Apple Invites Kaspersky Lab to Consult on OS X Security Issues [Updated: No]

[Apple Gate]

Fun Fact: Every Mac sold in the last 10 months has not included Flash or Java - the two attack vectors they mention.

Excellent point. Here are a few more.

Fun Fact: Adobe Flash can be blocked using the Safari extension "Click to Flash."

Fun Fact: Apple has begun disabling outdated versions of Adobe Flash on Mac computers.

Fun Fact: Oracle has finally taken responsibility for Java and will release regular updates to Java for Mac.

 

[sittnick]

Viruses and Malware are NOT new to the Mac

Good grief. I remember when Macs were the MAIN conduit of malware. I supervised a Mac lab on a liberal arts college campus in the early '90s, and new viruses popped up and spread pre-web, back in the 680x0 days.

In those days, I would get a new Virex 1.44 MB HD diskette every week or so. A free program called Disinfectant was installed on all the users' boot floppies.

Besides the Word macro virus, which was hardly Apple's fault, and the WDEF virus, which was easily dispatched by rebulding the destop, there were foes like nVIR and its variants.

Needless to say, I worked in an environment that made sure we had the newest and trendiest malware.

 

[Kaibelf]

Apple invites Kasperky.

"Hey dudes - Fancy coming over for a beer and errrr, y'know, telling us how to make OS X securer without your software?"

LOL.

How dumb. More like "Hey we know Symantec is trouncing you in the sector. How would you like to be the flagship security name for the world's biggest tech company and get rich beyond your wildest hopes?"

 

[marcusj0015]

Very cool, anything that'll make Mac OS more secure = win.

 

[raizil]

c'mon they being interrogated. not invited.
look at the bigger picture, apple just found out the malware is from karsperksy, and Tim gonna make an offer karsperksy cant refuse.

 

[Bubba Satori]

Why would a company that sells anti-malware solutions want to help make an OS more secure?

Costco is having a sale on tin foil this week.

 

[zzLZHzz]

I'm always a bit confused by phrases like "Mac OS is really vulnerable."

If this is so, why have most recent Mac exploits come in by way of plug-ins like Java or Flash? (And the rest have been social exploits, not technical ones.)

I'm not saying Apple doesn't need to work on these problems, I'm just saying that I wouldn't describe that as the "Mac OS" being vulnerable. Rather, it seems to me that the Mac OS is pretty darned secure if exploiters are having to attack it in roundabout ways such as that.

The Mac and iOS ecosystems are certainly vulnerable and need protecting. But the OS itself seems be doing ok to me.

the whole issue here is that whenever you have 3rd party software, you always open up holes for people to work on. flash, java, pdf are just some example.

just search up on flash and you know how much holes it has.

 

[foodog]

I think in every "cracking test" OSX is exploited quicker than Linux or Windows.

The primary reason there are few viruses on OSX is down to market share. OSX has what, 5% of the desktop market?

If you were writing a virus would you write for the platform with 90% of the market or the platform with 5% of the market?

There was more malware for OS9 than OSX.... The market share is much bigger now than with OS9.

 

[MrNomNoms]

Why would a company that sells anti-malware solutions want to help make an OS more secure?

Because anti-malware is part of the services they provide, they also provide consulting services as well which is what Apple is paying for. It is about getting input from a variety of different sources who are approaching the issue from different angles which will hopefully give Apple enough information on how to develop a response which balances up security whilst ensuring that any measures put in place don't annoy the end user.

IMHO when Oracle launches JRE they should kill off their own build immediately and offer end users an uninstaller to get rid of the Apple JRE. IMHO Apple is better off focusing on the operating system and let issues like Java, Flash etc. handled by the original vendors who can respond a lot quicker to the securities as they arise. I have nothing against Java - it has its place but it is better delivered by Oracle given that it is their bread and butter thus have a vested interest in ensuring a good product is delivered.

 

[Apple Gate]

the whole issue here is that whenever you have 3rd party software, you always open up holes for people to work on. flash, java, pdf are just some example.

just search up on flash and you know how much holes it has.

Apple Safari may actually be the most vulnerable software available which is why application sandboxing (dividing Safari into two processes that separate the browser's user interface and other functions from the part that parses JavaScript, images, and other web content) was such an important feature for Mac OS X 19.7 Lion.

There is significant value to hardening the operating system since software can introduce new vulnerabilities at any time. If, however, the operating system is hardened (Address Space Layout Randomization (ASLR), application sandboxing, block level encryption of the hard drive, etc.) then new vulnerabilities have less opportunity to exploit the system.

