
What, you mean Apple won't let him push his scareware on a platform with no legitimate security threat (well, other than from Apple itself)? They won't let him browbeat people into buying something which is functionally useless?
Shame on them.
Eugene Kaspersky is “a little bit disappointed … Apple won’t let us” develop antivirus software for iOS devices, as he feels it is only a matter of time before criminals target the operating system. “We as a security company are not able to develop true endpoint security for iOS,” Kaspersky told The Register in Sydney today. “ …
Yes, because Security purely by obscurity always works, doesn't it.
NOT!
While I'm no fan of Kaspersky, Apple really need to take their head out of the sand and decide how they are going to approach threats. The threats are there, and there are vulnerabilities is iOS. It is only a matter of time ...
At a guess, a scanner/shield system would need to check specific system locations where malware would graft itself, which would normally be forbidden to normal user applications.
The best illustration of why this is needed: Several versions of the iPhone were jailbroken by visiting a specifc site with safari and opening a link that from what I understood got safari to execute, via a buffer overflow, code in a privileged context that allowed you to spring the phone. Apple sealed that fault with progressive upgrades of the OS, but what other internet connected system features could be exploited?
Another couple of problems : malicious code in a user app. Apple's screening process still allows things to get through from time to time (like the banned app a while back that contained a hidden [forth?] interpreter), and malicious use of personal data, like when social networking apps suck data from your contacts, and of course, all the recent hubub about apple storing data in plain text on the phone...
So yes, there are problems, but would opening up the platform and allowing a third party app access to the OS cause more problems than it could prevent?
you mean, they should do something like develop a pretty secure core OS and then severely lock down the vectors for third party software to be delivered, and institute a strict review policy for those vectors? come up with an approach like that?
oh...wait.
I'm no-one's idea of an Apple fan, but let's face it, the model they've come up with is more or less a closed implementation of the system that F/OSS operating systems have been using for decades, and it's worked pretty well there. If everyone (give or take) gets their software from the same places, and there's a solid review process in place, it makes it quite hard to infiltrate really bad stuff without getting detected quite quickly. Not impossible. But hard. And it definitely qualifies as an 'approach'. And it's not particularly clear how 'anti-virus software' can possibly make things any better.
The fact that Flashback hit the news is evidence of how rare Mac trojans and viruses are..
Also, your second article points out that a lot of those 1 in 5 macs that are infected, are actually just harbouring a Windows virus that probably won't infect them, and only spreads if the user is stupid enough to spread it..
However, back to the main point of this article. While I like Macs, I always run AV (and other security software) because I don't like to risk being infected. Why? Basically, no system on Earth is entirely secure, and I'd like at least a chance of some warning.
But,while I respect Kaspersky, it's worth remembering that they have a vested interest in scaring people about Malware, and it's not in their interest to ignore any system that should prevent Malware being installed (as Apple's should).
@Stuart - That's exactly my point - It has been proved that macs have been successfully targeted by malware, if Apple have any sense they'll sort out their security response and do what it took MS far too long to do and become far more open about and serious about security and fixes. If they stick their head in the sand, or continue their famous Apple secrecy, they could end up with a very serious problem on their hands.
You realize that you're linking to articles about a completely different OS, right? You realize that the security company in question has actually deleted info from systems they were suppose to protect, right? And most importantly, you realize you have no idea what you're talking about, right? A little research before posting nonsense would go a long way.
That's why people buy Apple devices, because Apple say that they're totally secure and don't suffer viruses, although recent news seems to contradict them. Sticking their corporate head in the sand and protesting that there is nothing wrong with their software doesn't help, because it ends up in a "we're secure, so we don't have any problems to address" mindset.
This couldn't possibly be an attempt to boost his AV business, could it?
Frankly, as a Mac user I have utterly given up using AV software - in practice it causes far more problems (slowing down machines, causing incompatibilities) than it is ever likely to solve. In all my 25 years of MAc computing I have never had a major virus, and only a couple of times had any malware at all. Unlike my ex, who was often reduced to tears by the logjam of viruses and (mostly) AV warnings that popped up all the time on her Windows machine.
That said, Apple is extremely slow at responding to genuine problems - but to assert that Apple's inaccurately-labelled Walled Garden* approach makes it less secure than the "install what the heck you like" approach of Android is disingenuous to say the least.
* It's a pretty rubbish walled garden that is open to the internet, surely?
Same here on every Windows machine I've had over the past 10 years or so.
Only numpties get viruses and indeed - AV software is often just as bad as having the virus.
As for your ex - she'd probably been looking at porn and downloaded "codec packs" :P
On a related note - I think that a common attack vector (and cause of badly performing Windows machines) is all the nasty software that comes with off the shelf PCs (stupid mac style application launcher bars, HP drivers and all that rubbish). Its always SO error prone (and users always think that error messages are viruses) so it gives the whole platform a bad name.
Only numpties get viruses
No, my son's PC was totally screwed up by a drive-by trojan that he got on a legitimate site. You don't have to be a numptie to get hit by a trojan/virus.
As Rune Moberg has asked, if you are not running any AV product, how do you know you don't have a virus?
I use 2 AV products, only 1 is 'installed' running all the time and I use the other to run occasional scans. Several times in the past year my AV has detected incoming intrusions and blocked them. My firewall log also makes for horrendous reading, and apart from 'blocked intrusions' the number of port scans is also quite high.
Yes, all these AV products slow down the boot time of my PC and they slow down the PC a bit, but I wouldn’t dare go online without them.
"As Rune Moberg has asked, if you are not running any AV product, how do you know you don't have a virus?"
Will people quit quoting this nonsense? I don't have a security system in my house. How do I know someone didn't sneak in to day and is living in my basement?
Just an idiotic line of reasoning.
"In all my 25 years of MAc computing I have never had a major virus, and only a couple of times had any malware at all. Unlike my ex, who was often reduced to tears by the logjam of viruses and (mostly) AV warnings that popped up all the time on her Windows machine."
If you have given up on AV how do you know you don't have a virus right now?
Dunno what your ex was doing - I get maybe 1 virus a year on my windows machine, and its always when I've downloaded something from a dodgy site.
This is being typed on OSX so I'm no fanboi, not sure I can say the same about you...
If you are running an AV product, how do you know you don't have a virus right now?
My wife's PC got infected with a trojan. I was the one who found it and deactivated it. I renamed the executable and kept it around to see how long it would take before the AV agreed with my diagnosis. It took several weeks, if not months.
My machine at work has AV, but it never stops anything. Except it once choked on a text-file containing a URL that it felt was risky. Sigh. The AV product we are using (as well as the one we used prior to it) has caused us several concerns. E.g. we spent time diagnosing our software because it was so slow... Turns out our network overlords had activated the AV product's firewall, which included a http scanner. We lost hours on that one.
Looking back at the past 25 years, I can definitively state that AV-products have caused way more problems than they have solved for me.
My wife's PC got infected with a trojan. I was the one who found it and deactivated it. I renamed the executable and kept it around to see how long it would take before the AV agreed with my diagnosis. It took several weeks, if not months.
Yes, quite right, sometimes things get past AV. But you know what, without AV everything can get past!
Only an idiot runs without any defences. On access scanners can cause some serious issues performance wise, but where exactly is the harm in running the odd scheduled scan? FFS you don't even need to pay for AV just get ClamAV or similar.
Turns out our network overlords had activated the AV product's firewall, which included a http scanner. We lost hours on that one.
Either it was badly configured, or a shite piece of software, doesn't change the fact that you should be using AV. All it means is that you (or your bosses) need to chose solutions more carefully!
"If you are running an AV product, how do you know you don't have a virus right now?"
Wow, you are a security companies dream customer.
- why are you chewing bubble gum
- to keep away the elephants
- but there isn't any elephants here.
- see, it works!
Just unbelievably dumb.
No, but using that as a justification for not using one is not very bright. Consider the following two sentences:
My house has never been broken into so I don't need any locks - they're just a waste of time and money.
My neighbor's house was broken into even though he has locks, which proves that locks are a waste of time and money.
This post has been deleted by its author
Neither one makes any sense whatsoever. iOS isn't a house without a lock. It has a better lock than any desktop OS.
So if you have locks on your house, you feel safe, and you've never been broken into, and a traveling security salesman says "you could be broken into" I'm guessing your the sucker that hands over your money.
If you're going to use analogies, please use ones that make sense.
Having been to several presentations over the years, delivered by Eugene Kaspersky, I have to say he regularly forgot to plug his company's products, and on one occasion only did so, after his employee reminded him.
