Macs are about to be swamped by a new wave of malware attacks, and are at risk because Apple is "ten years behind Microsoft" when it comes to security, says Eugene Kaspersky, founder and CEO of the security firm Kaspersky. If he's right, the recent Flashback Trojan attack is the shape of things to come.
In an interview with Computer Business Review, Kaspersky said that Apple needs to alter its security approach if it's going to fend off the wave of attacks. He said:
"I think they (Apple) are ten years behind Microsoft in terms of security. For many years I've been saying that from a security point of view there is no big difference between Mac and Windows."
So why have Macs not been infected with malware to the same extent as PCs? He says it's a simple matter of market share, and now that Macs have a large enough market share, they're a tempting target. His company has seen an increased in Mac malware, and he says the increase was:
"just a question of time and market share. Cyber criminals have now recognised that Mac is an interesting area. Now we have more, it's not just Flashback or Flashfake. Welcome to Microsoft's world, Mac. It's full of malware."Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on. We now expect to see more and more because cyber criminals learn from success and this was the first successful one."
Because Microsoft has had to deal with malware for more years than Apple, it has developed a better approach to security, one that Apple should emulate, he believes. He says:
"They will understand very soon that they have the same problems Microsoft had ten or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software."
My guess is that Apple die-hards will discount his claims, and say that he has a vested interest in making people believe Macs are vulnerable, because that would increase sales of his software.
But they're wrong. He's not alone in saying that Macs are vulnerable; people have been saying that for years. Back in 2008 in the "Pwn to Own" challenge, for example, it took only two minutes for someone to breach the Mac's security -- and the Mac's security was breached faster than was Windows Vista or Ubuntu.
Security researcher Dino Dai Zovi told Computerworld that Vista is safer than Mac OS X:
"I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft's Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies."
It's time that Apple recognized that its software is vulnerable, and to start taking security more seriously. And it would do well to learn from a company that has learned its lessons well -- Microsoft.