Flame virus
|
Joined: Aug 2009
Likes: 2
|
OP
Joined: Aug 2009
Likes: 2 |
Today I read about this new ( to me ) flame virus. There is a comprehensive article in a Toronto newspaper which gives all the details but stops short of saying how to protect ourselves from contracting this virus. Has anyone any suggestions? Personally, I always clear my history, empty the cache and remove all cookies before shutting down. Is this sufficient protection from viruses? jaybass
OS 13.6.6 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
|
|
Re: Flame virus
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
I reported this in the THE CYBER-SECURITY THREAD (qv) earlier today, with a link to the G&M article.
To answer your question: No. Just to clear history, empty cache and remove all cookies doesn't provide any protection whatsoever from virtually anything malicious. A good anti-virus application is essential — but even that wouldn't protect against infection with Flame (as the article points out). But if you're not in the Middle East, it's probably not a big deal (at least for the moment).
|
|
Re: Flame virus
|
Joined: Aug 2009
Likes: 2
|
OP
Joined: Aug 2009
Likes: 2 |
Is what I do of any advantage at all? Thanks for your reply. jaybass
OS 13.6.6 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
|
|
Re: Flame virus
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
There's an easy one-step process for protecting yourself from the Flame malware:
Step 1: Don't run Windows.
This malware only targets Microsoft Windows. Additionally, it doesn't spread at random. Like Stuxnet, it appears to have been written by a government agency for the purpose of targeted attacks against specific people, companies, and organizations in the Middle East, primarily in Iran.
Taking steps like clearing browser history or removing cookies offers you zero protection from viruses because browser cookies, history, and cache have nothing to do with viruses. Viruses are programs, just like word processors or video games are programs, and while they will sometimes spread by using flaws in a Web browser to download themselves without you knowing about it, that doesn't have anything to do with cookies or caches.
|
|
Re: Flame virus
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
It sounds like the Flame malware is so platform specific that it will not easily, if at all, lend itself to application to the Mac platform even if criminals get their hands on it; is that more or less correct?
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Flame virus
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
Yes, that is exactly correct. It is extremely fine-tuned for Windows, written to exploit a cocktail of known Windows vulnerabilities (and possibly some zero-day vulnerabilities as well), and written to interface with Windows at a very low level, even intercepting Windows drivers for some devices. It cost millions of dollars, at the very least, to develop; it could not be ported to Mac OS X. It would have to be entirely rewritten for Mac, also at a cost of millions of dollars.
|
|
Re: Flame virus
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
This entire thread should be re-routed to THE CYBER-SECURITY THREAD in The Lounge, if only for the sake of consistency.
|
|
Re: Flame virus
|
Administrator
|
Administrator
Joined: Aug 2009
|
THE CYBER-SECURITY THREAD in the Lounge is more for information sharing and discussion. This one is just fine here in a Troubleshooting and Help Requests forum.
FineTunedMac Forums Admin
|
|
Re: Flame virus
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
> It would have to be entirely rewritten for Mac, [....]
And that could only happen if OS X has got enough similar vulnerabilities, which seems unlikely.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Flame virus
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
Yes and no. If you have enough time available to you, and enough money, you can find vulnerabilities to target. It's a question of focus, dedication, and resources. When the Stuxnet virus came out, it targeted several vulnerabilities that had not been seen before, some of which were quite complex. Typical malware authors write for money, so they have some resources available, but not that many. This kind of work typically requires the resources of something like a government...and yes, if they could bring those resources to bear on OS X, it'd probably fall, too. What's interesting is that these malware strains, sophisticated as they are, don't rely only on new vulnerabilities. They also target existing vulnerabilities that have been patched, presumably because the system's they're targeting (such as command and control systems at industrial plants), frighteningly enough, are not often updated. The manufacturers of these systems want to make sure that system updates won't interfere with the performance of the machines they control, so updates may not be approved for use on SCADA systems for years after they're released, if at all. Stuxnet, Duqu, and Flame don't target random systems. They're very carefully targeted; Flame uses various IP geolocation techniques to determine where the machine it's infecting lives, and won't even try to infect systems outside certain areas. From the point of view of a random person trying to protect his computer, not running Windows, not being in the Middle East, and not being part of Iranian nuclear or industrial companies seems like better protection than antivirus software.
|
|
|
|