Hence personally I would be more likely to take his comments at face value, than I would from say marketing muggers like iApple.
And it doesn't mean he's right. So because iOS has had no viruses, and because opening iOS to virus apps would make his company a lot of money, critical thinking shows his opinion is pretty worthless.
You should do some critical thinking yourself, or learn what it means.
Good luck with that. OSX viruses do exist and they're getting more prevelant.
The only time I had a virus infection on Windows it was the Chernobyl virus. The year was 1999 and a mate gave me a CD of software and MP3s he'd got from another mate. We had no AV so unfortunately the entire flat network caught it before we found out and we had to fix the master boot record on 5 machines. I still have a copy of it on a floppy somewhere.
Since then I've always used AV. If you choose a decent solution (not Norton or McAfee) you don't get slow downs, incompatibilities or the other FUD you're spreading. The VB100 list is a good place to start making that choice.
Allowing AV products, is like admitting there are virus issues with your platform, which Apple do their very best to prevent.
Maybe Kaspersky should sell a iOS AV product for jailbroken devices, so those that chose to get their apps without using the app store, can have protection against all the dodgy apps that exist outside Apple's walled garden.
Lets be honest, they are the people that need it anyway.
Its a sad day, when we start needing AV software on a mobile!
"By limiting users to the appstore and only pre-approved apps then this helps eliminate the issue of dodgy code being installed"
This has already been proved to be incorrect - there was some guy who wrote an app, got it passed the App store detectives. He then (some time later) announced what else the App could do.
Some virus installers are quite cleverly disguised as genuine security patches from trusted vendors which claim to be making your machine secure whilst, actually, compromising it - I'm thinking of adobe update installers maybe, which can look EXACTLY like the real thing.
I know I'm going to get trolled by some who say "Well I NEVER use any adobe products because of this" - or Java, etc etc - but the fact is that out here in the real world of normal people we need to look at pdf's, ppt's and doc's from work and college and we need OpenOffice or similar with which to author them, and we want to not get viruses, please, while using our simple-to-buy-and-operate wintel & mac computers. Most people don't want to spend hours researching every alternative to adobe & java & windows & OSX and countless hours configuring and reconfiguring systems (even if we could be bothered to learn how) becuase we have real stuff to do (like write this hem-hem).
So it's conceiveable that in the course of a busy day one might be fooled into installing a wrong-un. This is not stupidity.
He admits iOS is extreme difficult to crack unless criminals gain access to someone else's source code, and then get them to submit it and have apple pass it without noticing.
He whinges because he cannot get his CPU/memory/batttery hogging software in that will interfere with every app you have.
And finally backs Android - which is already having major malware issues.
Seriously !!!!
"He admits iOS is extreme difficult to crack unless criminals gain access to someone else's source code,"
That's not at all what he said.
A hacker could simply write their own ios application. Plenty of apps have slipped through the net - look at the recent spate of apps that were surreptitiously downloading entire contact lists without Apple knowing.
@dogged
Quite right. It's too easy to say "Well I can restore", if the apps already made off with the data it was designed to collect then you can restore your phone if you want, hell you can even introduce it to a lump hammer, but the damage is done.
If I release 'Angry Pigs' and code it to start misbehaving 7 days after install (actually that might be a bit obvious), it doesn't matter whether or not it goes through the App police. If they don't notice then it's out in the wild. Sure they can remotely kill it, but if I've already managed to send 1000 texts at £1.50 a pop then I'm laughing all the way to the bank!
"A hacker could simply write their own ios application. Plenty of apps have slipped through the net - look at the recent spate of apps that were surreptitiously downloading entire contact lists without Apple knowing."
Not requiring user permission for apps to access Address Book or Calendar was certainly a security hole that needed to be fixed, but I’m not convinced that those apps 'slipped through the net' - for the simple virtue that Apple didn’t require developers to *explicitly* ask for user permission for an app to access that data. Apple might have argued said such behaviour went against its guidelines, but developers could simply bury this in its T&Cs.
It’s obvious if an app didn’t make it crystal clear that such data was being accessed - rather than developers getting one over Apple, I think it was more a case of the company being overly sanguine about this issue.
I think a better example of this kind of thing would be the stock checking app by Charlie Miller (which was referenced by another poster_ http://www.theregister.co.uk/2011/11/08/apple_excommunicates_charlie_miller/
Wasn't that the guy who wanted to have an "Internet Passport" so we'll all be identified on the Internet... which would in his opinion somehow make the Internet safer?
I'm sorry, but by wanting to put his software onto IOS he contradicts himself, proving that he doesn't believe in code signing being a security feature.
AV is so great, it never needs upgrading, right ? So once you've put Kaspersky on your iPhone bad guys will forget about attacking it ?
Or, will they find ways round it so that as well as Apples updates we'll have his daily/weekly ones.
There still isn't a virus, that I'm aware of, for any of Apples current o/s. Yes there is malware, but that tends to attack through user error or third party software.
The last refuge of the fanboi, resorting to nitpicking about what nasty software is called when it affects Apple but everything that affects Windows is a virus.
Tell me, when did you last hear about a virus for Windows? Like you said, malware yes, 3rd party software affected (looking at you Adobe) about 99% of the time but it doesn't stop you lot shouting about how insecure and virus ridden Windows is.
I might be wrong, my memory is failing as I get older, but I don't remember saying anything about Windows. Nor whether it's virus ridden or not. We were, I thought, discussing a vendor of AV products for a system that doesn't as yet, suffer from a virus.
You could, perhaps, save your anti Mac rant for someone who has attacked your precious MS operating system.
Except that "AV" is a misnomer these days, since there are very few real "viruses". It's all anti-malware software of one form or another, regardless of how you choose to label that malware. Apple refusing to prevent anti-malware software on iOS isn't going to stop the creation of malware.
@a53
So once you've put Kaspersky on your iPhone bad guys will forget about attacking it ?
Of course not, and I hope I was right to infer a slightly dry tone here! What it will do (in theory) is provide an extra line of protection.
Of course, there's always the risk of some painful irony: Apple finally capitulate, and the first major strain of iOS malware exploits a weakness in Kaspersky!
I'd also suggest that there are probably very few iDevices out there that don't run third-party software of some sort. What's the point in an App Store full of 3rd party packages if no-one uses it?
I'd hate to think how much the phone would crawl with something like Norton on there though: Norton needs to restart to finalise your update, please reboot your phone and wait a week whilst we pretend to check each individual signature Your Norton subscription has expired, we'll now be cutting battery life by 50% each day until you renew - to opt out please send your left kidney and a SAE to Outer Mongolia. 'Signed For' deliveries will not be accepted
Sorry, just taken some painkillers and feeling a little weird, does it show?
Most infections don't happen at the point of install. Suppose we take Flashback as an example - you install something which is permitted by Apple. It is not malware but it has a vulnerability. You then get infected via a drive-by website.
Apple can't test every website. There's a reason why AV is still installed on locked-down business machines where users can't install any software at all.
I wouldn't exactly describe iOS as "obscure".
Anyway, why shouldn't security be built into the operating system? If you allow in external AV then you open up the system to fake AV, scareware etc. But Apple needs to patch vulnerabilities a bit more smartly than they did the recent Java one.
errrmm that phrase means trying to make something secure by hiding it... It does cover the situation of something not being popular so hopefully no one will target it, but in this case me thinks it is to do with hiding your code and hoping that vulnerabilities won't be discovered.
*They get Mac viruses.
iOS maybe secure, the App Store is only secure by policy - a policy that is designed with profits at its core and security of apps not so much.
iOS does have one simple defence against malware: retain 3rd place market share and the criminals won't be interested :)
If the platform needs it then he can use the same vectors as a virus would use to infect the platform to publish+run an anti-virus scanner/cleaner.
On a more sensible note: an AV scanner basically needs to be integrated at the OS level on a platform where all apps are sandboxed, so he'd need Apple support to develop and release it, and who is to say that an internal team at Apple, or one of Kaspersky's, don't already have AV software running in the OS on all devices?
Consist of asses.
Apple's security policies are awful, and from where I am standing they turn them into political/marketing issues, which is just bad form altogether.
Every platform can get owned. Every single one. I've seen malware on MIPSEL BSD-based routers, which by all counts should be even more secure than iOS. It's best to assume that every platform you use can be owned and that you can't justify yourself not taking steps to protect your box because "Windows has more malware."
On that note, Windows has less unique malware than you may think, since AV companies inflate their statistics some. The majority of malware out there consists of skidware modifications, which are frankly not a threat or vast families of trojans built by off-the-shelf "builders". Malware of a more singular nature is generally a lot more successful, which is why Flashback got on the news, not because it was just "Mac malware zomg".
