Monday, April 09, 2012

The post-Flashback era: removing Java and Flash from OS X

Decades ago, my SE/30 caught a Mac Classic virus. There was a fine freeware antivirus app for the Mac then, maintained by an academic and Mac geek. I used that until OS X came along. After OS X there was no great need for antivirus software, and none worth using.

Alas, as had been long expected, those days are back. There is money to be made now preying on Mac users, and Windows 7 is not the soft target of XP or 95. All Mac geeks have been reviewing the two important articles on Flashback:

I've run the 'defaults read' test on the admin account on four machines:

  • defaults read /Applications/Safari.app/Contents/Info LSEnvironment
  • defaults read /Applications/Google\ Chrome.app/Contents/Info LSEnvironment
  • defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

I suspect the last needs to be run on every user account, which is the sort of tedious job antiviral software was built for. So far I haven't found any problems.

I haven't put antiviral software on our Macs yet (OS 10.5, 10.6, 10.7) but i'm taking these measures:

  • Uninstall Flash Player and switch default browsers to Chrome (sandboxed Google-owned Flash)
  • Uninstall Adobe Acrobat (done long ago)
  • Never run as admin user (done long ago)
  • Disable Java on all Macs (Java Preferences - delete cache, uncheck JVM)
  • Don't install Microsoft Office

I'll move my two Mountain Lion capable machines to the new OS later this summer, and I'll be watching to see what happens with OS X antiviral software. My Win 7 experience with antiviral software means I'll think hard before I take that road.

Update: Flashback may be the worst virus-specific malware infection ever.

4 comments:

  1. Do you have any idea why Flashback has been mostly limited to the US?

    I have not heard anything about the websites where the infections occurred so far …

    ReplyDelete
  2. No idea, I'd not realized it was US only. That is curious.

    ReplyDelete
  3. English-only might actually be a better explanation.

    ReplyDelete
  4. Yes, that makes sense.

    ReplyDelete