I guess the problem I was addressing occurs at the time one sees this alert:
"Install Adobe Flash Player.app" is an
application downloaded from the internet.
Are you sure you want to open it?
Regardless of where you or I *think* the application may have come from, is there any way to doublecheck that the app on which you just double-clicked is not the imposter?
How are the legit installer and the malware different? Is there, perhaps some small difference in their icons, or does one of them have something spelled differently? You know -- the stuff they pass around about counterfeit twenties -- How is it different?
All the web descriptions of the October Flashback say that it "masquerades" as a Flash Player installer, but they do not give details. Just how good is this "masquerade"? What does the counterfeit installer do, or look like, that's different from the McCoy? Does it engender the same alert box, or is it slightly different in any way? I would like to have a way to doublecheck before I agree to open it.
I believe that this process will get easier in upcoming OS X releases, but in the meantime you should be able to verify that a Flash Player installer is from Adobe by using the digital signature embedded within the binary. You can do this via the command line in a terminal session. First, mount the installer .dmg and in a terminal window, type:
codesign -v -d -v /Volumes/Flash\ Player/Install\ Adobe\ Flash\ Player.app/
You'll get info back, and in particular you should see an Authority entry listing out Adobe Systems Incorporated.