Kaspersky investigates Mac security after spate of malware attacks
Summary: Kaspersky Lab is analyzing Mac OS X after a spate of malware attacks hit the operating system, according to a clarified statement from the security firm's CTO.
Update (13:05): Kaspersky Lab issued a statement a short time ago "clarifying" a few points in the original Computing piece. The update, reported by Engadget, notes the comments were taken out of context. We've all been there; it happens.
Kaspersky's chief technology officer Nikolai Grebennikov said the security company had conducted an "in-depth analysis" of Mac OS X vulnerabilities after a recent increase in malware attacks on the platform.
Crucially, Apple "did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform."
"This security analysis of Mac OS X was conducted independently of Apple; however, Apple is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis."
The original piece follows. Take it with a bucket load of salt, though.
- - -
Apple has sought the help of security giant Kaspersky Lab in efforts to bolster its Mac OS X operating system, after a series of malware attacks left its security image in tatters.
Speaking to Computing, Kaspersky's chief technology officer Nikolai Grebennikov confirmed Apple's call for help, but warned that the platform is "really vulnerable".
"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," Grebennikov said in the interview.
It comes only a month since Eugene Kaspersky's comments arguing that Apple is "ten years behind Microsoft in terms of security".
The two companies will work together in partnership to secure the Mac operating system --- which will be renamed to "OS X" in the latest 'Mountain Lion' iteration --- but remains to be seen whether Apple will integrate anti-malware software into its software.
Apple knows its security model is far from perfect and it cannot carry on with its "fix later" attitude. Macs have security flaws just as every operating system does. Apple fixes the most vulnerabilities but in some cases, as with the Flashback malware, it cranked open a massive hole in the company's security response.
Apple "doesn't pay enough attention to security," Grebennikov added. While Oracle was quick to fix the flaw in Java that vastly reduced, Apple dragged its feet and would only allow its own staff to perform the updates in Java. This led to an explosion in Flashback malware and a tarnished public image.
The Cupertino-based company's reluctance to comment shows it remains against cracking open the truth nut in a bid to maintain the Mac's strong security persona. But with an increasing amount of malware targeting the Mac platform means Apple's response has to quicken, sharpen, and open up to third-parties --- particularly those who develop the flawed software in the first place.
Article source: Computing.
Related:
- Ed Bott: Flashback malware exposes big gaps in Apple security response
- Apple releases Flashback malware removal tool, for OS X Lion only
- Russian security firm says Flashback infection rates still high
- Great Debate: Mac botnet: Who's at fault?
- Apple too slow to act on Flashback malware
- Apple developing tool to detect and remove Flashback Trojan
- Quick protection for older Macs from the Flashback trojan
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Finally, a step in the right direction
Cheese?
Admittedly, using "swiss cheese" is an unneccesarily
I think this quote from Kapersky pretty well sums up the current OSX state "Speaking to Computing, Kasperskys chief technology officer Nikolai Grebennikov confirmed Apples call for help, but warned that the platform is really vulnerable.
Mac OS is really vulnerable, he claimed, and Apple recently invited us to improve its security. Weve begun an analysis of its vulnerabilities, and the malware targeting it, Grebennikov said in the interview"
This is more Kaspersky's PR
@ DeRSSS So, what does that say about Apple
Apple did not reach to anyone
Proof that some of us haven't been talking out of our holes
That includes Ed Bott.
Mountain, molehill...
It's never a good sign when a company gets complacent.
However, the reports coming out about the recent exploits make it sound like Apple computers are as bad or worse than Windows.
If anyone seriously beleives this, they need a reality check.
Apple has far, far fewer vulnerabilities and infections than MS.
The fix for an Apple virus is quick and simple. Run a file or delete a file.
Done.
For MS you can look forward to purchasing a virus scanner, trying to install it and run it while the virus makes that virtually impossible, edit your registry, run a malware scanner, and eventually rebuild the OS.
There's your difference.
