Apple 10 Years Behind Microsoft in Security, Kaspersky Lab Finds

Apple is at least a decade behind Microsoft when it comes to dealing with malware attacks and security, and the recent Flashback attack on Macs only highlights the problems facing the systems maker, according to the founder of security software vendor Kaspersky Lab.

In an interview with Computer Business Review at the Info Security 2012 show in London, Eugene Kaspersky, CEO and founder of his namesake company, said Apple will have to change how it responds to attacks like the Flashback malware–which Kaspersky researchers call Flashfake–which infected more than 600,000 Macs worldwide and may still be plaguing users several weeks later.

In addition, as Apple systems become more popular with consumers and businesses alike, Apple will draw more attention from cyber-criminals, and the attacks will become more sophisticated, as was seen with Flashback, he said.

"I think they are 10 years behind Microsoft in terms of security," Kaspersky told the publication. "For many years, I’ve been saying that from a security point of view, there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but this one Flashback was a bit different. For example, it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms."

The problem facing Apple now is learning to be more responsive to threats, he said. The Flashback malware not only shook the theory of the Mac s invulnerability to malware, but also made Apple the target of harsh criticism for its slow response to the problem. The Flashback malware exploited a flaw in Java that Oracle had patched two months earlier. However, Apple–which doesn’t let third parties update software on Apple systems–didn’t issue its own patch until the first week of April, by which time the number of infected systems had exceeded 600,000.

Researchers at Kaspersky and other security experts strongly criticized Apple, pointing out the systems maker’s history of being months late with updates. With Apple products becoming an increasingly popular target for scammers, the company will have to change how it responds, Eugene Kaspersky said.

“Welcome to Microsoft’s world, Mac,” he said. “It’s full of malware. Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on.”

It will mean Apple will have to be quicker in reacting to threats.

"They will understand very soon that they have the same problems Microsoft had 10 or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software," Kaspersky said. “That’s what Microsoft did in the past after so many incidents like Blaster and the more complicated worms that infected millions of computers in a short time. They had to do a lot of work to check the code to find mistakes and vulnerabilities. Now it’s time for Apple to do that .”

To read the original eWeek article, click here: Apple 10 Years Behind Microsoft in Security: Kaspersky