Home Forums Mac Software Mac Applications Flame virus

Today I read about this new ( to me ) flame virus. There is a comprehensive article in a Toronto newspaper which gives all the details but stops short of saying how to protect ourselves from contracting this virus.
Has anyone any suggestions? Personally, I always clear my history, empty the cache and remove all cookies before shutting down. Is this sufficient protection from viruses?
jaybass

I reported this in the THE CYBER-SECURITY THREAD (qv) earlier today, with a link to the G&M article.

To answer your question: No. Just to clear history, empty cache and remove all cookies doesn't provide any protection whatsoever from virtually anything malicious. A good anti-virus application is essential — but even that wouldn't protect against infection with Flame (as the article points out). But if you're not in the Middle East, it's probably not a big deal (at least for the moment).

Is what I do of any advantage at all?
Thanks for your reply.
jaybass

There's an easy one-step process for protecting yourself from the Flame malware:

Step 1: Don't run Windows.

This malware only targets Microsoft Windows. Additionally, it doesn't spread at random. Like Stuxnet, it appears to have been written by a government agency for the purpose of targeted attacks against specific people, companies, and organizations in the Middle East, primarily in Iran.

Taking steps like clearing browser history or removing cookies offers you zero protection from viruses because browser cookies, history, and cache have nothing to do with viruses. Viruses are programs, just like word processors or video games are programs, and while they will sometimes spread by using flaws in a Web browser to download themselves without you knowing about it, that doesn't have anything to do with cookies or caches.

It sounds like the Flame malware is so platform specific that it will not easily, if at all, lend itself to application to the Mac platform even if criminals get their hands on it; is that more or less correct?

Yes, that is exactly correct. It is extremely fine-tuned for Windows, written to exploit a cocktail of known Windows vulnerabilities (and possibly some zero-day vulnerabilities as well), and written to interface with Windows at a very low level, even intercepting Windows drivers for some devices. It cost millions of dollars, at the very least, to develop; it could not be ported to Mac OS X. It would have to be entirely rewritten for Mac, also at a cost of millions of dollars.

This entire thread should be re-routed to THE CYBER-SECURITY THREAD in The Lounge, if only for the sake of consistency.

THE CYBER-SECURITY THREAD in the Lounge is more for information sharing and discussion. This one is just fine here in a Troubleshooting and Help Requests forum.

> It would have to be entirely rewritten for Mac, [....]

And that could only happen if OS X has got enough similar vulnerabilities, which seems unlikely.

Yes and no. If you have enough time available to you, and enough money, you can find vulnerabilities to target. It's a question of focus, dedication, and resources.

When the Stuxnet virus came out, it targeted several vulnerabilities that had not been seen before, some of which were quite complex. Typical malware authors write for money, so they have some resources available, but not that many. This kind of work typically requires the resources of something like a government...and yes, if they could bring those resources to bear on OS X, it'd probably fall, too.

What's interesting is that these malware strains, sophisticated as they are, don't rely only on new vulnerabilities. They also target existing vulnerabilities that have been patched, presumably because the system's they're targeting (such as command and control systems at industrial plants), frighteningly enough, are not often updated. The manufacturers of these systems want to make sure that system updates won't interfere with the performance of the machines they control, so updates may not be approved for use on SCADA systems for years after they're released, if at all.

Stuxnet, Duqu, and Flame don't target random systems. They're very carefully targeted; Flame uses various IP geolocation techniques to determine where the machine it's infecting lives, and won't even try to infect systems outside certain areas. From the point of view of a random person trying to protect his computer, not running Windows, not being in the Middle East, and not being part of Iranian nuclear or industrial companies seems like better protection than antivirus software.