Of late, the tech world has been abuzz with alarming news of Mac malware threats, the reports given weight by the emergence of a newer and more sophisticated version of that annoying thorn in Apple’s side, Flashback. Known as Flashback.K, the latest iteration of the trojan horse which has been grabbing headlines since mid-2011 makes use of a known Java security vulnerability to launch malicious code and potentially record users personal data.
As OS X market share continues to rise, security is becoming an area of concern for more users and there’s a perception building that Macs have lost their previous status as secure computers, with some analysts even going so far as to say that we’re about to enter an era of cat-and-mouse games between Apple and malware makers. So, is the sky falling or is this all a lot of hot air?
Caught napping
Apple's lag between Java updates facilitated the Flashback.K malware issue
The Java security hole which gave rise to Flashback.K also posed a security risk for other operating systems which use the cross-platform programming language, but as Linux and Microsoft Windows users receive their versions of Java direct from Java’s developers Oracle, the hole was discovered and quickly plugged.
However, because Apple deign to produce and release their own version of the largely open source Java, OS X users are at the mercy of Apple’s update process which in this case lagged over two months behind Oracle and gave malicious hackers the opportunity to infect over 600,000 Mac users before Apple stepped in with a Software Update fix which both plugs the hole and removes any existing Flashback.K infection.
Frankly, the entire Flashback.K episode is not evidence of an inherent security flaw within OS X itself, but was rather facilitated by Apple’s failure to keep on top of security threats and patch known holes, a mistake the company are certain to wish to avoid in the future – indeed, as Ars Technica recently reported, Oracle will soon take over the supply of Java security fixes for Macs, thus firmly consigning such lags to the past.
What’s In a Name?
At first glance it may seem pedantic but referring to malware by its proper name is useful
It may be useful to remember that while talk of Mac ‘viruses’ is common as of late, there is currently not one single credible virus on OS X. To be sure, there exists Mac security threats, but understanding the differences between non-existent viruses and the real threat posed by trojans (both of which fall under the umbrella term ‘malware’) will go some way to offering a tangible defence against their ill effects.
A virus is a piece of software which can replicate itself and spread from one computer to another. Often making use of a local network, the Internet or removable media like USB sticks, a virus can remain undetected for years and show no outward signs of malicious intent. Indeed, some viruses don’t seem to do much else than replicating at length on the target computer and slowly using up increasing resources.
There are currently no known viruses for any recent version of Mac OS X.
A Trojan Horse on the other hand is an altogether different piece of malware. Taking its name from the mythical Trojan War in which Greek soldiers were said to have been smuggled into an enemy city hidden within a large (and seemingly harmless) wooden horse, the modern trojan horse acts in much the same way.
Often masquerading as a desirable application, a well made trojan horse will fool the user into installing it and may even perform the expected function (a popular choice is screensaver), in addition to also performing other less desirable tasks, such as logging each password entered into the computer.
By nature of its focus on exploiting user error, trojans doubtless offer by far the most signifiant malware threat to Mac OS X and for this reason they are the worthy focus of Mac security professionals. There have been several successful Mac trojans, Flashback.K being the most infamous, though the rate of infection is still remarkably small compared to some other platforms.
Lightweight Alternatives to Anti-virus Software
An updated Mac is a Mac which is safe from Flashback.K
Let’s take a look at some non-invasive and lightweight alternatives to anti-virus software which can help us stay a step ahead of the malware makers:
Use OpenDNS
As highlighted in a company blog post, OpenDNS prevents the Flashback.K malware from installing on Macs and the popular ad-supported (or ad-free at a premium) service will even prevent an already infected Mac from being exploited by Flashback.K (and many other forms of malware) effectively cancelling out attempts of the trojan to ‘call home‘ with its data.
Some further information on OpenDNS can be found here on our sister site, Web.AppStorm.
Use Noscript or disable Javascript and Flash
The Firefox-only extension Noscript will block Flash and Javascript (in addition to other plugins) from running unless a website is designated as ‘safe’ by the user and thus kept on a ‘whitelist’. Though compiling such whitelists can take some initial time to set up, once in place it is an effective method of ensuring you surf the web safely. There are similar plugins for Google Chrome named NotScript and ScriptNo, but Safari users are limited to Click-to-Flash and manually disabling Java within Safari’s preferences.
Surf Safely
The single most effective way of preventing infection is also the most eye-rollingly obvious and I’ll risk possible derision by discussing it anyway. Ensuring that you visit only trusted websites and download applications from reputable sources will go a long way toward preventing infection. When connecting to a website in which one enters secure details, such as an online bank account, ensure that https:// is present in the URL Bar, as the all important s denotes a secure connection.
In addition, deselecting the option within Safari’s preferences to open safe files after downloading is not selected is a prudent measure, as is using only trusted and secure wireless connections.
Stay Updated
Though the usefulness of Software Updates is reliant on Apple offering timely fixes, it is essential to maintain a fully updated Mac system – remember that a fully updated Mac running any version of OS X from Leopard upwards is totally protected from Flashback.K and its known variants.
Conclusion
When discussing Mac security, it’s all too easy to fall into the familiar trap of taking up a position on one extreme of the spectrum – the argument usually goes that either Macs are completely immune to all malware, or Macs are a wide open security threat waiting to be hit by a deluge of viruses ‘any day now’. Of course, neither position is correct and understanding that there is a middle ground will help ensure that your Mac does not become infected with malware.
The choice as to what steps a user takes in order to safeguard against malware infection will be a personal one and it would be foolish to state that Mac users will never need anti-virus software, but I will stick my neck out and state firmly that the tipping point is yet to be reached.
Really, at this point in time the cure is probably worse than the disease and running potentially resource-hogging anti-virus software is overkill for something which is unlikely to happen if one follows some basic good practices.