Mac OS X Security to Be Vetted by Kaspersky Labs

 
 
By Lisa Vaas  |  Posted 2012-05-14
 
 
 

Apple is asking Kaspersky Labs to analyze security on its Mac OS X platform, Kaspersky Labs CTO Nikolai Grebennikov has told Computing magazine.

It€™s a good thing, Grebennikov told Computing, seeing as how Apple "doesn't pay enough attention" to security and given that its OS is basically a sitting duck.

"Mac OS is really vulnerable," Grebennikov said, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities and the malware targeting it.€ Apple did not return a call placed before this article was published that sought confirmation that it will be working with Kaspersky Labs to improve Mac OS X security.

Grebennikov pointed to a Java vulnerability that led to a major Mac botnet as proof of Apple's inattention to security.

That botnet was spawned by Flashback malware, aka Trojan BackDoor.Flashback, which was discovered by antivirus company Intego last September. Flashback at one point infected as many as 700,000 Macs worldwide. Late last month, it also spawned a variant, Flashback.S that managed to install without a password.

Where was Apple all that time? Not issuing patches, that's where, Grebennikov said, and blocking Oracle from fixing Java on top of that.

"Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves. They only released the patch a few weeks ago€”two or three months after the Oracle patch. That's far too long," he told Computing.

Apple issued a set of patches in early April: one on April 3 for Snow Leopard and Lion and a second update on April 7 that was apparently only available for Lion, perhaps because Apple discovered some glitches in the first patch.

Computing pointed out that criticizing Apple security appears to have been a successful way for Kaspersky to get Apple on board as a client. A year ago, Grebennikov told the magazine that there's no way Apple could keep iOS secure without outside expertise.

Grebennikov admitted that no iOS-specific malware has actually been spotted, but he expects that we'll see that change in the coming year. He has grounds for his expectations: Apple's latest update to iOS, iOS 5.1.1, fixed three serious security problems within the family of Mac personal gadgets, iPhone, iPod Touch and iPad.

"Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS," he told Computing.

Rocket Fuel