Print 65 comment(s) - last by sarfralogy.. on Apr 30 at 1:12 PM

Kaspersky says Apple needs to change its approach to updates and patches for its machines

Computer security company Kaspersky Labs said that Apple is at least 10 years behind Microsoft when it comes to security.

Eugene Kaspersky, co-founder of Kaspersky Lab, discussed the security of both PCs and Macs at the Info Security 2012 event. He concluded that Apple's security is far behind Microsoft's, and that Apple will need to change its ways when it comes to updates and patches.

According to Kaspersky, Macs are becoming increasingly targeted by malware due to increased Mac sales. In Q2 2012, Apple sold 4 million Macs, which was a 7 percent boost from Q2 2011. Cyber criminals are starting to notice that these computers are becoming more popular and are easy targets for malware attacks.

Earlier this month, Apple finally admitted that its machines have been prone to malware problems. It has had issues with Flashback trojan, also known as Flashfake. This particular trojan disguises itself as an install Java applet on hijacked sites, and when users approve it, the trojan runs a piece of code that exploits a flaw in Java to remove OS X's anti-malware abilities. It also installs alternative control programs, turning the machines into bots.

"Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on," said Kaspersky. "We now expect to see more and more because cyber criminals learn from success and this was the first successful one.

"They will understand very soon that they have the same problems Microsoft had ten or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software. That's what Microsoft did in the past after so many incidents like Blaster and the more complicated worms that infected millions of computers in a short time. They had to do a lot of work to check the code to find mistakes and vulnerabilities. Now it's time for Apple [to do that]."

According to Kaspersky, Flashback infected about 600,000 machines worldwide (approximately 3,000 in the U.S.) at its peak where 98 percent of these machines were Macs.

"I think they are ten years behind Microsoft in terms of security," said Kaspersky. "For many years I've been saying that from a security point of view there is no big difference between Mac and Windows. It's always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms."

Source: CBR

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By IronChef75 on 4/26/2012 7:48:47 AM , Rating: 5
My Mac is impervious. The ghost of Steve is my guardian angel. The unworthy who got themselves infected didn't have faith in Steve the Almighty. It's their own fault.

RE: Nonsense
By IronChef75 on 4/26/2012 7:58:21 AM , Rating: 5
Or they were holding it in the non-Steve approved fashion.

RE: Nonsense
By dani31 on 4/26/12, Rating: -1
RE: Nonsense
By IronChef75 on 4/26/2012 8:11:31 AM , Rating: 5
Silence! I kill you!

RE: Nonsense
By Motoman on 4/26/2012 10:22:56 AM , Rating: 5
Lol. Flawless victory!

RE: Nonsense
By Ramtech on 4/26/2012 10:41:39 AM , Rating: 5
For those who don't know about what they are talking about

RE: Nonsense
By Etern205 on 4/27/2012 5:48:53 PM , Rating: 2
Jingle bombs is the best!

RE: Nonsense
By tayb on 4/26/2012 8:40:55 AM , Rating: 5
Honestly if you get any virus, on any OS, it is most likely your own fault...

RE: Nonsense
By Lonyo on 4/26/12, Rating: -1
RE: Nonsense
By StevoLincolnite on 4/26/2012 9:33:01 AM , Rating: 5
But then how do you know if you don't/do have a virus if you have nothing to detect it with?

RE: Nonsense
By lyeoh on 4/26/12, Rating: -1
RE: Nonsense
By Motoman on 4/26/2012 10:25:29 AM , Rating: 5

Aw screw it. Not worth the effort. Can't fix stupid.

RE: Nonsense
By tayb on 4/26/2012 10:32:56 AM , Rating: 2
For real??

RE: Nonsense
By sigmatau on 4/26/2012 2:00:42 PM , Rating: 2
The last AV you used must have been one from 2000 or so and Norton.

RE: Nonsense
By Close04 on 4/27/2012 4:10:25 AM , Rating: 2
No AV software can slow an Apple down. Infidel.
For that matter, no SW can slow an Apple down. They just keep going, that's why you pay for them right?

