Mac OS X Security to Be Vetted by Kaspersky Labs
Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
Apple is asking Kaspersky Labs to analyze security on its Mac OS X platform, Kaspersky Labs CTO Nikolai Grebennikov has told Computing magazine.
It s a good thing, Grebennikov told Computing, seeing as how Apple "doesn't pay enough attention" to security and given that its OS is basically a sitting duck.
"Mac OS is really vulnerable," Grebennikov said, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities and the malware targeting it. Apple did not return a call placed before this article was published that sought confirmation that it will be working with Kaspersky Labs to improve Mac OS X security.
Grebennikov pointed to a Java vulnerability that led to a major Mac botnet as proof of Apple's inattention to security.
That botnet was spawned by Flashback malware, aka Trojan BackDoor.Flashback, which was discovered by antivirus company Intego last September. Flashback at one point infected as many as 700,000 Macs worldwide. Late last month, it also spawned a variant, Flashback.S that managed to install without a password.
Where was Apple all that time? Not issuing patches, that's where, Grebennikov said, and blocking Oracle from fixing Java on top of that.
"Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves. They only released the patch a few weeks ago two or three months after the Oracle patch. That's far too long," he told Computing.
Apple issued a set of patches in early April: one on April 3 for Snow Leopard and Lion and a second update on April 7 that was apparently only available for Lion, perhaps because Apple discovered some glitches in the first patch.
Computing pointed out that criticizing Apple security appears to have been a successful way for Kaspersky to get Apple on board as a client. A year ago, Grebennikov told the magazine that there's no way Apple could keep iOS secure without outside expertise.