Is some type of virus protection necessary? I just had my aol email account hacked and it has really spooked me. I had a lot of previous issues with my former PC and this is one of the reasons I bought an Apple. But now I wonder if I need some type of protection.
iMac, Mac OS X (10.7.3)
You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
https://discussions.apple.com/docs/DOC-2435
The User Tip (which you are welcome to print out and retain for future reference) seeks to offer some guidance on the main security threats and how to avoid them, including the Flashback Trojan.
Apple also offers this article about the recent Flashback malware issue.
Ars Technica has a link to a quick app that checks your system to determine the presence of this malware. Here is the link:
It is by no means foolproof and does not remove the malware if it is determined to be present, but it harmless and easy to use. In the meantime, Apple says they're working on a fix.
Direct link to the app: FlashbackChecker 1.0
If it determines "no signs of infection were found" then disable Java in Safari Preferences. Make yours look like this:
If you are using other browsers like Firefox you will need to disable Java in them too.
The problem with that program, like a number of others, is it's based on F-Secure's earlier definition for the i version and not the K. The K also looks for infection in ~/Library/LaunchAgents, which this app won't.
Not to mention that we appear to be up to version R and beyond already!
They're all going to be behind the curve to varying extents 😟 For those reluctant or unwilling to do their own research it's better than nothing.
OpenDNS has recently been improved to address the Flashback trojan:
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.
Hello,
Virus has nothing to do with your AOL account hacked.
For more information read that :
How do I know if my account has been compromised (hacked)?
help.aol.com/help/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=51 598
Don't choose an easy password and only login on AOL website.
Don't respond on email that look like AOL send it and ask you to login on a fake webpage that will send your login and password to a hacker.
Don't download any files send to you by an unknown person.
noondaywitch wrote:
Not to mention that we appear to be up to version R and beyond already!
Different A-V companies give different names to the same malware. For instance, what the Russian company Dr Web calls "FlashFake.39" appears to be pretty much the same thing that F-Secure calls the I & K variants of FlashBack & most likely includes what Intego calls FlashBack R.
These companies typically change the suffixes whenever they find something they consider to be a significant change in the malware but that varies considerably from company to company.
John Galt wrote:
OpenDNS has recently been improved to address the Flashback trojan:
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.
Well, I'm not sure I'd rely completely on that. They are saying it blocks connection to the C&C, but what if you're already infected and already connected? And what happens if you're already infected and, never connected to the Flashback mothership, but OpenDNS goes off and you revert to your ISPs servers?
But good to know.
You can't rely completely on anything; there is no magic bullet. OpenDNS is just another defense, and has the advantage of being completely unobtrusive. If you already have Flashback, you have to get rid of it.
If you believe your ISP uses a secure DNS then that's fine.
I was really responding to this in your post.
Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.
WZZZ wrote:
Well, I'm not sure I'd rely completely on that. They are saying it blocks connection to the C&C, but what if you're already infected and already connected?
A blocked connection is a blocked connection, whether or not it previously was unblocked. It won't "undo" any damage done by or info passed to the C&C server prior to the block but it will stop anything new from getting through.
And what happens if you're already infected and, never connected to the Flashback mothership, but OpenDNS goes off and you revert to your ISPs servers?
There is that, plus somewhat similar considerations for things like deleting preference files during troubleshooting, making sure all your Network Locations are set to OpenDNS IP addresses if you use more than one location, & so on.
Because of all this, I use & recommend considering a multi-layer approach to malware protection, including using OpenDNS, A-V software, & above all keeping your software up-to-date. No one thing will protect you from everything but having more layers of protection gives you a better chance that one of them will.
Virus Protection
