Kaspersky: Apple security is like Microsoft's in 2002 Apple customers are more at risk from malware now because of their misconception that their iDevices and Macs are secure and because of Apple's poor attitude to security, according to experts. David Emm, senior security researcher at Kaspersky Lab told The Reg that Apple had cultivated the image of the Mac as intrinsically …
Once a year we get a 'security' company (do people seriously trust a Russian security company?) telling us our Macs are doomed and we need to buy their products.
This is followed by the haters -they're the ones with piss-stained trousers staggering down the street- jeering (whilst spending half their lives cleaning malware off their Windows XP machines).
And precisely nothing happens. No Windows-style botnet, not malware, nothing.
12 months later, rinse and repeat.
Kapersky are one of the better firms actually.
The Apple crowd really need to learn that the whole 'nah nah nah' fingers in the ears approach wont work. Historically its NEVER worked for ANYONE.
Not a Hater
Not A MS or Linux Fanboi
Just a realist. More people use Macs, the more of a target it becomes. The more people deny there is an issue the more likeley it is someone is going to stuff up and stuff up big. By being responsible now a lot of money and heartache can be saved down the road but it *might* damage Apple's image and at the end of the day thats whats this is all about.
Step down from your podium Apple and edducate your users. Take one on the chin and those same users will be crowing years from now, about how you prevented IOS/MacOS becomming the same mess Windows is now.
Or just continue denying it till something akin to Code Red or Mimda takes you down by force because it really is when, not if.
Icon, well reason never worked before.
what drivel...
people have been saying if for years, never mind Russian security experts, (and why not trust a Russian security company? are you a racist?), that as soon as apple have a large enough market share then the virus & malware authors will turn the attention to them.
and guess what? .... its started....
and FYI, In the last year, and a lot longer, I have spent exactly 0 hours and 0 minutes cleaning malware & virus off my windows computer. Keeping it fully patched and with a good AV app, along with good computer practice I have not had a single infection since..... errr.... well since back in 1999, I mistakenly installed itunes and tried to remove it....
I too have spent zero time ripping infections out of my Windows machines. The problem is, I only realised that that was the result of a SERIOUS amount of patching and updating and rebooting and, well, waiting when I bought a Mac.
And *that* is why I stick to OSX. No MS hate (well, I am willing to admit to a solid dislike, though), no Linux hate (I have both in Virtualbox on the Mac) - just simple productivity which happens to agree with me. YMMV, it simply depends on your needs.
Here's an exercise: create a simple Windows VM and do NOT use it for 2 weeks. Then start it up and see just how much data has to be grabbed to get the thing up to date, and it's not even complete because you skip several anti-virus downloads.. Best do this when you don't need it for a while..
Downloading lots of patches is hardly something unique to Windows. My xubuntu install downloaded a 70mb set of security fixes the other day for some image rendering libraries. The update manager is installing half a dozen patches for various things at least once a week (although admittedly they're usually not that big).
This is what a good patching policy looks like, developed promptly and released often. Apple releasing patches once in a blue moon months after they're notified of a vulnerability is not something to be proud of.
Yeah, I can second that, open package manager on a brand new Fedora/KDE install and see just how many packages it tells yoy that you need to update. It takes a nice long while, but when you're done, you're just as protected as a Windows user running a 70-90 dollar a year license for a decent security/av program, then again it does take a small measure of due diligence, as long as you dont do anything too stupid, like set your root password to something dumb, set a user account that doesn't need to be a Sudoer to being a Sudoer, or any of the multitude of other dumbass things you can do, you're pretty much straight. And upstream developers tend to do a pretty good job at fixing vulnerabilities.
Maybe when you guys and your masters pull your collective heads out of your asses and wake up to the way the world really works you wont be as pathetically vulnerable.
The worst part of it is that I know fanboys wont listen to Kaspersky, Symantec, IBM or any other vendor because of the institutional culture of irresponsibility in regard to that Apple only reinforces, as malware and cybercrime are only Windows problems, amirite?
