dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1771

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Apple reportedly asked Kaspersky Lab to analyze OS X

The firm's CTO says Apple asked for help—and at just the right time.

Apple is drawing upon the expertise of security researchers from Kaspersky Lab when it comes to security on OS X, according to Kaspersky CTO Nikolai Grebennikov. In an interview with Computing News, Grebennikov revealed that Apple had asked his firm to begin analyzing OS X in order to help improve its security. The request follows the recent high-profile Flashback scare, and shows that Apple is beginning to take steps to take OS X security more seriously.

"Mac OS is really vulnerable, and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," Grebennikov told Computing News. "Our first investigations show Apple doesn't pay enough attention to security. For example, Oracle closed a vulnerability in Java, which was a target for a major botnet several months ago."

Following reports that more than a half-million Macs were infected by Flashback thanks to a then-unpatched Java vulnerability in OS X, Kaspersky Lab boldly told members of the media that "Mac OS X invulnerability" to malware is a myth. Although the statement generated grousing among the Mac-using community, it's true—security researchers have been arguing for years that Macs were only perceptibly "safer" because of their relatively low market share. It would only be a matter of time before attackers began focusing on the Mac, and Kaspersky argued last month that we have officially reached that point. "Market share brings attacker motivation," the firm said in April. "Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits."

»arstechnica.com/apple/20 ··· ze-os-x/
Name Game

Name Game

Premium Member

Hands-on with five antivirus apps for the Mac
Which antivirus software is the best for Mac users? It depends on your needs.

»arstechnica.com/apple/20 ··· the-mac/

mozilla user to Name Game

Anon

to Name Game
On Monday, April 14, computing.co.uk published an article titled "Apple OS 'really vulnerable' claims Kaspersky Lab CTO" that includes an inaccurate quote regarding Apple and Kaspersky Lab. The article reports that Kaspersky Lab had "begun the process of analyzing the Mac OS platform at Apple's request" to identify vulnerabilities. This statement was taken out of context by the magazine – Apple did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform. Kaspersky Lab has contacted computing.co.uk to correct its article.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Thanks..that's a relief. ..don't want to have one of those episodes again....
Name Game

Name Game to mozilla user

Premium Member

to mozilla user
I guess more to the point from Mac Rumors..

Update: Kaspersky Lab has provided clarification to Engadget, claiming that Grebennikov's comments were taken out of context and that Apple has not invited Kaspersky to perform any security investigations.
On Monday, April 14, computing.co.uk published an article titled "Apple OS 'really vulnerable' claims Kaspersky Lab CTO" that includes an inaccurate quote regarding Apple and Kaspersky Lab. The article reports that Kaspersky Lab had "begun the process of analyzing the Mac OS platform at Apple's request" to identify vulnerabilities. This statement was taken out of context by the magazine – Apple did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform. Kaspersky Lab has contacted computing.co.uk to correct its article.
Kaspersky's analysis is being undertaken at its own initiative, although Apple has reportedly indicated that it is "open to collaborating" on any new issues Kaspersky discovers.

»www.macrumors.com/2012/0 ··· -issues/

»www.engadget.com/2012/05 ··· nerable/

KodiacZiller
Premium Member
join:2008-09-04
73368

1 recommendation

KodiacZiller to Name Game

Premium Member

to Name Game
Congrats Apple. You asked the biggest snakeoil salesmen in the industry to give you advice on security. Instead of taking it to a company that sells crappy AV software, they should have taken it to some independent lab that has no profit motive in mind. I really have no faith in Apple's security policies if they are going to listen to Eugene Kaspersky. The only thing Kaspersky can do is tell them how many pieces of malware targets OSX. That is not helpful in any way. AV detection has failed miserably in keeping Windows secure, so why would it be any different for Apple?

And Kaspersky predictably uses the "market share" argument which is flawed on its face. It doesn't take a professor of philosophy or logic to understand why. Linux has the largest market share in the world on servers, yet we don't see Linux viruses anywhere. None, zilch. Targeted attacks, yes. Occasional flaws in services, yes. Malware, no. So, if Apple focuses only on malware detection they have already lost.

EDIT: I see Apple did not ask Kaspersky for anything. Excellent. But my point about AV software still stands. It is a racket meant to keep the AV companies in business. Without malware, they go out of business.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

I too am glad it is coming down this way...I recall Kaspersky's spoke people crying in the spilt milk that Apple was not paying any attention to them during this flashback thingie..I was very surprised when they then claimed they were working with apple..it did not smell right..
I agree with the other points you made...
Expand your moderator at work

Ctrl Alt Del
Premium Member
join:2002-02-18

Ctrl Alt Del to Name Game

Premium Member

to Name Game

Re: Apple reportedly asked Kaspersky Lab to analyze OS X

Apple has done this before.

Apple asked Charlie Miller, the one who exploited the Macs at the Pwn2Own contests year after year, to look at their security.

