The Macalope Daily: Protesting too much
Hell hath no fury like a security software vendor kept off a platform.
Just so we’re clear, the thing that keeps Kaspersky’s software off of iOS is the same thing that makes Apple’s mobile platform the most secure operating system there is. Period.
“We as a security company are not able to develop true endpoint security for iOS,” Kaspersky told The Register in Sydney today. “That will mean disaster for Apple,” he opined, as malware will inevitably strike iOS in the future.
We’re so sure.
Yes, it sure was a disaster for Mac users when a virus wiped out their user settings.
Oh, wait, that wasn’t a virus, it was your malware removal tool. Oopsies!
Kaspersky says the infection vector won’t be iOS itself, which he said is “by design is more secure” than other operating systems.
What, then? Evil spirits?
“ … The only way is to inject it into the source code of legal software. It will take place in a marketplace and then there will be millions or tens of millions of devices.”
Huh. Well, in general the Macalope would have to defer to Kaspersky, since the horny one isn’t a security expert but rather just a pointy beast meant for skewering pundits.
Fortunately, he’s not in a deferential mood today! The Macalope’s dad always says “if your antlers aren’t sharp on one side, find someone else whose are.” The Macalope still isn’t exactly sure what that means, but to solve his current dilemma he spoke to Rich Mogull of Securosis, who had this to say:
Kaspersky is correct, someday someone will probably get an evil app into the App Store or exploit a legitimate app and circumvent the iOS security and sandboxing. But I’m not convinced any AV vendor would be able to discover and stop this app any faster than Apple could yank it from the store. And I don’t think this will ever be a rampant problem like it currently is on Android.
I’ll take a more-secure platform over AV any day of the week. Thinking AV is the only way to prevent malware is a very myopic view.
Indeed. Myopic and, of course, self-serving. Kaspersky:
The result of an attack on iOS, he feels, will be declining market share for Apple and a concomitant boost for Android, a platform he admits is less secure but which at least offers developers the chance to develop security software.
Because security software that deletes your user settings is the only way to protect yourself!
A severe attack, Kaspersky argues, therefore has the potential to highlight the problems of a closed ecosystem and damage Apple permanently.
Right. Again, Mogull:
There is a long history of antivirus vendors claiming a platform can’t be secure unless they have access to it. For example, Symantec and McAfee even took out a full page ad in the Wall Street Journal when Microsoft first announced they would lock down the 64-bit Windows kernel in Vista, breaking the kernel hacks they relied on. Personally, I’d prefer a secure platform [over] having to rely on a partially-effective solution that requires reducing the rest of the system’s security.
The Macalope really didn’t have an opinion of Kaspersky before its CEO decided to make a big deal about the fact that its virus software is useless on iOS because Apple has decided to make its mobile operating system incredibly secure. But he does now, and it’s not a good one.
[Editors’ Note: In addition to being a mythical beast, the Macalope is not an employee of Macworld. As a result, the Macalope is always free to criticize any media organization. Even ours.]