Security Professionals Continue to Be Critical of Apple

By Jeffrey Burt  |  Posted 2012-04-15 Print this article Print

Other security professionals took issue with Apple. In an April 13 post on Sophos€™ NakedSecurity blog, Paul Ducklin, the company€™s head of technology for the Asia-Pacific region, took issue with the lack of information from Apple around its removal tool.

€œI'd love to tell you more about the Flashback remover supplied by Apple, but I'm afraid I don't know how,€ Ducklin wrote. €œThere's no documentation about it; there's no information about how to run it by hand in the future, or how it works, or what variants of the malware it finds; and€”at least on my uninfected 10.6 computer€”it didn't give any visual indication that it had run at all. (Three words for Apple about security bulletins: promptness, clarity and openness.)€

Some also suggested Apple needs to learn how to work better with the security community, particularly given that the number of attacks on Apple products are expected to increase. Boris Sharov, Dr. Web€™s CEO, told that not only did Apple never contact him after he gave them the information he had about the Flashback malware, but that at one point Apple asked a Russian registrar to shut down a domain that Dr. Web had set up and was using in a €œsinkhole€ operation to monitor the malware and lessen its impact. Sharov said he thought it was an honest mistake, but that it illustrated how Apple needs to improve how it relates to outside security experts.

€œThey told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren€™t the ones controlling it and not doing any harm to users,€ Sharov told Forbes. €œThis seems to mean that Apple is not considering our work as a help. It€™s just annoying them.€

If the security experts are correct, Apple will have plenty of chances in the future to interact with the security community. In an April 9 post on Kaspersky€™s SecureList blog, security expert Costin Raiu said cyber-criminals will continue to target Apple systems.

€œAt the beginning of 2012, we predicted an increase in the number of attacks on Mac OS X which take advantage of zero-day or unpatched vulnerabilities,€ Raiu wrote. €œThis is a normal development, which happens on any other platform with enough market share to guarantee a return on investment for virus writers, so Mac OS X fans shouldn€™t be disappointed because of this. During the next few months, we are probably going to see more attacks of this kind, which focus on exploiting two main things: outdated software and the user€™s lack of awareness.€



Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel