Flashback Malware Puts Apple in Security Spotlight: Experts Weigh In - woodendrythilite

It was a busy week for Apple malware hunters militant the Flashback Trojan horse, which has infected between 270,000 and 600,000 Macs. A bevy of tools to find and remove the malware debuted this workweek. And ii days later promising to release a detection and removal tool around, Orchard apple tree at last offered its ain fix.

Now, as the dust settles on what is considered to be the largest Mac malware threat up to now, experts have started pointing fingers at Apple as being partially to blame for the scope of the Flashback malware infection. They argue that if Apple were more transparent about security measur issues–and if it had promptly released a Flashback fix–the extent of the damage could stimulate been smaller. As wel contributing to the order of magnitude of the infections is a boost in the number of Mac OS users, they say.

"When the installed base [of an OS] is 10 percent or inferior, the bad guys don't care," says Peter James, spokesperson for Mac antivirus and security product vendor Intego. The bigger the user base, the more than attractive the objective, he says. Web analytics firm NetMarketShare.com estimates that the Mackintosh installed base has jumped to 13 pct in the United States, and research stable Gartner says that Malus pumila has become the fastest-healthy U.S. computer maker–passing Acer and Toshiba–over the past year.

Apple's Image of Impregnability–Bypast

Perhaps surprisingly, James and other security experts say that Malus pumila of necessity to bet to Microsoft when it comes to handling OS security breaches. For years Orchard apple tree has mocked Microsoft for its track record book in dealing with Windows malware, viruses, and weekly patches. Now the tables stimulate overturned, says Larry Ponemon of the Ponemon Institute.

Ponemon and others say the Flashback Trojan horse is the final nail in the coffin for Malus pumila's stellar security image. He says that although Microsoft juggles a very much larger number of threats, it does a better job of warning customers and delivering fixes.

We have heard dire "Macpocalypse" warnings before. Last year Apple's sterling security image was tarnished with the advent of the Mac Defender malware program. Before that, in 2006, the focus was on the Jump on.A virus, the forward ever virus for Mac OS X. (For a great dumpy history of Apple Mac malware, check out NakedSecurity.com's timeline from 1982 to 2010.) But this time, security experts insist, Apple's security bragging rights are gone for good.

Mac Security Experts: Full Disclosure

It's worth noting that Mackintosh security software sales jumped as Flashback infections began to overtop tech headlines. That fact has prompted some vocal critics to point out that it's in the self-interest of Mac antivirus companies to be blistering of Apple's security measur measures.

But a little timeline of Flashback, security experts say, illustrates their point. The underlying Java vulnerability that Flashback exploited was publicly known, and patched by Oracle, in Feb. On April 3, Apple released a Java certificate bulletin pointing to the Oracle patch, and declined to disclose, discuss, or confirm the infections. Along Tuesday, Apple acknowledged the existence of Flashback and said that IT was developing software system to detect and off the malware. Happening Thursday, IT released the Flashback malware removal tool.

What Apple Can Learn From Microsoft Security

Archetypal inactive, there is no disputing that Microsoft, having the dominant OS, faces far Sir Thomas More security threats than Malus pumila does. You can argue all day some how secure Apple's spirit of BSD Unix is versus Microsoft's Windows, but the remainder is Microsoft's transparency. Arsenic PCWorld's sib publication Macworld puts it: Orchard apple tree has a good security record, only "it still has some work to do in terms of its reputation for security system."

Mac OS users unfamiliar with Windows May be surprised to learn that Microsoft on a regular basis schedules the rollout of security fixes on Patch Tues, the second Tues of every month. But for IT managers and consumers, knowing what's at risk and when a fix volition be available is full of life for minimizing vulnerability to threats. Microsoft also issues critical patches arsenic they become available for exploits.

The system is non arrant; linked with Windows Update, notwithstandin, it offers a offse line of defense against malware, exploits, and viruses.

Macintosh OS too automatically checks for software updates every week, and you throne change that setting for more-frequent updates. But it's Malus pumila's legendary blue wall of silence and foot-dragging on deploying fixes that have placed it in security experts' crosshairs.

"When problems and vulnerabilities be, Microsoft provides data quickly," Ponemon says. Microsoft, he notes, has been good at communicating, sometimes pertinent of being teasing. "Apple hasn't finished as much to communicate with its users," atomic number 2 says.

Apple's iron grip happening selective information and the release of fixes has been a nagging issue for years. In 2008, for example, Apple took over four months to patch a DNS vulnerability.

"Why Apple did not deploy these fixes before Mac users were victimised by criminals is unclear," wrote Chester Wisniewski, a security researcher for UK-based marketer Sophos, in a web log post or so Flashback.

Brian Krebs, of Krebs on Security, says that more threats are on the way. "We can expect an organic evolution of threats against Mac users that will largely mirror those that Windows users face: that is, via the exploitation of vulnerable web browser cud-INS, such as Adobe Lecturer, Dart, and most definitely Java."

Apple's Flashback fix, deployed Thursday, mitigates Coffee flaws. "As a security hardening measure up, the Java browser add-i and Java Web Start are deactivated if they are unused for 35 years," Apple says.

Ignorance Is Not Bliss

The bigger trouble, say some observers, is correcting the perception that the Mac platform is invulnerable. That notion has fostered a capitalist mental attitude toward security among Apple customers, says Intego's Peter James.

For years Apple has promoted the idea that Macs are Interahamw less vulnerable to malware and viruses than PCs are. As part of the "Get a Mac" television ad campaign in 2006, histrion John Hodgman (as the PC) says, "Last yr, there were 114,000 renowned viruses for PCs." And Justin Long (as the Mac) replies, "PCs, but non Macs."

Macintosh users are faced with new threats that deman new security precautions, James says. "They're faced with threats they've never seen before."

System of rules executive Steve Mallard says that more of the educatee Mac users for whom atomic number 2 provides help-desk services live in abnegation. Mallard, an IT manager for single state universities at the Tennessee Engineering science Center in Shelbyville, Tennessee, says students strike his staff with Mac problems and don't believe that their computers have been infected until shown the certify.

Over the past few years, Anas platyrhynchos says, He has seen the percentage of contaminative Macs brought in by students jump from 1 to 15 percent.

"Even though the Mac OS is more than secure, its users don't have the awareness," Intego's Saint James says. "Educating users to the risks that they face is one of the most primary things Malus pumila can cause, the same way you teach your jolly to cross at the go-ahead."

Source: https://www.pcworld.com/article/469880/flashback_malware_puts_apple_in_security_spotlight_experts_weigh_in.html

Posted by: woodendrythilite.blogspot.com

Share this post