Speaking to The Register in Sidney, Eugene Kaspersky, founder of the security firm of the same name, has expressed concern over the fact that his company cannot develop anti-malware apps for Apple’s iOS platform, and claims that Apple is headed straight for disaster as a result.
“We as a security company are not able to develop true endpoint security for iOS,” Kaspersky told The Register in Sydney today. “That will mean disaster for Apple,” he opined, as malware will inevitably strike iOS in the future.
Kaspersky says the infection vector won’t be iOS itself, which he said is “by design is more secure” than other operating systems. He therefore rates it “almost impossible to develop malware which does not use vulnerabilities. The only way is to inject it into the source code of legal software. It will take place in a marketplace and then there will be millions or tens of millions of devices.”
According to Kaspersky, the only reason hackers have not already begun targeting iOS devices is that it is more complicated to attack than other platforms:
“They are happy with Windows computers. Now they are happy with Mac. They are happy with Android. It is much more difficult to infect iOS but it is possible and when it happens it will be the worst-case scenario because there will be no protection. The Apple SDK won’t let us do it.”
When hackers do begin targeting malware to iOS, Kaspersky claims that Apple will lose significant market share as a result, and that large numbers of users will switch from iOS to Android as a result. Kaspersky even suggests that Android will achieve 80% market share by 2015 due mostly to security problems on other platforms.
Kaspersky, of course, fails to mention the biggest and most significant reason that he thinks Apple should allow antivirus software on iOS: Kaspersky develops antivirus software, and could be making a lot of money from Apple’s customers!
Even if you discount the fact that Kaspersky is extremely motivated by the financial benefits of allowing antivirus software on iOS, his argument still has a lot of problems, some of which I will now summarize:
In order for a piece of malware to affect an iOS device, a hacker would need to develop an app for that specific purpose and have Apple approve it into the App Store. In reality, however there’s even more to it than that – just writing a malicious app isn’t enough. The app would have to be able to to circumvent the sandboxing system that Apple uses to prevent apps from accessing sensitive areas of the system.
There are several areas of the operating system that no third party app period is able to access. Any piece of malware written for iOS would have to build in a method for breaking down this protective barrier that Apple has put in place. That alone would pose a fairly daunting task to any developer.
But even if a hacker managed to create such an app, and even if Apple somehow approved it and released it on the App Store (which is extremely unlikely), it still wouldn’t pose much of a threat, because Apple has a kill switch – the ability to blacklist any app on the App Store and remove it from users’ devices.
I must admit, I had a bit of difficult typing that section header without busting a gut. Kaspersky’s suggestion that iOS will become unmanageable infested with malware is bad enough, but his predicted consequence of this is even worse: iOS users will flock to Android.
Let’s get this straight. Kaspersky thinks iOS could become a cesspool of malware in which no user is safe, yet somehow he thinks Android is a better option? I’ve got news for you, Kaspersky: Android is already a cesspool of malware – and it’s getting worse all the time!
To quote The Register once more, “A severe attack, Kaspersky argues, therefore has the potential to highlight the problems of a closed ecosystem and damage Apple permanently.”
There are two big problems with this (and a number of smaller problems). First, iOS is not a “closed” platform. There are thousands upon thousands of third-party developers creating apps for iOS, and there are a huge number of web apps as well. That doesn’t add up to iOS being a closed platform.
Second, Kaspersky has utterly and completely failed to make any compelling case about the “problems of a closed ecosystem.” His notion that iOS is on a one way road to disaster is laughable, and his idea that people will flock from iOS to an even less secure platform is nothing short of ludicrous.
The conclusion is simple, and can be expressed in a series of simple statements:
No, Kaspersky, Apple is not doomed, iOS is not headed for disaster, and your ridiculous scare tactics aren’t fooling anyone. This is the second time you’ve tried to scare Apple and its customers into thinking they are doomed (Apple is Ten Years Behind Microsoft). You even went as far as openly lying, claiming that Apple asked you to evaluate the security of OS X.
If you can’t be satisfied with making money off of Windows and Android users, can you please at least refrain from insulting the intelligence of everyone who reads your pathetic attempts at scaring people?