Apple's idea of patching iTunes involves redownloading the whole program and Quicktime for every .0.0.0.0.1 update. Adobe is no better for Flash or Acrobat. Bit for bit they are orders of magnitude more update-intensive than the entire Windows operating system. Not to mention the amount of user interaction involved e.g. iTunes shortcuts no longer work after an update, even though it should be pointing to an identically-named executable.
>Russian security company? So, in your imaginary world, do they attack macs after having their baby in dinner?
Statistically, most money is lost to eastern Europe and Russia by security / social engineering breaches. Nigeria is up there too of course. So says one of the UK IT security police bods, I forget which.
Though casting aspersions on Kasperksi may be rather unfair.
They all pale into insignificance next to our own banking sector though. No really, shareholders need returns to counterbalance the risks they take.
I downloaded 250 mb iso from them for free including gentoo/ full anti virus to clean a dumb teen's laptop. No strings attached.
I also know that they help people clean their computers for free.
The company which happens to be idol of these sheep didn't ship a cleaner/ security update for people (mostly professionals) who got stuck in pre latest operating system. Later, they figured the stupidity and posted for 10.6 . 10.5? No chance. It is a freaking sh script for God's sake! Even a pdp10 in museum can run it.
Don't you think your black hats aren't aware of these actions? Next wave will hit hard.
So, Kaspersky and ESET (NOD32) are both bad companies because there might be scammers elsewhere in their country, or in nearby poorer ones :)
ESET are in Bratislava, Slovakia where they also make Cayenne/Touareg/Q7 so they'ŗe tarred with that brush too, poor guys, we know it isn't your fault really ;)
But on the plus side they don't farm out their coding to useless 3rd-world body shops for cost or more likely brown-paper-envelope reasons, they have some self-respect ;)
Excellent from Kaspersky to also provide us with a Anti-Virus after a little-big scare!
Reminds me of the eye-phone episode from Futurama:
Man: Then, you, Mr. or Mrs. ... [we hear a soundbite of Fry belching], need the soothing relief of Mom's Caustic Anti-Fungal Bleach!
[The product appears on the screen.]
Fry: Ooh, can I somehow charge it to my eyePhone for an additional fee?
Man (v.o.): Hell, yes!
Yes, I mean, who would have thought that a serious and skilled security professional - the sort of person that you want to listen to about security - would work for a security company.
Or, to put it another way, who would have thought that a software company would employ experts in the area which they specialise?
Near as I can tell, David Emm's qualifications as a "serious and skilled security professional" consist of being employed by Kapersky.
There will be security flaws in OS X that will get exploited. But the anti-virus salespeople have been screaming that the (Mac) sky is falling for a lot of years now with not much evidence that they *aren't* just hawking their software.
The most recent Mac event was (another) hole in Java. That doesn't make me all that upset, except at the people (still) touting Java as safe and secure.
.......................who dares to not be running OSX Lion."
Yes, I have to admit that when I saw that Cupertino was treating Mac owners that do not upgrade to Lion in that way I was fairly astonished. Can you imagine the uproar if MS said "we won't security patch anything older than Win7"?
It depends what version you were on.
My other half was running Leopard. We wanted an install CD to install a completely fresh OSX Lion onto a new drive (Leopard was grinding and acting very slugging - especially for a twin xeon machine with 14gig of ram!). We visited the crApple store and were told we could get a USB stick for £55... We had to pay for the update to Snow Leopard and then the next step to Lion or something like that.
It sounded like a load of bollox to be honest and I wished we'd said we were on Snow Leopard but didn't have an internet connection instead. As did the explanation from one of the geniuses about which graphics card was supported was down to the motherboard she had, not the drivers built into the OS when I was asking if an ATI HD 5750 was supported.
----
As did the explanation from one of the geniuses about which graphics card was supported was down to the motherboard she had, not the drivers built into the OS when I was asking if an ATI HD 5750 was supported.
----
That's not entirely wrong... but they'd have to be using a really old motherboard that only supports AGP for instance :)
Maybe because there is a slight difference in scale here? Just how much malware is there for Windows, and how much for OSX? Sure, that will change but you are talking about a difference of several FACTORS here, something the Microsoft fans are casually ignoring.
