Kaspersky has begun analyzing the OS X platform at Apple's request, the company's chief technology officer, Nikolai Grebennikov, originally said in an interview with Computing. The Kaspersky executive has publicly called Apple out for not taking security seriously enough.
"Mac OS is really vulnerable, and Apple recently invited us to improve its security," Grebennikov said. We've begun an analysis of its vulnerabilities, and the malware targeting it."
Update: But in a later comment provided to Engadget, Kaspersky Lab said the quote from Grebennikov was "taken out of context by the magazine." It has asked that the original article be updated to reflect this.
"Apple did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform," the statement reads, going on to say that the analysis of OS X was "conducted independently of Apple."
In the original article, Grebennikov highlighted one specific security issue with OS X, in which Apple blocked Oracle from directly updating Java on the Mac. Instead, Apple handles the updates, and they typically arrive months after Oracle issues its own patches.
Mac-centric Java development is set to move to Oracle following the latest runtime updates built in-house at Apple. Apple dropped Java from the default installation of OS X 10.7 Lion after the company announced its plans to deprecate the software's release from the Mac platform.
In April, Oracle released its first Java Development Kit and JavaFX Software Development Kit for Mac users. They arrived one and a half years after Apple announced the depreciation of its own edition of Java for Mac.
Kaspersky's newfound partnership with Apple comes on the heels of the Flashback malware botnet, which was believed to have infected hundreds of thousands of Macs at its peak. The presence of Flashback was greatly diminished after Apple released a series of software updates to squash the malware, including a Java update and a separate removal tool.
Grebennikov cited the Flashback malware as "a huge sign that Apple's security model isn't perfect." He also predicted that the first malware targeting Apple's iOS mobile operating system, which powers the iPhone and iPad, will arrive in the next "year or so."
41 Comments
again I know apple will grow bigger into the consumer and business market and will become MORE of a target... but again I have my suspicions.
I switched to mac back in 05 and never looked back - so its been a great 7 years of NO AV software and i want it to continue this way.
can't even trust these AV companions anyway thanks to Norton and Sonys root kit if memory serves me correctly.
Wait a minute. Kaspersky first says that Mac OS X is vulnerable and then they just STARTED analyzing the OS for vulnerabilities, Heck, if I were them, I should have had a number of valid ways to substantiate their initial statement. I remember the media mentioned that Kaspersky's tool didn't fix the Flashback problem, so what makes these guys the best at identifying problems and how to fix them? I would hire those that were successful in compromising the system that were actually going to prove that a problem exists.
Kaspersky Exec to Apple: We'd like to offer you our consulting services to provide security vulnerability analysis of OS X.
Apple PR to Kaspersky: We aren't soliciting for consulting services at this time but we're happy to accept advice from all recognized security professionals.
Kaspersky to Tech Media Pundit: Apple asked us to advise them
They say, they say, they say. Of course they have no reason to lie about this partnership, the threat etc? Or even just the fact that Flasback was caused by a faulty version of Java , not an actual Mac OS flaw
[quote name="markbyrn" url="/t/150062/kaspersky-lab-asked-by-apple-to-advise-on-os-x-security#post_2109728"]Kaspersky Exec to Apple: We'd like to offer you our consulting services to provide security vulnerability analysis of OS X. Apple PR to Kaspersky: We aren't soliciting for consulting services at this time but we're happy to accept advice from all recognized security professionals. Kaspersky to Tech Media Pundit: Apple asked us to advise them [/quote] More likely: Apple execs in conference: "We're getting really tired of these 'security experts' coming up with bogus threats and then attempting to make us look bad. If we give them a contract, do you think they might stop?" The entire Flashback fiasco is pretty strong evidence that these people are making things up. The alleged number of infected computers dropped by 2/3 a few days BEFORE Apple released the fix.