»www.macobserver.com/tmo/ ··· archers/
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

That site was not happy that I use Proxo and wanted me to contribute money to the site or stop with the ad blocking. I haven't seen anything like that on a site in years.
EdmundGerber
join:2010-01-04

EdmundGerber

Member

said by Mele20:

That site was not happy that I use Proxo and wanted me to contribute money to the site or stop with the ad blocking. I haven't seen anything like that on a site in years.

Which site - at least 4 different sites were linked in this thread. we are not frigging mind readers...

Grail Knight

Premium Member
join:2003-05-31
Valhalla

Grail Knight to Mele20

Premium Member

to Mele20
If you are referring to the macobserver site I am seeing no such thing as you described. Actually I tried every link posted in this thread and could not duplicate your results.

No Proxo just plain old ABP & Noscript on Fx v12.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Mele20

Premium Member

to Mele20
Click for full size
said by Mele20:

That site was not happy that I use Proxo and wanted me to contribute money to the site or stop with the ad blocking. I haven't seen anything like that on a site in years.

Hey Gal...post a screenshot of what you see..if the site is macobserver....will tell you my hosts file sure blocks a lot of junk including online poker etc etc.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

It's a polite request that I either ditch the ad blocker or donate money monthly or at least once to the site. It's a popup near the right bottom of the page so I could see the article behind it. Do they expect folks who just want to read ONE article there and who don't even have Apple computers to donate money? That puts them in the category of our only state newspaper that can no longer be read (even one article usually depending I think on how one comes to the article from Google or directly) without a $25 donation.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Ctrl Alt Del

Premium Member

to Ctrl Alt Del
said by Ctrl Alt Del:

Apple has done this before.

Apple asked Charlie Miller, the one who exploited the Macs at the Pwn2Own contests year after year, to look at their security.

»www.macobserver.com/tmo/ ··· archers/

Well things have to change because Apple Macs are now low hanging fruit. Apple's answer to Security seems to be 'dumbing down the box" so the user can't use what is out there. But the Apple always did want to create their "own world"

I personally have a MAC..but it is not what I use most of the time. This next article still lingers in my mind......

»pensacolacomputerhelp.co ··· s/?p=427
Quote:
"The Apple devices like the iPad have taught us a different way of doing things – and many times that way is harder and more innefficient. Sure, the iPad is a great device for consumption of data, for viewing things, for reading, for surfing the web, but it is quite innefficient at data creation. I have seen many businesses fall for the lure of the iPad, not so much because it helps them, but because of the cool factor (many ‘thought’ it would help them, until they actually tried to use them). Don’t get me wrong, Tablets definitely have a place in business, but it is sad to see someone like a doctor struggle with trying to enter data on an iPad and taking 10 times longer than it would take to sit at the PC that is right there. I almost laugh out loud when I see people trying to use an App clumsily with their fingers that would be so much easier to do on a real computer with a mouse and keyboard. When it comes to using technology efficiently, Apple definitely makes us dumb.

Then of course we have the wonderful Apple marketing machine that has placed Apple devices in Schools wherever they can. This is so the young impressionable ones will see them and want one – and who wouldn’t want a sleek, aluminum body laptop, or all in one with that big Apple logo? Of course no one explains to the kids that learning how to use an Apple won’t get them squat when it comes to applying for a job. Businesses do not use Apple computer’s, they are not made for business, they are not secure, they do not have hardly any business software, and 99% of the worlds businesses run computers other than Apple. A security expert at the latest Black Hat security conference summed up the danger of using Apple’s Server computer in a business environment when he said “once you install OS X Server you’re toast“. Learning how to use a Mac will actually probably hurt students when it comes time to venture out into the business world as they will have to relearn many things. It may be ‘cool’ to have that Apple in class, but cool doesn’t pay the bills.

Now don’t get me wrong – Apple makes excellent quality devices, they pretty much always have (despite their massive exploitation of Chinese workers, but hey, everyone does that ), it is also true that you have less of a chance of getting malware or a virus on a Mac (not because they are more secure, that myth has been shattered), it’s because people write most viruses today to make money and infecting computers that hold such a small share of the market just isn’t that profitable. The iPad is slick, it has an easy to use interface, and it doesn’t show errors like Android devices (which do tell you when there is an error with the software). The iOS devices have a wealth of apps, which also make a wealth of money for Apple, and you can find an app for just about anything that Steve Jobs will allow you to have, because after all, it appears as if Steve wants people to be dumb when it comes to technology, that is how Apple has made their money."
Name Game

2 edits

Name Game to Mele20

Premium Member

to Mele20
Thanks..I find that hilarious..sensing a privacy app and then begging for money. Send the owner a recurring love box of coqui. I think you just found a classic.

So funny..even the Apple eaters and Mods in their Forum are getting the same popup with safari and ipad..and not even using adblock.

»www.macobserver.com/tmo/ ··· d/82611/

And every time Google search dances on their site..they get the same.

