Kaspersky denies it's working with Apple on Mac security

Kaspersky Lab has denied a report that said Apple asked the security vendor to help it improve security in Mac OS X, which is becoming a more desirable target for malware-distributing cyber criminals.

The U.K. tech site Computing reported Monday that Kaspersky Chief Technology Officer Nikolai Grebennikov said in an interview that the company was doing a security analysis for Apple.

"Mac OS is really vulnerable," he was quoted as saying, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it."

[See also: Will Flashback hurt Macs in the enterprise?]

However, Kaspersky says Grebinnikov was misquoted. The CTO issued a statement saying that the company is conducting an "in-depth analysis of Mac OS X vulnerabilities and new forms of malware" to share with its customers, but not at the request of Apple.

"This security analysis of Mac OS X was conducted independently of Apple; however, Apple is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis," Grebinnikov said.

The Russian security vendor's latest Mac OS X project reflects the operating systems' increasing use in business. Apple's resurgence with the popularity of the iPhone and iPad has had a halo effect in which an increasing number of execs and employees are buying Mac laptops and using them for work. This has put pressure on IT staff to secure the devices.

So far, Apple has gotten low marks from security experts. The company has been criticized for being slow in patching vulnerabilities and for refusing to work more closely with security vendors to identify and fix flaws. In April, Kaspersky co-founder and chief executive Eugene Kaspersky told Computer Business Review magazine that Apple was "10 years behind Microsoft in terms of security."

Apple's failings contributed to the infection this year of 600,000 Macs with the Flashback Trojan, which took advantage of vulnerabilities in the Java plug-in for Web browsers. Oracle, which manages Java, issued a patch in February, but Apple didn't release it to Mac users until April, giving cyber-criminals lots of time to tailor their malware.

The misstep is not expected to hurt the use of the Mac in the enterprise, since companies unlikely ever perceived the Mac as more secure than other computers, experts said. However, if Apple doesn't show progress in security, then companies could reconsider use of the iPhone and iPad.

Read more about application security in CSOonline's Application Security section.

Show Comments