Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,669
16,836



apple_security_icon-150x168.jpg


Computing.co.uk reports on comments from the Chief Technology Officer of Russian security firm Kaspersky Lab, who claims that his firm has been invited by Apple to probe security issues on OS X and to assess the platform's vulnerabilities.
Speaking exclusively to Computing, Kaspersky CTO Nikolai Grebennikov said his firm had recently begun the process of analysing the Mac OS platform at Apple's request.

"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," said Grebennikov.
Grebennikov believes that Apple "doesn't pay enough attention to security", citing the Java vulnerability that led to hundreds of thousands of Flashback malware infections. That vulnerability was patched by Oracle before the outbreak, but Apple did not issue its own update to close the hole in time.

Grebennikov also notes that it is only a matter of time before malware begins showing up on iOS devices, believing that such threats will appear within the next year or so. Apple's "walled garden" approach of restricting application installation to software available through the App Store has allowed the company to minimize such threats for the time being, but Grebennikov argues that malware creators will find their way in and that Apple needs outside security expertise to help manage those threats due to its relative inexperience in the field.

Update: Kaspersky Lab has provided clarification to Engadget, claiming that Grebennikov's comments were taken out of context and that Apple has not invited Kaspersky to perform any security investigations.
On Monday, April 14, computing.co.uk published an article titled "Apple OS 'really vulnerable' claims Kaspersky Lab CTO" that includes an inaccurate quote regarding Apple and Kaspersky Lab. The article reports that Kaspersky Lab had "begun the process of analyzing the Mac OS platform at Apple's request" to identify vulnerabilities. This statement was taken out of context by the magazine - Apple did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform. Kaspersky Lab has contacted computing.co.uk to correct its article.
Kaspersky's analysis is being undertaken at its own initiative, although Apple has reportedly indicated that it is "open to collaborating" on any new issues Kaspersky discovers.

Article Link: Apple Invites Kaspersky Lab to Consult on OS X Security Issues [Updated: No]
 

holmstockd

macrumors newbie
Mar 5, 2010
29
0
I know there are hackers but...

I always have a suspicious feeling that there AV companies themselves plant viruses to help their cause!

again I know apple will grow bigger into the consumer and business market and will become MORE of a target... but again I have my suspicions.

I switched to mac back in 05 and never looked back - so its been a great 7 years of NO AV software and i want it to continue this way.

can't even trust these AV companions anyway thats to Norton and Sonys root kit.
 

tonytiger13

macrumors regular
Jan 9, 2008
105
2
When a program needs a removal tool then you know it's in too deep. Norton would rarely uninstall correctly when I needed to remove it off customer's computers. Many times, it was the cause of them not being able to get on the internet. Talk about security, let's just take you off the web!
 

Thiemo

macrumors member
Aug 17, 2008
44
0
Really vulnerable with less than 5 known threats? :rolleyes:

Vulnerability isn't defined by the number of different threats present but by the susceptibility to any – even hypothetical! – possible threats!

It's not the number of attackers in front of the city walls! It's the number and size of holes in the walls! The absence of attackers don't negate the holes away!
 

Sardonick007

macrumors regular
May 18, 2011
239
2
Translation

...Windows is no longer the only game in town and Mac's popularity means we can (anti-virus vendor) have an untapped, virgin market to exploit..err, protect.
In other news, an apple a day keeps the **** away, mostly.
 
Last edited by a moderator:

3282868

macrumors 603
Jan 8, 2009
5,281
0
Grebennikov also notes that it is only a matter of time before malware begins showing up on iOS devices, believing that such threats will appear within the next year or so.

Interesting.

A while ago I relayed a story on MacRumors about meeting a friends friend who worked in marketing for MacAfee. We were at a wedding talking about our jobs, and I jokingly asked who are all these people that code viruses and how do they make a living to support themselves as it takes a lot of time, are they MacAfee and Norton employees throwing out security breaches to create product demand? We laughed, but he kind of half heartedly chuckled and winked. We got a little quiet at that point :).
 