Even in terms of botnets do the numbers rather differ.
Yup, the Mac is vulnerable too and I personally disliked the Apple ads for alleging otherwise, but from a risk perspective there is still a vast gap between OSX and Windows.
Having said that, Apple MUST improve their handling of security issues. For a company that is good at marketing and reputation management, their handling of security issues borders on the inept.
Yes there's a difference in scale, but then the Mac market is still orders of magnitude smaller than that of PCs. Not to mention when you rule out viruses that aren't actually propagating any more and combine the multitude of variations on a theme for the latest few (as always happens), there are really only ever a handful of immeadiate threats on the PC landscape at any one time (particularly for a fully patched machine).
The underlying issue is really Apple's attitude to security in general, all too often taking the bury-your-head-in-the-sand approach and pretending all is gloriously well in the Mac world. It's pretty much exactly the attitude Microsoft took ten years ago, before wave after wave of decimating viruses finally kicked them into gear and changed their entire development process to put security front and centre.
They may have had a bad rap in the past (and deservedly so) but since the introduction and enforcement of the Security Development Lifecycle and a strict mantra of "Secure by default", even when that makes something harder to set up, they've also come an exceptionally long way. The Microsoft of today is nothing like the Microsoft of the early 2000's. It would be nice to see Apple embrace that, without all it's users going through the pain period that Windows users already know only too well.
Giggle all you want, but MS has made some serious strides towards a secure product ( I'll grant there have been some missteps ).
Anymore it's not MS product that compromises a machine, but a flaw in the application running on top of MS OSes. Not unlike many vulnerabilities that have hit linux in recent years.
The only complaint I might have with MS's security is the turn around time for releasing patches. I get the mechanics behind it, and understand them, but I still feel they could kick the patches out the door a bit quicker.
MS can push out patches quicker, but as a lot of companies have a bunch of developers working on propriety software for the companies that don't give a damn about the coding practices that Microsoft publish, they cut corners and cobble things together in a haphazard way...
The result is that patches block vulnerabilities that the devs are sometimes exploiting to make their life easier and in return the patch will break their software.....
a more enlightened view is to say the patch shows up the crap that the devs are putting out....
the monthly update cycle of "patch Tuesday" is so that the devs can test and fix their own code before it goes out on the update service.
http://www.sophos.com/mac (I know that isn't the url but if you click the green "Hey Mac user we have free anti-virus" banner on the 404 page it takes you there)
That way you protect your Mac and you don't have to spend any money on Kaspersky. Just because "Macs are secure" doesn't mean they are immune to viruses, and they share files with Windows boxes.
/abouttoforceallmyMacuserstoinstallAV
Quoting Pontius Pilate, even the Rice/ Webber version, may not be regarded as Good Practice. But - well, bugger Good Practice. I'm going to do it anyway.
"We both have Truths. Are mine the same as yours?"
There are, to my poor-witted mind, too many areas where banter or blether becomes perception. Where perception passes into presumption. Where presumption becomes creed, and defined Truth.
Er - what did he say?
Hmmm. Consider, if you will:
All Public Servants sit around all day doing nothing and getting paid a fortune.
All immigrants are bad/ steal our jobs/ can't speak proper English like wot I can.
The Weather Man always gets the Weather wrong.
It always rains on Bank Holidays.
In securty terms, Apple devices are intrinsik... intransit... intestat.... er, are much betterer than PCs.
Just because 'everybody knows', even when 'everybody says' - it don't make it True. Or not True.
While it may be hard to believe, there may well be Public Servants who work hard. And some who may not.
There have been immigrants in the past who not only contributed to those places to which they immigrated, they even made history. There are likely some who will contribute, and maybe even one who will make history, walking through your immigration control right now. And he (or she) probably speaks your language. Maybe betterer than wot you do.
There have been times the Weather Man (or woman) got it right. You got wet, because you ignored them.
There have been dry Bank Holidays.
