Kaspersky: "Apple is 10 years behind Microsoft in security"

Kaspersky Lab founder and CEO Eugene Kaspersky has some harsh words for Apple when it comes to security. At the Info Security 2012 conference, Kaspersky told CBR that Apple is “ten years behind Microsoft in terms of security.”

Kaspersky said that although Windows is still hacker's favorite target, Mac malware is growing at an unprecedented rate, something he said was “just a question of time and market share.” Although Apple has long prided itself on offering a more secure environment than Windows, the Mac has recently been hit by several high profile attacks, such as Flashback.

If Apple is going to keep its users secure, Kaspersky says that they'll have to adopt a new update cycle, which some have faulted for allowing Flashback to take off in the first place. They will understand very soon that they have the same problems Microsoft had ten or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software,” he said.

On the other hand, Apple has been pretty successful (so far) with the 'walled garden' approach they've taken with iOS, and their upcoming Mountain Lion OS will let users opt in to use a similar environment on the desktop. Still, such an approach risks alienating many users, and won't do much to protect against malware like Flashback, which relies on exploiting plugins – in this case, Java.

Kaspersky went so far as to praise Microsoft's approach to security in the past. “They had to do a lot of work to check the code to find mistakes and vulnerabilities. Now it's time for Apple [to do that].”

Make no mistake: Mac malware is on the rise, and Apple definitely needs to act quickly to stop it from getting even worse. But right now the threat is still miniscule compared to the attacks aimed at Windows, a curse that has as much to do with market share as with anything else. But the fact that Mac malware is rare enough to make the news proves that it remains a relatively small problem at this point, at least in terms of the variety of malware that's out there.

Still, Kaspersky says now is the time to act, and welcomes Apple to a brave new world: “Welcome to Microsoft's world, Mac. It's full of malware.”

Report a problem with article
Previous Story

Microsoft and Pegatron sign Android patent agreement

Next Story

Microsoft talks about SkyDrive API tools

88 Comments

View more comments

Ive spoke to a few mac users i know and they admit they have virus protection and even say that those that say its not needed are stupid specially if its also their work computer.

End of the day their have been no viruses for macs because there has been no need to break the code the amount of people actually using them has been small compared to a Windows computer. Now times are changing and people are starting to get macs and "some" people are taking time to make a virus, trojan or something else to infect a computer. Yet all the mac users think "Hey its a mac were safe!" were you safe when apple ****ed up there code and reset all your data? (when i say reset i mean you lost it all) you are NEVER safe if someone wants to cause harm or even use UR computer as a bot to pass information.

I seriously get fed up of mac fanboys saying "Im a mac im safe" when all too soon they be going "Im a mac and need decent protection like Windows".

ROTF...I can't stop laughing. Really? Is he for real? he must be on Microsoft's payroll. Since when is Microsoft's security better than Apples? What a joke. Every day more and more Windows-based PCs get attacked and infected, more than any OS out there, that's how secure Windows is. Give me a break...

Scorbing said,
ROTF...I can't stop laughing. Really? Is he for real? he must be on Microsoft's payroll. Since when is Microsoft's security better than Apples? What a joke. Every day more and more Windows-based PCs get attacked and infected, more than any OS out there, that's how secure Windows is. Give me a break...

Hows middle school treatin' ya?

dtboos said,

Hows middle school treatin' ya?

Actually I have been out of Middle School for over 30 years now. You on the other hand are going to sit there with a straight face and tell me Windows is more secure than Mac OSX? Really? You believe that? You must be a Microsoft fanboy who never in your life have touched or used an Apple computer and have no clue what you are saying.

Scorbing said,

Actually I have been out of Middle School for over 30 years now. You on the other hand are going to sit there with a straight face and tell me Windows is more secure than Mac OSX? Really? You believe that? You must be a Microsoft fanboy who never in your life have touched or used an Apple computer and have no clue what you are saying.

