OS X. Welcome to the club!

All of my friends, who are of the Windows persuasion, are in a happy gloat this week. The first massive exploit for Mac OS X is out in the wild and has infected over half-million Macs. 

I knew this was going to happen some day. I know exactly why Apple is playing this cool for the time being and know how they’ll prevent this type of thing in the future. Hint, it all has to do with the Mac App Store… 

It is behavior that ultimately gets mal-ware onto a person’s computer. 

One sure-fire way to not get this infection (flashback) on your system is to not install anything. Macs pretty much come with everything one needs to get started. The biggest third party application for the Mac is Microsoft Office. If you are not sure what it is you are installing, do not proceed. Flashback relies upon tricking the end user into entering an administrative password so that it may install. The default user account on all Macs is an administrative account and it does not force one to use a password, unlike Windows. Point Windows…

  • If you see a password prompt that you did not initiate, cancel it.
  • If you are unsure about the prompt, don’t enter the password.
  • Don’t let other people install software on your Mac (this includes children).
  • Run your Mac as a standard user, and not as an admin. In this case, a username AND password is required for any software to install.
  • Use Time Machine with an external hard drive to make nightly backups of your Mac. This way if you become infected, just roll things back to a previous date.

Install an antivirus program on your Mac and keep it up to date. The university provides antivirus software, for both Windows and Mac, free for use on-campus and off. Just visit the ISC antivirus web-page for the free download (PennKey required).

Keep your Mac up to date with Apple’s Software Update utility. Apple will, eventually, provide patches for all vulnerabilities. If you feel as if your Mac may be infected with flashback, the following commands can help determine.

To see if your Mac is infected, you need to run a few commands from the terminal.

There are three different commands.

1. defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

2. defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

3. defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If any of these commands produce an output other than "...does not exist", you have the virus.

If you are infected, I can remove the virus from your computers.


Post new comment

The content of this field is kept private and will not be shown publicly.
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.