RE: Nonsense
By jimbojimbo on 4/26/2012 12:01:25 PM , Rating: 2
That is such a stupid comment!! I suppose if you're not sick now you don't need healthcare insurance either. Or how about your car isn't in an accident now so you don't need auto insurance either. Don't use condoms either if you don't have an STD. Man, you're dumb!

RE: Nonsense
By IronChef75 on 4/26/2012 8:59:50 AM , Rating: 2
Wholeheartedly agree. For this reason it is highly irresponsible for Apple to promote their OS as impenetrable. People stupid enough to believe it are even more likely to behave in a less security conscious manner.

RE: Nonsense
By bupkus on 4/26/2012 9:17:27 AM , Rating: 3
quote: is highly irresponsible for Apple to promote their OS as impenetrable
I'm no attorney but couldn't this be considered a false claim by Apple such that it could be vulnerable to a class action?
Enough people lose enough money doing online banking, etc, with using their unprotected Macs and serious life changing financial losses could precipitate angry litigants.

RE: Nonsense
By StevoLincolnite on 4/26/2012 9:34:33 AM , Rating: 2
Yes it could as Apple engaged in false advertising.
Even at the time when they were running those adverts they had infections in the wild.

RE: Nonsense
By tayb on 4/26/12, Rating: -1
RE: Nonsense
By kleinma on 4/26/2012 11:01:35 AM , Rating: 5
I think Apple themselves have proved that anything at all is lawsuit worthy.

RE: Nonsense
By yomamafor1 on 4/26/2012 11:24:23 AM , Rating: 2
Actually, Apple's advertisement was, "Mac doesn't get PC viruses ". Apple has never said anything about Mac not getting any viruses, just that they don't get any PC viruses.

Although that is borderline false advertisement, technically they haven't advertised anything that's not true (other than it being magical). That's why I think Apple marketing team have some of the smartest, most devious people on Earth.

RE: Nonsense
By amanojaku on 4/26/2012 11:40:04 AM , Rating: 3
Actually, Apple's advertisement was, "Mac doesn't get PC viruses.

RE: Nonsense
By inighthawki on 4/26/2012 12:02:21 PM , Rating: 2
While technically it is a PC, their advertising ads over the years have been an attempt to tell users that they are in fact not. Hence the "I'm a PC, and I'm a Mac," implying that there is a difference. If your same ads attempt to advertise that you don't get PC viruses, I don't see any problem because they've clearly stated at the beginning that they are not the same.

RE: Nonsense
By acer905 on 4/26/2012 12:37:49 PM , Rating: 4
If Apple claims that a Mac doesn't get PC viruses... but marketshare analysts like Canalys lump the iPad into the PC world to say Apple has a huge presence in the PC Market, then can you infer that an iPad should get PC viruses? lol

RE: Nonsense
By rika13 on 4/30/2012 3:21:22 AM , Rating: 3
Even that is untrue, macro viruses don't care about little things like operating system or processor architecture. As long as you have a program that can run the macro (like MS Office), it will gladly bring chaos, strife, and ruin. It is also possible to create viruses that execute outside the OS, sorta like a hypervisor, so if said Mac user loads his copy of Boot Camp, gets infected, his OS X stuff gets infected too. It might be possible with such a virus to throw in a second version of the code for multiplying via OS X and Linux and you got a multi-platform virus.

RE: Nonsense
By Reclaimer77 on 4/26/2012 10:24:22 AM , Rating: 5
Honestly if you get any virus, on any OS, it is most likely your own fault...

True but that's no excuse for relying on anonymity for security. MS doesn't sit on their laurels and tell people they're at fault for being infected. The UAC, malicious software removal tool and hell they even made their own anti-virus program Security Essentials.

RE: Nonsense
By tayb on 4/26/2012 10:31:04 AM , Rating: 1
Apple doesn't rely solely on anonymity for security . Depending on your security preferences you can be asked to type your password before software is allowed to be installed. This is something that I've suggested to MS at every level of beta since Windows Vista. They aren't nearly as vigilant as MS but they haven't had to be. There flat out just aren't nearly as many viruses written for OS X.

RE: Nonsense
By Reclaimer77 on 4/26/2012 10:48:28 AM , Rating: 3
lol that's been a standard practice in Linux OS's from as far back as I can remember. I would hardly call that advancing desktop security on Apple's part.

