Posted by: David Harley | May 22, 2012

Kaspersky and the iOS AV problem

Eugene Kaspersky’s view of the problem of not being allowed to build real antivirus for iOS is apparently somewhat bleaker than mine. According to The Register, he told them that:

“We as a security company are not able to develop true endpoint security for iOS,” Kaspersky told The Register in Sydney today. “That will mean disaster for Apple,” he opined, as malware will inevitably strike iOS in the future.

He also predicts that Android will benefit from the consequent backlash. I think the point he’s making here is that if (or, according to Kaspersky, when) the Apple whitelisting model fails to protect a significant number of (presumably unjailbroken) iGadget users, people will migrate to Android, despite its inferior app pre-filtering, because that pre-filtering doesn’t block the development of security software. An interesting hypothesis, but I’m not convinced that there’s such a simple equation. To quote myself (as cited by Kevin Townsend in Infosecurity Magazine yesterday):

“Apple’s ability to decide which software you can install is its security, because it means Apple can, in theory, block any software that breaks its rules about what an application is allowed to do – and those rules protect Apple’s more technical defence mechanisms. Out-and-out malware is almost totally reliant on jailbreaking.”

As I read it, Kaspersky thinks that this defensive mechanism will be bypassed using vulnerabilities, with malware injected “into the source code of legal software. It will take place in a marketplace and then there will be millions or tens of millions of devices.”

Meanwhile, Byte tells us that Charlie Miller Makes iPhones Better By Attacking Them and asks Is iPatch Tuesday In Apple’s Future? (Hat tip to Larry Seltzer.)

David Harley CITP FBCS CISSP

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: