concerned. If a Mac cannot run any of those versions, then heeding the tips in the article start to become very important.

OS X 10.5 and older will no longer be receiving critical updates. There will be no more point releases for any version of OS X, except for the current 10.7, which is a pain IMHO. Thanks for the feedback thus far. I am glad I can put this out there and make EE more versatile.
Author of the Year 2011
Top Expert 2006

Firebar - excellent work and I will be pointing to this article every time I see a Apple/Virus question.
Very nicely done and a big "yes" vote above.

Most Valuable Expert 2023
Most Valuable Expert 2013

Excellent and very timely, suspect we will see all browsers enforcing updates before launching by the end of the year as users just don't see this as the priority it really is.  Thanks for writing this.
Jason WatkinsIT Project Leader


Thanks everyone! I am happy to help and the information is helpful.
Jason WatkinsIT Project Leader


I am out until tonight. I can post a link then. Thanks and Happy Easter, btw.

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.