That said, AV companies are trying to sell you snake-oil, anyway. Their heuristic detection is a joke, any kind of polymorphic code will own your box undetected, etc.
Sadly the fact is that it's just not possible to protect normal people on the internet. But don't blame that on their choice of platform (they're all as bad as each other, even Linux); blame it on their lack of common sense.
They would have [sued Microsoft] if Microsoft said the same thing about Windows
I have to admit that the cure does seem to be worse than the disease in terms of resource usage.
I'd be interested to know who has made more, the crackers, or the AV corporates.
Best to buy a second PC or run a live image off virtualbox for the important or dodgy stuff.
Also, for those complaining that AV is a resource hog, you DO know what it's doing, right? "Active Protection" or whatever the current buzzword is, is designed to protect idiots from themselves. It's useless against anything other than [Skidforum]_Cracked_Keygen_with_Russian_Beauties.exe. If you're not stupid enough to download and run every single .exe you find, you can DISABLE it, and just use the antivirus as a removal tool.
Also, if you're suffering ridiculously heavy resource usage with just Word and an antivirus, I suggest you get a new anti-virus tool and scan your drive, dohoho.
It'll be interesting to see if the Apple approved (as they had a vested interest in it) HTML 5 will allow for truly browser and platform independent malware that will see iOS enter the realms of malware.
There's already been at least one case of "fileless malware" and the Apple users who say they've never had a virus are probably right but do they know if they've got malware?
Viruses of old used to turn your mouse pointer into a rocket and "explode" or display that your "Computer is Alive" and restart , delete files and other telltale signs of juvenile pranks.
Malware on the other hand is to make money, so it doesn't draw attention to itself and with driveby infections previously mentioned, no dodgy software (not including Java) is required just a visit to a compromised site and the the prompt for installation is no more as malware authors long ago learned to make their malware portable to allow the silent "install" and execution of their malware using only user privileges.
Surely Apple should do all the virus scanning at app store level, and remotely disable any evil app that gets through. This will save bazillions of CPU cycles on portable devices and hence battery.
If I need to run AV on my phone - I've brought the wrong phone.
Opening the whole phone route structure up to a virus scanning app sounds like a huge step backwards to me!
Ed
Apple has it's own game in iOS security. It is for sure. And Apple does not need Kaspersky, since they rejected his proposal.
So Kaspersky frustration is understood. What is not understood - his behavior after he had been rejected.
Imho, after Eugene Kaspersky publicly admitted his frustration with this wording, he closed his door to Apple forever.
It seems Apple does not think, it needs Kaspersky's products.
So Apple rejected it.
And I can hardly believe Apple has done it foolishly, without thinking.
Now, when Kaspersky say "Apple is stupid, they will fail without me" - it sounds weird.
And it does not give points to Kaspersky.
Vice versa.
There are many security product developers like Kaspersky, whilst Apple...
Well, everyone knows what Apple is... :)
The reason Apple don't provide Kaspersky with any such API is of course that such an API would itself have to breach the sandbox - and so its presence would make iOS less secure. The same will probably be true for Windows RT tablets, and is presumably the case on WP7.
This isn't a Mac vs PC thing, this is a heavily sandboxed device OS vs PC thing.
Most of your average, idiot, windows users...you know the ones who seem to harbor virus...all have iPhones.
If you don't think crime is going to target mobile your an idiot. NFC, Google Wallets, etc all scream attack me.
That being said, I am not a fan of most AV's either, so I understand it.
At some point the crooks are going to work out that there are a bunch of willing victims, with more money than sense (the definition of the average apple customer), and next to naff all protecting their digital lives.
Sharks + Blood = the obvious
Computer + No Security = the obvious
AV on a iOS device is rather useless, for the effort of trying to direct the device, simple detection and termination is easier. For an iOS it would be easier to brick the damn thing, if it seems buggered as a round of updates, and then restore from The Cloud (tm).
And any one who jailbroke their own, is on their own as they were from the start, without support anyways.
This post has been deleted by its author
Obviously none of you work in security. Have you seen the vulnerability reports for AV software, especially te much proclaimed Clam AV you see spouted forth by the naive in forums like these? Why install a product with marginal benefit and open yourself up to additional vulnerability exploits through increasing your systems attack vector surface area. You are morons!