Forum Question: Would Anti-virus Software Have Detected the Mac Flashback Trojan?

I am a big Mac fan and am glad to not need anti-virus software, but my question is: Would anti-virus software have detected the Mac Flashback Trojan?
I read online that Oracle and others were aware of the problem 6 months ago, but Apple just fixed it recently… would the main anti-virus companies not have updated their definition much quicker then the Apple fix came in … and if so, is this not the 1st example (with more to come in the future) that may actually be a good reason to get anti-virus software for Macs?
—–
Russell

Comments: 8 Responses to “Would Anti-virus Software Have Detected the Mac Flashback Trojan?”

    4/13/12 @ 10:21 am

    That’s a good question.
    First, however, realize that the “Flashback trojan” and its variants have been around for some time, on both Windows and Mac.
    As a trojan, the main concern is the delivery mechanism. The trojan horse itself. For a long time this was fake downloads named after popular software. You go to a site and it offers a pirated version of app X, so you download it. It doesn’t contain X (or maybe it does, to hide the trojan better) but it instead installs the malware on your computer.
    Recently, the delivery mechanisms have varied. In one case it was a MS Word document. And then recently a Java app on a web page.
    The Java app and MS Word docs were interesting cases. In those cases it differed in that it didn’t ask permission to install. The previous trojan horse delivery mechanisms were very weak in that they had to ask your permission. The new mechanisms were much sneakier. You still had to perform an action yourself (download and open the Word doc, visit a malicious web site).
    The “problem” that Oracle was aware of a while ago wasn’t the Flashback trojan. It was simply that Java had a flaw that could be used to run something without the user’s permission. It wasn’t a dangerous flaw until someone exploited it by creating a trojan that used that flaw to deliver the Flashback malware.
    Apple actually stopped installing Java by default with Lion. That is why so many people didn’t get the Software Update notice — you only get it if you have Java installed. So Lion by itself wasn’t susceptible to this problem as Lion doesn’t include Java. But once the problem existed, Apple jumped in and quickly released a patch for those that did have Java installed.
    Now your question is very interesting: “Would the main anti-virus companies not have updated their definition much quicker than the Apple fix came in?”
    I don’t know.
    I don’t know because the anti-virus companies don’t seem to mention that anywhere. I’ve looked. They jump on these incidents to publicize that there are threats and try to use fear to sell their products. But they either:
    1. Did quickly update their software to defend against the Java/Flashback trojan, but failed to mention that important fact in any of their public relations postings.
    2. Didn’t updated their software to defend against this attack. Or, did so after Apple has already issued its patch.
    Even if the answer is #1, they would have only beat Apple by a few days. And this variant of Flashback was easy to detect and remove before then, with absolutely no special software.
    So while this could be an example of why you might want to get anti-virus software, it could also be an example of why OS X itself, and common sense, is the only thing you need.

    Russell
    4/13/12 @ 10:39 am

    Thanks, Gary.

    Is this really true?:
    “But once the problem existed, Apple jumped in and quickly released a patch for those that did have Java installed.”

    I’ve had Java installed since I got Lion. Oracle knew about this flaw in Java. Then Apple took 6 months to fix it. Obviously Apple felt the onus to do the fixing, hence they released the patch, but again they did so 6 months later.

    At least we know that the real developers at fault at the root of it are the one’s from Oracle…

      4/13/12 @ 11:03 am

      They did so 6 months after the flaw was discovered. But it wasn’t a danger until a few days ago when a variant of Flashback existed that took advantage of it. There are flaws all over all sorts of software. But they aren’t dangerous until someone exploits them.

    Michael Wheless
    4/13/12 @ 4:43 pm

    I am wanting your opinion about downloading these updates. I had not paid close attention to the recent episode, so when I got an update notice from Adobe Flash, I was uncertain, and chose to quit the notification.

    It made me curious so I went to the Adobe website and confirmed that my Flash Player was the most recent one. In effect, I had been sent a bogus update notice.

    Here’s where I want to know your thoughts. I have just a few apps, like Flash Player, Adobe Reader and such (many are your recommendations and glad I have them). Of course, these apps will legitimately send me update notices from time to time. Is it wiser to verify the validity of the update by going to the website of the developer and checking?

    Also, is it wiser to simply close the update notice or press the “quit” tab?

      4/13/12 @ 5:05 pm

      Pay careful attention to where those update notices are coming from. Is it simply a graphic or a pop-up in the web browser? If so, it could could from anywhere. If it is not a part of the web browser (hide Safari and see if it is still there) but is part of a legitimate non-browser process, then you can use it.
      But you can always go to the web site like you said. It could be that you did get a legit update notice, but when you went to the site you had a version of Flash that as “recent enough” for the site to say “you’re OK.”

    Joseph Landwermeyer
    4/13/12 @ 7:16 pm

    Gary, would another option to verify valid update notices be to close the “update warning box,” then open the software in question and check for updates through the program itself?

      4/13/12 @ 8:22 pm

      Yes. As long as the software works that way.

    John P
    4/25/12 @ 7:02 am

    One thing i have noticed since switching over from PC’s is the amount of apathy in the Mac community, With regards to Viruses and the like, The old it won’t happen to me scenario, Is i find a little scary.
    I think it’s just a case that Mac’s just have not been in their sights because of lower numbers than PC’s, and so a smaller target, But this is changing a lot of late with the high amount of iPhone’s, iPads, iMacs, etc etc being sold especially to a demographic that has usually more ripe pickings to plunder!
    I don’t mean to sound dramatic but maybe that is what is needed to get people to change their ways?

Comments Closed.