Security software needed?

Helpful Links Regarding Flashback Trojan

Visit Thomas Reed's site for insight and help: Mac Malware Guide

A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started. However, be careful about what you do as new variants of the malware circumvent the efforts of earlier tools.

Also see Apple's article About Flashback malware.

Apple has released Java updates for Snow Leopard and Lion users:

Java for OS X Lion 2012-003; available only for users of Lion with Java installed.

Java for Mac OS X 10.6 Update 8; available only for users of Snow Leopard.

Flashback malware removal tool; available only for users of Lion without Java installed.

Install whichever shows up in Software Update. It removes the malware (if present), updates Java (if present) and tightens up Java settings for the future. You may download from Apple's web site instead of using Software Update, but it's important to know which one to get, because the other two won't work for you.

For the truly paranoid see 10 Simple Tips for Boosting The Security Of Your Mac.

Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.

The most effective defense against malware is your own intelligence. All known malware that affects a fully-updated installation of Mac OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?

• Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
• A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
• “Cracked” versions of commercial software downloaded from a bittorrent are likely to be infected.
• Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.

Disable Java (not JavaScript) in your web browser(s). Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in Mac OS X 10.5.8 or earlier, because Java in those versions has bugs that make it unsafe to use on the Internet. Those bugs will probably never be fixed, because those older operating systems are no longer being maintained by Apple. Migrate to a newer version of the Mac OS as soon as you can.

Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.

Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use ClamXav — nothing else.