“Time to shed your naivety and get serious about OS X security. The BackDoor.FlashBack trojan is a wake up call for all Mac users — here are 10 easy (and free) things you can do right now to make your Mac more secure and stay infection free,” FairerPlatform reports.
Top 10 free ways to secure your Mac:
1. Turn off Java in Safari
2. Keep Mac OS X up-to-date
3. Turn off automatic login
4. Use strong passwords
5. Turn off “Open safe files…”
6. Turn on OS X’s Firewall
7. Turn off unnecessary Sharing services
8. Turn off unnecessary Sharing services (part 2)
9. Download and use antivirus software
10. Download from trusted sources only
More info and instructions in the full article here.
One question about this trojan remains unanswered: Does the Google Safe Browsing API protect against its download? Why is no one questioning Google for not keeping their API up to date?
Getting rid of Flash is a good idea too. A lot of sites are using HTML 5 to display video, so you might find that you don’t need it.
I ditched flash on my imacs. Don’t miss it at all.
Been Microsoft- and Adobe-free for three years. Never looked back and the space saved on my SSD is amazing.
If a real virus ever hits the Mac, I’ll clean up the mess then, and install an Apple-approved, anti-virus program.
Until such time, I am NOT burdening my computer and my wallet with what has for 10 years running, proved to be an absolutely pointless inconvenience, expenditure, and resource hog.
Good day, Sir.
There are two great FREE antivirus apps for Mac.
I run ClamX and the cpu cycles is insignificant, especially on today’s Macs. All your puffery over precious resources is so 20th century.
For those of you, like me, whose work and play takes them in to some seedy territory on the Net, AV will keep an eye out for known threats.
We all know, AV can’t protect you from new vectors, but malware like Flashback will be scripted and repurposed for months to come and in the meantime, here’s to hoping Apple pays closer attention to this type of threat and reacts a lot more quickly.
Oracle posted the malware fix in February and Apple finally released the patch a week ago…
I’ve been running Clamx for years as well, along with the free Sophos product (which found a bunch of old and relatively harmless Word macro viruses on its first run) since its release. No problems with either, and they’ll pick an occasional (Windows) virus out of an email every month or so.
1. Get a basic understanding of how your tools work and what the internet is.
Without this you will not be able to discern between good advice and ideas and snake oil from ignoramuses or people with a living to make from you.
One of the earlier versions of this bug was spread on WordPress websites that were not up to date (SW). This site happens to be a WordPress site.
#1 says to turn off Java in Safari … what are the potential impacts of this? I keep my Mac up to date and follow most if not all of the rest of the recommendations. FYI, I get free Symantec AV software through my internet provider (Comcast).
When the Java update was released, I tried to download and install it. That’s when I learned that Java wasn’t even installed on my MacBook Air. I have had it for about a year now, and I’ve had no apparent issues with it not installed. (I knew Apple stopped shipping Macs with Java installed. I just assumed at some point I would go to a sight that required it. I was wrong.)
I have encountered exactly ONE site that uses Java – a site to test the speed of your internet connection. And they also offer an alternate test that doesn’t use it.
0. Don’t let your daily-use, or default, account be an Admin account.
Yes, I know, when you get that nice new Mac and fire it up for the first time, it will create your account for you as part of initialization and authorization. But it is an Admin account, not quite as powerful as a root account, but close enough. Take the extra time to create another Admin account to be used for doing software installs and updates, and make sure it’s password is strong, but DON’T FORGET IT. Then go back & demote the account you will use on a daily basis to a User account.
… you saved me from delivering a similar comment. My routine differs slightly in the run-up, but the end result is the same. I run Safari and WoW etc. from my user account and keep the Admin account unused, calling up the (solid) password only when installing updates and the like.
I use Kapersky, not to protect against Mac OS viruses but I work with and transfer files with many windows machines and don’t want to pass a .exe virus to another computer.
Also, I work in Africa – the land of computer viruses
I’m 10 for 10. Guess I can go back to feeling smug and complacent. 😉