Apple may be the most valuable company in the world, but when it comes to security, the Cupertino-based company doesn’t hold a candle to Microsoft. Kaspersky Lab co-founder and chief executive Eugene Kaspersky on Wednesday told CBR that Apple is a decade behind Microsoft in terms of computer security. ”I think they are ten years behind Microsoft in terms of security,” Kaspersky said. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but [Flashback] was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.” More than 600,000 Macs were infected by the Flashback trojan virus before it was discovered earlier this month and the exploit it used to infect OS X PCs was patched. “Apple will understand very soon that they have the same problems Microsoft had ten or 12 years ago,” Kaspersky said. ”They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software.”

Read

Hackers associated with the group “Anonymous” have published Symantec’s Norton AntiVirus source code on The Pirate Bay. The source code was stolen in 2006 and after alleged attempts to extort money from Symantec failed, the hactivist group released it late Thursday evening. The file is 1.07GB in size and includes the source code to a number of products within the software suite, such as the consumer version, the corporate edition, and other files for Windows, Unix and NetWare, according to a report from ZDNet. In addition to the source code, the torrent includes a note calling for the release of the LulzSec hackers who were arrested on Tuesday — with the exception of Sabu, the group’s leader who reportedly worked with the FBI to build cases against other members of the group. Symantec has previously said that the breach will “not affect any current Norton product,” claiming the “current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities.”

Read

AT&T announced on Thursday that it has teamed up with Juniper Networks to offer improved mobile security options for its customers. AT&T said that it expects the first “phase” of its security roll-out to be available to businesses, organizations and customers later this year when it launches the AT&T Mobile Security application. It can help businesses enforce security policies, manage enterprise and personal devices, and enable anti-virus protection with monitoring and control tools. In addition, the application can protect consumers from viruses and malware. “Mobile security is the ‘next frontier’ for our continued effort to mitigate cyber-threats and to help protect our customers’ information,” said Ed Amoroso, chief security officer, AT&T. Read on for the full press release.

AT&T Invests in Mobile Device Security Platform

Agreement with Juniper Networks Helps Build Innovative Service Portfolio to Protect Devices from Security Threats

Recognizing the need to protect consumer and enterprise mobile devices from the increasing number of cyber attacks, AT&T* is investing in a new mobile security platform. It will allow customers to better protect their devices against security threats.

AT&T has executed an agreement with Juniper Networks to deliver this security capability and additional services based on the platform in the future. This new agreement is part of AT&T’s mobile security strategy to manage and protect smartphones and customer information.

AT&T’s strategy – which is distinguished from other approaches to mobile security – is to provide a comprehensive security solution that will integrate wireline and wireless security policies for consumer, enterprise and government customers.

The first phase of the platform – the AT&T Mobile Security application – is expected to be available later this year and is based on the Juniper Networks® Junos® Pulse solution.

The AT&T Mobile Security application will help:

• Businesses and Organizations
  • Maintain compliance with government regulations
  • Enforce security policies
  • Manage personal or enterprise-owned devices
  • Enable anti-virus, anti-malware, and application monitoring and control

• Consumers
  • Protect mobile devices with anti-virus, anti-malware, and application monitoring and control

“Enterprises drive employee productivity by anytime access to network resources, but the implications of data loss and malware proliferation creates real concerns for enterprise IT security. AT&T’s vision and approach to mobile security is the right one at the right time”, said Christine Liebert, senior analyst for Security Services at IDC. “AT&T is offering enterprises the ability to remotely remove or encrypt data on mobile devices and to have this function centrally administered. This should help businesses control what type of data can be downloaded to a smartphone or tablet, one of the biggest enterprise security risks.”

“Mobile security is the ‘next frontier’ for our continued effort to mitigate cyber-threats and to help protect our customers’ information,” said Ed Amoroso, chief security officer, AT&T. “With the help of Juniper Networks and the power of AT&T Labs and the AT&T Mobility Security Research Center behind us, we’ll be able to deliver new security capabilities to provide peace of mind to companies and consumers alike.”

