2009年8月27日星期四

Industry Responds to Apple Anti-Malware

Now that Apple has confirmed that Snow Leopard includes anti-malware and that they (Apple) write the definitions, third-party vendors in the (admittedly small) Mac anti-malware industry are speaking out.

I've already raised some questions about how effective Apple can be in this role: they are starting out covering two types of malware, they don't have a strong history of fast response to security threats, their update infrastructure probably isn't fast enough and there are already questions about how effective the two signatures they have released are.

McAfee's response suggests that Apple will only goad malware authors into writing even more malware. This is a strange way to look at things, and it gets even stranger when they claim that "...the growth rate of malware (notably PC malware) is partly due to the success of defenses." The logic of the argument is that the malware guys can't get past anti-malware on technical grounds, so they try to overwhelm it with volume.

But the "success" argument falls apart because volume works—it's not uncommon for me to come across malware in the wild that few, if any scanners detect. In any case, at the rate at which Apple is likely to respond it won't take much volume for the system to fall behind, so there may be something to McAfee's point, but it's a weak defense of the anti-malware establishment.

Intego, the company that broke the Snow Leopard anti-malware story, claims that the detection of the iServices Trojan won't work because Apple's software doesn't detect files downloaded through BitTorrent, just web browsers, e-mail clients and iChat. This seems hard to believe. It would be quite a blunder on Apple's part if true.

Symantec issued a statement also downplaying the sophistication of Apple's protection:

Mac OS X v10.6's File Quarantine feature only offers basic malware detection capabilities. It is not a full-featured antivirus solution and does not have the ability to remove malware from the system. File Quarantine is also signature-based only. Malware signatures are only as good as its definitions, requiring Apple to provide regular, timely updates. In addition, Mac OS X's Software Update technology does not update automatically, and there is also no UI that allows users to see what signatures have been added to the system.
Macs are susceptible to online threats just like any other platform and vulnerabilities do exist. Today more than ever, computer users need a comprehensive security solution to protect them against all types of cybercrime, regardless of the platform. Symantec is a proven leader in the Mac security space and provides the necessary protection against malware, hackers, adware, identity theft, and other threats with Norton Internet Security for Mac. In addition to providing daily definition updates, Norton Internet Security for Mac removes threats to help ensure the system is clean and safe, this is a key functionality that Mac OS X v10.6 does not offer.
Apple's current security offerings in Mac OS X v10.5 are also limited:
  • Mac OS X v10.5 does not protect against software and Internet vulnerabilities, which can allow access to your machine even if you have a firewall. Nor does Mac OS X v10.6 have technology to protect against unauthorized access to sensitive files or releasing of sensitive data. Norton Internet Security for Mac offers these features.
  • The phishing protection in Mac OS X v10.5 relies on lists, which can quickly become out of date since phishing sites are often pulled down within minutes and new ones crop up just as fast. Norton Internet Security for Mac's antiphishing technology scans websites for threats on-the-fly in addition to downloading lists regularly. We also notify users when a site is trusted so they can feel confident they have navigated to a legitimate website.
  • The firewall in Mac OS X v10.5 is turned off by default and has limited configurability options, while Norton Internet Security for Mac allows users to configure their protection based on where they are and their connection—at home, work, public wifi, etc. Norton Internet Security for Mac is also integrated with Symantec's DeepSight Threat Management System, updating the firewall rules at least once a day to protect against the latest attacking IP addresses.

没有评论:

发表评论