How to Find Out if Your Mac Is in the Infected 1 Percent
The chatter in computer security circles last week and over the weekend was about the Mac. A weakness in Oracle’s Java has led to the infection of some 600,000 Macs with malware, creating the first known Botnet comprised of machines on that platform.
Naturally, Windows apologists, sick of being the target of a decade of malware-based ridicule, were quick to jump up and down and scream that the Mac’s newfound market success has made it the next natural target for malware creators.
One thing that has been lacking of yet is a course of action for the 1 percent of Macs in use that have been hit with the malware. Kaspersky Labs, which did a thorough analysis of the malware today launched a Web-based tool to determine if your Mac is among those known to have contracted it.
The tool checks the Mac’s UUID number against a database of machines known to be affected and tells you if you have it, and if you don’t know what a UUID number is, it shows you how to find it.
If your machine turns out to be among the anointed 1 percent who some say are the harbingers of a new apocalyptic phase for Mac security, there is a removal tool.
So now that we’re nearing the end of this kerfuffle, what can we glean from this incident on the state of Mac security? First off, it’s necessary, as always, to include a hedging statement. In the investing world we often hear the phrase “Past performance is not an indication of future results.” It means that unknown, unforseen circumstances can always bring about a substantial variation in a known and established pattern.
On the subject of security the pattern has been this: Occasionally, a vulnerability, sometimes nothing more than a proof of concept, sometimes something a little more threatening, such as this Flashback malware or the MacDefender one that occurred last year, appears and re-opens the discussion. After years of marginal market share, the Mac now represents a juicy new target for malware creators, and Mac users are in for a rude awakening.
Indeed, various pundits have been saying that some onset of significant serious trouble for Mac owners is just over the horizon. This indeed could happen. A new supervirus could emerge tomorrow that causes all kinds of unforseen troubles. But it hasn’t yet.
Windows still remains a target. As recently as 11 months ago, Microsoft’s own data showed that of the 420,000 Windows users who downloaded a then-new malware removal tool, those who had infections averaged 3.5 threats per machine. And of the top 10 threats seen at that time, seven were the result of vulnerabilities in Java, something you should probably consider turning off, whether your computer runs Windows or Mac OS.
As of today, for those 600,000 people whose Macs are infected, they’re averaging only one threat per machine.
One is still too many, especially if it’s a bad one. And clearly Apple can’t act like it’s impervious to security concerns, yet there’s no evidence that it is. Just slow. Some critics have said Apple didn’t respond quickly enough to this latest outbreak, especially in light of the fact that Flashback/Flashfake took advantage of a Java vulnerability that has been known for about a month. Apple clearly could have and should have responded faster.
Apple last year hired David Rice, a former U.S. Navy Information warrior, so it has at the top of its security team a well-respected executive with a history of thought leadership on the subject.
The current state and future of Mac security will be a topic I hope AllThingsD’s Kara Swisher and Walt Mossberg ask Apple CEO Tim Cook about on the stage at D:10 next month. One hopes he’ll give us some visibility into the urgency or lack thereof with which Apple views the evolving threat landscape.
But if this is the worst that the malware creators can dish out, I still like my chances on the Mac. The apocalypse isn’t here yet.