Go back more than a decade, and the phrase “computer virus” had rather specific meaning; it was software that did very, very bad things to your computer, and you generally knew all about it straight away, because the virus writers wanted it that way. Little bleepy messages would play when you started your computer up, letting you know that your files, operating system or (if you were very unlucky or unwise in your choice of software installations) hardware was now corrupt. Fixes were painful and expensive, but you knew you had a problem, and if you’d been stung before, you were far more likely to have backups of your most precious files.
I’ll now pause for a second to remind you: Back up your own files. Do it now — seriously, it’s far cheaper to buy a second hard drive or platter of writeable DVD-Rs than it is to go down the data recovery route by a staggering factor.
Anyway, that was the story regarding viruses, worms and malware more than a decade ago — but it’s not the case today. Today’s malware most definitely doesn’t want you to know that it’s there, because, to drop into a sporting metaphor for a second, the goalposts have shifted. It’s not about malicious programmers causing havoc for the fun of it; it’s about money and identity. If you knew you had malware on your system, you’d get rid of it — and that’d mean that the money trail (whether it’s sniffing around for traces of your bank account details or sniffing around for your identity for different kinds of fraud) would dry up double quick.
For some time Mac users were largely immune from this kind of thing, but the recent outbreak of the Flashback Trojan have shown something that many in the security community have suspected for quite a while. Mac security wasn’t solely a function of its Unix underpinnings, or any other kind of inbuilt security measure; the reasons were more to do with the size of the market that malware writers could target.
Flashback is a nasty little trojan that tries to get your Mac connected up to a network of other machines for illicit purposes; the current outbreak relates to weaknesses in the default version of Java that ships with the current version of the Mac operating system.
Apple’s growth in the home PC space has made it a larger target, and in some ways an outbreak like Flashback — which is said to have infected around 600,000 Macs worldwide — was to be expected. It’s a stark reminder, however, that we live in an age where this kind of computer security problem is very real; bear in mind that a Flashback-infected computer didn’t need any kind of authorisation; it asked for it but if refused used a different channel for infection, and installed essentially invisibly via browser based attack.
So what’s the sensible end-user approach? For a start, an anti-malware package — no matter your choice of computer — is an absolute must. It does still pay to be wary about what you’re installing; while there are more bits of malware that are installing silently, it cannot hurt to not let the more obvious pieces in. Running software updates that you trust from your operating system provider — whether that’s Apple or Microsoft or any of the countless Linux variants out there — should also be a must-do kind of activity; in the case of the Flashback outbreak, Apple released an update to its Java package that blocks further infections, but if you’re not updated, you’re simply not protected. Likewise, an AV package is only as good as its updates, which should be frequently applied.
On the cash side of things, Internet banking is a fine invention, but logging into your internet banking application from a system you don’t control — such as those in public libraries or internet cafes — is a very poor choice. Equally, checking your account regularly is a good idea, simply because if you do spot money going out in suspicious fashion, it can be an early warning sign that lets you put the brakes on any dodgy dealings.
Oh, and backup your files. You did remember to do that, right?