Concerning Mac Malware

Discussion on websites and email lists have prompted me to write up some of my thoughts on the recent outbreak of Mac malware. 

1) Most viruses these days attack systems that, for various reasons, haven't caught up on security patches. For example, in the last week, there was a discussion about a trojan horse on the Mac that was transmitted through the opening of Word documents by a vulnerable version of Word. That vulnerability was noted and patched against in 2009. So if you have installed any Word security patches in the last 3 years, you're safe from this.

2) The latest Flashback version was a variation of this where Apple took the role of the irresponsible user. Namely, it relied on a vulnerability in Java that had been patched several months ago but which Apple had not yet incorporated in any updates for Macs. (Although Apple is no longer developing Java, it is still packaging updates). After the virus was detected, the F-Secure website provided some command-line tests for testing for and removing the infection which several websites linked to. Some folks packaged those tests in short programs, but the initial versions were incomplete. Apple finally released 3 successive versions of updated for their last two operating systems that, when run remove any infection and close the infection vector. They first released a Java update that closed the vector, then revised it to both remove any existing infection and close the vector, and, finally, for those with Java not installed, check for and remove any infection.

3) Stay away from major PC antivirus vendors. They have a history of getting compatible very slowly with Mac operation system releases and causing problems with software updates. I do have VirusBarrier X from Intego and it avoids these problems. However, I have never relied on it for first line protection. Since these products can only be reactive to new threats, your best bet is to track websites that actually give information (rather than just scare you) about threats and provide information for checking vulnerability and infection. The website that I check daily that is pretty much devoted to Mac troubleshooting is Macfixit which is actually now a part of CNet.  The news items at Macworld also are pretty good here, although the scope of coverage includes anything Mac-related. I actually get notified about new postings here by following the Twitter account 'allmacsworld'. Another general Mac site that contains thoughtful virus information is Tidbits. I follow the 'Tidbits' Twitter account to be notified of new postings there.


4) The best virus preventative is to keep your software updated. For operating systems and major software, use software where the vendor is still providing security updates.  For example, I don't know of any vulnerabilities to Word infections for any one who has the latest security for Office 2008 or Office 2011 installed. Before the latest Flashback variant, that was also true for Apple System Software, and,  after about a week or two of exposure, that door has been effectively closed (note that the latest updates not only prevent future infection via all known vulnerabilities, but clear any infections).

Either manually or automatically, check often for updates. Some updates have initially caused a small number of people problems, so you may wish to not immediately install non-emergency updates (for example, the initial version of the latest Office update caused problems with Outlook for some). If you do wait, check the websites listed in 3) for a few days, and, if no problems are reported, go ahead and install. If you think problems reported might affect you, either apply any simple workarounds suggested, or wait for the vendor to issue a revised version (as just happened with Office).

5) To extend my thoughts on updates, never click a link in an unsolicited alert box to install any software or update (this warning does apply when you have get such a message when starting an application from which you have requested update notification). When you hear of the possibility of an update, either open the application and request an update check (usually from the 'Application name' menu or Help menu) or go to the vendor's website and look for updates or downloads in the support area. 

In particular, be especially suspicious of update offers for Adobe Flash Player or Adobe Reader. If you hear that an update might be available, you might want to see if you already have it; However, since that is non-trivial for Flash Player, the simplest thing to do is to go to downloads tab at Adobe's corporate website  and click the appropriate box in the upper right corner for the app. Click the download button from the next screen. If your browser automatically loads downloaded items ( a bad idea, by the way), continue to follow instructions; otherwise follow normal installation procedures (if you don't know how to do that, consult a mentor).

6) Although not directly related to hunting down malware, manuals from the Take Control series of ebooks provide easily understandable tips for operating and maintaining a Mac. In particular, I recommend the two books, Take Control of Maintaining Your Mac and Take Control of Troubleshooting Your Mac as references. You can find them in the Take Control catalog. Click on the General Macintosh vertical tab to see a smaller list. Note than free sample content, including the table of contents is available.

email: alan@al4kosh.com              SmugMug Referral Link                   © Alan Forkosh 2012, 2013, 2014, 2016, 2017