Posts
Kaspersky co-founder Eugene Kaspersky, has launched a bizarre attack on Apple
over its ban on iOS antivirus app, predicting that it will ultimately “mean
disaster” for the company as malware developers target the mobile operating
system.
Speaking with The Register in Sydney, Kaspersky described his disappointment
that Apple wouldn’t let the company develop software for iOS smartphones and
tablets, to develop a “true endpoint security” for the operating system.
Then things get curious.
Kaspersky states that iOS infections won’t be introduced via iOS (which “by
design is more secure”) but instead it will force developers to develop malware
that uses vulnerabilities, with the only way to infect devices by ’inject[ing]
it into the source code of legal software.”
He adds: “It will take place in a marketplace and then there will be millions
or tens of millions of devices.”
How Apple planned it.
Well, not exactly. No company wants people to attack its operating systems.
However, Apple has systems in place to attempt to deal with such an attack
vector.
Kaspersky says malware writers and ‘criminals’ have not chosen such a route
previously because it’s “more complicated” than other attacks. By default, Apple
places each app (including its preferences and data) in a sandbox when it is
installed. This only permits the app to access files, preferences, resources and
hardware that are permitted by the OS.
Not to mention the ASLR, DEP and code signing features that Apple uses to
protect its operating system and user data.
Malware writers have to circumvent these in-built protections to access the
more important parts of the filesystem and kernel, proving more difficult for
would-be attackers.
No security measure is 100% secure but Kaspersky’s comments stating that
attackers will resort to introducing new vulnerabilities appears to be nothing
more than scaremongering. Apple’s protections are probed every day and are often
broken (take the Jailbreaking scene as one example).
By not allowing Kaspersky to release an antivirus app, its co-founder
believes that device owners will be left with no protection, resulting in (wait
for it) a boost for Android, a platform that he recognises is less secure but
allows his company to provide security software for.
The Register writes:
A severe attack, Kaspersky argues, therefore has the potential to highlight the problems of a closed ecosystem and damage Apple permanently.
Apple has bargained on attackers trying to side-load malware via an approved
App Store app. The company has end-to-end security that can remotely remove
installed applications, it can send over-the-air updates to fix vulnerabilities
and the company also employs its own App Store approval teams to vet submissions
to its marketplace.
Thom Shannon, app developer with Glow New Media, told The Next Web:
Apple has gone back to basics in iOS and built an operating system from the ground up to be secure. There isn’t much a third-party antivirus program could add to it. The only areas for improvement would possibly be anti-phishing measures built into Mail or Safari.
It must also be noted that antivirus apps utilise a lot of resources on a
mobile OS and various reports have confirmed that existing Android security apps
fail to detect some of the most common forms of malware (although Kaspersky does
rank higher than most in the test).
In April, Kaspersky ruffled feathers when he made the comment that Apple is
“ten years behind Microsoft in terms of security.”
He added:
For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.
Mac security was recently thrust into the public discourse as security issues
turned into real stories. The Flashback malware hit a huge number of machines,
with some 650,000 Mac machines still running the affected code.
At last year’s MWC, Eugene Kaspersky predicted Android will end up with an 80
percent share of the smartphone market in 2015, with Apple’s iPhone and RIM’s
BlackBerry splitting the resulting share with 10 percent each.
Gartner’s most recent research report suggests Google’s mobile OS holds 56%
of the smartphone market in the first quarter of this year, more than double
Apple’s 23% share.
Kaspersky believes that this will only rise, helped by Apple’s lack of focus
on antivirus solutions. Android will almost certainly continue to thrive, thanks
to its heavy backing from Samsung, HTC and other vendors, but security
oversights on Apple’s part are highly unlikely to play a part in the growth of
its rival ecosystem.
0 comments
Post a Comment