It’s official: Macs are finally vulnerable to nasty viruses. There are malicious programs that can infect a Mac without the user having to do anything accidental or unwise. It ain’t an apocalypse, but we should be increasingly careful.
Last week saw the emergence of a version of the Flashback trojan. This bad bug sneaks into your web browser when you visit an infected web site, and starts reporting things like your browsing history and logins.
There are really good writeups about Flashback, like these from TidBITS, MacWorld, All Things D, and this nerdy one from Basics4Mac, with plenty of technical details and descriptions of the . For the purpose of this article, I’ll simply say that Flashback uses the programming environments Flash and Java to run. (These names may sound familiar, from discussions about how the iPhone has neither of them.)
Apple has also now, for the first time, posted a response to an emergent Mac malware. It’s brief and worth a glance.
So now I am going to try to distill, in as few words as possible, what the average Mac user should do about the virus.
1. Run Software Update from the Apple menu.
Apple has released a patch to Java that prevents Flashback from infecting your Mac.
2. Don’t click on unknown or untrusted links to web sites.
Even some legit web sites have been infected, but they will be cleaned up. When you see a link in an email, before you click, hover your cursor over the link and read the address that pops up. If it doesn’t look right, don’t click.
3. Don’t enter your password…
…unless you know why you’re being asked to do so.
4. Test your Mac for infection.
This takes just a bit of effort, but is not hard. You have three reasonable options:
- Download this small app by long-time Mac nerd Mark Zeedar. Once the file test4flashback.zip (lowercase) is in your downloads folder, double-click it to “unzip” it, and then double-click the resulting file called Test4Flashback (with capital letters).
- Go to this web page by security firm Kaspersky. It can supposedly compare your Mac’s unique ID against a database of known infected machines.
- Open the app called Terminal. You can find it using Spotlight or in the /Applications/Utilities folder. Copy and paste each of the following commands into the Terminal, hitting return after each.
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Google Chrome.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read /Applications/iCab 4/iCab.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
The result should look like the screen shot below, with the words “does not exist” after each line.
5. Remove the infection.
If one of the above techniques revealed that your Mac is infected, you have three options:
- Call us and we’ll take care of it.
- Download this removal tool from Kaspersky.
- Or follow these brief-but-nerdy instructions posted by F-Secure.
But what then? How should Mac-o-philes stay vigilant against these intruders?
Please understand that all of the following are just suggestions, not prescriptions. All of us want our Macs to just keep working, without the tinkering and worrying characteristic of Windows users. But to that end, I have myself adopted the following methods, and I believe they help protect my computers and my data from the bad guys.
1. Uninstall Adobe Flash from your Mac
Adobe has this page, from which you can download the Flash uninstaller for Mac.
I know, I know, you’re saying it’s going to break your internet. Read on, dear reader.
2. Use Google Chrome instead of Apple Safari for web browsing
Chrome is a fantastic, free web browser that Google created to make the web better and faster.
Google built their own version of Flash into Chrome, and Chrome updates itself on a regular basis behind the scenes. So you don’t have to keep up with Flash updates, and you’ll never be tricked into downloading a fake version of Flash.
Sometimes I browse in Safari, but mostly I use Chrome.
3. Should I disable Java?
You can read in the other articles how you can disable Java entirely, both for your browser and on your whole Mac. The problem is that, as of this moment, Java is even more important than Flash. Many of our clients are using CrashPlan for internet backups, or LogMeIn for remote access to their computers. Both services rely on Java.
As an experiment, I have disabled Java on Safari, in Safari menu > Preferences > Security. Ping me if you’re curious whether that has affected my experience on the web.
Back up, and be vigilant
If you follow the 3–2–1 rule of backups, then you can recover from anything that happens to your computer.
And from here on out, it behooves us to keep an eye on what goes on on our computers. The days of cavalier surfing are over for Mac users.
6 thoughts on “The Malware Cometh”
Good and comprehensive and user friendly Post Jonathan Marcus!
Just came across this malware on a client’s MacBook Pro. In the process of removing using the Kapersky tool.
That’s good info, Denise. Thanks! Were you searching for it just in case, or did they have an active concern?
Using the terminal, I determined that I don’t have Java on my new MBP. Is that why the Java update did not appear in the update list when I ran software update?
That’s totally the reason, and it’s a good point: you can’t update what isn’t there. And if you don’t have Java, you can’t have Flashback, so just running Software Update is a good start to checking your exposure.