Small White Car

macrumors G4
Aug 29, 2006
10,941
1,304
Washington DC
I'm always a bit confused by phrases like "Mac OS is really vulnerable."

If this is so, why have most recent Mac exploits come in by way of plug-ins like Java or Flash? (And the rest have been social exploits, not technical ones.)

I'm not saying Apple doesn't need to work on these problems, I'm just saying that I wouldn't describe that as the "Mac OS" being vulnerable. Rather, it seems to me that the Mac OS is pretty darned secure if exploiters are having to attack it in roundabout ways such as that.

The Mac and iOS ecosystems are certainly vulnerable and need protecting. But the OS itself seems be doing ok to me.
 

Thiemo

macrumors member
Aug 17, 2008
44
0
Why would a company that sells anti-malware solutions want to help make an OS more secure?

Ah, why would physicians make their patients stop smoking and eat healthier? It's their job! It's not like they'd run out of work.

There will always be enough malware out there and maybe consulting pays better than selling the software.
 

Hastings101

macrumors 68020
Jun 22, 2010
2,265
1,155
K
I'll take my chances, I'm pretty sure the limited amount of low quality and buggy anti-virus software that is available for OS X is more dangerous than malware would be.
 

jeffmetanna

macrumors member
Apr 16, 2010
46
40
Bad move Kaspersky. You don't trash your new (and probably the biggest) client's reputation on media like that. This is why you shouldn't let your CTO to do PR. You have your CEO and spokesperson for that job.

Now Kaspersky is in damage control mode.
 

guzhogi

macrumors 68040
Aug 31, 2003
3,375
1,349
Wherever my feet take me…
I'm always a bit confused by phrases like "Mac OS is really vulnerable."

If this is so, why have most recent Mac exploits come in by way of plug-ins like Java or Flash? (And the rest have been social exploits, not technical ones.)

I'm not saying Apple doesn't need to work on these problems, I'm just saying that I wouldn't describe that as the "Mac OS" being vulnerable. Rather, it seems to me that the Mac OS is pretty darned secure if exploiters are having to attack it in roundabout ways such as that.

The Mac and iOS ecosystems are certainly vulnerable and need protecting. But the OS itself seems be doing ok to me.

My guess (& I'm in no way an expert): possibly because many of these plug-ins are multi-platform. All you have to do is some minor reprogramming and it'll work on an other OS. If you go to an OS directly, probably requires a lot more coding.
 

Quu

macrumors 68040
Apr 2, 2007
3,126
5,743
Apple needs outside security expertise to help manage those threats due to its relative inexperience in the field.

Yeah I'm sure the company that spearheaded personal computers and has been making operating systems for what..? 30 years+ is inexperienced.

I'm pretty sure Apple can easily buy a few security companies if they felt they needed it to beef up OS X's security. I'm sure Kaspersky isn't the only company Apple has asked to probe OS X I'm willing to bet several others have also been asked to do their own analysis and once Apple has their findings they will begin work on implementing fixes.
 

Apple Knowledge Navigator

macrumors 68020
Mar 28, 2010
2,289
5,857
Apple invites Kasperky.

"Hey dudes - Fancy coming over for a beer and errrr, y'know, telling us how to make OS X securer without your software?"

LOL.
 

Thiemo

macrumors member
Aug 17, 2008
44
0
Apple invites Kasperky.

"Hey dudes - Fancy coming over for a beer and errrr telling us how to make OS X securer without your software?

LOL.

Well, man, they don't even HAVE to write any software to make a truckload of money! Sounds like a very fine business model to me!

I'd do it too, and secretly hope for a buyout :)
 

dmcdayton

macrumors member
Jan 15, 2008
35
0
Utter BS

I would not be surprised to find out this is mis-information or perhaps complete BS. If true, has got to be stupidest comments by a new vendor in the history of IT.

The Apple Ecosystem is eradicating the need for 3rd party active security, Kaspersky knows that so I'm sure they'd say about anything to drum up business.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.