commentary Flashback has brought the issue of security on Macs to the forefront of everyone's mind, and it's probably the best thing that could have happened for Mac users.
(IMG_3753 image by Carolyn Williams, CC BY 2.0)
Let's be realistic; there is a large proportion of Mac users who simply aren't savvy about computers. After all, Apple is notoriously known for developing hardware and an operating system that "simply just works". But the one thing that this concept doesn't work for is security. Security doesn't "just work" through software or hardware alone; it requires some level of knowledge for it to be effective.
For the unknowledgeable, the appeal behind using a Mac isn't the idea that it's more secure, but rather the idea that you never have to worry or even think about security. Macs don't get viruses, so you don't need a virus scanner, right?
But that's like buying a particular brand of car based on its reputation for reliability, and then never bothering to service it. It'll take more abuse, but if you neglect basic maintenance it'll break down eventually.
Just because Macs have a great track record doesn't mean that there aren't viruses out there. And computer viruses work like biological ones do; it's not about how many viruses are out there, it's about whether you expose yourself to the deadliest ones. It's like living in a country with a low rate of STIs, and then not using any protection when doing the deed. Sure, you may stay safe, depending on where and how you get around, but this is the internet — everyone is dirty.
Yet before PC fan boys start rubbing their hands together in glee, I'd like to point out that this isn't just about Macs. It's about education for users, Mac or not. Statistically, there is a better chance of running the internet gauntlet safely on a Mac than on a PC, but Mac users — the ones who aren't savvy — don't understand the need to install antivirus products, and ironically sometimes stand a worse chance against the threats that do cross their path by not doing anything to protect themselves. Un-savvy PC users are exactly the same.
Flashback is fantastic, not because it's ammunition for PC fan boys to say, "I told you so", but because technologically illiterate users realised for the first time that it might be worth finding out something about security. The pin dropped for those users who need to pay attention to security the most — the unknowledgeable. This message has already been bashed into Windows users time and again.
Apple users are finally beginning to ask questions relating to whether they are really secure, and whether they need to do something because it might happen again. And where there are questions, Apple needs to provide answers. It needs to educate. Apple has broken its policy of "Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available" to finally say that it will release a tool to remove Flashback-infected computers, and that it has taken action to shut down the botnet. The change is a welcome relief, but the company needs to go farther.
With Apple's growing popularity, it's only a matter of time before the next attack hits, and, regardless of the patches, software or hardware available, nothing will ever take the place of knowledge of where to get the patches from, why it is important to get them, the techniques used to deceive and where to go for help.
If Apple takes an active role in educating users, it won't be a golden cure, but at least it's a start.
If you suspect that your Mac has been infected or is susceptible to infection by Flashback, check FlashbackCheck.com. If infected, Kaspersky has provided instructions on how to remove Flashback ahead of Apple releasing its own tool, but, being an educated Mac user, you already knew that, right?