News:

And we're back!

Main Menu

How far behind is Apple's security?

Started by CountDeMoney, April 30, 2012, 09:18:55 PM

Previous topic - Next topic

CountDeMoney

We know how far behind they are in taxes but that, as Oprah would say, is for another show

QuotePaul Wagenseil, SecurityNewsDaily Managing Editor
How far behind is Apple's security?


Kaspersky Lab founder Eugene Kaspersky made headlines last week when he declared that Apple was "10 years behind Microsoft in terms of security."

Kaspersky was referring to the recent spread of the Flashback family of malware, which was greatly aided by Apple's long delay in patching a known software flaw.

But is Apple really 10 years behind the times?

"I'd say that Apple's got another 10 years to go before their security will become as much of a laughingstock as Microsoft's," said Jonathan Zdziarski, author of "Hacking and Securing iOS Applications" (O'Reilly, 2012) and a forensic scientist who hacks into iPhones for Chicago-based viaForensics.

"Comparing Apple and Microsoft is like comparing apples and oranges," said Mikko Hypponen, chief security officer of Finnish anti-virus firm F-Secure.

Trustworthy computing–
Kaspersky's choice of 10 years as the time frame was not random. In January 2002, then-Microsoft chairman Bill Gates issued his famous "Trustworthy Computing" memo to all company personnel. He wrote it shortly after the release of Windows XP, when the brand-new platform was under constant attack by virus writers and hackers.

"Every week there are reports of newly discovered security problems in all kinds of software, from individual applications and services to Windows, Linux, Unix and other platforms," Gates wrote in the memo. "Our responsiveness has been unmatched — but as an industry leader we can and must do better. ... Eventually, our software should be so fundamentally secure that customers never even worry about it."

Gates' memo inaugurated a companywide focus on security, an aspect that had been neglected for the first two decades of Microsoft's existence.

Ten years later, Windows 7 users still need to worry about malware, but Microsoft's current platform is tremendously much stronger and more secure than Windows XP. (Even today, XP, not Windows 7, gets the most malware attacks.)

"Microsoft has improved their security massively since 2002," Hypponen said. "Today, they are [a] model for good security process in many ways."

Microsoft got to that point by essentially outsourcing Windows security. The entire anti-virus industry, with sales of several billion dollars per year, is built on defeating malware that targets Windows.

The existence of that industry frees up Microsoft to work on patching its Windows, which it does extensively every month. Microsoft's open model lets major Windows software makers such as Adobe or Oracle do the same without Microsoft's approval.

Go your own way
Apple, on the other hand, disdains third-party anti-virus software for Macs — though it does exist — and insists on patching certain pieces of third-party software itself.

The Flashback software flaw, discovered in January, was patched for Windows in three weeks. It wasn't patched for Macs until after nearly three months — and after an estimated 600,000 Macs worldwide had been infected.

"Apple needs to learn the meaning of transparency," Zdziarski said. "They need to communicate with their user base and with the security community. They need to be quicker to respond to threats."

He pointed out that Apple's closed-lipped attitude also applies to iOS, the software that runs the iPhone, iPad and iPod Touch.

"Some iOS attacks from the past took months to fix," Zdziarski said. "The [iPhone] jailbreak community had fixes out for users before Apple did. That's shameful."

Qualified kudos
Despite the secrecy, and despite the lack of attacks on Mac OS X, Apple has for many years incorporated the latest security innovations into its operating systems.

"Apple might have some sort of an attitude problem, which shows in their slow patch cycles and so [on]," Hypponen said. "But otherwise, it's hard to critique them with all they've done with OS X: app sandboxing, memory randomization, NX [non-executable memory] support, [the] App Store model."

When the iPhone was introduced, Apple was starting from scratch on a brand-new operating system. It took the opportunity to bake advanced security features into iOS from the very beginning.

"[The] iPhone (or actually, iOS) is a massive security success," Hypponen said. "iOS is now 5 years old and we still haven't seen a single malware attack against it."

