Back in the early days, Mac users confronted a moderate level of malware infections. I remember one occasion when I visited a local software store — back in Edison, New Jersey — and bought a screen saver from a reputable publisher. The floppy was infected, however. I didn’t have anti-virus software at hand, and had to reformat my Mac IIcx’s drive and reinstall everything. Well, it was only weeks after I bought the computer. I didn’t have much to reinstall, so the restore process wasn’t as intimidating as it might have otherwise seemed.
In passing, I quickly discovered the value of security software, and download an shareware app, called Virus Detective, which I used until the author, Jeffrey Shulman (no relation to the famous poker player by the way), give it up. The computer store took back the infected floppy and refunded my money, with abject apologies.
Not long thereafter, my employer, a graphic arts studio in New York City, encountered a virtual avalanche of floppies infected by a so-called desktop virus called WDEF. This was back in the early 1990s.
Of course, Mac viruses paled into insignificance compared to what happened on the Windows platform over the years, until Microsoft began to clean up their act. With the arrival of Unix-based Mac OS X, it was felt that Macs couldn’t possibly be infected by malware, and millions of Mac users were more or less lulled into a sense of security.
But a lot of things have happened in recent years. The arrival of Apple’s mobile gadgets has turned the company into a worldwide powerhouse, with a market cap ahead of all other companies on the planet. Anything Apple does gains worldwide headlines, so one expects it would only be a matter of time before Internet criminals look to Macs to spread their misery. The fact that Mac sales are growing faster than Windows sales these days only makes the platform even more appealing.
Most Mac malware outbreaks, though, have consisted of so-called Trojan Horse apps, which masquerade as something real but, when installed, have the potential to take over your system. Last year, lots of Mac users paid money for a fake anti-virus app called MAC Defender (also known by other names), which presented itself on a site that claimed to have discovered the presence of malware after allegedly scanning your Mac. The app, after claiming to remove the non-existent virus, did nothing further — other than take your money in license fees of course.
Apple updated security definitions in recent versions of OS X to guard against that particular malware outbreak.
But the most threatening malware of all first appeared last September as a Trojan Horse, a fake Flash-based player app labeled as Flashback. The most recent iteration, a so-called “drive-by download,” has reportedly infected over 600,000 Macs worldwide according to some estimates. By “drive-by,” I mean you visit a site that hosts Flashback, and it will infect unprotected Macs by exploiting a security leak in Java.
The end result is that the infected Macs can be taken over and become part of a large bot network that could spread spam and even more malware. Not a pretty picture.
Last week, Apple updated Java for Snow Leopard and Lion to fix the security leak that made Macs susceptible to Flashback. It doesn’t, however, actually remove the malware if it’s already there. But the major virus protection apps, such as Intego’s VirusBarrier, have long since been updated to guard against Flashback. Intego, by the way, was perhaps the first company to discover the existence of Flashback.
After saying nothing for a while, Apple has since posted a support document [1] at their site that explains what Flashback is all about, and how to get the Java security update. On Thursday, Apple released yet another Java security update, this one designed to rid infected Macs of Flashback, and disable the “automatic execution of Java applets.” In working with ISPs to take down the servers causing the outbreak, Apple apparently also tried to bring down a server run by a security software publisher, Dr. Web, which was designed to measure the extent of the infection. Talk about the laws of unintended consequences.
It’s good to know Apple finally recognizes the seriousness of Flashback and is taking steps to wipe it off infected Macs. But it may also be a case of trying to close the barn doors after the cows have left. Up till now, Apple has played down the potential for Mac malware. While support documents will guide you on how to protect yourself, and they even mention security software as a possible solution, most Mac users aren’t being actively informed about the dangers. A false sense of security isn’t going to protect you from possible infection.
Now since most Mac malware has so far arrived in the form of a Trojan Horse, being careful about what you download and where is usually enough to keep you safe. But a drive-by infection can just happen. You visit the wrong site, and the vulnerability can be exploited in a matter of seconds without your direct intervention. You aren’t even presented with a request for your system password.
Now some suggest you just turn off Java in Safari (it’s in the app’s preferences, under Security). The steps of disabling Java from other browsers is more complicated, and you need to read the Help menus. But don’t confuse Java with Javascript. The latter is simply a scripting language that allows a site to display dynamic content. If you turn it off, some of the nifty features on those sites, such as the ability to post a message almost instantaneously in our forums, will be deactivated.
For most of you, living without Java isn’t such a big deal. Few apps use it these days, but some Web-based conference tools and interactive chat rooms require Java. So if you see the coffee cup icon on a site that you want to visit, and you’re sure it’s a safe site, you may just want to turn Java back on. Meantime, I do hope Apple takes this malware outbreak as a wake-up call to become more proactive about protecting Mac users. They’ve taken positive steps in OS X, but more needs to be done.