Kaspersky investigates Mac security after spate of malware attacks

Kaspersky investigates Mac security after spate of malware attacks

Summary: Kaspersky Lab is analyzing Mac OS X after a spate of malware attacks hit the operating system, according to a clarified statement from the security firm's CTO.

SHARE:

Update (13:05): Kaspersky Lab issued a statement a short time ago "clarifying" a few points in the original Computing piece. The update, reported by Engadget, notes the comments were taken out of context. We've all been there; it happens.

Kaspersky's chief technology officer Nikolai Grebennikov said the security company had conducted an "in-depth analysis" of Mac OS X vulnerabilities after a recent increase in malware attacks on the platform.

Crucially, Apple "did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform."

"This security analysis of Mac OS X was conducted independently of Apple; however, Apple is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis."

The original piece follows. Take it with a bucket load of salt, though.

- - -

Apple has sought the help of security giant Kaspersky Lab in efforts to bolster its Mac OS X operating system, after a series of malware attacks left its security image in tatters.

Speaking to Computing, Kaspersky's chief technology officer Nikolai Grebennikov confirmed Apple's call for help, but warned that the platform is "really vulnerable".

"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," Grebennikov said in the interview.

It comes only a month since Eugene Kaspersky's comments arguing that Apple is "ten years behind Microsoft in terms of security".

The two companies will work together in partnership to secure the Mac operating system --- which will be renamed to "OS X" in the latest 'Mountain Lion' iteration --- but remains to be seen whether Apple will integrate anti-malware software into its software.

Apple knows its security model is far from perfect and it cannot carry on with its "fix later" attitude. Macs have security flaws just as every operating system does. Apple fixes the most vulnerabilities but in some cases, as with the Flashback malware, it cranked open a massive hole in the company's security response.

Apple "doesn't pay enough attention to security," Grebennikov added. While Oracle was quick to fix the flaw in Java that vastly reduced, Apple dragged its feet and would only allow its own staff to perform the updates in Java. This led to an explosion in Flashback malware and a tarnished public image.

The Cupertino-based company's reluctance to comment shows it remains against cracking open the truth nut in a bid to maintain the Mac's strong security persona. But with an increasing amount of malware targeting the Mac platform means Apple's response has to quicken, sharpen, and open up to third-parties --- particularly those who develop the flawed software in the first place.

Article source: Computing.

Related:

Topics: Operating Systems, Apple, Hardware, Malware, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • Finally, a step in the right direction

    Good to see Apple willing to look for help plugging the holes in the swiss cheese ;)
    DreyerSmit
    • Cheese?

      ???Mac OS is really vulnerable??? -- if by MacOS he meant third-party software like Flash or Java, then yes.
      DDERSSS
      • Admittedly, using "swiss cheese" is an unneccesarily

        confrontational descripition. However, would you characterize the head of Kaspersky Labs and Apple, for seeking Kapersky's help, as thinking it is as bullet proof as you'd like to claim? Or, are you suggesting Apple's seeking Kapersky's help is purely a PR stunt to make people think Apple cares?

        I think this quote from Kapersky pretty well sums up the current OSX state "Speaking to Computing, Kasperskys chief technology officer Nikolai Grebennikov confirmed Apples call for help, but warned that the platform is really vulnerable.



        Mac OS is really vulnerable, he claimed, and Apple recently invited us to improve its security. Weve begun an analysis of its vulnerabilities, and the malware targeting it, Grebennikov said in the interview"
        whatagenda
      • This is more Kaspersky's PR

        @whatagenda They did not even really had time to "analyse" anything, but already claim that "MacOS is vulnerable". Before now, after all those years of PR, they still could not name any system vulnerability of MacOS beyond third party software.
        DDERSSS
      • @ DeRSSS So, what does that say about Apple

        that they would reach out to a fly by night PR outfit?
        whatagenda
      • Apple did not reach to anyone

        @whatagenda: so the whole thing, as I said before, is just PR of antivirus software seller.
        DDERSSS
  • Proof that some of us haven't been talking out of our holes

    [i]Apple has sought the help of security giant Kaspersky Labs in efforts to bolster its Mac OS X operating system, after a series of malware attacks left its security image in tatters. [/i]

    That includes Ed Bott.
    klumper
  • Mountain, molehill...