 

[cocky jeremy]

Oh, great. Because i'm sooo worried about viruses and malware on my Mac!

 

[TwinMonkeys]

Speaking exclusively to Computing, Kaspersky CTO Nikolai Grebennikov said his firm had recently begun the process of analysing the Mac OS platform at Apple's request.

"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," said Grebennikov.

IMO: there is no such thing as a perfectly secure system when a system is connected to the internet or uses any kind of software that is useful. I think that Apple does very well though things could be improved more, and I think the Apple software store is a big part of that.

However, the biggest surprise to me is this: Whether its true or not, why would a CTO rip his major clients in the press like this? Yes, Kaspersky will get some press out of this, but good luck keeping Apple as a client or gaining other serious clients if you talk about them in the media like this.

 

[oliversl]

Its always funny to hear from a sales person: "You're very sick, you're gonna die, but, I have the cure for your sickness, don't worry".

Lets hope they found the real culprit: Java

 

[gnasher729]

Kaspersky is owned by a "Cold War era" Soviet ex-military guy. I have no doubt they're serious about their focus on detection and removal of malware.

Wish they would focus on detection and removal of malware authors instead. That would work a lot better in the long term.

 

[gwelmarten]

It's good to hear they are fixing this, although I'm not sure I like them taking it out of house!

 

[Apple Gate]

It's good to hear they are fixing this, although I'm not sure I like them taking it out of house!

Fixing what?

 

[ucantgetridofme]

Why would a company that sells anti-malware solutions want to help make an OS more secure?

Are you really that stupid? You guys need to pull your head out of Apples ass.

 

[AustinIllini]

How dumb. More like "Hey we know Symantec is trouncing you in the sector. How would you like to be the flagship security name for the world's biggest tech company and get rich beyond your wildest hopes?"

If I recall from when I had a PC, Kaspersky is always ranked highest on the market. Norton is terrible

 

[Mattie Num Nums]

This is good news. Very good to see Apple reaching out to experts in the field.

Stop the Virus company conspiracy theories already.

 

[PsudoPowerPoint]

Kaspersky is owned by a "Cold War era" Soviet ex-...We even purchased their business virus protection suite at my workplace, at my recommendation, after becoming fed up with too many issues with McAfee Corporate edition.

It seems to do the job fairly well...

What objective evidence do you have that it is doing anything?

 

[farmboy]

I think in every "cracking test" OSX is exploited quicker than Linux or Windows.

The primary reason there are few viruses on OSX is down to market share. OSX has what, 5% of the desktop market?

If you were writing a virus would you write for the platform with 90% of the market or the platform with 5% of the market?

Would you write for the one that will earn you headlines around the world...or one that's one of 50,000 others?

 

[TennisandMusic]

I explain the Pwn2Own hacking competition results in another post somewhat obliquely. The oft times winner of Pwn2Own, Charlie Miller, researches exploits for months before Pwn2Own. Charlie Miller is a well established Mac fanatic and uses the vulnerabilities he finds to win the competition which includes granting ownership of the system hacked as the reward.

Essentially, no one cares for Microsoft Windows enough to spend months preparing for a competition to win a new Microsoft Windows system.

There is a big cash prize. You think these guys really work for MONTHS to win just a free computer? You can earn enough money in a week to buy a new computer.

Macs don't go down first because they are "more desirable". Talk about extreme rationalization.

 

[Renzatic]

What objective evidence do you have that it is doing anything?

Since installing Microsoft Security Essentials, I haven't had a single Raelian come over to my house to steal my credit card via online purchases.

The truth is self evident.

There is a big cash prize. You think these guys really work for MONTHS to win just a free computer? You can earn enough money in a week to buy a new computer.

Macs don't go down first because they are "more desirable". Talk about extreme rationalization.

And to expand upon this line of thought, I'm sure the guy who spent months and months trying to crack Chrome desperately wanted that $300 Chromebook.

 

[marcusj0015]

I think in every "cracking test" OSX is exploited quicker than Linux or Windows.

The primary reason there are few viruses on OSX is down to market share. OSX has what, 5% of the desktop market?

If you were writing a virus would you write for the platform with 90% of the market or the platform with 5% of the market?

LOL OS X has 11% market share, 5% is like 2005 **** lol

 

[SPUY767]

Ah, why would physicians make their patients stop smoking and eat healthier? It's their job! It's not like they'd run out of work.

There will always be enough malware out there and maybe consulting pays better than selling the software.

Physicians took an oath, AV companies did not.