Feeds

back to article Kaspersky: Apple security is like Microsoft's in 2002

Apple customers are more at risk from malware now because of their misconception that their iDevices and Macs are secure and because of Apple's poor attitude to security, according to experts. David Emm, senior security researcher at Kaspersky Lab told The Reg that Apple had cultivated the image of the Mac as intrinsically safer …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

The end is coming! Quick, buy our products before it arrives, or be lost forever!

18
11
Anonymous Coward

It's OK little guy... You just keep saying your nightly prayer to St. Steve and the big bad viruses won't get you.

23
15
FAIL

Once a year.

Once a year we get a 'security' company (do people seriously trust a Russian security company?) telling us our Macs are doomed and we need to buy their products.

This is followed by the haters -they're the ones with piss-stained trousers staggering down the street- jeering (whilst spending half their lives cleaning malware off their Windows XP machines).

And precisely nothing happens. No Windows-style botnet, not malware, nothing.

12 months later, rinse and repeat.

5
26
Flame

Re: Once a year.

Kapersky are one of the better firms actually.

The Apple crowd really need to learn that the whole 'nah nah nah' fingers in the ears approach wont work. Historically its NEVER worked for ANYONE.

Not a Hater

Not A MS or Linux Fanboi

Just a realist. More people use Macs, the more of a target it becomes. The more people deny there is an issue the more likeley it is someone is going to stuff up and stuff up big. By being responsible now a lot of money and heartache can be saved down the road but it *might* damage Apple's image and at the end of the day thats whats this is all about.

Step down from your podium Apple and edducate your users. Take one on the chin and those same users will be crowing years from now, about how you prevented IOS/MacOS becomming the same mess Windows is now.

Or just continue denying it till something akin to Code Red or Mimda takes you down by force because it really is when, not if.

Icon, well reason never worked before.

18
1
Anonymous Coward

Re: Once a year.

what drivel...

people have been saying if for years, never mind Russian security experts, (and why not trust a Russian security company? are you a racist?), that as soon as apple have a large enough market share then the virus & malware authors will turn the attention to them.

and guess what? .... its started....

and FYI, In the last year, and a lot longer, I have spent exactly 0 hours and 0 minutes cleaning malware & virus off my windows computer. Keeping it fully patched and with a good AV app, along with good computer practice I have not had a single infection since..... errr.... well since back in 1999, I mistakenly installed itunes and tried to remove it....

20
1
Anonymous Coward

Re: Once a year.

I too have spent zero time ripping infections out of my Windows machines. The problem is, I only realised that that was the result of a SERIOUS amount of patching and updating and rebooting and, well, waiting when I bought a Mac.

And *that* is why I stick to OSX. No MS hate (well, I am willing to admit to a solid dislike, though), no Linux hate (I have both in Virtualbox on the Mac) - just simple productivity which happens to agree with me. YMMV, it simply depends on your needs.

Here's an exercise: create a simple Windows VM and do NOT use it for 2 weeks. Then start it up and see just how much data has to be grabbed to get the thing up to date, and it's not even complete because you skip several anti-virus downloads.. Best do this when you don't need it for a while..

2
6
Bronze badge

Re: Once a year.

>>do people seriously trust a Russian security company?

Are you a racist?

"For there is no difference between the Jew and the Greek..."

Esp., when, be it the Jew, Russian, British, or American is with the MS-Windows mentality and is selling some ... air.

0
0
Bronze badge

Re: Once a year.

Really? Cause MS does updates once a month. I get 3 maybe 4 updates from MS a month.

0
0

Wow

Never thought the level of ignorance and insanity like fanboyism hit this level.

Russian security company? So, in your imaginary world, do they attack macs after having their baby in dinner?

3
0
Silver badge
Thumb Down

Re: Once a year.

Downloading lots of patches is hardly something unique to Windows. My xubuntu install downloaded a 70mb set of security fixes the other day for some image rendering libraries. The update manager is installing half a dozen patches for various things at least once a week (although admittedly they're usually not that big).

This is what a good patching policy looks like, developed promptly and released often. Apple releasing patches once in a blue moon months after they're notified of a vulnerability is not something to be proud of.