I'm disappointed that in your case, age is clearly not an indicator of maturity.

Scorbing said,

Actually I have been out of Middle School for over 30 years now. You on the other hand are going to sit there with a straight face and tell me Windows is more secure than Mac OSX? Really? You believe that? You must be a Microsoft fanboy who never in your life have touched or used an Apple computer and have no clue what you are saying.

Put down the crack pipe, mister. It's clearly destroying your brain. Drugs are bad, m'kay?

Scorbing said,
ROTF...I can't stop laughing. Really? Is he for real? he must be on Microsoft's payroll. Since when is Microsoft's security better than Apples? What a joke. Every day more and more Windows-based PCs get attacked and infected, more than any OS out there, that's how secure Windows is. Give me a break...

Weird out of the 500 to 800 Windows PCs I have touched in the past couple of weeks, I have not seen ONE with malware.

Are you sure you are talking about Windows Vista/7 or Windows 95?

Scorbing said,
ROTF...I can't stop laughing. Really? Is he for real? he must be on Microsoft's payroll. Since when is Microsoft's security better than Apples? What a joke. Every day more and more Windows-based PCs get attacked and infected, more than any OS out there, that's how secure Windows is. Give me a break...

RDF

Kaspersky is 100% right, Apples response to the infections have been abysmal. Sure the products are DESIGNED to be secure, but most products are, but the spread lies for years that this is enough. When malware comes out, they deny deny deny, eventually acknowledge but refuse to help fix it. Eventually after that they announce a fix, then some weeks after that it rolls onto Software Update, and doesn't even fix the infections. Mac OS X supposedly has a built in anti virus. If Apple had a clue about security than we wouldn't need 3rd party antivirus to come to the rescue a la Windows.

Simon- said,
Kaspersky is 100% right, Apples response to the infections have been abysmal. Sure the products are DESIGNED to be secure, but most products are, but the spread lies for years that this is enough. When malware comes out, they deny deny deny, eventually acknowledge but refuse to help fix it. Eventually after that they announce a fix, then some weeks after that it rolls onto Software Update, and doesn't even fix the infections. Mac OS X supposedly has a built in anti virus. If Apple had a clue about security than we wouldn't need 3rd party antivirus to come to the rescue a la Windows.

I have had my iMac for 3 years now and not once have I been infected with anything...never.

Scorbing said,

I have had my iMac for 3 years now and not once have I been infected with anything...never.

I haven't had a Windows Virus in probably a decade now. Keep believing that Apples security was anything other than the simple fact that nobody cared to write them for a platform with little market share. The bigger they grow the more they will be attacked, and the more their unpreparedness and lack of experience in the field will show.

The 'Walled Garden' of iOS is not true application isolation. So it has helped iOS hold security far ahead of say Android, it is not the best nor should it be the only security angle Apple uses.

As an example:
WP7 has a more robust security model for application isolation and application approval security checking, and they go far beyond iOS for a reason. Even comparing the security technologies between Windows 7 and OS X, there is a massive difference in the level of protections inherent in kernel code all the way up to Application layer handling of security. OS X is more than 10 years behind in some regards.

Apple has had the luxury of Windows being the target and getting hit with 'new' exploit technologies and then having the chance to add these protections to OS X over the years.

Sadly, they only 'patch' the concept that were exposed and didn't build any security infrastructure into the coding practices nor the kernel or OS model of OSX or the Application layers. So they patched to prevent the 'new' exploits, but never created a comprehensive security model for OS X.

(Before Android users jump in, Android has little to no security in comparison to either, it is sadly much like Windows 3.x/9x that had very little to no security. Windows NT in 1993 had more security technology than Android, if you want to see how insane Android's security model really is.)


So technically the concept is true, Apple's security technology is a full generation behind Microsoft's.

thenetavenger said,
The 'Walled Garden' of iOS is not true application isolation. So it has helped iOS hold security far ahead of say Android, it is not the best nor should it be the only security angle Apple uses.

