Mac OS X Security to Be Vetted by Kaspersky Labs

By Lisa Vaas  |  Posted 2012-05-14 Print this article Print

Kaspersky CTO Grebennikov called the OS "really vulnerable" and pointed to the Flashback botnet as proof that the company's asleep at the wheel.

Apple is asking Kaspersky Labs to analyze security on its Mac OS X platform, Kaspersky Labs CTO Nikolai Grebennikov has told Computing magazine.

It€™s a good thing, Grebennikov told Computing, seeing as how Apple "doesn't pay enough attention" to security and given that its OS is basically a sitting duck.

"Mac OS is really vulnerable," Grebennikov said, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities and the malware targeting it.€ Apple did not return a call placed before this article was published that sought confirmation that it will be working with Kaspersky Labs to improve Mac OS X security.

Grebennikov pointed to a Java vulnerability that led to a major Mac botnet as proof of Apple's inattention to security.

That botnet was spawned by Flashback malware, aka Trojan BackDoor.Flashback, which was discovered by antivirus company Intego last September. Flashback at one point infected as many as 700,000 Macs worldwide. Late last month, it also spawned a variant, Flashback.S that managed to install without a password.

Where was Apple all that time? Not issuing patches, that's where, Grebennikov said, and blocking Oracle from fixing Java on top of that.

"Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves. They only released the patch a few weeks ago€”two or three months after the Oracle patch. That's far too long," he told Computing.

Apple issued a set of patches in early April: one on April 3 for Snow Leopard and Lion and a second update on April 7 that was apparently only available for Lion, perhaps because Apple discovered some glitches in the first patch.

Computing pointed out that criticizing Apple security appears to have been a successful way for Kaspersky to get Apple on board as a client. A year ago, Grebennikov told the magazine that there's no way Apple could keep iOS secure without outside expertise.

Grebennikov admitted that no iOS-specific malware has actually been spotted, but he expects that we'll see that change in the coming year. He has grounds for his expectations: Apple's latest update to iOS, iOS 5.1.1, fixed three serious security problems within the family of Mac personal gadgets, iPhone, iPod Touch and iPad.

"Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS," he told Computing.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel