Monthly Archives: April 2012

A Summer Resolution:

Summer break either has begun or is beginning for many people, specifically students.  Many will take the time to relax, vacation, and take a break from their work.  Families too will also take the time to do some of the same.  While I intend to do some relaxation (I am still a student myself after all), I plan on doing something a little different.  You’ve heard of New Year’s Resolutions, I’m making a Summer Resolution.

I plan on not letting this summer go to waste.  I’m going to make this summer productive and do something with it.  This summer, along with my job and summer courses, I’m going to take time to learn on my own.  Here are my summer resolutions:

  1. After going through my first Java coding lesson this past summer, I resolve to learn more about Java and be more than prepared for my next Java course in the fall.
  2. I have several books that I have bought and plan to read this summer.  These books cover several topics including history, science, theology, philosophy, and language (and a few novels).  I resolve to read at least 3, if not more, by the beginning of the Fall Semester in August/September.
  3. I currently enjoy learning languages and about languages.  I particularly like East Asian languages like Japanese.  While I have been taking Japanese courses for the past year, I will be unable to continue due to other classes next semester.  I resolve, presuming I find the time between my summer work and my other resolutions, to continue my Japanese studies.

I’m sharing this for two reasons.  First, I want to be held accountable.  I’m posting this publicly so people can know what I am doing and help me follow these resolutions.  Being held accountable and having the support of others has a tremendous impact on keeping and performing resolutions.  The second reason, however, is for you.  I want to encourage everyone to do the same.

No, you don’t have to learn Java or Japanese; those are my goals.  But I encourage you to pick something, at least one thing, and do it during the summer.  If it means studying another language or learning code, then do it.  If it means getting healthier by exercise or diet, do it.  If it means studying a topic you’ve struggled with or never explored, then study it and find experts on it.  Pick something you want to learn and then do it.

If you want to join me and do the same, great, but don’t let that be all you do.  Share what you’re doing with your friends and family, blog about it and how you’re doing, or post on your social networks.  Do something to where people can know what you’re doing and not only hold you accountable for your resolutions, but also to encourage other people to do the same.

Do you like this idea?  Are you going to do the same?  Share this with your friends, or better yet, share what you’re going to do with your friends.  Comment below what you’re going to do if you are going to do the same.  Thanks!

Games4Mac: Diablo III Beta

This seems like a wonderful time to get back into Games4Mac, and why not start with the Diablo 3 Beta.  Free for this weekend from Blizzard, the guys that bring you Starcraft and World of Warcraft, Diablo 3 is the third title in the Diablo franchise.  You need a Mac running 10.6.8 or higher and a free Battle.net account:

Download the game here: https://us.battle.net/account/download/index.xml

Sign up for Battle.net here: http://www.battle.net

App of the Week: Opera

When we talk about web browsers, we generally talk about the Big Five: Microsoft Internet Explorer, Apple’s Safari, Mozilla Firefox, Google Chrome, and Opera.  Haven’t heard of Opera?  You should.  Opera is the smallest of the big five browsers, but one of the most innovative and platform diverse browsers out there.  It was the first with tabbed browsing and a Speed Dial homepage, which is like Chrome’s “Most Visited Sites” tab page or Safari’s “Top Sites”.  It is also available on the most diverse of platforms.  Whereas Apple’s Safari is available to Windows, Mac, and iOS users, Opera runs on Windows, Mac, Linux, Android phones, iOS (iPad and iPhone), Windows Mobile, and the Nintendo Wii and DS, among other platforms. It is also the default browser on many weaker mobile systems.

What is surprising about Opera is the number of built in features it has without being bloated.  It uses the least amount of resources of the Big Five and takes up the least amount of hard drive space, making this a wonderful browser for older or weaker Macs (or computers in general).  Inside it comes a browser that is lightning fast and was only beaten by Chrome in tests for speed.  But while the tests pointed to Chrome as being faster, Opera to my eyes seemed just as faster, and in some cases faster.  In the browser, you’ll

Opera Speed Dial

find a plethora of features including a mail client, RSS reader, an IRC chat client, a built in Torrent downloader, and more.  While I preferred to keep my mail and RSS feeds in Apple Mail, having this feature was incredibly useful.  I found it to be a little slow on occasions importing mail, but otherwise pleasant.  If any browser was posed to be an all-in-one experience, Opera is probably at the top.

Opera also has Opera Link, which is similar to, and practically inspired, Firefox Sync and Chrome syncing.  After making a free My Opera account, you can use the account to sync bookmarks, passwords, Speed Dial sites and more between your Mac and other Opera enabled devices.  I found this experience to work very seamlessly after logging in.

