Did you hear the one about the antivirus company CEO who got to opine on TechCrunch about how Apple should open up iOS?
Oh, it’s not a joke.
Well, maybe it is, actually.
“It’s Time For Apple To Open Up” (indirect link and tip o’ the antlers to Daring Fireball)
The writer, John Prisco, is identified thusly:
John Prisco is president and CEO of Triumfant.
Oh. Huh. You might wonder what Triumfant is other than another charming tech misspelling of an actual word. Pff. They put the link in, dummy. What, does TechCrunch have to spoon feed you someone’s laughable biases or something? Follow the link. Sheesh.
[eye roll] [obscene hand gesture]
Turns out, funny story, Triumfant makes antivirus software. Oh! Well, that’s an odd coincidence. Seems like one worth mentioning but… welp. There it is. Yeah, they make the kind of software that Apple doesn’t allow on iOS because it would have to be able to scan other apps, which would mean Apple would have to break sandboxing. Sandboxing is, of course, one of the things that makes iOS so secure.
Facts. Annoying facts that you won’t find in this piece.
The researchers at Lacoon Mobile Security identified the malicious software Xsser, capable of stealing text messages, photos, call logs, passwords, and other data from iPhones and iPads.
It’s true! You know what the researches at Lacoon Mobile Security also identified that Prisco does not? The fact that Xsser only affects jailbroken iPhones.
Boy, there’s a lot of stuff here that should have been mentioned. Well, in fairness to Prisco and TechCrunch, it’s not like digital ink is free or something. Pro tip: you can save on digital ink by cutting and pasting words from old text or html files. It’s true. Reduce, reuse, recycle. Or, in TechCrunch’s case, just reduce.
But political discourse aside, there are wide-reaching technological implications here that are a little closer to home and it’s Apple that needs to listen.
We must ruin the platform in order to save the platform. Makes sense in a creepy Vietnam flashback kind of way.
Xsser is an example of what’s coming in terms of mobile malware.
It is?! Oh, good! Then most users have absolutely nothing to worry about since most users don’t jailbreak their phones.
The whole concept of BYOD will turn into an unmitigated disaster unless mobile operating systems are protected.
OK, let’s take an object lesson here. You know how Microsoft made Windows more secure? It made it more secure by implementing technologies in the operating system like ASLR and by removing vectors of attack like Java. It sure as heck wasn’t by allowing antivirus software on Windows.
With Apple, you just don’t have enough access to apply that level of protection.
You also don’t have enough access to apply that level of attack.
It is not “ironic” that the very thing Prisco is calling for—opening iOS so that apps can muck around in other apps—is what will make iOS less secure. Deliberately dissembling is not “ironic.” As John Gruber notes:
It’s not Apple who is in trouble because iOS doesn’t allow third-party anti-virus/security software to run at the operating system level. It’s the purveyors of anti-virus/security software who are in trouble.
Did makers of leg braces advise parents to break their children’s legs after polio was wiped out? You know, just to be on the safe side?
“Only we can stop polio! Please break your children’s legs to stop polio! What do you mean your children don’t have polio? That doesn’t make sense. Better buy our leg braces anyway.”
I am calling for Apple to cooperate and collaborate with the security industry to help us protect ourselves in this next wave of cyber-attacks.
I am calling for Apple to prop up my lousy business model.
If you still have any sympathy at all for Prisco, this should expunge it from your body like a warm emetic.
…the genie is out of the iBottle.
Google, on the other hand, does allow this level of collaboration.
Yeah. And look where that’s gotten them. “Android is a malware cesspool” used to be the Macalope’s go-to article in situations like this but cesspool is so 2011’s Android security situation. This year’s Android security situation is “a toxic hellstew of vulnerabilities”. You’ve gotta stay with the times.
Xsser is a lesson. It’s a lesson that Apple’s method of securing iOS is better. No, iOS is not invulnerable, but it is literally the most secure modern operating system. If that’s not a lesson antivirus makers want to hear, well… sucks to be you.