This is something that I've suggested to MS at every level of beta since Windows Vista.

No offense but I'm glad they have ignored your suggestion. Why on Earth would you want to remember, and type, a password frequently when you can just click a UAC prompt to achieve the same goal?

The UAC is even better because the Unix/Linux password method ONLY functions when YOU take an action. There is no active safeguard against something attempting to gain root access behind your back. UAC on the other hand will notify you when any attempt to gain root/system access takes place. Also a little known fact, but when the UAC prompt pops up and the screen dims, Windows enters a "secure desktop" mode where NO program can run until you make your choice.

Also your suggestion is a bit redundant because you actually CAN make the UAC also function with password. However a good suggestion would be to make this process a bit easier and intuitive to the end user, I agree.

RE: Nonsense
By tayb on 4/26/12, Rating: -1
RE: Nonsense
By Reclaimer77 on 4/26/2012 11:12:59 AM , Rating: 2
That should be much easier to enable or disable. Why isn't it right next to the UAC slider??

Agree. Well Microsoft got really serious about security some time ago. But what they found was that if you go TOO secure, it turns people off. Remember all the Vista complaints about the UAC? And that was a more toned down version of what they originally wanted to do.

Also from a customer support view, I'm sure not requiring a password cut out some millions of calls from people who can't install something because they "forgot" their password lol.

I think requiring a password in the "UAC state" is more secure. Imagine a scenario where I leave my laptop unattended for some unknown reason. Guy comes over, pops in his flash drive, and installs a malicious program. Password prompt inside UAC stops that from happening. I think this style of attack is called the "evil maid" attack.

Now this is valid of course. Having an OS that's secure from physical intrusions is novel. I would hope IT departments are pushing the UAC password state. I would actually be interested in knowing how widespread, if at all, that practice is.

RE: Nonsense
By tayb on 4/26/12, Rating: 0
RE: Nonsense
By Reclaimer77 on 4/26/2012 11:33:00 AM , Rating: 2
Well with account policy settings IT departments can lock down the Windows OS to an absurd degree. You can even make it so that there is NO access to the USB ports at all.

Forgotten passwords... ugh... I do web apps (CRM/ERP) and I cannot tell you how many times I get emails about forgotten passwords. How?!? Perhaps that is why Microsoft hid it.

ehehe you know it man. Those damn passwords lol.

I didn't even know it existed.

Truthfully neither did I. But I KNEW Windows was insanely customizable and there's practically nothing you can't do with it, so I Googled how to do it and viola lol.

RE: Nonsense
By Pirks on 4/26/2012 11:52:46 AM , Rating: 3
That should be much easier to enable or disable. Why isn't it right next to the UAC slider?
Why should they put some redundant slider when this functionality already works 100%? Just use your PC under user account, not under admin account, and evil maid will always fail. Why? 'Cause if you're under user account Windows always asks for password whenever UAC prompt comes up. See, MS is actually much smarter than you think.

RE: Nonsense
By tng on 4/26/2012 10:53:33 AM , Rating: 5
You have just addressed the real issue.

Allot of the people that buy Macs buy them because of the form factor (Mac Air) or the exclusive persona they think that it gives them. They also think that viruses are something that only Windows PCs get, so they will click on any prompt and download, because Macs don't get viruses do they?

RE: Nonsense
By djdjohnson on 4/26/2012 11:16:12 AM , Rating: 2
The problem with that approach (and MS is guilty of this too) is that the assumption is that you are only installing software if it is attempting to put it in a common area of the system, like the Applications folder on Mac, or the Program Files folder on Windows. Both systems are still perfectly happy to run unsigned, unverified code in user-owned folders, like the desktop or your Documents folder. I know that even code signing doesn't prevent malware (the bad guys could get a certificate too), but the idea that requiring a password (or even a UAC prompt) to install software will prevent malware from being installed is just plain false.

Google Chrome is a great example of an application that runs out of user-owned folders. At least on Windows, anyway, it installs for each user and doesn't attempt to put anything into the Program Files folder. So it technically never requires a UAC prompt. I haven't investigated how it does it on the Mac, but the same thing applies... it could run out of a folder that is owned by the current user and no permission would ever be required to install it that way.