6
0
Bronze badge
Thumb Up

Re: Once a year.

Yeah, I can second that, open package manager on a brand new Fedora/KDE install and see just how many packages it tells yoy that you need to update. It takes a nice long while, but when you're done, you're just as protected as a Windows user running a 70-90 dollar a year license for a decent security/av program, then again it does take a small measure of due diligence, as long as you dont do anything too stupid, like set your root password to something dumb, set a user account that doesn't need to be a Sudoer to being a Sudoer, or any of the multitude of other dumbass things you can do, you're pretty much straight. And upstream developers tend to do a pretty good job at fixing vulnerabilities.

Maybe when you guys and your masters pull your collective heads out of your asses and wake up to the way the world really works you wont be as pathetically vulnerable.

The worst part of it is that I know fanboys wont listen to Kaspersky, Symantec, IBM or any other vendor because of the institutional culture of irresponsibility in regard to that Apple only reinforces, as malware and cybercrime are only Windows problems, amirite?

2
1
Silver badge

Re: Wow

>Russian security company? So, in your imaginary world, do they attack macs after having their baby in dinner?

Statistically, most money is lost to eastern Europe and Russia by security / social engineering breaches. Nigeria is up there too of course. So says one of the UK IT security police bods, I forget which.

Though casting aspersions on Kasperksi may be rather unfair.

They all pale into insignificance next to our own banking sector though. No really, shareholders need returns to counterbalance the risks they take.

0
0

Re: Once a year.

wtf where have you been? Flashback just had an infection rate on Macs higher than any Windows malware. There are plenty of Mac botnets out there btw.

1
0

Re: Once a year.

Mac fanboy missing the point. Apple's being criticised here for poor security. It's because Apple don't fix security issues as fast as MS do that they are getting infected and being laughed at.

1
0

Who else does these?

I downloaded 250 mb iso from them for free including gentoo/ full anti virus to clean a dumb teen's laptop. No strings attached.

I also know that they help people clean their computers for free.

The company which happens to be idol of these sheep didn't ship a cleaner/ security update for people (mostly professionals) who got stuck in pre latest operating system. Later, they figured the stupidity and posted for 10.6 . 10.5? No chance. It is a freaking sh script for God's sake! Even a pdp10 in museum can run it.

Don't you think your black hats aren't aware of these actions? Next wave will hit hard.

0
0

Re: Wow

So, Kaspersky and ESET (NOD32) are both bad companies because there might be scammers elsewhere in their country, or in nearby poorer ones :)

ESET are in Bratislava, Slovakia where they also make Cayenne/Touareg/Q7 so they'ŗe tarred with that brush too, poor guys, we know it isn't your fault really ;)

But on the plus side they don't farm out their coding to useless 3rd-world body shops for cost or more likely brown-paper-envelope reasons, they have some self-respect ;)

4
0

Re: Once a year.

Apple's idea of patching iTunes involves redownloading the whole program and Quicktime for every .0.0.0.0.1 update. Adobe is no better for Flash or Acrobat. Bit for bit they are orders of magnitude more update-intensive than the entire Windows operating system. Not to mention the amount of user interaction involved e.g. iTunes shortcuts no longer work after an update, even though it should be pointing to an identically-named executable.

0
0
Bronze badge
Coat

I am very sorry...

...but Steve simply won't let this happen. Apple computers are not susceptible to attack, because Steve said so...and that is that. Next story please.

Mine's the one with the copy of Symantec for OS X in the pocket.

12
11

Re: I am very sorry...

I would prefer Intego on Mac. I mean for pocket :)

0
0

Lucky

Excellent from Kaspersky to also provide us with a Anti-Virus after a little-big scare!

Reminds me of the eye-phone episode from Futurama:

Man: Then, you, Mr. or Mrs. ... [we hear a soundbite of Fry belching], need the soothing relief of Mom's Caustic Anti-Fungal Bleach!

[The product appears on the screen.]

Fry: Ooh, can I somehow charge it to my eyePhone for an additional fee?

Man (v.o.): Hell, yes!

2
9
Silver badge
Thumb Up

Awesome

Keep on spinning this as "Macs are perfect, Kaspersky just want to sell product" please, commentards.

