I was surfing the web the other day, hanging out on the Facebook and clicking links like any normal user would — after all, it is what users do. I browsed from the Facebook to a site which had some video news clips. As the page opened, and before the video could start playing, a pop-up opened up asking me to install the latest Flash software. I do recall I closed the window and exclaimed, “Oh! Hell no!” as I went on my merry web way and realized, not surprisingly, that all the videos played just fine.
Today I saw the news, in the pulp outlets, about the “Macintosh Flashback Virus” and I realized that the above recollection was me having been exposed to but not infected with this malware. As with any pulp-news outlets, FUD (fear, uncertainty, and doubt) generates hits and brings home the ad revenue and I know better than to believe everything that I read there. So, I immediately read the “Industry News” sites and found the technical information on how to detect if I had actually been infected. The way the pulp-news sites reported the infection, it was “just like a PC virus” and if that were the case, doing everything right, like I knew I had done, was of no use; I could have been infected anyway.
However the actual facts are much different. This is a trojan not a virus. Some may argue I’m splitting hairs, but it is a very valid distinction. They are both malware, but a virus doesn’t depend on the actions of a user. The Trojan Horse could not have entered Troy all by itself, it needed the citizens to accept it as a gift and wheel it into the city through the city gates. In our modern day case here, hacked websites tricked the end user into installing the malware. You had to agree to it.
So, if you listen to the pulp-news sites, I was infected. If you listened to the industry-news sites, I was fine. But in my mind there was only one way to be 100% sure, check each and every file on my hard drive. So, I downloaded a full-version, 30-day trial, of F-Secure’s Virus Protection for Mac which is running a scan as I write this. So far 450,000 files scanned and 0 detections.
So what’s flying around in the media right now is mostly untrue. You see, my Macintosh isn’t susceptible to Flashback, because the vector of infection is the end user. PICNIC ERROR – problem in chair, not in computer! The malware may run on the Macintosh OS, but it infects the system through the end user, a trojan. Nothing like Microsoft Windows viruses.
But I’m not here touting how “I wasn’t fooled!” by this particular infection. This is an illustration that good computing practices keep good computers from being harmed by less than apt end users. Let me elaborate. I’d like to talk about my kids and their macintoshes!
I have two children in grade school. At first, I must admit, I worried they may have fallen for the ruse and installed the infected software. Then I thought it through. My children and their computers are completely safe, because they can’t install software. They don’t have the privilege to. A Mac is a UNIX machine and UNIX machines are some of the most powerful and secure machines imaginable. Granted if they are misconfigured, they can actually be more vulnerable, much worse, than a PC. This is where the Mac truly excels by how easy they made it to administrate and secure properly. Honestly, it’s so easy I call it Mactastic! I might be a seasoned Information Technology Veteran, but any concerned parent could have taken 10 minutes to set up the same things with the easy to use Apple GUI Interfaces. Apple has made it simple to be safe on the Internet.
With a good administrator (in this case just a concerned parent and Apple’s Operating System) and a solid computer usage policy in place, a properly configured UNIX system (Macintosh included) is neigh-invulnerable to a trojan attack compared to corresponding windows desktop systems that are in use at present. I don’t want to poke the hornets nest here. There is a ton of work for the virus and malware community to do to infect Mac’s “just like PC’s.” I am in no way saying that it isn’t in the realm of possibilities; I am saying I’m personally glad the effort is still much greater than the reward.
I fully intend to uninstall F-Secure after the full scan of my hard drive comes back with -0- infections — in several hours as we’re only 40% through the scan at the end of this writing. Why am I going to uninstall it? Because it’s a waste of resources, highly inefficient, and at this time completely unnecessary under my circumstances which incidentally do include me being an Internet Security Engineer and having a properly configured UNIX/Macintosh computer.
The moral of this story: “Never install software that you didn’t specifically download from the official software site and verify with the provided authentication (checksum or signing certificate)” and “Mac’s really are all that and a bag of chips!”