    I'm happy to see Apple improving on thier OS X security.
    It's never a good sign when a company gets complacent.

    However, the reports coming out about the recent exploits make it sound like Apple computers are as bad or worse than Windows.

    If anyone seriously beleives this, they need a reality check.

    Apple has far, far fewer vulnerabilities and infections than MS.
    The fix for an Apple virus is quick and simple. Run a file or delete a file.
    Done.

    For MS you can look forward to purchasing a virus scanner, trying to install it and run it while the virus makes that virtually impossible, edit your registry, run a malware scanner, and eventually rebuild the OS.

    There's your difference.
    Angryshortguy
    • You should have stopped with

      [b]I'm happy to see Apple improving on thier OS X security.
      It's never a good sign when a company gets complacent.[/b]

      The rest is yet another attempt at deflection.[b]

      However, the reports coming out about the recent exploits make it sound like Apple computers are as bad or worse than Windows.[/b]

      Hardly. Windows security issues have been plastered in the blogosphere for years and even prior to the advent of social media Windows vulnerabilities were well known.[b]

      If anyone seriously beleives this, they need a reality check.[/b]

      Again NO ONE seriously believed that Mac malware issues were somehow worse than Windows malware issues - or better for that matter. The ones who need the reality check are those who still refuse to believe that any OS is vulnerable.[b]

      Apple has far, far fewer vulnerabilities and infections than MS.[/b]

      Yes we do get that... we have always gotten that. It's to the point of obnoxiousness that you keep on pointing that out - which is one reason why the issue of Mac malware is so - interesting - to people.[b]

      The fix for an Apple virus is quick and simple. Run a file or delete a file.
      Done.

      For MS you can look forward to purchasing a virus scanner, trying to install it and run it while the virus makes that virtually impossible, edit your registry, run a malware scanner, and eventually rebuild the OS.

      There's your difference.[/b]

      I guess you have not heard of AVG then? Or Microsoft Security Essentials? Malwarebytes? ALL free programs for Windows computers and all of them are quite effective at eliminating malware - just run a file and delete a file... done. Your information about Windows malware is quite out of date.
      NonFanboy
      • Awwwwww

        JJF you do care... thanks for the flag buddy!

        I guess the truth does indeed hurt.
        NonFanboy
    • Signed encrypted software

      When Apple extends their security model in IOS to their Mac computers, malware will be as rare as on their iPhones and iPods. How much malware exactly is there on any of those millions of devices now in the hands of clueless users? The fix is easy: just don't allow the running of software that is not cryptographically authenticated by Apple. The days of running any Tom Dick or Harry's software on a computer are effectively over.
      arminw
  • Oh noes...

    Wasn't Kaspersky being ridiculed and vilified in the mac blogosphere and got people so worked up after their "10 years behind" comment? Now Kaspersky is the white knight to the Apple's rescue?!

    You mean I shouldn't believe from any joe "mac bloggers/forum commenters" and I should believe the security industry expert instead?! How could it be? /sarcasm
    Samic
  • Kaspersky joins Apple in Mac security push

    Oh sweet irony of this one. Apple asks for outside help.

