I sent this message out to my user group today. I thought that the folks on this discussion list might be interested in it. This is a followup to my previous message about Flashback (which, by the way, at this point is not technically a Trojan, since it can infect your computer with no warning or user interaction whatsoever, simply by you visiting a malicious, or just an infected, Web site.) I thought that everyone would appreciate more information. I've now sent out a mailing to over 9,000 subscribers of The MacAttorney Newsletter about Flashback, and I've posted about it on a dozen Mac discussion lists. So I've reached somewhere around 20,000 Mac users. Users have rushed to check to see if they were infected. So far, not a single user of the many who have written back has been infected with Flashback. While I have no doubt that Flashback is real, and that it is a good idea to do all that you can to protect yourself from it, I'm beginning to think that much of this scare was hype invented by anti- virus software firms in Russia, from whom the original report eminated. Some research on the Web turns up reports that the "600,000 infected machines" written about may not have necessarily been Macs. That number likely includes other OS's, the proportion of which to Macs is unknown. (i.e. It may be that mostly Windows computers were infected, and very few Macs.) Daring Fireball (written by widely respected John Gruber), a very popular Mac blog, a few days ago posted about Flashback: <http://daringfireball.net/linked/2012/04/05/flashback> As of last Thursday, he says he has heard from "about a dozen or so Daring Fireball readers whove been hit by this." The problem is that when there is a panic about a new virus, there will always be a few folks who aren’t deep thinkers who will rush to tell you that they have been infected based on any change in their computer, or even in their lives, real or imagined. Once you manage to elicit the details from them, it becomes obvious that their report isn't credible. Also, the media has reported that “security experts” have confirmed that Flashback is a huge threat. There is a problem with consulting with security experts. I call it the “to a hammer, everything looks like a nail” problem. These are folks who have been trained to recognize the millions of viruses that exist for Windows. To them, everything in the entire world is a huge security threat. I've never heard of a security expert who has said: " Just relax; start worrying if and when there are verifiable reports of computers being infected." I wouldn't be surprised if, after all is said and done, that not a single one of us will be infected by Flashback, and not a single one of us will know anyone first-hand who has been infected by it. Now, let me be completely clear, all of the above is not to say that you shouldn’t take all necessary steps to protect yourself from Flashback. You really should. But you should know that there is no reason to get paranoid. Your Mac is still the most secure personal computing platform out there. There isn’t a flood of Mac malware hitting us. The sky is not falling. It is very important to consider the source of any information that you hear about the Macinotsh, and that includes the media which doesn’t generally have a clue about the Mac. There are, unfortunately, lots of Apple-haters and people with various questionable motives in the world. An interesting blog post: <http://beyondbridges.net/2012/04/apple-and-the-flashback-trojan/> Various additional bits that might be helpful: Macworld now has an article about Flashback: <http://www.macworld.com/article/1166254/ what_you_need_to_know_about_the_flashback_trojan.html> How to check for and disable Java in OS X “Java used to be deeply embedded in OS X, but in recent versions of the OS it's an optional install. Here is how to check to see if it is installed, and how to disable or remove it.” <http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for- and-disable-java-in-os-x/> Some users have asked if there are any applications in common use that will be effected if they totally disable Java on their Macintosh. Here are the ones that I know of: Evernote MoneyDance OpenOffice-based suites (i.e. LibreOffice, NeoOffice, OpenOffice/Mac) I hope that you find this message useful. ___________________________________________ Randy B. Singer Co-author of The Macintosh Bible (4th, 5th, and 6th editions) Macintosh OS X Routine Maintenance http://www.macattorney.com/ts.html ___________________________________________