Over half a million infected Macs. A week later and the only sign of removal tools were coming from independent developers. At least Apple finally spoke up and admitted they have a malware problem. That was only 3 days before a second threat (SabPab) was announced and as of today, there are still over 140,000 Macs out there infected with Flashback.
“But I thought Macs can’t get viruses?”
Technically speaking, the Flashback infection hitting Mac users is actually a Trojan. This infection takes advantage of a security hole in third party software (Java). If you’re reading this on your Mac, please make sure you’ve installed the latest security updates from Apple.
Macs can in fact get viruses, it’s just that there hasn’t been much need to do so. It all comes down to the biggest bang for their buck and 10 years ago, everyone was still running Windows 98, browsing the web with Internet Explorer, running no antivirus software. That crowd of users has since migrated on over to Macs and now everyone and their grandmother has a Mac. It seems everyone has a Facebook page too. So you have a huge segment of users who never learned the basics about staying safe on the web, all using systems that “can’t get infected,” all using a common web page that anyone can post virtually anything to. Hey, sounds like a crowd perfectly suited to point new infections at!
The approach to security I’ve seen many Mac users take is, well, no approach. The common theme I see amongst many Mac users, is they were former Windows users. They got tired of all the blue screens, viruses, and pop-ups. They moved on to their new system that “can’t get viruses.” What they didn’t know, was their problems would only follow them, no matter which system they used.
So now that you’re using a Mac and have a virus/Trojan/malware, what’s the plan? Ditch your Mac and move to another platform? Time to switch to Ubuntu? See how silly of an idea it was to think that by simply buying a Mac, you wouldn’t have issues? It’s almost as if the things we’ve been talking about for years @ anti-virus and best practices @ web safety, were right on target all along.
Sitting back and waiting simply isn’t the best approach to security. Security should be a mesh or layered approach. We recommend the following for every day PC users, whether it be for home or business use:
- A current, updated/patched operating system
- Effective, yet user-/resource-friendly antivirus
- Anti-malware protection
- A safer internet browser, such as Firefox or Chrome
- An ad-blocker for your internet browser (for added security, we recommend NoScript in addition to ad-blocking)
- Common sense
- Keep your computer(s) behind a hardware firewall
There simply isn’t a silver-bullet when it comes to security. Much like with cars, safety improves every year. New features are added to keep drivers safe. It’s not just one piece of the car that helps keep its passengers safe. It’s everything from safety belts to air bags; new tires and anti-lock brakes to crumple zones. No matter which safety features a vehicle has though, none of them trump a safe, alert driver. Strap on all the safety belts you want, it’s not going to do much to help you if you intentionally drive your car off a cliff (please, don’t do that).
So Mac users, it’s time to make sure you’re running a proper antivirus program. We recommend ESET CyberSecurity for Mac. And try not to get too mad at me for talking down about your shiny Mac. This isn’t about ad hominem attacks. There’s a reality here that many have been ignoring and avoiding for years. While it’s upsetting to realize you were wrong all those years, all we can do is learn from our mistakes and move forward.