<

Mac Flashback Prevention and Remediation

Published on
14,408 Points
4,408 Views
5 Endorsements
Last Modified:
Awarded
Apple's Mac OS X has become an official member of the malware club. The Flashback Trojan has affected over half million Macs, worldwide.

It is behavior that ultimately gets malware onto a person’s computer. Obsolete or out-of-date software helps a great deal, but it is not the total reason for malware infections.

One sure-fire way to not get Flashback on your system is to not install anything. The notion may sound ridiculous, but to those who are not in the know, it is sane advice. Macs pretty much come with everything one needs to do as they want. The biggest third party application for the Mac is Microsoft Office. If you are not sure what it is you are installing, do not proceed. Flashback relies upon tricking the end user into entering an administrative password so that it may install. The default user account on all Macs is an administrative account and it does not force one to use a password, unlike Windows. Point Windows…

A few simple tips for keeping your Mac virus-free

If you see a password prompt that you did not initiate, cancel it.

If you are unsure about the prompt, don’t enter the password.

Don’t let other people install software on your Mac (this includes children).

Run your Mac as a standard user, and not as an admin. In this case, a username AND password is required for any software to install.

Use Time Machine with an external hard drive to make nightly backups of your Mac. This way if you become infected, just roll things back to a previous date.

Install an antivirus program on your Mac and keep it up to date. F-Secure, Sophos, Symantec, and ESET all offer antivirus products for the Mac. Sophos and ClamAV offer free products, which work reasonably well.

Keep your Mac up to date with Apple’s Software Update. Apple will, eventually, provide patches for all vulnerabilities. Additionally, using a current version of OS X is very important. As OS X progresses, successive versions get less support in patches and updates.

OS X 10.5 "Leopard" will not be receiving any security updates for the recent Java vulnerabilities. There will be no more point releases (10.6.8, for example) for any version of OS X, other than the current 10.7. I am very confident of the fact that OS X 10.6 "Snow Leopard" will start to receive less support when OS X 10.8 "Mountain Lion" is released this summer.

To determine if you are infected, open up the Terminal and enter the following commands. There are three different commands.

1. defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
2. defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
3. defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If any of these commands produce an output other than "...does not exist", you have the virus.

Removing the virus is an in-depth and complicated operation. F-Secure has the best online tutorial for the process at the link below.

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

The folks in the Apple store pride themselves on customer service. Apple Geniuses are given significant leeway to make a situation right by the customer. As long as you are honest and clearly explain the situation to the person in the Apple store, they will do as much as possible to fix the issue. Apple sales associates often use the resistance to viruses as a selling point for the Mac. I can't imagine the store not helping an infected user, who may have or may not have been sold a Mac under that premise. Apple Stores helped remove malware from the Safari infection last year, but just that. Store associates and Geniuses did not fix problems with antivirus software, or viruses on Windows computers. I think anyone with Flashback on their Mac and in no position to fix it themselves can go to an Apple store with the problem.
5
Comment
  • 5
7 Comments
 
LVL 27

Author Comment

by:Jason Watkins
We can add info about Java and Adobe. The Java bit I have been using for my folks is to turn it off in a browser. Use that browser for most web tasks. If a site requires Java, open a second browser which has Java enabled (for this purpose) and use it there. Flash-player will auto update and users should do so when prompted, however annoying it may seem. Even better is Google Chrome which autoupdates itself and flash-player behind the scenes.

Thoughts?

Thanks
0
 
LVL 27

Author Comment

by:Jason Watkins
Another point that could be highlighted would be to use a supported version of Mac OS X. Apple doesn't tend to completely cut-off update support for legacy versions of OS X. I still get updates for my 10.4.11 Mac Mini, which is seven years old. OS X 10.5 will no longer be receiving Java updates. This equates to unsupported where I work and in my regard. OS X 10.6 and 10.7 will continue to be fully patched going forward. I suspect 10.6 being slighted when 10.8 is released this summer. I run legacy versions of OS X because I can navigate the risks and I am not forking-over the cash for a new Mac, just for this reason.
0
 
LVL 27

Author Comment

by:Jason Watkins
Apple may very well be legally compelled to patch all vulnerabilities, the question is when. Despite their massive cash reserves, a bad headline can be very expensive. Not to mention, anyone can walk into an Apple store and have this problem addressed. Most times they include these with point updates, but in this Java case, they did so out of cycle. Apple does not have a prescribed release cycle for OS X, but does so at least once every six months. Using either OS X 10.6 or 10.7 will keep one in the safe area as far as support is concerned. If a Mac cannot run any of those versions, then heeding the tips in the article start to become very important.

OS X 10.5 and older will no longer be receiving critical updates. There will be no more point releases for any version of OS X, except for the current 10.7, which is a pain IMHO. Thanks for the feedback thus far. I am glad I can put this out there and make EE more versatile.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
LVL 38

Expert Comment

by:younghv
Firebar - excellent work and I will be pointing to this article every time I see a Apple/Virus question.
Very nicely done and a big "yes" vote above.

Vic
0
 
LVL 64

Expert Comment

by:☠ MASQ ☠
Excellent and very timely, suspect we will see all browsers enforcing updates before launching by the end of the year as users just don't see this as the priority it really is.  Thanks for writing this.
0
 
LVL 27

Author Comment

by:Jason Watkins
Thanks everyone! I am happy to help and the information is helpful.
0
 
LVL 27

Author Comment

by:Jason Watkins
I am out until tonight. I can post a link then. Thanks and Happy Easter, btw.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Join & Write a Comment

Check How effective MS Exchange Expert thinks Exchange Mailbox Recovery by SysTools IS. Visit the Official site to get detailed information:- https://www.systoolsgroup.com/exchange-recovery.html (https://www.systoolsgroup.com/exchange-recovery.h…
If you, like me, have a dislike for using Online Subscription anti-spam services, then this video series is for you. I have an inherent dislike of leaving decisions such as what is and what isn't spamming to other people or services for me and insis…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month