Browse All Articles > Mac Flashback Prevention and Remediation
Apple's Mac OS X has become an official member of the malware club. The Flashback Trojan has affected over half million Macs, worldwide.
It is behavior that ultimately gets malware onto a person’s computer. Obsolete or out-of-date software helps a great deal, but it is not the total reason for malware infections.
One sure-fire way to not get Flashback on your system is to not install anything. The notion may sound ridiculous, but to those who are not in the know, it is sane advice. Macs pretty much come with everything one needs to do as they want. The biggest third party application for the Mac is Microsoft Office. If you are not sure what it is you are installing, do not proceed. Flashback relies upon tricking the end user into entering an administrative password so that it may install. The default user account on all Macs is an administrative account and it does not force one to use a password, unlike Windows. Point Windows…
A few simple tips for keeping your Mac virus-free
If you see a password prompt that you did not initiate, cancel it.
If you are unsure about the prompt, don’t enter the password.
Don’t let other people install software on your Mac (this includes children).
Run your Mac as a standard user, and not as an admin. In this case, a username AND password is required for any software to install.
Use Time Machine with an external hard drive to make nightly backups of your Mac. This way if you become infected, just roll things back to a previous date.
Install an antivirus program on your Mac and keep it up to date. F-Secure, Sophos, Symantec, and ESET all offer antivirus products for the Mac. Sophos and ClamAV offer free products, which work reasonably well.
Keep your Mac up to date with Apple’s Software Update. Apple will, eventually, provide patches for all vulnerabilities. Additionally, using a current version of OS X is very important. As OS X progresses, successive versions get less support in patches and updates.
OS X 10.5 "Leopard" will not be receiving any security updates for the recent Java vulnerabilities. There will be no more point releases (10.6.8, for example) for any version of OS X, other than the current 10.7. I am very confident of the fact that OS X 10.6 "Snow Leopard" will start to receive less support when OS X 10.8 "Mountain Lion" is released this summer.
To determine if you are infected, open up the Terminal and enter the following commands. There are three different commands.
1. defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
2. defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
3. defaults read /Applications/Safari.app/Contents/Info LSEnvironment
If any of these commands produce an output other than "...does not exist", you have the virus.
Removing the virus is an in-depth and complicated operation. F-Secure has the best online tutorial for the process at the link below.
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
The folks in the Apple store pride themselves on customer service. Apple Geniuses are given significant leeway to make a situation right by the customer. As long as you are honest and clearly explain the situation to the person in the Apple store, they will do as much as possible to fix the issue. Apple sales associates often use the resistance to viruses as a selling point for the Mac. I can't imagine the store not helping an infected user, who may have or may not have been sold a Mac under that premise. Apple Stores helped remove malware from the Safari infection last year, but just that. Store associates and Geniuses did not fix problems with antivirus software, or viruses on Windows computers. I think anyone with Flashback on their Mac and in no position to fix it themselves can go to an Apple store with the problem.
It is behavior that ultimately gets malware onto a person’s computer. Obsolete or out-of-date software helps a great deal, but it is not the total reason for malware infections.
One sure-fire way to not get Flashback on your system is to not install anything. The notion may sound ridiculous, but to those who are not in the know, it is sane advice. Macs pretty much come with everything one needs to do as they want. The biggest third party application for the Mac is Microsoft Office. If you are not sure what it is you are installing, do not proceed. Flashback relies upon tricking the end user into entering an administrative password so that it may install. The default user account on all Macs is an administrative account and it does not force one to use a password, unlike Windows. Point Windows…
A few simple tips for keeping your Mac virus-free
If you see a password prompt that you did not initiate, cancel it.
If you are unsure about the prompt, don’t enter the password.
Don’t let other people install software on your Mac (this includes children).
Run your Mac as a standard user, and not as an admin. In this case, a username AND password is required for any software to install.
Use Time Machine with an external hard drive to make nightly backups of your Mac. This way if you become infected, just roll things back to a previous date.
Install an antivirus program on your Mac and keep it up to date. F-Secure, Sophos, Symantec, and ESET all offer antivirus products for the Mac. Sophos and ClamAV offer free products, which work reasonably well.
Keep your Mac up to date with Apple’s Software Update. Apple will, eventually, provide patches for all vulnerabilities. Additionally, using a current version of OS X is very important. As OS X progresses, successive versions get less support in patches and updates.
OS X 10.5 "Leopard" will not be receiving any security updates for the recent Java vulnerabilities. There will be no more point releases (10.6.8, for example) for any version of OS X, other than the current 10.7. I am very confident of the fact that OS X 10.6 "Snow Leopard" will start to receive less support when OS X 10.8 "Mountain Lion" is released this summer.
To determine if you are infected, open up the Terminal and enter the following commands. There are three different commands.
1. defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
2. defaults read /Applications/Firefox.app/
3. defaults read /Applications/Safari.app/C
If any of these commands produce an output other than "...does not exist", you have the virus.
Removing the virus is an in-depth and complicated operation. F-Secure has the best online tutorial for the process at the link below.
http://www.f-secure.com/v-
The folks in the Apple store pride themselves on customer service. Apple Geniuses are given significant leeway to make a situation right by the customer. As long as you are honest and clearly explain the situation to the person in the Apple store, they will do as much as possible to fix the issue. Apple sales associates often use the resistance to viruses as a selling point for the Mac. I can't imagine the store not helping an infected user, who may have or may not have been sold a Mac under that premise. Apple Stores helped remove malware from the Safari infection last year, but just that. Store associates and Geniuses did not fix problems with antivirus software, or viruses on Windows computers. I think anyone with Flashback on their Mac and in no position to fix it themselves can go to an Apple store with the problem.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (7)
Author
Commented:OS X 10.5 and older will no longer be receiving critical updates. There will be no more point releases for any version of OS X, except for the current 10.7, which is a pain IMHO. Thanks for the feedback thus far. I am glad I can put this out there and make EE more versatile.
Commented:
Very nicely done and a big "yes" vote above.
Vic
Commented:
Author
Commented:Author
Commented:View More