“We are proud to work with AT&T to help them protect their most important asset, their customers,” said Mark Bauhaus, executive vice president and general manager of the Device and Network Services business group at Juniper Networks. “Teaming with AT&T to bring this unique and comprehensive mobile security solution to market will enable a vast number of consumers and enterprises to have state-of-art security features in their mobile life and be better protected from malicious threats.”

Mac users have recently been targeted by a phishing scam that falsely claimed their computers were infected with a virus. Upon being redirected to an illegitimate website, users were instructed to install “Mac Defender,” which was malware masquerading as an antivirus application. Until recently, Apple had reportedly instructed its AppleCare support reps to deny any existence of the problem and said reps should “not remove or uninstall any malware” found on a computer. On Tuesday, however, Apple finally acknowledged the issue and posted instructions on its support forums that cover how to avoid and remove the Mac Defender malware. Hit the jump for Apple’s instructions.

Removal steps

• Move or close the Scan Window
• Go to the Utilities folder in the Applications folder and launch Activity Monitor
• Choose All Processes from the pop up menu in the upper right corner of the window
• Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
• Click the Quit Process button in the upper left corner of the window and select Quit
• Quit Activity Monitor application
• Open the Applications folder
• Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
• Drag to Trash, and empty Trash

[Via The Register]

Read

It’s no mystery that when it comes to computers and the Internet, you need protection. Maybe not the kind of protection ‘ole Harry here is packing, but the stronger the better in this day and age. Most agree that there are several good free anti-virus solutions available on the market and while they may offer decent protection against the various malware floating around, there’s no substitution for subscription services such as those offered by Symantec and McAfee. Apparently, Microsoft hopes to change that stance. Codenamed Morro, Microsoft is preparing to bring a new free anti-virus solution to market that could spell trouble for competing products in the AV industry. The company’s earlier attempt at an anti-virus solution, OneCare, was anything but a success following its launch in 2006 and subsequent benching. Since then however, Microsoft has stepped up its game where marcom is concerned and to say the company is on a roll is an understatement. Morro, poised to compete with free anti-virus and entry-level paid solutions, is expected to be released soon as a public beta with a full launch slated to follow before the year is out.

Read

After a wave of attention surrounding a post on Apple’s support pages over the past few days, Cupertino has decided to pull the page from its site. The post in question encouraged “the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.” As Apple’s OS X has yet to have any significant threats posed against it, the blogosphere questioned both the necessity and integrity of the recommendation, noting that two of the three recommended antivirus applications were available for sale from the Apple Store. Here we are a day or so later and Apple has removed the page from its site, stating:

We have removed the KnowledgeBase article because it was old and inaccurate. The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.

If that’s the case, then why pull the article? Is Apple now comfortable leaving its computer users vulnerable and open to an attack? Some speculate that Apple removed the note due to poor and confusing wording but if that were the case, surely the company would have merely clarified its position and recommendation rather than removing it completely. Right? Hopefully Apple will further clarify its position over the coming days as for the time being, some might say it looks like the company was looking to make a quick buck from less savvy users. After all, Apple doesn’t even require the use of antivirus software on its own in-store display units or the internal computers used by store employees.

Read

It looks like the care free days when Mac owners could sit back and relax without having to worry about malware are indeed coming to an end – maybe. Last month we told you about two new pieces of OS X malware that had been discovered and while neither poses a significant threat in most people’s eyes, it is clearly a sign of things to come. As loyal and vocal as Mac computer users are, until recently they hardly represented a significant portion of the market. As such, those responsible for creating end user-targeted malware focused on Windows since it was the clear and overwhelming market leader. Now that Apple’s computer market share is growing however, Mac user complacency with regards to viruses might lead to some big and easy scores for malware. Apple recently posted the following technical note as a result:

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.

The page goes on to recommend three antivirus solutions for OS X, two of which are offered for sale in the Apple Online Store. For the time being, we still haven’t heard any reported cases of a virus actually finding its way to a Mac computer in a real life situation so the following question is posed: Has Apple just firmed up its deals with antivirus providers or are we really in store for a hail storm of Mac malware sooner than we think? In either case, at least we won’t be seeing the commercial above air again any time soon.

[Via Newlaunches]

Read