Both Windows and OS X are vulnerable here. Neither one has come up with a magic solution to prevent this.

RE: Nonsense
By Reclaimer77 on 4/26/2012 11:41:14 AM , Rating: 2
But that doesn't matter because without Administrator elevation, nothing can effect your system anyway no matter what folder it's trying to run out of.

but the idea that requiring a password (or even a UAC prompt) to install software will prevent malware from being installed is just plain false.

This is correct. However in reality it doesn't matter, again. It can install, sure. But unless you're using the Administrator as a USER account (extremely bad practice), the software will still require UAC confirmation to ACCESS and alter system files etc etc.

RE: Nonsense
By Motoman on 4/26/2012 10:24:10 AM , Rating: 3
...especially if you think your computer is "magically" immune to viruses, and as such, don't even bother to have an antivirus utility.

<looks at essentially every Mac user in the world>

...yeah, that'd be you special folks.

RE: Nonsense
By kleinma on 4/26/2012 10:58:46 AM , Rating: 2
I have seen drive by malware attacks that infect the PC with 0 user interaction when the user goes to a legit site that just happens to have ads that someone wiggled malicious code into.

Granted most infections are because people are stupid and open email attachments or click links from strangers, but it isn't 100% of the time.

RE: Nonsense
By CalaverasGrande on 4/26/2012 3:05:21 PM , Rating: 2
that isn't true. I work in enterprise IT. I have seen a number of valid sites, with non-adult content, that had been compromised by hackers. In fact they don't even need to hack the site itself, but rather the ad servers. Most sites these days allow "foriegn" content to run in the paid ad areas of their site. Most ads are "active" in tht they have some kind of scripting or programmatic content which has executeablity.
If hackers can simply modify the ad's code base they can make it download malicious code. There was a well known sports website last year that had some infected ads. Myspace was also notorious for this.

RE: Nonsense
By Loveless on 4/26/2012 10:01:29 AM , Rating: 5
They aren't viruses, they're features. Third-party supplied features.

RE: Nonsense
By Arsynic on 4/26/2012 9:56:47 AM , Rating: 2
They are using it wrong. This is what happens when you go to non-Apple sanctioned web sites.

RE: Nonsense
By Tony Swash on 4/26/12, Rating: -1
RE: Nonsense
By loboracing on 4/26/2012 10:25:25 AM , Rating: 2
" The greater the chances Windows survives, the greater the risks the Internet itself doesn't survive. It's as simple as that."


RE: Nonsense
By Pirks on 4/26/2012 11:57:58 AM , Rating: 2
Yeah I stopped reading right there when I read it. The author is an idiot obviously if he writes this, so why bother reading further? :)

RE: Nonsense
By Reclaimer77 on 4/26/2012 1:07:40 PM , Rating: 3
This is Tony's problem. He's steeped in authoritative and informative sounding pro-Apple propaganda by loonies and idiots like this.

Garbage in, garbage out. I won't even dignify that link by weeding through the dozens of red hearings, non-sequitors, and straw men that are used to prop up every single bad "point".

RE: Nonsense
By tng on 4/26/2012 11:03:18 AM , Rating: 2
Yeah, that was some objective, non-biased "journalism".

Do you really believe that stuff? Even an Apple fanatic must at some point read something like that and say that it is not only biased, but just plain propaganda...

RE: Nonsense
By Cheesew1z69 on 4/27/2012 12:11:34 AM , Rating: 2
It's Tony, of course he believes it...

RE: Nonsense
By Helbore on 4/26/2012 11:24:14 AM , Rating: 2
Misleading comments
By Argon18 on 4/26/12, Rating: 0
RE: Misleading comments
By borismkv on 4/26/2012 9:52:40 PM , Rating: 2
If you make a batch file that containts format c: it will fail. Windows doesn't allow you to format a system disk anymore, and hasn't for over 12 years.

But since you're using the narrow definition of the word "Virus" go ahead and name the last major virus outbreak on Windows computers. I mean, you know *so* much about this subject.