That will make all the sick Macs even funnier.

40
8
Anonymous Coward

Re: Awesome

Yes, I mean, who would have thought that a serious and skilled security professional - the sort of person that you want to listen to about security - would work for a security company.

Or, to put it another way, who would have thought that a software company would employ experts in the area which they specialise?

18
2

Re: Awesome

Near as I can tell, David Emm's qualifications as a "serious and skilled security professional" consist of being employed by Kapersky.

There will be security flaws in OS X that will get exploited. But the anti-virus salespeople have been screaming that the (Mac) sky is falling for a lot of years now with not much evidence that they *aren't* just hawking their software.

The most recent Mac event was (another) hole in Java. That doesn't make me all that upset, except at the people (still) touting Java as safe and secure.

2
3
Mushroom

made me laugh

Apple is about ten years behind Microsoft when it comes to security.

now read that again.

and again.

Microsoft and security...... i almost cannot believe what i'm reading here.

11
19
Anonymous Coward

Re: made me laugh

Why, are you some sort of retard?

30
13
Anonymous Coward

Re: made me laugh

I haven't noticed Apple at any recent security conferences, putting out monthly security newsletters, sponsoring research, or putting money and resources behind global take-downs.

24
3
Silver badge

Re: made me laugh

Or even updates to protect against Fakeflash for anyone who dares to not be running OSX Lion.

7
0

Re: made me laugh

Giggle all you want, but MS has made some serious strides towards a secure product ( I'll grant there have been some missteps ).

Anymore it's not MS product that compromises a machine, but a flaw in the application running on top of MS OSes. Not unlike many vulnerabilities that have hit linux in recent years.

The only complaint I might have with MS's security is the turn around time for releasing patches. I get the mechanics behind it, and understand them, but I still feel they could kick the patches out the door a bit quicker.

4
1
Gold badge

Re: made me laugh

Maybe because there is a slight difference in scale here? Just how much malware is there for Windows, and how much for OSX? Sure, that will change but you are talking about a difference of several FACTORS here, something the Microsoft fans are casually ignoring.

Even in terms of botnets do the numbers rather differ.

Yup, the Mac is vulnerable too and I personally disliked the Apple ads for alleging otherwise, but from a risk perspective there is still a vast gap between OSX and Windows.

Having said that, Apple MUST improve their handling of security issues. For a company that is good at marketing and reputation management, their handling of security issues borders on the inept.

2
1
Bronze badge
Boffin

Re: made me laugh

Yes there's a difference in scale, but then the Mac market is still orders of magnitude smaller than that of PCs. Not to mention when you rule out viruses that aren't actually propagating any more and combine the multitude of variations on a theme for the latest few (as always happens), there are really only ever a handful of immeadiate threats on the PC landscape at any one time (particularly for a fully patched machine).

The underlying issue is really Apple's attitude to security in general, all too often taking the bury-your-head-in-the-sand approach and pretending all is gloriously well in the Mac world. It's pretty much exactly the attitude Microsoft took ten years ago, before wave after wave of decimating viruses finally kicked them into gear and changed their entire development process to put security front and centre.

They may have had a bad rap in the past (and deservedly so) but since the introduction and enforcement of the Security Development Lifecycle and a strict mantra of "Secure by default", even when that makes something harder to set up, they've also come an exceptionally long way. The Microsoft of today is nothing like the Microsoft of the early 2000's. It would be nice to see Apple embrace that, without all it's users going through the pain period that Windows users already know only too well.

2
0
Silver badge

@Steve Evans Re:"Or even updates to protect against Fakeflash for anyone...........

.......................who dares to not be running OSX Lion."

Yes, I have to admit that when I saw that Cupertino was treating Mac owners that do not upgrade to Lion in that way I was fairly astonished. Can you imagine the uproar if MS said "we won't security patch anything older than Win7"?

4
1
Bronze badge

Re: made me laugh

It's cheaper to upgrade to Lion than to piss money up Kaspersky's fucking wall. Mac security products are total shit. I'll never install one again.

1
1
JDX
Gold badge

Just how much malware is there for Windows, and how much for OSX?

Scale aside, the Windows malware creators have multiple decades of a headstart.

MS probably put more money and work into security alone than Apple's entire software development budget.

0
0
Silver badge

@Frank Bough - Re: made me laugh

It depends what version you were on.

My other half was running Leopard. We wanted an install CD to install a completely fresh OSX Lion onto a new drive (Leopard was grinding and acting very slugging - especially for a twin xeon machine with 14gig of ram!). We visited the crApple store and were told we could get a USB stick for £55... We had to pay for the update to Snow Leopard and then the next step to Lion or something like that.

It sounded like a load of bollox to be honest and I wished we'd said we were on Snow Leopard but didn't have an internet connection instead. As did the explanation from one of the geniuses about which graphics card was supported was down to the motherboard she had, not the drivers built into the OS when I was asking if an ATI HD 5750 was supported.

0
0

Re: @Frank Bough - made me laugh

----

As did the explanation from one of the geniuses about which graphics card was supported was down to the motherboard she had, not the drivers built into the OS when I was asking if an ATI HD 5750 was supported.

----

That's not entirely wrong... but they'd have to be using a really old motherboard that only supports AGP for instance :)

0
0
Thumb Up

Re: made me laugh

No, i think you misunderstood, i *don't* like apple.

sorry for the confusion!

0
0
Anonymous Coward

Re: @Steve Evans Or even updates to protect against Fakeflash for anyone...........

MS support ends with 7. XP has been cut loose and is adrift.

0
1

@Sean Kennedy Re: made me laugh

MS can push out patches quicker, but as a lot of companies have a bunch of developers working on propriety software for the companies that don't give a damn about the coding practices that Microsoft publish, they cut corners and cobble things together in a haphazard way...

The result is that patches block vulnerabilities that the devs are sometimes exploiting to make their life easier and in return the patch will break their software.....

a more enlightened view is to say the patch shows up the crap that the devs are putting out....

the monthly update cycle of "patch Tuesday" is so that the devs can test and fix their own code before it goes out on the update service.

0
0
Anonymous Coward

Install Sophos. It's free

http://www.sophos.com/mac (I know that isn't the url but if you click the green "Hey Mac user we have free anti-virus" banner on the 404 page it takes you there)

That way you protect your Mac and you don't have to spend any money on Kaspersky. Just because "Macs are secure" doesn't mean they are immune to viruses, and they share files with Windows boxes.

/abouttoforceallmyMacuserstoinstallAV

3
0
Anonymous Coward

Re: Install Sophos. It's free

Run a CRC first, given what they were serving up from their Partner Portal last month - still I'm sure their free AV is worth every penny.

0
0

Truthiness

Quoting Pontius Pilate, even the Rice/ Webber version, may not be regarded as Good Practice. But - well, bugger Good Practice. I'm going to do it anyway.

"We both have Truths. Are mine the same as yours?"

There are, to my poor-witted mind, too many areas where banter or blether becomes perception. Where perception passes into presumption. Where presumption becomes creed, and defined Truth.

Er - what did he say?

Hmmm. Consider, if you will:

All Public Servants sit around all day doing nothing and getting paid a fortune.

All immigrants are bad/ steal our jobs/ can't speak proper English like wot I can.

The Weather Man always gets the Weather wrong.

It always rains on Bank Holidays.

In securty terms, Apple devices are intrinsik... intransit... intestat.... er, are much betterer than PCs.

Just because 'everybody knows', even when 'everybody says' - it don't make it True. Or not True.

While it may be hard to believe, there may well be Public Servants who work hard. And some who may not.

There have been immigrants in the past who not only contributed to those places to which they immigrated, they even made history. There are likely some who will contribute, and maybe even one who will make history, walking through your immigration control right now. And he (or she) probably speaks your language. Maybe betterer than wot you do.

There have been times the Weather Man (or woman) got it right. You got wet, because you ignored them.

There have been dry Bank Holidays.

Apple computers have been infected by viruses in the past. They will likely be infected by viruses in the future. Perhaps surprising to some - so will PCs.

We all have Truths. Maybe we should check them over some time - and wonder why.

5
2
Silver badge
Headmaster

Translation

"We at Kaspersky would like to sell our bloatware to Mac users, because we need to sell more product." Same as they wanted to flog us anti-virus for our phones a few years back.

Of course Macs are susceptible to malware. But most of the problem is the big lump of flesh and blood sitting in front of the machine.

I remember the days of the Amiga and ST. Mates of mine used to run pirated games and got infected. That was user stupidity for a number of reasons (piracy aside, such infections could be prevented from write protecting a floppy).

Here in 2012 the user problem hasn't gone away (and many Mac users are stupider than most). But as a Mac and PC user, I run AVG on the PC's but the Macs have nothing at the moment.

If I suddenly get asked for my admin account details while browsing a webpage, that usually rings a few alarm bells for me. But when I've had Windows infections the bloody thing had got infected without warning.

9
11
Devil

Re: Translation

"Here in 2012 the user problem hasn't gone away (and many Mac users are stupider than most). But as a Mac and PC user, I run AVG on the PC's but the Macs have nothing at the moment."

Says the guy running AVG. AVG has got to be the worst, insecure, bloated and resource hogging AV product (next to McAfee, Norton and Kaspersky) I've ever come across. I've had so many computers cross my palms with this attempt at an antivirus product. A mac is probably safer without AV.

I'll keep my mac safe with ESET Antivirus (aka NOD32) as and when the threat of increased virus attack arises.

I'll be honest however, I'm surprised at the lack of viruses and other security flaws (yes there are quite a few, but Windows...say no more) that there actually are for a Mac, by now I was expecting a similar level to Windows but clearly there isn't a market for it yet.

0
6
Silver badge
Coffee/keyboard

WHAT!

only 2 "fruity firm" in the entire article.

It doesn't read like an El Reg article.

0
0
Silver badge
Coat

Re: WHAT!

And no 'Foxconn Rebrander' either. el-Reg must be slipping up...

Mines the one with my MBP in the backback. 4yrs, no AV and no malware etc. Please try that with windows...

1
6
Silver badge

Re: WHAT!

> 4 years [...] try that with Windows

Dear sir,

My 11 years old Win2K AV-less machine would like a word with you.

I also have a 6 yo laptop which occasionally boots Vista (there's no penguin-friendly approved tax software here, for example) without any kind of anti-malware, still completely healthy.

What were you saying again?

11
4

Re: WHAT!

Mines the one with my MBP in the backback. 4yrs, no AV and no malware etc.

The thing that always bothers me, is, how do you know for sure? I've no interest in selling AV, so don't misunderstand where I'm coming from, but how exactly do you know that there's no malware on there.

Can you say for sure that your machine isn't actually a spambot as the result of a rootkit?

A cursory sweep every now and then should be a minimum for any OS. Wouldn't bother paying for an AV suite for such infrequent use, but there's plenty of OSS software out there that you can use that won't eat half your RAM every time you move the mouse.

11
1
Silver badge

Re: WHAT!

AV is a con for the stupid. If you aren't stupid, you don't need AV.

Unfortunately, there are a lot of stupid people out there who think they aren't.

2
11
FAIL

Re: WHAT!

AV is a con for the stupid. If you aren't stupid, you don't need AV.

If you truly believe that, lump yourself firmly in the stupid group!

Let's assume that you are completely infallible. So you don't make stupid mistakes, at all. Unfortunately someone (let's say Adobe) isn't infallible. Nice big bug in their reader plugin, oh and look a privilege escalation vulnerability in the kernel. Oh fuck, you've been compromised.

That's not to say you can't fend a lot off by using your noggin, but if you honestly believe that you're too smart to be caught out, then quite frankly you're too fucking stupid to be allowed on the net in the first place.

As I said before, I wouldn't pay for AV, but what's the harm in scheduling something like ClamAV and rkhunter to run occasionally? Better safe than sorry and all that.

10
1
Gold badge

Re: WHAT!

"The thing that always bothers me, is, how do you know for sure?"

Exactly my point, also for Mac users. I don't buy myths, I need facts so my Mac has anti-virus installed. Simply to provide proof.

2
0

Page:

This topic is closed for new posts.