Accordion Al - image by Ivy, age 10

Business in Vancouver

Canadian Freelance Union- CEP

Flashback virus a wakeup call to smug Mac users

by  Alan Zisman (c) 2012 First published in Business in Vancouver insert April 17-23, 2012 Issue #1173 High Tech Office column; an expanded version appeared on LowEndMac

A big reason for Windows users to consider a move to Mac has been the virtual non-existence of Mac malware.

ComputerWorld reported the existence of a million different computer viruses at the end of 2008 – but that’s been almost entirely an issue for Windows users.

Now and again, a virus or other malware that could affect Mac users was reported, but these were easily avoided and none became widespread. Many or most Mac users haven’t bothered with anti-virus or other security software and have tended to assume that their chosen platform was invulnerable – an attitude Apple has been happy to encourage.

On April 4, however, Russian security firm Dr. Web reported that some 600,000 Macs – an estimated 1% to 2% of all Macs - had been infected over the past two months with the so-called Flashback Trojan, malware that took advantage of a known flaw in the web application language Java. Approximately 125,000 - 20% of the infected Macs - are in Canada, a surprisingly large number.

Early versions of Flashback disguised themselves as browser plug-ins such as a faux update to Adobe Flash and required users to install them; more recent versions can install themselves when a user simply visits a malicious or infected website, a “drive-by download” with no permission needed. Users might not be aware they are now infected while Flashback collects passwords and other personal information and sends it to a remote server.

Apple released a patch for Mac versions of Java but only for Mac users running OS X Lion and Snow Leopard versions. Installing this patch will prevent your Mac from getting infected but won’t cure already infected Macs. No patch is available for Macs running older versions of OS X - users of older OS X versions should consider disabling Java entirely using the Java preferences application in their utilities folder.

Worth doing (if you’re a Mac user) - browse to http://git.io/qWhc_Q and download the free Flashback Checker app; if it finds your system is infected, it provides a link to instructions to remove Flashback. If your system has been infected, it’s probably worth changing passwords at financial and other services that might have been compromised.

Also worthwhile – install antivirus software on your Mac and keep it up to date. Home users may want to check out Sophos Free AntiVirus for Mac: http://bit.ly/itpFp6.

Mac (and Windows) users should take updates seriously; in March, malware targeting Tibetan activists was reported that took advantage of a flaw in the Mac version of Microsoft Office that had been patched two and a half years earlier. Apparently enough users had failed to update their software to make this attack worthwhile.

And Mac users – like Windows users – need to think before they click. Last year, Macs were targeted by fake security products, the same sort of “scareware” that has been targeting Windows users for several years.

Apple bears a share of the blame for the extent to which Flashback spread. The Java language is owned by Oracle, which releases updates to it for Windows and Linux. Apple, however, updates the Mac version of Java. Oracle patched the vulnerability targeted by Flashback in February; Apple didn’t get around to doing the same until April – and then only for users of the most recent Mac OS X versions.

As well, Apple shares in promoting the idea that Macs are inherently secure. The company is slow to release patches for known security holes, releasing Java patches, for example, an average of six months after they’ve been released for other platforms. Prior to releasing a patch, Apple is mum on the potential for infection and fails to inform its customers of steps they might take to protect themselves.

Macs sales have outpaced Windows PC sales for the past 23 consecutive quarters; apparently the number of Macs has now reached the point where it is worthwhile for malware to be created to attack them. You can expect more – and increasingly sophisticated Mac-targeting malware. It’s time for Mac users and Apple to take these threats more seriously.