Apple computers have been infected by viruses in the past. They will likely be infected by viruses in the future. Perhaps surprising to some - so will PCs.
We all have Truths. Maybe we should check them over some time - and wonder why.
"We at Kaspersky would like to sell our bloatware to Mac users, because we need to sell more product." Same as they wanted to flog us anti-virus for our phones a few years back.
Of course Macs are susceptible to malware. But most of the problem is the big lump of flesh and blood sitting in front of the machine.
I remember the days of the Amiga and ST. Mates of mine used to run pirated games and got infected. That was user stupidity for a number of reasons (piracy aside, such infections could be prevented from write protecting a floppy).
Here in 2012 the user problem hasn't gone away (and many Mac users are stupider than most). But as a Mac and PC user, I run AVG on the PC's but the Macs have nothing at the moment.
If I suddenly get asked for my admin account details while browsing a webpage, that usually rings a few alarm bells for me. But when I've had Windows infections the bloody thing had got infected without warning.
"Here in 2012 the user problem hasn't gone away (and many Mac users are stupider than most). But as a Mac and PC user, I run AVG on the PC's but the Macs have nothing at the moment."
Says the guy running AVG. AVG has got to be the worst, insecure, bloated and resource hogging AV product (next to McAfee, Norton and Kaspersky) I've ever come across. I've had so many computers cross my palms with this attempt at an antivirus product. A mac is probably safer without AV.
I'll keep my mac safe with ESET Antivirus (aka NOD32) as and when the threat of increased virus attack arises.
I'll be honest however, I'm surprised at the lack of viruses and other security flaws (yes there are quite a few, but Windows...say no more) that there actually are for a Mac, by now I was expecting a similar level to Windows but clearly there isn't a market for it yet.
> 4 years [...] try that with Windows
Dear sir,
My 11 years old Win2K AV-less machine would like a word with you.
I also have a 6 yo laptop which occasionally boots Vista (there's no penguin-friendly approved tax software here, for example) without any kind of anti-malware, still completely healthy.
What were you saying again?
...and exactly how do you _know_ the machines are un-infected? I had a friend a number of years ago who wasn't running updated av software or anti-spyware on his Windows machine (w2k to be exact) who thought he was doing fine. When he complained to me how his machine didn't seem to be as fast as it used to be, I recommended he run some particular av & anti-spyware programs on it and he found that he was infested with spyware & virii out the wazoo! He thought his machine was clean, until he actually checked it. So how 'bout you run some anti-spyware/av software checks on your "clean" machines and get back to us with the results. The only way they could be truly clean, without protection, is if they were never connected to the internet.
That patterns made me a fair bit of cash in the past - "My machine's running slowly, but I'm running AV so it can't be a virus". Check the AV and it was last updated {insert long time} ago.
The thing is, security is more than action. It's a fucking mindset, you need to understand that there are risks, and make decisions in light of that. Even if there were 0 strains of malware for your OS, you have to accept that one day there might be, so you take steps to protect yourself in advance.
Half the mac-boys in this comments thread fail outright because they can't even get into the mindset of checking, even occasionally to ensure they aren't infected.
@AC 04:57 - If your machine is part of a botnet, who gives a fuck if the resources required to run the AV are 10x that to run the malware? There's this thing called responsibility, use some and clean your machine! Given that we've seen (admittedly, Windows) malware that set itself up as a CP server, do you really want to risk having uninformed plod kicking your door in because you couldn't be arsed to run AV? It's extreme, granted, but there's nothing to say it couldn't happen.
Mines the one with my MBP in the backback. 4yrs, no AV and no malware etc.
The thing that always bothers me, is, how do you know for sure? I've no interest in selling AV, so don't misunderstand where I'm coming from, but how exactly do you know that there's no malware on there.
Can you say for sure that your machine isn't actually a spambot as the result of a rootkit?
A cursory sweep every now and then should be a minimum for any OS. Wouldn't bother paying for an AV suite for such infrequent use, but there's plenty of OSS software out there that you can use that won't eat half your RAM every time you move the mouse.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