As an example:
WP7 has a more robust security model for application isolation and application approval security checking, and they go far beyond iOS for a reason. Even comparing the security technologies between Windows 7 and OS X, there is a massive difference in the level of protections inherent in kernel code all the way up to Application layer handling of security. OS X is more than 10 years behind in some regards.

Apple has had the luxury of Windows being the target and getting hit with 'new' exploit technologies and then having the chance to add these protections to OS X over the years.

Sadly, they only 'patch' the concept that were exposed and didn't build any security infrastructure into the coding practices nor the kernel or OS model of OSX or the Application layers. So they patched to prevent the 'new' exploits, but never created a comprehensive security model for OS X.

(Before Android users jump in, Android has little to no security in comparison to either, it is sadly much like Windows 3.x/9x that had very little to no security. Windows NT in 1993 had more security technology than Android, if you want to see how insane Android's security model really is.)


So technically the concept is true, Apple's security technology is a full generation behind Microsoft's.

how do you figure? keep in mind that we don't have days to read yotr message. tl;dr

BumbleBritches57 said,

how do you figure? keep in mind that we don't have days to read yotr message. tl;dr

Fair statement... However I don't get paid to provide technical education on OS theory and engineering here. This is stuff you can find if you are curious though.

BumbleBritches57 said,

how do you figure? keep in mind that we don't have days to read yotr message. tl;dr


Kernel? Security model? Application isolation? It's too complicated for me!!!!
I'll just stick to my lovely Mac and continue to convince myself Windows malware is simply all M$' fault.

I let someone try to get in to my Mac once. I had it secured the regular way, with a password and all. Granted, he had physical access to the machine, but let's just say it took him less time to get in to my Mac than it takes me to do the little "hacking" sequences on Mass Effect 2.

Enron said,
I let someone try to get in to my Mac once. I had it secured the regular way, with a password and all. Granted, he had physical access to the machine, but let's just say it took him less time to get in to my Mac than it takes me to do the little "hacking" sequences on Mass Effect 2.

Having access to a keyboard and screen are not 'technically' physical access. (Not sure what he did, but there are ways to hijack a Mac using just a keyboard and monitor though.)

Apple has no financial gain in making it secure....that's all it comes down to. However, I'm betting the next OS will be promoted as "a new, revolutionary secure OS".

i've just stop subscribing to kaspersky internet security yesterday and switch to security essentials after 6 years. maybe that push eugene over the brinks. you think?

hmmm, a virus scanning company who make viruses said Mac have viruses now<<<<Sounds like old news and shocking the trolls still say Mac do not get viruses. Wait a minute, they get paid by this companies to say such things and if they only knew the difference between a malware and virus.

I don't see this as an Apple versus Windows thing (Though I do feel that Apple should probably stop marketing their products as immune)...

Microsoft has done a tremendous amount to improve the security of their products and their update schedule should be applauded. This is really great, but it doesn't have anything to do with Apple.

Apple doesn't approach things from the security position Microsoft does. They benefit largely from their lack of market share. I am sure that in the future, they will likely be forced to emulate Microsoft's update schedule and their focus on security, and I think this will be great for everyone. My biggest issue with Apple honestly is the amount of time it takes them to release an update to fix something. But again, this doesn't have anything to do with Microsoft...

To be fair:
(1) Apple has NEVER said their products were virus immune. In fact, anti-virus security programs have been available on the shelves of the Apple stores for as long as there have been Apple stores. Its just the fanbois who got it in their heads they were some how immune. Even us serious business users have known better and that it was just a matter of time and market share.

I've been warning fellow Apple users that this was coming ever since market share rose over 6% and that those living in a fools paradise would be a very tempting target.

(2) That 10 years is 10 years Windows-time. It will be interesting to see how fast Apple catches up now that its an issue. My guess is that 10yrs windows time is less then 1 year Apple time.

Commenting is disabled on this article.