backtop


Print 65 comment(s) - last by sarfralogy.. on Apr 30 at 1:12 PM

Kaspersky says Apple needs to change its approach to updates and patches for its machines

Computer security company Kaspersky Labs said that Apple is at least 10 years behind Microsoft when it comes to security.

Eugene Kaspersky, co-founder of Kaspersky Lab, discussed the security of both PCs and Macs at the Info Security 2012 event. He concluded that Apple's security is far behind Microsoft's, and that Apple will need to change its ways when it comes to updates and patches.

According to Kaspersky, Macs are becoming increasingly targeted by malware due to increased Mac sales. In Q2 2012, Apple sold 4 million Macs, which was a 7 percent boost from Q2 2011. Cyber criminals are starting to notice that these computers are becoming more popular and are easy targets for malware attacks.

Earlier this month, Apple finally admitted that its machines have been prone to malware problems. It has had issues with Flashback trojan, also known as Flashfake. This particular trojan disguises itself as an install Java applet on hijacked sites, and when users approve it, the trojan runs a piece of code that exploits a flaw in Java to remove OS X's anti-malware abilities. It also installs alternative control programs, turning the machines into bots.

"Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on," said Kaspersky. "We now expect to see more and more because cyber criminals learn from success and this was the first successful one.

"They will understand very soon that they have the same problems Microsoft had ten or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software. That's what Microsoft did in the past after so many incidents like Blaster and the more complicated worms that infected millions of computers in a short time. They had to do a lot of work to check the code to find mistakes and vulnerabilities. Now it's time for Apple [to do that]."

According to Kaspersky, Flashback infected about 600,000 machines worldwide (approximately 3,000 in the U.S.) at its peak where 98 percent of these machines were Macs.

"I think they are ten years behind Microsoft in terms of security," said Kaspersky. "For many years I've been saying that from a security point of view there is no big difference between Mac and Windows. It's always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms."

Source: CBR



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Nonsense
By Reclaimer77 on 4/26/2012 10:48:28 AM , Rating: 3
lol that's been a standard practice in Linux OS's from as far back as I can remember. I would hardly call that advancing desktop security on Apple's part.

quote:
This is something that I've suggested to MS at every level of beta since Windows Vista.


No offense but I'm glad they have ignored your suggestion. Why on Earth would you want to remember, and type, a password frequently when you can just click a UAC prompt to achieve the same goal?

The UAC is even better because the Unix/Linux password method ONLY functions when YOU take an action. There is no active safeguard against something attempting to gain root access behind your back. UAC on the other hand will notify you when any attempt to gain root/system access takes place. Also a little known fact, but when the UAC prompt pops up and the screen dims, Windows enters a "secure desktop" mode where NO program can run until you make your choice.

Also your suggestion is a bit redundant because you actually CAN make the UAC also function with password. However a good suggestion would be to make this process a bit easier and intuitive to the end user, I agree.

http://www.sevenforums.com/tutorials/77389-uac-req...


RE: Nonsense
By tayb on 4/26/12, Rating: -1
RE: Nonsense
By Reclaimer77 on 4/26/2012 11:12:59 AM , Rating: 2
quote:
That should be much easier to enable or disable. Why isn't it right next to the UAC slider??


Agree. Well Microsoft got really serious about security some time ago. But what they found was that if you go TOO secure, it turns people off. Remember all the Vista complaints about the UAC? And that was a more toned down version of what they originally wanted to do.

Also from a customer support view, I'm sure not requiring a password cut out some millions of calls from people who can't install something because they "forgot" their password lol.

quote:
I think requiring a password in the "UAC state" is more secure. Imagine a scenario where I leave my laptop unattended for some unknown reason. Guy comes over, pops in his flash drive, and installs a malicious program. Password prompt inside UAC stops that from happening. I think this style of attack is called the "evil maid" attack.


Now this is valid of course. Having an OS that's secure from physical intrusions is novel. I would hope IT departments are pushing the UAC password state. I would actually be interested in knowing how widespread, if at all, that practice is.


RE: Nonsense
By tayb on 4/26/12, Rating: 0
RE: Nonsense
By Reclaimer77 on 4/26/2012 11:33:00 AM , Rating: 2
Well with account policy settings IT departments can lock down the Windows OS to an absurd degree. You can even make it so that there is NO access to the USB ports at all.

quote:
Forgotten passwords... ugh... I do web apps (CRM/ERP) and I cannot tell you how many times I get emails about forgotten passwords. How?!? Perhaps that is why Microsoft hid it.


ehehe you know it man. Those damn passwords lol.

quote:
I didn't even know it existed.


Truthfully neither did I. But I KNEW Windows was insanely customizable and there's practically nothing you can't do with it, so I Googled how to do it and viola lol.


RE: Nonsense
By Pirks on 4/26/2012 11:52:46 AM , Rating: 3
quote:
That should be much easier to enable or disable. Why isn't it right next to the UAC slider?
Why should they put some redundant slider when this functionality already works 100%? Just use your PC under user account, not under admin account, and evil maid will always fail. Why? 'Cause if you're under user account Windows always asks for password whenever UAC prompt comes up. See, MS is actually much smarter than you think.


RE: Nonsense
By tng on 4/26/2012 10:53:33 AM , Rating: 5
You have just addressed the real issue.

Allot of the people that buy Macs buy them because of the form factor (Mac Air) or the exclusive persona they think that it gives them. They also think that viruses are something that only Windows PCs get, so they will click on any prompt and download, because Macs don't get viruses do they?


"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki