Feeds

back to article Eugene Kaspersky frustrated by Apple’s iOS AV ban

Eugene Kaspersky is “a little bit disappointed … Apple won’t let us” develop antivirus software for iOS devices, as he feels it is only a matter of time before criminals target the operating system. “We as a security company are not able to develop true endpoint security for iOS,” Kaspersky told The Register in Sydney today. “ …

COMMENTS

This topic is closed for new posts.

Re: Epic Fail

"A hacker could simply write their own ios application. Plenty of apps have slipped through the net - look at the recent spate of apps that were surreptitiously downloading entire contact lists without Apple knowing."

Not requiring user permission for apps to access Address Book or Calendar was certainly a security hole that needed to be fixed, but I’m not convinced that those apps 'slipped through the net' - for the simple virtue that Apple didn’t require developers to *explicitly* ask for user permission for an app to access that data. Apple might have argued said such behaviour went against its guidelines, but developers could simply bury this in its T&Cs.

It’s obvious if an app didn’t make it crystal clear that such data was being accessed - rather than developers getting one over Apple, I think it was more a case of the company being overly sanguine about this issue.

I think a better example of this kind of thing would be the stock checking app by Charlie Miller (which was referenced by another poster_ http://www.theregister.co.uk/2011/11/08/apple_excommunicates_charlie_miller/

0
0
Megaphone

Re: Epic Fail

Once they are discovered they can be remotely killed and it is pretty simple to return the phone back to a working state.

An can crApple get back all the information about you that these viruses and trojans have stolen?

Well?

1
0
Stop

Re: Epic Fail

@Chett. If a hacker writes an app and gets it approved, exactly what would make an anti-virus scanner block it.

0
0
Anonymous Coward

Don't be so silly

iDevices are protected by the ghost of Steve Jobs, he comes out like Jackie Chan and delivers security threats a big old ass whooping. They don't need no security software, they got the Jobs!!!!

Hi-ya ha and a rinky dinky doo to you.

9
5
Facepalm

Wait for the horse...

Why would Apple want to shut the stable door? The horse hasn't bolted yet!

7
0
Silver badge
Meh

I have never...

had a virus or malware or any sort of nasty on any of my machines - windows and mac

However, I have never had a flat tyre on my car, but I still carry a spare.

8
1
Silver badge

Kapersky?

Wasn't that the guy who wanted to have an "Internet Passport" so we'll all be identified on the Internet... which would in his opinion somehow make the Internet safer?

I'm sorry, but by wanting to put his software onto IOS he contradicts himself, proving that he doesn't believe in code signing being a security feature.

0
5
Silver badge
Coat

Re: Kapersky?

Na, you're thinking of the guy who got beat by Deep Blue at chess.

Wait...

0
0
Trollface

Re: Kapersky?

Deep Blue cheated...

0
0

Nothing like an Apple AV post to bring out the naive fanbois.

7
5
a53

Nothing like an Apple AV post to bring out the naive fanbois.

And the current virus affecting apple machines is ?

2
6
Silver badge

Always terrifying how many of them there are.

5
2
Anonymous Coward

@Jeebus

Also nothing like an Apple post (of any sort) to bring out the mouthbreathing anti-Apple trolls.

4
7
Silver badge
Meh

Re: @Jeebus

I'm not seeing any anti-Apple trolling. Merely the acknowledgement that any popular platform will be a target for malware. OSX is not popular (by market share) and thus, not much of a target. iOS on the other hand, is an IMMENSE target. It's only as matter of time.

4
2
a53

And that's why,

AV is so great, it never needs upgrading, right ? So once you've put Kaspersky on your iPhone bad guys will forget about attacking it ?

Or, will they find ways round it so that as well as Apples updates we'll have his daily/weekly ones.

There still isn't a virus, that I'm aware of, for any of Apples current o/s. Yes there is malware, but that tends to attack through user error or third party software.

2
7
Anonymous Coward

Re: And that's why,

The last refuge of the fanboi, resorting to nitpicking about what nasty software is called when it affects Apple but everything that affects Windows is a virus.

Tell me, when did you last hear about a virus for Windows? Like you said, malware yes, 3rd party software affected (looking at you Adobe) about 99% of the time but it doesn't stop you lot shouting about how insecure and virus ridden Windows is.

8
2
a53

Re: And that's why,

I might be wrong, my memory is failing as I get older, but I don't remember saying anything about Windows. Nor whether it's virus ridden or not. We were, I thought, discussing a vendor of AV products for a system that doesn't as yet, suffer from a virus.

You could, perhaps, save your anti Mac rant for someone who has attacked your precious MS operating system.

0
3
Bronze badge
Facepalm

Re: And that's why,

Except that "AV" is a misnomer these days, since there are very few real "viruses". It's all anti-malware software of one form or another, regardless of how you choose to label that malware. Apple refusing to prevent anti-malware software on iOS isn't going to stop the creation of malware.

1
0
Anonymous Coward

Re: a53

Not anti Mac - anti fanboi and you were quick enough to jump in with the standard 'Show me a virus on Mac' bullshit.

2
0
Silver badge

Re: And that's why,

@a53

So once you've put Kaspersky on your iPhone bad guys will forget about attacking it ?

Of course not, and I hope I was right to infer a slightly dry tone here! What it will do (in theory) is provide an extra line of protection.

Of course, there's always the risk of some painful irony: Apple finally capitulate, and the first major strain of iOS malware exploits a weakness in Kaspersky!

I'd also suggest that there are probably very few iDevices out there that don't run third-party software of some sort. What's the point in an App Store full of 3rd party packages if no-one uses it?

I'd hate to think how much the phone would crawl with something like Norton on there though: Norton needs to restart to finalise your update, please reboot your phone and wait a week whilst we pretend to check each individual signature Your Norton subscription has expired, we'll now be cutting battery life by 50% each day until you renew - to opt out please send your left kidney and a SAE to Outer Mongolia. 'Signed For' deliveries will not be accepted

Sorry, just taken some painkillers and feeling a little weird, does it show?

2
0
Devil

Foresight...

Kaspersky looking to develop a solution for a problem that doesn't exist...

I wonder if Kaspersky's rant is also throwing down the gauntlet to virus / malware authors?

2
3
Anonymous Coward

No need?

You can only get iOS software via Apple so, arguably...

If Apple's checking processes were to include an automated test that duplicated what an AV tool does, there'd be no need for AV software on each device

1
0
Silver badge
Stop

Re: No need?

Most infections don't happen at the point of install. Suppose we take Flashback as an example - you install something which is permitted by Apple. It is not malware but it has a vulnerability. You then get infected via a drive-by website.

Apple can't test every website. There's a reason why AV is still installed on locked-down business machines where users can't install any software at all.

4
2
Anonymous Coward

Re: No need?

That's true for browsers. But most apps aren't browsers. Many of the apps that require connectivity are paired with a data feed that could be validated during testing

0
0
Anonymous Coward

Re: No need?

And this, 'data feed', is it hosted on some International Computer Network? Nobody has ever taken over a server and manipulated what it transmits, have they?

4
0
Devil

Security by Obscurity?

I wouldn't exactly describe iOS as "obscure".

Anyway, why shouldn't security be built into the operating system? If you allow in external AV then you open up the system to fake AV, scareware etc. But Apple needs to patch vulnerabilities a bit more smartly than they did the recent Java one.

0
2

Re: Security by Obscurity?

errrmm that phrase means trying to make something secure by hiding it... It does cover the situation of something not being popular so hopefully no one will target it, but in this case me thinks it is to do with hiding your code and hoping that vulnerabilities won't be discovered.

3
0
Facepalm

Macs don't get PC viruses*

*They get Mac viruses.

iOS maybe secure, the App Store is only secure by policy - a policy that is designed with profits at its core and security of apps not so much.

iOS does have one simple defence against malware: retain 3rd place market share and the criminals won't be interested :)

1
2

He can just publish it...

If the platform needs it then he can use the same vectors as a virus would use to infect the platform to publish+run an anti-virus scanner/cleaner.

On a more sensible note: an AV scanner basically needs to be integrated at the OS level on a platform where all apps are sandboxed, so he'd need Apple support to develop and release it, and who is to say that an internal team at Apple, or one of Kaspersky's, don't already have AV software running in the OS on all devices?

0
0
Bronze badge

though having said all that...

kaspersky can kiss my ass.

mind you I do have the free sophos scanner on the mac at home. just in case...

0
0
Anonymous Coward

Both sides of the fence

Consist of asses.

Apple's security policies are awful, and from where I am standing they turn them into political/marketing issues, which is just bad form altogether.

Every platform can get owned. Every single one. I've seen malware on MIPSEL BSD-based routers, which by all counts should be even more secure than iOS. It's best to assume that every platform you use can be owned and that you can't justify yourself not taking steps to protect your box because "Windows has more malware."

On that note, Windows has less unique malware than you may think, since AV companies inflate their statistics some. The majority of malware out there consists of skidware modifications, which are frankly not a threat or vast families of trojans built by off-the-shelf "builders". Malware of a more singular nature is generally a lot more successful, which is why Flashback got on the news, not because it was just "Mac malware zomg".

That said, AV companies are trying to sell you snake-oil, anyway. Their heuristic detection is a joke, any kind of polymorphic code will own your box undetected, etc.

Sadly the fact is that it's just not possible to protect normal people on the internet. But don't blame that on their choice of platform (they're all as bad as each other, even Linux); blame it on their lack of common sense.

5
0
Anonymous Coward

"it is only a matter of time before criminals target the operating system."

It will be so well deserved!

0
7
Anonymous Coward

Yeah like if someone steals your car eh - oh not so funny now is it.

Shadenfreude.

1
0
Silver badge
Joke

Copyright infringement is not the same as............. oh hang on, wrong discussion. Will people please stop using car analogies!

3
0

Kaspersky

We don't have enough court room drama in the tech industry. Kaspersky should just sue Apple for not allowing them to infest iOS.

They would have done if Microsoft said the same thing about Windows.

2
0
Gimp

Truth is stranger than fiction

They would have [sued Microsoft] if Microsoft said the same thing about Windows

They already tried.

0
0
Silver badge

After having a brand new work pc

I have to admit that the cure does seem to be worse than the disease in terms of resource usage.

I'd be interested to know who has made more, the crackers, or the AV corporates.

Best to buy a second PC or run a live image off virtualbox for the important or dodgy stuff.

0
0
Anonymous Coward

Also, for those complaining that AV is a resource hog, you DO know what it's doing, right? "Active Protection" or whatever the current buzzword is, is designed to protect idiots from themselves. It's useless against anything other than [Skidforum]_Cracked_Keygen_with_Russian_Beauties.exe. If you're not stupid enough to download and run every single .exe you find, you can DISABLE it, and just use the antivirus as a removal tool.

Also, if you're suffering ridiculously heavy resource usage with just Word and an antivirus, I suggest you get a new anti-virus tool and scan your drive, dohoho.

0
0
Anonymous Coward

Of course he would say that - one word and one phrase to sum it up:

1. bitter.

2. vested interest.

0
1
Anonymous Coward

HTML5. The future of Malware?

It'll be interesting to see if the Apple approved (as they had a vested interest in it) HTML 5 will allow for truly browser and platform independent malware that will see iOS enter the realms of malware.

There's already been at least one case of "fileless malware" and the Apple users who say they've never had a virus are probably right but do they know if they've got malware?

Viruses of old used to turn your mouse pointer into a rocket and "explode" or display that your "Computer is Alive" and restart , delete files and other telltale signs of juvenile pranks.

Malware on the other hand is to make money, so it doesn't draw attention to itself and with driveby infections previously mentioned, no dodgy software (not including Java) is required just a visit to a compromised site and the the prompt for installation is no more as malware authors long ago learned to make their malware portable to allow the silent "install" and execution of their malware using only user privileges.

1
0
Anonymous Coward

Yes just send your money to this Russian PO box and we will keep your computer clear - okay? Don't and who knows what could happen... ;)

0
0

Surely Apple should do all the virus scanning at app store level, and remotely disable any evil app that gets through. This will save bazillions of CPU cycles on portable devices and hence battery.

If I need to run AV on my phone - I've brought the wrong phone.

Opening the whole phone route structure up to a virus scanning app sounds like a huge step backwards to me!

Ed

0
0
Anonymous Coward

Ooh look

there are two kinds of people -

those who don't have sex with strangers

and

those who wear a condom

0
0
Joke

Re: Ooh look

I'm sure there's a joke about a trojan in there somewhere.......

0
0

Aiming to get Bitten By Hackers

Arrogance on Apple's part. They will get hacked. Customers will get hit. Apple will go "whoops" but that won't help the customers hit.

0
0

Unwise words from Kaspersky

Apple has it's own game in iOS security. It is for sure. And Apple does not need Kaspersky, since they rejected his proposal.

So Kaspersky frustration is understood. What is not understood - his behavior after he had been rejected.

Imho, after Eugene Kaspersky publicly admitted his frustration with this wording, he closed his door to Apple forever.

It seems Apple does not think, it needs Kaspersky's products.

So Apple rejected it.

And I can hardly believe Apple has done it foolishly, without thinking.

Now, when Kaspersky say "Apple is stupid, they will fail without me" - it sounds weird.

And it does not give points to Kaspersky.

Vice versa.

There are many security product developers like Kaspersky, whilst Apple...

Well, everyone knows what Apple is... :)

0
0

The reason Apple don't provide Kaspersky with any such API is of course that such an API would itself have to breach the sandbox - and so its presence would make iOS less secure. The same will probably be true for Windows RT tablets, and is presumably the case on WP7.

This isn't a Mac vs PC thing, this is a heavily sandboxed device OS vs PC thing.

0
0
Anonymous Coward

Here's a thought.....

Most of your average, idiot, windows users...you know the ones who seem to harbor virus...all have iPhones.

If you don't think crime is going to target mobile your an idiot. NFC, Google Wallets, etc all scream attack me.

That being said, I am not a fan of most AV's either, so I understand it.

0
0
Anonymous Coward

Target Rich Environment

At some point the crooks are going to work out that there are a bunch of willing victims, with more money than sense (the definition of the average apple customer), and next to naff all protecting their digital lives.

Sharks + Blood = the obvious

Computer + No Security = the obvious

0
0
Anonymous Coward

AV Utility in General

AV on a iOS device is rather useless, for the effort of trying to direct the device, simple detection and termination is easier. For an iOS it would be easier to brick the damn thing, if it seems buggered as a round of updates, and then restore from The Cloud (tm).

And any one who jailbroke their own, is on their own as they were from the start, without support anyways.

0
0
This topic is closed for new posts.