Apple Flashback Malware Removal Includes Innovative Approach to Reducing Risk for Macs
Apple is dealing with the harsh reality that Mac OS X has become a target for malware attacks.
PC World - Better late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems. Beneath the belated fix to help users eradicate the threat, Apple has introduced a proactive approach to reducing security risk that other vendors should take note of.
This first couple Java updates already patched the underlying vulnerability. The latest version doesn't address any new vulnerabilities--it takes care of the destruction left in the wake of the vulnerabilities in the first place, and proactively reduces the exposure to risk for Mac users.
The latest Java update from Apple removes the known variants of the Flashback malware from infected Mac OS X systems. It also automatically disables Java if it has not been used during the previous 35 days. Once disabled, users have to manually re-enable Java in order for Java applets to run again. That means that malware attacks like Flashback would be unable to automatically execute and compromise Macs that don't regularly use Java.
In his Laws of Vulnerabilities blog, Qualys CTO Wolfgang Kandek appears to be impressed by Apple's innovative approach to minimizing risk. "This is exciting and to my knowledge nobody has done something like this before. It makes total sense to me: We have been telling users to disable or uninstall Java if they do not need it, but we know very well that only very security conscious users will do so."
It is a core tenet of computer and network security to disable or remove software and services that are not being used. Not doing so exposes the system to undue risk should a vulnerability be discovered and exploited against the unused tools and applications. Adding insult to injury, even when a flaw is discovered and announced, many users mistakenly believe the issue doesn't affect them because they're not actively using the tools. They'll ignore the patch and remain vulnerable.
What Apple has done with this update is to take the decision out of the user's hands--at least as it relates to Java. The OS will now monitor usage and simply disable Java if it is not used for an extended period of time. Other operating system platforms and software vendors may want to adopt a similar approach to automatically disable unused and unnecessary services to reduce exposure to attacks.
Kudos to Apple. It may be late to the game when it comes to helping users remove the Flashback malware from Mac OS X, but it has raised the bar for proactively protecting systems at the same time.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Exponentially Accelerate Data Protection and Recovery with Simpana 10 IntelliSnap® Snapshot Management Technology Are you making the best use of your storage array snapshot functionality? CommVault Simpana 10 IntelliSnap technology manages hardware-based snapshots across multiple vendor...
- Simpana IntelliSnap Technology Datasheet With IntelliSnap you can maximize the value of your snapshot technology while dramatically reducing management overhead and complexity.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Mac OS X White Papers | Webcasts