You should have stopped with
It's never a good sign when a company gets complacent.[/b]
The rest is yet another attempt at deflection.[b]
However, the reports coming out about the recent exploits make it sound like Apple computers are as bad or worse than Windows.[/b]
Hardly. Windows security issues have been plastered in the blogosphere for years and even prior to the advent of social media Windows vulnerabilities were well known.[b]
If anyone seriously beleives this, they need a reality check.[/b]
Again NO ONE seriously believed that Mac malware issues were somehow worse than Windows malware issues - or better for that matter. The ones who need the reality check are those who still refuse to believe that any OS is vulnerable.[b]
Apple has far, far fewer vulnerabilities and infections than MS.[/b]
Yes we do get that... we have always gotten that. It's to the point of obnoxiousness that you keep on pointing that out - which is one reason why the issue of Mac malware is so - interesting - to people.[b]
The fix for an Apple virus is quick and simple. Run a file or delete a file.
Done.
For MS you can look forward to purchasing a virus scanner, trying to install it and run it while the virus makes that virtually impossible, edit your registry, run a malware scanner, and eventually rebuild the OS.
There's your difference.[/b]
I guess you have not heard of AVG then? Or Microsoft Security Essentials? Malwarebytes? ALL free programs for Windows computers and all of them are quite effective at eliminating malware - just run a file and delete a file... done. Your information about Windows malware is quite out of date.
Awwwwww
I guess the truth does indeed hurt.
Signed encrypted software
Oh noes...
You mean I shouldn't believe from any joe "mac bloggers/forum commenters" and I should believe the security industry expert instead?! How could it be? /sarcasm
Kaspersky joins Apple in Mac security push
[i]Apple knows its security model is far from perfect and it cannot carry on with its ???fix later??? attitude.[/i]
That's not what they said, they always denied they had any security issues.
I bet this blog won't get a lot of responses
Not a lot of responses
Hard for Apple to admit it
The fix is simple. Don't use Flash or Java
Night and Day
The link includes 10.3, 10.4, 10.5, and 10.6, both server and client. As an I.T. professional, I've used these for years as the minimum foundation for golden master hardening before adding our own in-house extras. I'm also fairly certain that we had these for 10.2 as well.
It is unfortunate that we take small blurbs as the "whole" of a company or product. There are many truths that will easily contradict when taken out of context.
1) Software is written by man. Man is imperfect thus the resulting software must also be imperfect.
2) Sometimes imperfection is better than nothing and often it takes time to discover what or where the imperfections are.
3) All operating systems can be compromised and a scenario can always be found where the software itself will fail.
4) The greater the use, the greater the discovery of flaws. Windows has more documented flaws because more people use it.
5) Lesser used software has less people looking for holes and thus less people find anything. This keeps the end user safer, though it doesn't truly qualify as "more secure." For years, Mac OS X enjoyed this additional layer of protection.
6) Traditionally, we can explain that an Operating System is like a house. All have opening to the outside world, such as windows and doors. MS Windows traditionally left their doors unlocked and the end user had to close them if they deemed it necessary. Traditionally, Mac OS X (and Linux / UNIX variants) left them closed and the end user had to open them if they deemed it necessary. Over time, they both fluctuate as to which openings were default open or closed.
7) Security and Ease of use are a teeter-totter. When one goes up, the other always goes down. We spend outrageous amounts of money and time to find compromises that simulate an appearance of both going up at the same time and it remains a learning process.
8) Elitist mentality often enhances the detriment when the reality checks start bouncing. Mac zealots are often too stubborn about accepting the reality that Mac's can be vulnerable too. Windows zealots are often too stubborn to accept that -some- of the things that Mac / Linux / UNIX does by default are more secure. In the end, we all lose.
9) Somewhere in the world, usually by our interactions to the Internet, Mac users and Windows users share data unknowingly. Each participate in the propagation of infections.
What this really shows you (if you have an IQ above room temperature)
What do you think Apple's chances are?
What do you think the chance is that OS X will get 100% PC OS marketshare and Windows will have 0% PC OS marketshare? 80%? 30%? And when will this complete elimination happen? This year? 5 years? 3,000 years?
Hey, you are the one who is talking about OS X completely eliminating Windows. I just want to get a sense as to how confident you are in your prediction.