Caretower provides the latest products of Kaspersky
Kaspersky Lab founder Eugene Kaspersky made headlines last week
when he declared that Apple was “10 years behind Microsoft in
terms of security.”
Kaspersky was referring to the recent
spread of the
Flashback family of malware, which was greatly aided by
Apple’s long delay in patching a known software flaw.
But is Apple really 10 years behind the times?
“I’d say that Apple’s got another 10 years to go before their
security will become as much of a laughingstock as Microsoft’s,”
said Jonathan Zdziarski, author of “Hacking and Securing iOS
Applications” (O’Reilly, 2012) and a forensic scientist who hacks
into iPhones for Chicago-based viaForensics.
“Comparing Apple and Microsoft is like comparing apples and
oranges,” said Mikko Hypponen, chief security officer of Finnish
anti-virus firm F-Secure.
[ FAQ:
The New Mac Virus and Apple Anti-Virus Options ]
Trustworthy computing
Kaspersky’s choice of 10 years as the time frame was not random.
In January 2002, then-Microsoft chairman Bill Gates issued
his famous “Trustworthy Computing” memo to
all company personnel. He wrote it shortly after the release
of Windows XP, when the brand-new platform was under constant
attack by virus writers and hackers.
“Every week there are reports of newly discovered security
problems in all kinds of software, from individual applications
and services to Windows, Linux, Unix and other platforms,” Gates
wrote in the memo. “Our responsiveness has been unmatched — but
as an industry leader we can and must do better. … Eventually,
our software should be so fundamentally secure that customers
never even worry about it.”
Gates’ memo inaugurated a companywide focus on security, an
aspect that had been neglected for the first two decades of
Microsoft’s existence.
Ten years later, Windows 7 users still need to worry about
malware, but Microsoft’s current platform is tremendously much
stronger and more secure than
Windows XP. (Even today, XP, not Windows 7, gets the most
malware attacks.)
“Microsoft has improved their security massively since 2002,”
Hypponen said. “Today, they are [a] model for good security
process in many ways.”
Microsoft got to that point by essentially outsourcing Windows
security. The entire anti-virus industry, with sales of several
billion dollars per year, is built on defeating malware that
targets Windows.
The existence of that industry frees up Microsoft to work on
patching its Windows, which it does extensively
every month. Microsoft’s open model lets major Windows
software makers such as Adobe or Oracle do the same without
Microsoft’s approval.
Go your own way
Apple, on the other hand, disdains third-party anti-virus
software for Macs — though
it does exist — and insists on patching certain pieces of
third-party software itself.
The Flashback software flaw, discovered in January, was patched
for Windows in three weeks. It wasn’t patched for Macs until
after nearly three months — and after an estimated 600,000 Macs
worldwide had been infected.
“Apple needs to learn the meaning of transparency,” Zdziarski
said. “They need to communicate with their user base and with the
security community. They need to be quicker to respond to
threats.”
He pointed out that Apple’s closed-lipped attitude also applies
to iOS, the software that runs the iPhone, iPad and iPod Touch.
“Some iOS attacks from the past took months to fix,” Zdziarski
said. “The [iPhone] jailbreak community had
fixes out for users before Apple did. That’s shameful.”
Qualified kudos
Despite the secrecy, and despite the lack of attacks on Mac OS X,
Apple has for many years incorporated the latest security
innovations into its operating systems.
“Apple might have some sort of an attitude problem, which shows
in their slow patch cycles and so [on],” Hypponen said. “But
otherwise, it’s hard to critique them with all they’ve done with
OS X: app sandboxing,
memory randomization, NX [non-executable memory] support,
[the] App Store model.”
When the iPhone was introduced, Apple was starting from scratch
on a brand-new operating system. It took the opportunity to bake
advanced security features into iOS from the very beginning.
“[The] iPhone (or actually, iOS) is a massive security success,”
Hypponen said. “iOS is now 5 years old and we still haven’t seen
a single malware attack against it.”
Zdziarski wasn’t sure how long that blissful interlude would
last.
“With Objective-C applications now on over 100 million-plus
devices, the threat is very real,” he said, referring to the
programming language used to create Mac OS X and iOS software.
“It’s only a matter of time before a serious worm hijacks tens of
millions of devices and thousands of App Store apps at once, and
similar on the desktop,” Zdziarski said. “Flashback seemed small
potatoes; more of a warning that Apple runs the risk of screwing
up as big as Microsoft in letting poor design lead to widespread
attacks.”
10 Pros and Cons of Jailbreaking Your iPhone or iPad
How to Protect Your Mac Against Malware
10 Best Mac Anti-Virus Software Products
© 2012 SecurityNewsDaily. All rights reserved
Article source: http://www.msnbc.msn.com/id/47237494