Breaking News
More () »

How to secure your Mac from Flashback virus infection

How to keep your Mac safe from the Flashback Trojan and remove it if you've already been infected. 

Question: What's the best way to keep my Mac safe from the Flashback Trojan that has been in the news?

Answer: Flashback is technically not a trojan-horse application at all, but a "drive-by download" that infects computers by exploiting a vulnerability in Web software.

That makes it much worse than a trojan: You just need to visit a malicious site, without downloading the wrong app or entering an admin password, to have this program silently take command of your Mac and begin altering the content of Web pages.

That also sets Flashback apart from all of the other Mac viruses you might have heard about over the last few years. But it wasn't hard to see something like this happening.

Flashback attacks a known weakness in the Java software Apple has bundled on Macs but often updated slower than other vendors. Apple released a fixlast week -"Java for OS X Lion 2012-001" or "Java for Mac OS X 10.6 Update 7" depending on your version of OS X - but it came too late for the estimated 600,000 Macs infected so far.

How to check if you're infected

You can check your Mac for symptoms of Flashback by copying a couple of commands into the Terminal command-line app; anti-malware vendor F-Secure has instructions on its site. Dr.Web, the Russian security firm that has helped to identify this malware, has posted its own Flashback checker.

Preventative measures

Most advice on preventing this sort of attack has hit the same points: promptly install security updates, don't visit suspicious sites, install anti-virus software. But for home users, I recommend a simpler and more effective remedy: Get rid of Java.

This software, originally developed by Sun Microsystems and now an Oracle product, once held promise as a way to let computer users run complex apps over the Web on any computer. But the Web itself now does that job better than Java - you don't need Java to create a spreadsheet in Google Docs, edit a photo on Flickr or write a blog post on WordPress.

(Update at 12 p.m. ET Saturday: Those sites and many others do employ a much simpler, safer interactive technology called JavaScript, which has nothing to do with Java.)

These days, I only see Java used in some newspapers' online crosswords (fortunately, not this one) and on my bank's remote-check-deposit site (but I can upload my own scanned images of checks instead). I can't think of any remotely essential uses for it on a home computer.

Java has, however, become an attractive target for malware authors. So why put up with that risk for so little reward?

How to disable Java

To disable Java in Apple's Safari, go to the Safari menu, select "Preferences..." and click that window's Security heading, then click to clear the checkbox next to "Enable Java." To do the same in Mozilla Firefox, go to its Tools menu, select "Add-ons," click "Plugins" and click the "Disable" button to the right of the Java plug-in entry. In Google Chrome, click the wrench-icon menu, select "Under the Hood," and click the "Disable individual plug-ins" link.

This advice applies to Windows users too. But while you can't easily uninstall Java from OS X, you can and should in Windows through the Control Panel's usual "Add or Remove Programs" or "Uninstall a Program" options.

Tip: Search through time with Google

Looking for documentation on how to disable Java in various browsers brought up a lot of out-of-date links. But then I remembered to click the "More Search Tools" to the left of a Google search page.

This brings up a menu of date ranges - from "Past hour" to "Past year" to any other span of dates you choose - that you can use to refine your search. It's an enormous help when looking for recent news stories on a subject, but I've also found it useful when digging up older pieces that I know went up years ago.

Unfortunately, neither Bing nor Yahoo's implementation of Microsoft's search offers this same simple flexibility, although each still allows you to limit searches to pages published in the past 24 hours, past week or past month.

As an added bonus, if you happened to use Google's option on April 1, you would have seen such extra, entertaining date ranges as "Tomorrow," "Cretaceous Era" and "Past 5.391e-44 seconds."

By Rob Pegoraro

Paid Advertisement

Before You Leave, Check This Out