For years, Macintosh computers made by Apple have enjoyed a reputation as being vastly “safer” than other types of computers, particularly those based on Microsoft’s Windows operating system. Deserved or not, that reputation has cultivated a world-wide community of Mac users who couldn’t give a flip about computer security.
Recent events should serve as a wakeup call to Mac users, however, and put things in the perspective that has always been. It should be readily apparent that continuing to be blissfully or willfully ignorant of computer safety issues is an unsustainable lifestyle.
Viruses, worms, trojans, spyware, call them what you will, the collection of computer nasties known as “malware” (MALicious softWARE) has decided to stop ignoring Apple computers. Malware for the Mac has been around for many years; it just hasn’t been very wide-spread because, traditionally, Macs have represented a much smaller portion of the computer marketplace.
The fact that most Mac owners could care less about computer security has not gone unnoticed by the Internet bad guys, who have started using this lackadaisical attitude to their advantage. They know full well that, if Windows PCs can be “p0wned” (geek-speak for “owned” or “controlled”), then so can Macs. Times have changed. Macs are a much bigger target than in years past. To the delight of Internet criminals, Macs and their users are turning out to be easy-to-p0wn victims. Malware for the Mac has begun to flourish. Case in point: the Flashback Botnet, built by the Flashback Trojan.
The Flashback Trojan, which targets Apple Macs and the OS X operating system, first hit the Internet sometime around September, 2011. Masquerading as an Adobe Flash Player installer, Flashback infects Macs that have not had Java (a programming language used on jillions of websites) updated by their users. I teach about Java updates in my computer security class, “Fight the Internet Bad Guys and Win!” If there are Java updates available, get them; don’t mess about or put them off until a convenient time rolls around, just get them.
Once infected with Flashback, the now-compromised Macs can be herded into what is known as a “botnet” (roBOT NETwork), ready to receive instructions from Bad Guy Headquarters. Responding to the threat, Oracle, the parent company of Java, issued an update which fixes the Flashback vulnerability in February, 2012. Even so, by March, over 600,000 infected Macs were part of the Flashback Botnet, ready to be controlled by the Internet bad guys. Apple finally got around to releasing a security update to fix the problem in April, but it was too little, too late.
What instructions have the Internet bad guys sent to the infected Macs that are part of the Flashback Botnet? One set of instructions we know about is in the form of an Ad Clicker. This clever bit of programming takes money that is generated by clicking on Google ads and, instead of the money being sent to Google, it is sent to the bad guys. Estimates are the Ad Clicker component of Flashback could be making $10,000 a day for the bad guys. That’s only one way we know of, so far, that the Flashback Botnet has been used. Experts say there may be more; many more.
“What’s an Apple Mac owner to do?” you may wonder. For starters, a change of attitude is in order. Mac owners must start thinking the way prudent PC owners have been thinking for years.
They need to realize that Macs are not magical devices built by mythical space fairies in some trouble-free, utopian land filled with ponies and rainbows. Macs are imperfect machines built by imperfect people, and the Internet bad guys want to steal from Mac owners just as much as from PC owners. The potential has always been there. The only thing that has changed is that finally, after all these years, ripping off Mac users is looking like a decently lucrative criminal endeavor.
Next, Mac users need to practice safe website surfing and email habits. “Careful where you click,” should be foremost, as it is ill-informed clicking that leads to the most problems.
Finally, Mac users need to take antimalware programs seriously. Avira Free Mac Security is a good choice. Intego, Sophos, Kaspersky and BitDefender also make good antimalware products for the Mac, in both free and paid versions. Intego also makes antimalware products for iPhones and iPads, which are, at their core, Apple computers that need protection.
I predict a steep learning curve to be climbed by indignant Mac owners, resentful at the mere suggestion that their beloved machines could possibly be subjected to the same security concerns that have plagued inferior PC owners for years. My advice? Get over it; get protected, start developing safe Internet habits and be happy. After all, Macs are and will always be very cool computers. A safe Mac is an even cooler Mac.