The scariest thing about the Flashback trojan: I have no idea how to fight it

Summary:The recent reemergence of the Flashback OSX trojan has shown a lot of things, but none more clearly than this: I have no clue how to counter virus and trojan threats on the Mac.

For four years in college I worked in my school's IT department. It was nice, my job, because honed my computer skills on a variety of fronts, teaching me the ups and downs of how to identify and fix all sorts of computer problems.

Malware removal was at the forefront of these skills. Pretty much all students had computers, but painfully few of them were all that great at taking care of them. Part of the blame was with Windows, but most of it was with users themselves. That was just the reality.

But then something significant started happening: Students starting buying Macs, and in rapdily increasing numbers. We watched the numbers grow each year, as Macbooks started eating into the marketshare formerly reserved for the gamut of Dell Latitudes and Toshiba Satellites. It was mesmerizing, but also worrying.

The ambivalence stemmed from this: If you asked any college student five years ago (and, hell, any college student now) why they decided to buy an Apple computer, chances are they would respond, without fail, with the following: "Macs don't get viruses."

Most of us are aware now that that's not true. Macs have remained relatively unscathed by threats because for a very long time very few people owned them. Things are different now -- though, admittedly, not much: As of October 2011, OSX commands around 13% of the U.S. PC market, which, while not a terribly high percentage, is plausibly enough to make the OS a target.

Market share realities aside, the vision of these new Mac owners was enticing. If Windows were a country, it would be one plagued by war and disease, and these new Mac owners would be like refugees fleeing into Apple's sheltering arms. Buying a Mac was entering starry-eyed into a utopia of worry-free computer use. "Macs Don't Get Viruses" was their mantra.

Very rapidly it became clear there were some major problems with that line of thinking. One, it wasn't true, and, two, it gave a lot of people some very dangerous assumptions about the reality of safety and using a Mac.

It was obvious on the IT end as well. Regular virus and malware threats on Windows had hardened our skills against them. On Windows, we had all the anti-malware tools we needed, and a deep knowledge on how to counter any number of issues. The constant threat made us constantly prepared.

Things on the Mac front could not have been any more different. The comparative lack of viral threats on the Mac end had left us soft, exposed. It was a utopia, sure, but the barbarians were at the gates.

I remember telling friends and supervisors multiple times that if a major Mac virus or trojan were to emerge, I would be at a complete loss as to how to fight it. This is probably still true, as the emergence of the Flashback trojan has shown most clearly.

The most recent version of Flashback targets a unpatched Java vulnerability in OSX, one that Oracle fixed months ago but Apple never got around to relaying. Now, I'm still not entirely sure what Flashback does, but I was pretty completely clueless on how I could fight it. This is the bitter reality of being a Mac owner in 2012. I have very little idea of how to keep my machine safe.

And I imagine many other Mac owners feel the same way. If the half million Flashback-infected Macs are any indication, Mac owners are all going to need a crash course in computer safety. And fast.

Related:

New OS X malware variant attacks unpatched Macs

Topics: Malware, Security

About

Ricardo Bilton writes for ZDNet's The ToyBox.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.