When more than 600,000 Mac users were under siege last month by the Flashback malware infecting their systems, officials at Kaspersky Lab were among the most vocal critics of Apples response to the security problem.
They and security experts from other organizations chastised Apple for the two-month delay between the time Oracle issued a patch in February for Windows and other systems for the Java vulnerability exploited by Flashback and when Apple issued its own patch in early April, by which time the malware was relatively widespread. They also noted that it took Apple longerin some instances, daysthan security software vendors to issue a tool for users that would detect and remove the malware from Macs.
Like other researchers, those at Kaspersky said that Apple Mac users have been lulled into thinking that the Max OS X operating system was much more secure than Windows, almost to the point of invulnerability. However, the rising popularity with Macs will bring with it greater attention from cyber-criminals, the security researchers said.
It led CEO Eugene Kaspersky to say in late April that Apple is 10 years behind Microsoft in terms of security. ¦ Welcome to Microsofts world, Mac. It’s full of malware. Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on.
Last week, Kaspersky was again talking about Apple, this time saying he was a little bit disappointed ¦ Apple wont let us develop antivirus software for iOS devices, including iPhones and iPads. In an interview with The Register news site, he warned thatlike with Macs and Mac OS Xthe rapidly growing popularity in the iOS devices will mean that criminals increasingly will target the operating system.
We as a security company are not able to develop true endpoint security for iOS, Kaspersky told The Register. That will mean disaster for Apple.
However, he said, right now, hackers are content to hit up other platforms that are less complicated than iOS.
They are happy with Windows computers, Kaspersky said. Now, they are happy with Mac. They are happy with Android. It is much more difficult to infect iOS, but it is possible and when it happens, it will be the worst-case scenario because there will be no protection. The Apple SDK wont let us do it.
And when it happens, it will less likely be done directly through iOS and more likely through compromising legal software that is downloaded onto the devices. It is almost impossible to develop malware which does not use vulnerabilities. The only way is to inject it into the source code of legal software. It will take place in a marketplace and then there will be millions or tens of millions of devices, he said.
And because Apple refuses to let Kaspersky or other security software vendors develop antivirus software for the devices, the company is putting itself at risk, he said. Kaspersky envisions a time when an attack on iOS occurs, and the result is declining market share for the tech company and a corresponding spike for Googles Android, a mobile operating system that itself is under a lot of attacks. A report in February from Juniper Networks noted that malware targeting Android grew 3,325 percent in the last seven months of 2011.
However, Kaspersky sees trouble ahead for iOS, saying to The Register that he has bet with friends that Android will have 80 percent of the market by 2015, due in large part to security issues on other platforms.