May 15, 2012
Kaspersky Wants To Work With Apple To Increase OS X Security
Michael Harper for RedOrbit.com
In a story which evolved into a bit of “He said, She said,” Kaspersky´s CTO Nikolai Grebennikov was first cited by Computing.co.uk as saying that the Russian security firm was working together will Apple, at their behest, to better improve their operating system against malicious attacks.
After the story was released, Grebennikov released another statement, saying the news agency took his comment out of context, and that while Apple and Kaspersky weren´t working hand-in-hand, Apple was open to collaborating with the security firm.
In the original story, Grebennikov told Computing.co.uk reporter Stuart Sumner, “We've begun an analysis of its vulnerabilities, and the malware targeting it,” using the recent outbreak of Mac attacks as proof that, "Apple's security model isn't perfect."
Grebennikov also made a prediction that iOS could be the new target of malware within the next year.
In his follow up statements, Grebennikov clarified that any investigation into Mac´s security was done purely independent of Apple, but went on to say Apple was willing to work with them to patch up whatever holes Kaspersky Lab may have found.
In his second statement, Grebennikov said, “As Mac OS X market share continues to increase, we expect cyber-criminals to continue to develop new types of malware and attack methods. In order to meet these new threats, Kaspersky Lab has been conducting an in-depth analysis of Mac OS X vulnerabilities and new forms of malware.”
“This security analysis of Mac OS X was conducted independently of Apple; however, Apple is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis.”
Of course, any warning of potential attacks or holes in operating systems should be taken with a grain of salt when issued by a company who stands to profit from such claims. For their part, Apple has been releasing security patches for these recent malware attacks, though Grebennikov claimed in the first Computing.co.uk piece that these patches were not coming quickly enough.
"Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That's far too long," he said.
Apple will also be introducing a new security feature with Mountain Lion called Gatekeeper this summer. Gatekeeper should address some of these malware issues by making it easier for users to only install certified apps which are free of malware. As for the Java vulnerabilities at the center of the recent malware attacks, Mac users will have to continue to install any and all security updates Apple sends out. To be completely immune to these attacks, Mac users can also disable Java completely, with little affect on their daily browsing habits.