    [i]Apple knows its security model is far from perfect and it cannot carry on with its ???fix later??? attitude.[/i]
    That's not what they said, they always denied they had any security issues.
    Loverock Davidson-
  • I bet this blog won't get a lot of responses

    Apple fanbois cannot be happy with this development. Most will stay away from this story.
    toddbottom3
    • Not a lot of responses

      Just that Apple mactard Jumping Jack Flash, his crony ScorpioBlue, and all of their aliases coming to vote down and flag any post they do not agree with and yet are not man enough to respond to in an adult fashion.
      NonFanboy
  • Hard for Apple to admit it

    I know it must be hard for Apple to admit that its security claims have all been just a big marketing hype. Those of use who use Mac's but have never drank the Apple juice or joined the cult of Apple. Know that one day malware would target Mac's. No its still nowhere near the amount of malware released targeting Windows. But let's be honest, Flashback for what it is has been pretty effective. Even a Apple cult member has to admit that you cannot simply assume that you cannot get malware. My own opinion is that Apple should not be in denial as long as Microsoft was and simply work to give its customers better tools to fight malware. Not just deal with it proactively.
    jscott418-22447200638980614791982928182376
  • The fix is simple. Don't use Flash or Java

    Both have been and still are the bane of security, and are exceeded only by Active x as both buggy and largely unneeded in the face of better, faster, more secure alternatives. I didnt' get the Flashback attack, and for good reason.
    iThinQware
  • Night and Day

    Apple has long published their security and hardening guide for OS X since at least Mac OS X 10.3 and emphasize over and that you should implement Anti Virus tools. (http://www.apple.com/support/security/guides/)

    The link includes 10.3, 10.4, 10.5, and 10.6, both server and client. As an I.T. professional, I've used these for years as the minimum foundation for golden master hardening before adding our own in-house extras. I'm also fairly certain that we had these for 10.2 as well.

    It is unfortunate that we take small blurbs as the "whole" of a company or product. There are many truths that will easily contradict when taken out of context.

    1) Software is written by man. Man is imperfect thus the resulting software must also be imperfect.
    2) Sometimes imperfection is better than nothing and often it takes time to discover what or where the imperfections are.
    3) All operating systems can be compromised and a scenario can always be found where the software itself will fail.
    4) The greater the use, the greater the discovery of flaws. Windows has more documented flaws because more people use it.
    5) Lesser used software has less people looking for holes and thus less people find anything. This keeps the end user safer, though it doesn't truly qualify as "more secure." For years, Mac OS X enjoyed this additional layer of protection.
    6) Traditionally, we can explain that an Operating System is like a house. All have opening to the outside world, such as windows and doors. MS Windows traditionally left their doors unlocked and the end user had to close them if they deemed it necessary. Traditionally, Mac OS X (and Linux / UNIX variants) left them closed and the end user had to open them if they deemed it necessary. Over time, they both fluctuate as to which openings were default open or closed.
    7) Security and Ease of use are a teeter-totter. When one goes up, the other always goes down. We spend outrageous amounts of money and time to find compromises that simulate an appearance of both going up at the same time and it remains a learning process.
    8) Elitist mentality often enhances the detriment when the reality checks start bouncing. Mac zealots are often too stubborn about accepting the reality that Mac's can be vulnerable too. Windows zealots are often too stubborn to accept that -some- of the things that Mac / Linux / UNIX does by default are more secure. In the end, we all lose.
    9) Somewhere in the world, usually by our interactions to the Internet, Mac users and Windows users share data unknowingly. Each participate in the propagation of infections.
    ct2193@...
  • What this really shows you (if you have an IQ above room temperature)

    Is that Mac OS X is continuing to get in the position to completely eliminate Windows. I think Apple is almost set up to the point of making a full-on run at Windows.
    comp_indiana
    • What do you think Apple's chances are?

      [i]OS X is continuing to get in the position to completely eliminate Windows[/i]

      What do you think the chance is that OS X will get 100% PC OS marketshare and Windows will have 0% PC OS marketshare? 80%? 30%? And when will this complete elimination happen? This year? 5 years? 3,000 years?

      Hey, you are the one who is talking about OS X completely eliminating Windows. I just want to get a sense as to how confident you are in your prediction.
      toddbottom3