When Eugene Kaspersky, the CEO and co-founder of security firm Kaspersky Lab, made the statement that Apple was “10 years behind Microsoft in terms of security,” a lot of heads turned. Apple has long been touted as the leader in security and has publicly poked fun at Microsoft for its security flaws as demonstrated in below ad that targets Vista specifically:
When Kaspersky made his bold statement at the Infosecurity Europe 2012 conference, he was referring to the Flashback family of malware that has recently been detected in thousands of Mac computers. The notorious Flashfake Trojan, which is one element of this family, is credited with helping infect nearly 700,000 Macs with the malicious program.
Are the tables really turning with Apple and Microsoft regarding security? Is Apple becoming more vulnerable than Microsoft? What do you think?
Aside from Kaspersky Lab, numerous security firms, including Sophos and F-Secure, have reported on the recent outbreak of malware on Macs. The consensus from the firms is that Apple’s reputation of being exempt from security threats is no longer true.
However, does this mean that Microsoft is more secure than Apple? Kurt Baumgartner, a senior researcher at Kaspersky Lab, told us that Apple’s security response pales in comparison to Microsoft’s.
“The efforts that Microsoft has done as far as creating a map program and creating a vulnerability-patching program and rolling their response out quickly and efficiently… Apple just hasn’t done that,” he said.
“The Apple name or the reputation of being a completely clean system [and] that there are no viruses for Apple just isn’t true,” he added.
According to Baumgartner, Java is the “thorn” in Apple’s side. He said that vulnerabilities in Java software played a big role in the large spread of the Flashfake Trojan.
Microsoft, undoubtedly, has had its share of security problems, but it recognized its issues and made adjustments. It outsources its security to Oracle, which means that when a Java vulnerability is identified, the problem can be fixed immediately.
Apple, on the other hand, maintains its own patching schedule. As a result, Baumgartner told us that vulnerabilities could exist for months at a time before they are addressed.
“A vulnerability can exist for quite some time, and they [Apple] are just not up to snuff like the Microsoft security response team,” he said.
“With a turnaround cycle of months to patch certain vulnerabilities,” Baumgartner continued, “that just really isn’t acceptable in this day and age. I suppose you could spread the blame, but if security and your customer’s security is a priority, that’s something that needs to come first.”
Baumgartner went on to say that Apple is making improvements to its security but that it would take time for the issues to be completely resolved. He would like to see Apple follow Microsoft’s example and entrust third-party software systems with its security.
In the meantime, Baumgartner advises Apple customers to de-install Java unless they need it, since it seems to the root of many of the issues. In addition, he said they should reach out to their Apple representatives and demand better security.
Incidentally, just this week, news came out that Apple’s latest update to OS X Lion exposed passwords. Furthermore, the technology giant released iOS version 5.1.1, which reportedly fixes multiple bugs for both the iPhone and the iPad.
Going forward, who do you trust more for security: Apple or Microsoft? Please share your thoughts.