How to Secure Your Mac From Flashback Infection

Question: What's the best way to keep my Mac safe from the Flashback Trojan that has been in the news?

Apple Store
Getty Images
Apple Store

Answer: Flashback is technically not a trojan-horse application at all, but a "drive-by download" that infects computers by exploiting a vulnerability in Web software.

That makes it much worse than a trojan: You just need to visit a malicious site, without downloading the wrong app or entering an admin password, to have this program silently take command of your Mac and begin altering the content of Web pages.

That also sets Flashback apart from all of the other Mac viruses you might have heard about over the last few years. But it wasn't hard to see something like this happening.

Flashback attacks a known weakness in the Java software Apple has bundled on Macs but often updated slower than other vendors. Apple released a fix last week — "Java for OS X Lion 2012-001" or "Java for Mac OS X 10.6 Update 7" depending on your version of OS X — but it came too late for the estimated 600,000 Macs infected so far.

You can check your Mac for symptoms of Flashback by copying a couple of commands into the Terminal command-line app; anti-malware vendor F-Secure has instructions on its site. Dr. Web, the Russian security firm that has helped to identify this malware, has posted its own Flashback checker.

Most advice on preventing this sort of attack has hit the same points: promptly install security updates, don't visit suspicious sites, install anti-virus software. But for home users, I recommend a simpler and more effective remedy: Get rid of Java.

This software, originally developed by Sun Microsystems and now an Oracle product, once held promise as a way to let computer users run complex apps over the Web on any computer. But the Web itself now does that job better than Java — you don't need Java to create a spreadsheet in Google Docs, edit a photo on Flickr, or write a blog post on WordPress.

These days, I only see Java used in some newspapers' online crosswords (fortunately, not this one) and on my bank's remote-check-deposit site (but I can upload my own scanned images of checks instead). I can't think of any remotely essential uses for it on a home computer.

Java has, however, become an attractive target for malware authors. So why put up with that risk for so little reward?

To disable Java in Apple's Safari, go to the Safari menu, select "Preferences…" and click that window's Security heading, then click to clear the checkbox next to "Enable Java." To do the same in Mozilla Firefox, go to its Tools menu, select "Add-ons," click "Plugins" and click the "Disable" button to the right of the Java plug-in entry. In Google Chrome, click the wrench-icon menu, select "Under the Hood," and click the "Disable individual plug-ins" link.

This advice applies to Windows users too. But while you can't easily uninstall Java from OS X, you can and should in Windows through the Control Panel's usual "Add or Remove Programs" or "Uninstall a Program" options.

Tip: Search through time with Google.

Looking for documentation on how to disable Java in various browsers brought up a lot of out-of-date links. But then I remembered to click the "More Search Tools" to the left of a Google search page.

This brings up a menu of date ranges — from "Past hour" to "Past year" to any other span of dates you choose — that you can use to refine your search. It's an enormous help when looking for recent news stories on a subject, but I've also found it useful when digging up older pieces that I know went up years ago.

Unfortunately, neither Bing nor Yahoo's implementation of Microsoft's search offers this same simple flexibility, although each still allows you to limit searches to pages published in the past 24 hours, past week or past month.

As an added bonus, if you happened to use Google's option on April 1, you would have seen such extra, entertaining date ranges as "Tomorrow," "Cretaceous Era," and "Past 5.391e-44 seconds."

This story first appeared in USA Today.