Zdziarski wasn't sure how long that blissful interlude would last.

"With Objective-C applications now on over 100 million-plus devices, the threat is very real," he said, referring to the programming language used to create Mac OS X and iOS software.

"It's only a matter of time before a serious worm hijacks tens of millions of devices and thousands of App Store apps at once, and similar on the desktop," Zdziarski said. "Flashback seemed small potatoes; more of a warning that Apple runs the risk of screwing up as big as Microsoft in letting poor design lead to widespread attacks."

derspiess

This has been common knowledge for ages.  Apple relied on the "security by obscurity" thing that they enjoyed by only having about 10% of the desktop market.  Now that they control a larger part of the tablet/phone market, they have some catching up to do.

And how are they behind on their taxes?  :unsure:
"If you can play a guitar and harmonica at the same time, like Bob Dylan or Neil Young, you're a genius. But make that extra bit of effort and strap some cymbals to your knees, suddenly people want to get the hell away from you."  --Rich Hall


derspiess

Quote from: CountDeMoney on May 01, 2012, 09:30:15 AM
Quote from: derspiess on May 01, 2012, 09:13:59 AM
And how are they behind on their taxes?  :unsure:

http://www.nytimes.com/2012/04/29/business/apples-tax-strategy-aims-at-low-tax-states-and-nations.html?_r=1&pagewanted=all

http://www.washingtonpost.com/business/technology/apples-tax-rate-98-percent/2012/04/30/gIQArip0rT_story.html

http://business.time.com/2012/05/01/apples-tax-avoidance-evil-scheming-good-business-or-both/

Again, how are they behind on their taxes?  I don't see anything in those three articles that indicates they aren't paid up on any taxes they have owed.  They're doing the responsible thing for their shareholders and taking advantage of legal means of reducing their exposure to various taxes.  Not sure why they should be expected to do any differently.
"If you can play a guitar and harmonica at the same time, like Bob Dylan or Neil Young, you're a genius. But make that extra bit of effort and strap some cymbals to your knees, suddenly people want to get the hell away from you."  --Rich Hall

MadImmortalMan

Apple's revenue collection offices are here in the same business park as Microsoft's and Intuit's.  :P
"Stability is destabilizing." --Hyman Minsky

"Complacency can be a self-denying prophecy."
"We have nothing to fear but lack of fear itself." --Larry Summers

KRonn

Apple has an office in Nevada for sales transactions, which reduces their taxes, among other things to hold onto their revenues. Google and others do the same as Apple. Big Oil Cos probably pay among the highest percentage of taxes, at least according to some of the same charts that were showing Google, Apple and others with a very low tax rate by comparison.

Warren Buffet's companies are behind in taxes. Owes hundreds of millions, is fighting the IRS, being sued or what ever by the IRS. So much for the Buffet rule - that's for "other suckers" I guess.

Govt needs to reform the tax codes of course, to fix some of this craziness. But that ain't going to happen soon. The system needs lots of reform!

CountDeMoney

Quote from: derspiess on May 01, 2012, 10:46:04 AM
Quote from: CountDeMoney on May 01, 2012, 09:30:15 AM
Quote from: derspiess on May 01, 2012, 09:13:59 AM
And how are they behind on their taxes?  :unsure:

http://www.nytimes.com/2012/04/29/business/apples-tax-strategy-aims-at-low-tax-states-and-nations.html?_r=1&pagewanted=all

http://www.washingtonpost.com/business/technology/apples-tax-rate-98-percent/2012/04/30/gIQArip0rT_story.html

http://business.time.com/2012/05/01/apples-tax-avoidance-evil-scheming-good-business-or-both/

Again, how are they behind on their taxes?  I don't see anything in those three articles that indicates they aren't paid up on any taxes they have owed.  They're doing the responsible thing for their shareholders and taking advantage of legal means of reducing their exposure to various taxes.  Not sure why they should be expected to do any differently.

Of course you wouldn't.