There are a wide variety of user features.  Opera was designed to let every user’s experience fit their own needs.  You can operate Opera with the standard combo of keyboard and mouse, but Opera’s not fit to just limit you to that.  Opera provides both mouse/trackpad gestures and.or keyboard shortcuts to control nearly every aspect of how the browser works.  And while Opera has a nice and creative variety of themes, Opera’s layout is set to allow those with visual and motor impairments to easily control the browser.  One example, the browser is capable of zooming in on everything on a page, whether it’s text, Adobe Flash, Java, and more.  Users can easily customize fonts and colors as need be.  IBM even partnered with Opera to allow the browser to easily read webpages and be voice controlled.

One other feature that is amazing, but I didn’t have a chance to try, is Opera Unite.  Opera Unite allows you to use any computer running the Opera browser into a web server.  You can stream media from your computer over a network or Internet, whether it be pictures, music, or videos.  You can also set up file

Opera Unite sidebar

sharing, allowing you to use any computer as a network drive, or even host your own website.  Unite also lets you create your own chat room.  All of this works so long as you have a My Opera account, and both your computer and Opera are turned on and running.

Opera users can take advantage of a couple of other neat features.  Tab stacking, which allows you to group tabs or a similar (or not so similar) nature together, is one of them.  So if I have a bunch of articles relating to a topic, I can put them in a tab group, which essentially hides them into one tab that can be opened.  Opera also can utilize what it calls “Turbo”; if Opera detects you have a slow Internet connection, Turbo can activate automatically.  When enabled, any web traffic you receive will be sent to Opera’s servers to be compressed and then sent to you in a smaller package.  This generally speeds up browsing experience, but if it is enabled all the time, it can actually slow your browsing experience.  Turbo can also break some more advanced web functions or plugins because of the compression process. This is why Opera allows you to set Turbo to only run when a slow connection is active.  The few times it did activate for me, I never noticed anything too bad with how it presented compressed pages, minus a few formatting issues.

I should mention at this point that some features require a My Opera account to be fully utilized, such as syncing.  While this may be an annoying, I find the account to be quite helpful, and really isn’t much different that what Apple does with iCloud and Safari or what Google does with your Google account and Chrome.  By signing up for the Opera account, you also get access to cool features such as a user customized news page and a free blog creation website (much like the free Blogger or WordPress), along with the syncing capabilities.  You can also sync extensions, which are new to Opera 11.  While some major extensions like LastPass, XMarks, and WOT are available, the selection of extensions is not as large as Chrome or Firefox.  Opera also has Widgets, which basically run as standalone apps to play games, give you the weather, act as translators, etc.  I found this tool, however, to be occasionally buggy, such as not actually running the widgets when I wanted them too.  The premise is cool, but the implementation needs some work.

I like Opera because of the variety of features, and because I love rooting for underdogs.  When I first got a Mac, I used Opera for a long time as my default browser: I found Firefox slow, Safari wasn’t safe, and I never felt completely comfortable with Google.  Things have improved now, and all the browsers have gotten better, Opera included.  But for all of these features, there were just a few things that Opera didn’t do well.

For example, when trying to upload pictures to a webpage, Opera wouldn’t load the window so that I could add pictures to an article.  I also noticed some weird formatting issues with some websites.  On the Yahoo homepage, for example, I noticed that some of the pictures in the news roulette were scrunched up to the

The Peacekeeper Test marks it just below Iron, a version of Google Chrome.

left side, and after a refresh of the page or going over the tab again, the picture would right itself.  One of my friends also tried Opera, and noticed that it would load a JavaScript game for him, whereas the other browser could.  This last one is particularly strange because Opera boasts that it has the fastest JavaScript engine.  Opera would also slow down when opening several tabs, something Chrome or Firefox only did when more tabs were already open.

One last gripe I had about the browser was the way it opened links outside of the browser.  If I open a link from my Mac’s Twitter app or from Apple Mail, the other browsers will make a new tab and open the link.  Opera, however, would take the tab I was currently in and load the link.  This meant that if I had a bunch of news stories I wanted to read, instead of having several tabs to look at, I had to manually open tabs or keep hitting the back button.