Unless you don't, which is actually the case. Modern outbreaks (using the narrow Virus definition) are almost non-existent now because most infections are hybrids of *multiple* definitions for malicious software, or any kind of software that is designed with malicious intent in mind. A single piece of malware can use any number of techniques including self-replication, social engineering, etc. But since you haven't used anything but Linux or OSX since...ever, I imagine you don't actually know a damn thing about security and are just yanking crap off Wikipedia and pretending.

RE: Misleading comments
By borismkv on 4/26/2012 9:53:55 PM , Rating: 3
Windows doesn't allow you to format a system disk anymore

Slight correction, it doesn't let you format a system disk while the OS is running. You have to boot from another source in order to format a system disk.

RE: Misleading comments
By GatoRat on 4/26/2012 10:40:17 PM , Rating: 3
Surely you are aware that the first virus was on UNIX. There have, in fact, been many computer viruses on UNIX. All operating systems that communicate with other operating systems are vulnerable. No exceptions.

RE: Misleading comments
By adiposity on 4/27/2012 1:23:52 PM , Rating: 2
In all seriousness, Macs do not get viruses. Nor does Linux. Nor does any commercial UNIX. They never have and they never will. Windows is the only OS plagued by viruses.

A computer virus is any "app" that can spread itself (typically without user consent). As such, your statement above is bunk. It has been a very long time since windows users have seen the kind of viruses that would attach themselves to EXEs and spread through that method. On the other hand, network spreadable viruses are an issue on windows. E-mail spreadable viruses are even worse.

If you think Mac OS or Linux are free from network/e-mail spreadable viruses you are either deluded or uninformed. They are just as vulnerable as any OS if an exploit is found (which they have been, many times on Mac and Linux).

Yes, trojans tend to be more of an issue because people are easy to trick. And trojans don't require sophistication, although more than "format c:" is required. But computer viruses, in the original sense of the word still exist and can affect all platforms.

If anything, Mac is more safe because of the low numbers of Macs. It is difficult to spread when you can't find the next host to jump to.

By Etern205 on 4/26/2012 12:38:08 PM , Rating: 3
Apple zealots are brainwashed to a point, they portray Apple as being the good guy. The one who helps them out, when it's Apple fault in the first place for not stepping up with its security.

Apple Zealot: My Apple system got a virus!
Apple: We will help you out!
Apple Zealot: All hail to almighty Stevie!

RE: Brainwashed
By Cheesew1z69 on 4/27/2012 12:16:22 AM , Rating: 3
It's more like :

Apple Zealot: My Apple system got a virus!
Apple: Lies! You don't get them! You are holding it wrong!
Apple Zealot: Oh! Ok! Thanks Apple, you are the best! <frolics through the rainbow tulips where unicorns are grazing>

Wait, 3000 in the US?
By Colin1497 on 4/26/2012 9:47:19 AM , Rating: 2
Does that make sense?

RE: Wait, 3000 in the US?
By B3an on 4/29/2012 2:57:18 AM , Rating: 2
Must be a typo. The correct number is 300,000 infected Macs in the US.

Can you say...
By masamasa on 4/26/2012 12:43:54 PM , Rating: 2

Anything for Mobile Hacking
By vikramadhiman on 4/27/2012 8:23:48 AM , Rating: 2
With the rise in hacking related instruments : ATMs, Mobile Phones, iPODs and so on [saw that on this course on WizIQ] companies like Kasperesky are going to reap big benefits for sure. Its a sure stock to bet on.

It just works!
By Ammohunt on 4/28/2012 9:36:23 PM , Rating: 2
...for hackers and trojan writers.

By sarfralogy on 4/30/2012 1:12:46 PM , Rating: 2
In news broken by Fosspatents and Reuters, Apple CEO Tim Cook and and Samsun CEO Choi Gee-sung have agreed to meet in mid-May to discuss a settlement in the patent infringement case that Apple brought against Samsung and its like of Galaxy smartphones and tablets.

This is Obvious
By sarfralogy on 4/26/2012 3:17:31 PM , Rating: 1
Apple is now entering the same world as Microsoft has been in for more than 10 years. We now expect to see more and more because cyber criminals learn from success and this was the first successful one

Mac malware
By djdjohnson on 4/26/12, Rating: 0
RE: Mac malware
By tayb on 4/26/12, Rating: 0
"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki