FAQ: The New Mac Virus and Apple Anti-Virus Options
|Image composite by SecurityNewsDaily|
We've gotten a lot of queries about the current widespread Mac malware infection. Here's a quick list of answers to frequently asked questions.
What's in the new Mac virus and when did it strike?
The malware, called Flashback or Flashfake, isn't actually a virus, strictly speaking. Rather, it's a "Trojan horse" that's taken on several forms since it was first spotted last fall.
Back then, Flashback used a fake Adobe Flash installer to infect Macs. But it's evolved to become a drive-by download that hides in legitimate websites and infects machines unlucky enough to visit those sites.
How does the new Mac virus work?
Flashback does not need you to type in an administrative password in order to install itself. It infects your machine silently and without human assistance.
What can I do to protect my Mac?
Apply the security updates for Mac OS X 10.6 Snow Leopard and 10.7 Lion that Apple released last week. If you have an Intel-based Mac running OS X 10.5 Leopard, upgrade to Snow Leopard and apply all security patches. However, there's a chance you may already be infected.
How do I find out if my Mac is infected?
Use two AppleScripts that the social-networking-news site Mashable wrote. Here's the download link, and here are the instructions. If the scripts return pop-up boxes saying that each searched-for file "does not exist," you're in the clear for now.
The Russian security firm Kaspersky Lab has put up a website, http://flashbackcheck.com, that will check your Mac's serial number against Kaspersky's own list of all the machines it knows to be infected. But it might be best to run Mashable's script just to be sure.
What should I do if I am infected?
Apple has released a Flashback removal tool with its latest software update. Make sure you are running the latest version of Snow Leopard or Lion, then apply the updates.
Why is this Apple's fault?
It isn't entirely, but Apple was egregiously slow to respond to this threat. Its delay gave the operators of Flashback plenty of time to incorporate the Java flaw into the Trojan's exploit toolkit and infect hundreds of thousands of Macs.
A quick timeline: The Java flaw was discovered in mid-January. Oracle patched the flaw for Windows and Linux machines on February 17. Apple insists on doing its own security updates, and did not have a patch ready until April 2.
Apple has also, deliberately or not, led Mac users to believe they are inherently immune from viruses and other forms of malware. That has never been true — some of the first viruses were written for Macs — but Apple has done nothing to correct that false belief.
Do I really need Mac antivirus software?
You absolutely do. You needed it a year ago, when the MacDefender scareware drive-by download was flooding users' browsers with porn. You needed it six months ago, when the DNSChanger Trojan was redirecting browsers on PCs and Macs alike to scam sites.
And you really need it now, because Flashback is no joke. It will literally open the door to all sorts of other malware.
What if I have a PowerPC Mac or other old Apple computer?
You should disable the Java runtime engine. (Open the Java Preferences app in the Utilities folder.) Apple no longer supports PowerPC Macs and is no longer issuing security updates for Mac OS X 10.5 Leopard.
Disabling Java can cause problems if you're running Adobe software, such as Photoshop, Illustrator or InDesign, since those programs need Java to run properly. If so, it's time to upgrade to an Intel-based Mac.
How many Macs are infected?
Two Russian security firms, including the well-known Kaspersky Lab, estimate that 600,000 Macs were infected with Flashback worldwide at its peak around April 1, most of them in the U.S., Canada, Britain and Australia. That's a significant chunk of the Mac user base.
Will I have to worry about other Mac malware in the future?
Almost certainly. Apple's share of the personal-computer market has been growing steadily for the past few years, riding on the coattails of the iPhone and iPad.
It's arguably hit the malware "critical mass" — the point at which the Mac share of the overall PC market is large enough to make it a worthwhile target for malware writers and cybercriminals.
The fact that a shockingly low percentage of Mac users, estimated at somewhere between 15 and 25 percent, has anti-virus software installed just makes the market segment even more ripe for the picking.