Opera is an fast, powerful, and amazingly light browser.  It has the features to stand on its own, but still has some kinks to work out.  If you’re looking for an alternative web browsing experience, or you need a browser that won’t eat into your Mac’s resources, Opera is the way to go.  Opera is a free download from the Mac App Store or from opera.com for OS 10.4 “Tiger” and higher.  It is also available for iPone, iPad, Android, BlackBerry, Windows Mobile, Symbian, Maemo, Nintendo DS, Nintendo Wii, FreeBSD, Windows, & Linux.  If you have any questions, comments, or suggestions about this or any other topic, leave a comment below or email me at easyosx@live.com  You can also check me out on Facebook, Twitter, and YouTube by hitting the buttons on the top of your screen.  You can also check out my Google Plus.  Thanks!

How to Remove the Flashback Malware

Normally, this is the part of the week where I review an app and post the “App of the Week”. However, this past Monday, the computer lab where I work was inundated with Macs infected with the Flashback malware. So instead of writing a post about a cool app to install, I decided it would be better to write a tutorial on how to remove a certain unwanted “app” from your Mac.

WHAT IS FLASHBLOCK?
Flashblock is a malware known as a trojan, named after the Trojan Horse story in the Iliad.  The trojan acts like an installer/updater for Adobe Flash, a common plugin used in multimedia players such as YouTube, Pandora, web ads, and more, and gets you to install the program. But instead of installing Flash, it installs the Flashback trojan. Earlier versions required your Administrator password to install the trojan, and later versions would uninstall itself if it detected certain anti-viruses running on your Mac. The most recent versions, however, can install without your password and without your knowledge.

ITS PURPOSE
Simply put, it steals your passwords: email, bank accounts, games, everything. If you type in a password, Flashback will steal it. Even if you do remove the virus, the bad guys could still have your private information.

HOW TO DETECT AND REMOVE
If you’ve been looking around the Internet for how to remove Flashback, you’ve probably run into Terminal commands for detecting it. Unfortunately, they don’t really work to well, and here’s why. The terminal isn’t actually looking for Flashback, but certain Java files that may indicate that Flashback may be on your system. Unfortunately if you have run anything with that is or requires Java, the terminal will output that you have some files. These may include MineCraft, Runescape, OpenOffice, LibreOffice, NeoOffice, Java coding utilities like BlueJ, Eclipse, and so on. You can run a tool like Flashback Detector from GitHub which runs these scripts. However, I ran the scripts both manually and with the automatic tools on the first three infected Macs I received and only one of them through either method returned a positive, even though all three were infected.

You can also check with Dr. Web’s online tester, which tests your Hardware ID number with its own records of what computers have been infected. This requires your Hardware UUID, which you can find by hitting the Apple logo in the top left hand corner of your Mac, and going to about this Mac. You can then hit “More Info” followed by “System Report” in Lion, or “More Info” on previous versions.   Select Hardware in the left sidebar and find the Hardware UUID number. This checker will not tell you if you are still infected, but it will tell you when it was infected and the last time Flashback phoned home. This method seems to me as the better way to check for the Trojan.  Kaspersky also has a handy web checker at http://www.flashbackcheck.com/ that essentially does the same thing as Dr. Web’s.

To remove the virus, using the Terminal to try to remove it may be problematic. There are tools out there that can help you remove the virus. However, for best results you will need the Internet.

If you have Internet access: First, update to Apple’s latest version of Java, which include a Flashback removal tool that removes “the most common variants” of the Flashback malware.  You can download it through Apple’s software update, or by using this link.  It only runs on OS 10.6 Snow Leopard and higher.

I recommend using Kaspersky’s removal tool that scans exclusively for all the variants of Flashback and any related files.  It runs very fast, and is available for OS 10.5 and higher.  However, occasionally I found it wouldn’t run, or needed an update, but reinstallation fixed nothing.  You can also try F-Secure’s removal tool, which runs the same Terminal commands that the manual removal instructions recommend.  You can download that from CNet here.

Whether it works or not, your next step is to download a copy of Sophos Anti-Virus for Mac Home Edition,

Sophos Antivirus for Mac 8.0

which is free from Sophos and is available for Macs running OS 10.4 (“Tiger”) or higher. Once installed, make sure you update it until you are sure you have the most recent definitions. You may wish to change Sophos’ setting to move the virus elsewhere rather than have it delete it automatically. Either way, once it finishes the scan, which should take an hour or two to scan the whole hard drive, hit the clean-up button, and you are done.

However, on a few infected Macs, I ran into an issue where Sophos could not detect the malware. I then used another tool from Dr. Web, the firm that initially sounded the alarm about Flashback and created the online checker mentioned above. They have a free tool in the Mac App Store called Dr. Web Light which can remove the trojan. However, since the tool is available only in the Mac App Store, it only works on Mac’s running OS 10.6 (“Snow Leopard”) or higher. You can put the tool onto a flash drive as well and run the scanner from the flash drive, which is nice. When it has finished scanning, you should see a Java file ending in .juschd , which is the trojan. Hit “Neutralize”, or tap the arrow on that file and click “Delete” to remove it from Mac. Once all that is done, it wouldn’t hurt to run any or all of these three scans again.

