2012-04-09

WARNING: "Flashback" trojan affecting many Mac users


If you haven't heard or read about it, there have been many reports of late about something called the "Flashback" trojan infecting over a half million Macs worldwide. Flashback is a piece of 'malware' that was first seen in September of 2011. It uses a Java vulnerability to install itself, and does not require user interaction to be installed.

[There are links to read all the gory details of the issue at the bottom of this email, and everything I summarize below is gleaned from those three articles.]

To cut to the chase, I will first describe what to do to make sure you're protected from Flashback, then I will tell you how to tell if you've been infected.

***First, ensure that you've installed the latest Java update, released by Apple this week (via Software Update). The update is called "Apple Java for OS X Lion 2012-002". If Software Update reports that you're up-to-date, it's installed... [If you're running an older operating system, like Leopard (10.5.x) or Tiger (10.4.x), I'm not sure yet if you're even at risk. I will update you as I know more.]

Next, consider turning off Java altogether in Safari. Go to Preferences in Safari, and click on the Security tab, then uncheck the Enable Java checkbox:


UPDATE: Several folks have asked how to disable Java in Firefox. Here are the instructions:

Open Firefox's preferences, go to the General tab, and then click on the "Manage Add-ons..." button in the lower right corner. That will open another Firefox window, showing a list of plug-ins, one of which is the 'Java Applet Plug-in'. Disable that plug-in, and you should be good to go...

«««»»»

To be even more secure (and aside from your browsers), you could disable Java system-wide. I don't recommend this, however, unless you're positive you don't use any Java-based programs (CrashPlan uses Java, for example). If you want to disable it, you will need to go to your Applications folder, find the Utilities folder within it, then a program called Java Preferences. Open that, and uncheck all the boxes under the General tab, as seen below:


***Now, to see if you're infected by Flashback. Again, go to your Applications folder, find the Utilities folder within it, then a program called Terminal. Open it, then follow these steps:

Copy the line below, paste it into the Terminal window and hit return:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If you get this result: "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist" that is good, but need to check one more thing.

Copy and paste in the following line and hit return:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you see this result: "The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist" then your system is clean.

***If your machine is infected, you have one of two options:
1) Follow the instructions at this link (which are fairly technical, and again involve use of the Terminal program):

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml

...or...

2) Call me [970-417-8434] and I'll try and walk you through the process over the phone...

Lastly, I've given you several things that you can do to make sure you're protected from this and future Java-based exploits. However, if there's anything we can learn from this entire episode it's that the era of not having to worry at all about malware on a Mac is drawing to a close. Sad but true. At the same time, we're a long way from needing to install anti-virus software on all our Macs. That said, if you feel like you want to install something in the way of an A/V tool on your computer, here are a few options to look at:

Sophos Anti-Virus for Mac Home Edition (free): http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
ClamXav (free): http://www.clamxav.com/
VirusBarrier X6 ($50): http://www.intego.com/virusbarrier

I hope none of you read too much into all of this. As I said, it certainly doesn't represent some sort of fundamental change in the overall security of your Mac. Apple certainly needs to take a lot of responsibility for the situation, since there was a patch available for the Java exploit for almost two months before they released an updated version. This experience will undoubtably be a wake-up call for the folks at Apple in charge of security updates!
Thanks!
John
Links to the articles that I used to research this information (if you want the best synopsis, read the first one):
MacWorld: What You Need To Know About The Flashback Trojan
F-Secure.com; Description: Flashback Trojan
OSX Daily: Secure Your Mac From Flashback Trojan
Posted by

2012-04-02

Mac Classes - April '12


Happy late April Fools Day! I hope you didn't get fooled too bad... ;-)

I have a crazy schedule this month, so I'm going to squeeze the Saturday classes into the next two weekends, then have a break until the Overview class at the end of the month:

 On Saturday, April 7th, from 10 a.m. to noon, I will once again offer a class on Email & Address Book on your Mac. This class will cover all the intricacies of email and contact-management.

Ever wonder what the Bcc field is for, or how to make an email that looks colorful and professional instead of simple black-on-white text? Have you been frustrated by the complexity of creating Groups in your Address Book, and then struggled to send a message to a large group without having the message fail? This class will cover all that and more... Cost is $20, and it will be held at the Ridgway Town Hall. No sign-up necessary; it's open to drop-ins, so come if you can!

 Then, on Saturday, April 14th, from 10 a.m. to noon, I will again present an in-depth overview of the iPhone, iPad & iPod Touch. In the last several months, the iPhone 4S has been released (now available on AT&T, Verizon and Sprint), a major update to the operating system has come out ("iOS 5") with tons of great new features, and of course the 'new' iPad has just arrived as well.

Whether you've had one of these game-changers for years, are just now jumping on the "iOS" bandwagon with a new iPhone/iPad, or it's simply time for you to find out what the fuss is all about, this class will teach you everything you need to know about these amazing devices. Again, cost for this class is $20, and it will be held at the Ridgway Town Hall. Sign-up is not necessary, drop-ins are welcome!

Lastly...

 The regular FREE "Overview of Mac OS X" class takes place on the last Wednesday of every month, and this month that means it happens on Wednesday, April 25th from 5-7 p.m. These overview classes are held in the computer lab at the Ridgway Library. There are only eight seats available, and the Library has asked that I handle the sign ups, so give me a call at 970-417-8434 (or drop me an email) if you'd like to attend. (Be aware that first-timers take priority over anyone who has taken the class before, but there are often openings for repeaters).

There are six Macs in the computer lab, so only two of the eight attendees need their own laptops. This class is beginner-oriented, but we cover some different things every month; repeat attendees are encouraged (when there's room)!

Take care everyone, and have a great month!!

And as always, let me know if there's something else you'd like me to consider covering in the Saturday sessions.
Posted by
Subscribe to: Posts (Atom)