»www.google.com/#q=site:m ··· &bih=638

Ctrl Alt Del
Premium Member
join:2002-02-18

Ctrl Alt Del to Name Game

Premium Member

to Name Game
said by Name Game:

I personally have a MAC..but it is not what I use most of the time. This next article still lingers in my mind......

I wonder if the author of that article is biased towards Microsoft in any way. It couldn't be the fact that his website is styled after Windows Aero glass. Or that each post is styled like a Windows Explorer window.

How can "dumbing down" technology be bad? Is the author actually advocating keeping it complicated? Keeping computing complicated is busy work. Busy work that takes away from time I could be spending doing more useful things. If things should remain complicated, then we might as well go back to hand cranking cars, because after all, electric car starters are dumbing down drivers.

rcdailey
Dragoonfly
Premium Member
join:2005-03-29
Rialto, CA

2 edits

rcdailey

Premium Member

I recall that Bill Gates had a vision of a future in which computers would be as simple to operate as a toaster, and maybe as reliable. So far, it hasn't worked out that way, even with Apple. That said, there are quite a few computing devices that are simple to use that don't require keyboards as such, and more are appearing every day. Now if they can figure out an easy way to enter data that won't fit into a check box, that would be a killer application. Voice recognition isn't quite good enough yet, but maybe that is the solution in the end. How may years since Star Trek TOS?

ZapZap
@europa.eu

ZapZap to Mele20

Anon

to Mele20
said by Mele20:

Do they expect folks who just want to read ONE article there and who don't even have Apple computers to donate money?

Just don't block the ads and you can read it free. I think its a reasonable request. Running the site cost money and articles don't get magically drafted by an autopilot. You have writers behind spending time (=money)!!

Stealing ONE apple may be better than stealing TWO apples but you still remain a stealer

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

Name Game

Premium Member

said by ZapZap :

said by Mele20:

Do they expect folks who just want to read ONE article there and who don't even have Apple computers to donate money?

Just don't block the ads and you can read it free. I think its a reasonable request. Running the site cost money and articles don't get magically drafted by an autopilot. You have writers behind spending time (=money)!!

Stealing ONE apple may be better than stealing TWO apples but you still remain a stealer

Because it is an experiment gone wrong....as arstechnica found out.

»arstechnica.com/business ··· ou-love/

Besides they are targeting just one privacy product called Adblock..and I can assure you there are other products and methods to block the crap...and for good reason..Ads are the target of hackers and unless the owner of the site can control that..which many can not...then the users system is compromised without any recourse to the site owner except maybe a deep sigh.

Just like the World Press start of infecting MAC's with flashback..
»www.securelist.com/en/an ··· e_Part_1

I bet the owners of macobserver would not have the foggiest if their site was ever compromised.

»www.dailymail.co.uk/scie ··· ads.html
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

It's more than AdBlock. I use the Proxomitron not AdBlock.

I think you hit the nail on the head in observing that ads are the target of hackers. I agree that macobserver site would probably never know, or even care, if it was serving malicious ads. I would be a fool to not block ads there or at most websites for this reason alone.

The Arstechnica article was interesting but here's the owner of that site, which is an excellent source of information about computer technology, yet he appears to be completely oblivious as to why folks block ads. Then he conducted that experiment and learned a little something. But he still seems ignorant enough about the dangers of visitors allowing ads that he didn't convince me to allow them there. He did not in any way address the worries of those of us who block them primarily for security reasons....and this was the head of a widely respected computer technical site oblivious to such danger. I shudder to think what dangers lurk at sites with less technologically oriented owners and that is the majority of sites out there.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

I agree and BTW ...macobserver was hacked and defaced and their members all got email via the site from the hacker back in 2006..in this case the went into a backdoor of the forums software. Not a real big deal...but when site admin have revenue coming from adv. companies via off site severs...they have no idea what is really being setup and that is always the big risk for members and visitor.

Smith6612
MVM
join:2008-02-01
North Tonawanda, NY
·Charter
Ubee EU2251
Ubiquiti UAP-IW-HD
Ubiquiti UniFi AP-AC-HD

1 recommendation

Smith6612 to Mele20

MVM

to Mele20
Blocking advertisements over security concerns is the real reason why I practice ad-blocking. Yeah, the ads are always the slowest loading things on each page, often causing the page to not display right away without browser tweaks or waiting for the ad to finish loading (my connection is slow enough as it is), or sometimes the counters in them just stop when a video ad stops playing making the wait longer, especially for content that is shorter than the ad itself (see: Hulu), and the ads leave all of those nasty tracking cookies/supercookies everywhere. Then of course, they are also prone to causing Flash to crash, waste battery power on laptops consuming CPU cycles, so on and so fourth. But security of my system is and always has been priority. I've seen far too many times where a banner ad has some sort of Java or JavaScript payload in it that exploits an unpatched vulnerability. At the same time I'm also visiting a faster loading site, sites that look a lot cleaner when they consist of 60% advertisements, and of course, a faster browser not bogged down by having 4 Flash instances trying to load and render who knows what.