If you don’t have the Internet:
If you don’t have the Internet, you can’t use Dr. Web or Sophos because they will need to update their virus definitions before scanning. You can remove it manually by following F-Secure’s directions on how to remove Flashback manually. There are a couple of caveats: First, the virus is constantly changing, meaning that the directions you see will have to be updated. F-Secure has been updating these directions in a timely manner, and they do provide links to more recent directions. The bigger caveat is that the these directions require a lot of digging around in OSX’s system files and require use of the Terminal, so these are not for the faint of heart. If you don’t feel like removing it through this manual method, either take it to a Mac expert for them to work on, or get an Internet connection to run the tools mentioned above.

If you have access to a

Kaspersky's Flashfake Removal Tool (Courtesy of Kaspersky)

computer that does have Internet access, or just have a friend that does, download Kaspersky’s removal tool that they just created.  Since this doesn’t need any more updates to run after the initial download of the file, it makes for a really simple and effective tool to use.

Your last option, the one guaranteed to completely remove the trojan, is to do a clean install of your copy of OSX. You will need to grab your install disks, or boot into Lion’s recovery mode to reinstall the OS completely. This is really a last resort, but is 100% effective against removing Flashback.

AFTERMATH
Congratulations! You’ve removed Flashback, so now you can go about your merry way right? WRONG. Flashback got onto your Mac because you had a security hole in your system and it needs to be patched. Once you have an Internet connection, update you Mac until there is nothing left in your Software Update que to install. This especially applies to any updates that say OSX update, Java, and/or Security. Apple has already patched the hole in Java on OS 10.7 “Lion” and 10.6 “Snow Leopard”, but it will not be updating previous versions of OS 10, including 10.5 “Leopard”. They should get all of their update anyway, but will also need to keep running an antivirus.

Once you have finished updating your Mac, it wouldn’t hurt to scan again. However. You might think about just disabling Java if you don’t need it. This can be done on OS 10.5 and later systems. Go to your

Java Preferences on Lion

Applications folder, open the Utilities folder, and open the Java Preferences app. Under the General Tab, uncheck the box that says “Enable Applet plug-in and Web Start applications,on Snow Leopard and Lion.  On Leopard, disable all the versions of Java capable of running in the checklist. You should also go to the Network tab and clear the caches/delete temporary files, then uncheck the box that says, “Keep temporary files for fast access” . However, if you constantly use Java apps online, these steps shouldn’t be followed because you may not be able to run Java web programs, as well as certain desktop Java apps.  For most people, this shouldn’t be a problem though.

The last step, and by far not the least is to change all of your passwords. As I stated before, Flashback is a password stealer and actively transmits your personal info back to its home base. Change any and every password that you used since you were infected.  Better yet, change all of your passwords. Anything that deals with sensitive information or money, such as bank accounts, Facebook, email, etc. should be changed immediately.  Several students were changing their passwords while their Macs were being repaired and noted that their various accounts were reporting about suspicious activity and access. For example, one student said his birth date on Facebook had been changed, while another reported that his email was last accessed in Japan (he had never been to Japan). You will also want to check with your bank and your emails for any transactions or messages sent that you don’t recognize ever doing. The sooner you can can report fraud, the sooner it can be stopped and the better off you will be.

What Flashback has proven, as well as MacDefender last year, is what I and others have been saying for a long time now: the Mac is not an impenetrable fortress, and it was only a matter of time before OSX would be attacked. Honestly, I wish I was wrong, and the amount of Windows malware is still drastically higher than that of Mac malware.  Flashback doesn’t need to be a cause for mass panic in the Apple community, though.  Nor does it make the Mac platform any worse; it only goes to show that no system is without flaws and that users of any computer system need to be vigilant about what they do online, where they go, and how secure they really are.

If you have any questions, comments, or suggestions about this or any other topic, leave a comment below or email me at easyosx@live.com  You can also check me out on Facebook, Twitter, and YouTube by hitting the buttons on the top of your screen.  You can also check out my Google Plus.  Thanks!

UPDATED: April 12 at 2:10 pm to link to the F-Secure removal tool.

UPDATED April 12 at 5:41 pm to cover Apple’s update new Java update and removal tool

%d bloggers like this: