Update (13:05): Kaspersky Lab issued a statement a short time ago "clarifying" a few points in the original Computing piece. The update, reported by Engadget, notes the comments were taken out of context. We've all been there; it happens.
Kaspersky's chief technology officer Nikolai Grebennikov said the security company had conducted an "in-depth analysis" of Mac OS X vulnerabilities after a recent increase in malware attacks on the platform.
Crucially, Apple "did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform."
"This security analysis of Mac OS X was conducted independently of Apple; however, Apple is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis."
The original piece follows. Take it with a bucket load of salt, though.
- - -
Apple has sought the help of security giant Kaspersky Lab in efforts to bolster its Mac OS X operating system, after a series of malware attacks left its security image in tatters.
Speaking to Computing, Kaspersky's chief technology officer Nikolai Grebennikov confirmed Apple's call for help, but warned that the platform is "really vulnerable".
"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," Grebennikov said in the interview.
It comes only a month since Eugene Kaspersky's comments arguing that Apple is "ten years behind Microsoft in terms of security".
The two companies will work together in partnership to secure the Mac operating system --- which will be renamed to "OS X" in the latest 'Mountain Lion' iteration --- but remains to be seen whether Apple will integrate anti-malware software into its software.
Apple knows its security model is far from perfect and it cannot carry on with its "fix later" attitude. Macs have security flaws just as every operating system does. Apple fixes the most vulnerabilities but in some cases, as with the Flashback malware, it cranked open a massive hole in the company's security response.
Apple "doesn't pay enough attention to security," Grebennikov added. While Oracle was quick to fix the flaw in Java that vastly reduced, Apple dragged its feet and would only allow its own staff to perform the updates in Java. This led to an explosion in Flashback malware and a tarnished public image.
The Cupertino-based company's reluctance to comment shows it remains against cracking open the truth nut in a bid to maintain the Mac's strong security persona. But with an increasing amount of malware targeting the Mac platform means Apple's response has to quicken, sharpen, and open up to third-parties --- particularly those who develop the flawed software in the first place.
Article source: Computing.
- Ed Bott: Flashback malware exposes big gaps in Apple security response
- Apple releases Flashback malware removal tool, for OS X Lion only
- Russian security firm says Flashback infection rates still high
- Great Debate: Mac botnet: Who's at fault?
- Apple too slow to act on Flashback malware
- Apple developing tool to detect and remove Flashback Trojan
- Quick protection for older Macs from the Flashback trojan