Their Surprise Doesn't Surprise Me...Anti-viral Companies

28 August, 2011 09:06PM · 3 minute read

The Anti-virus ‘specialists’ at McAfee every quarter release a “Threat Report” that details all the Malware and Viruses that have been detected/present worldwide for the previous few months and then go on to describe points of interest, trends and items they think we all should watch for.

Of particular interest for Mac users is the following quote: “…fake anti-virus software…continues to show consistent growth and has…begun to climb aboard a new platform: the Mac,” in reference to the MacDefender trojan horse virus that recently caused Apple users some minor irritation.

It goes on: “…fake-AV for Apple’s platform is now a reality. This does not surprise us at McAfee Labs,” so yes indeed, their surprise doesn’t surprise me. All operating systems are susceptible to Trojan horse viruses if software can be installed on them from any source, trusted or otherwise. All the malware author needs to do is trick the end user to entering their administrator password and they’re in.

They continue: “It will be interesting to see if this type of malware makes its way to the iPhone and iPad as well. It is probably a case of “when” rather than “if.”” This is where I draw the line and call them ignorant.

The simple problem is that all software that can be installed on stock-standard (read not jailbroken) iOS devices is via the App Store. If the App Store program is tested extremely thoroughly, then the only way to install malicious software on the iOS device is via the App Store and Apple check every application that is put on the store. If one is released and slips through the safety net then Apple will flip their “kill switch” and delete the application the first moment it connects to the internet. There will be no chance for it to steal anything, retransmit anything or spread itself. There is NO WAY for software to be installed by the user from Safari or any other application other than the App Store.

The other item of note is that OSX Lion is being locked down gradually to the same fate as iOS. Eventually OSX will be locked down and all applications will only be able to be installed via the Mac App Store. This will ensure the same circle of protection for Apples desktop OS. In fact, it will be the only popular desktop operating system with this as a feature - making it essentially malware proof or at least the most highly resistant to malware in the market.

The only way into the operating system then, is by a software vulnerability. Even then, each application is sandboxed such that it can’t take over control of the device, but only its own sandbox. With OSX heading the same way, there is precious little such an exploit could accomplish.

McAfee and anti-viral companies like them must be very frustrated with Apple. They will get no significant business from Mac/iOS users.

Then again, maybe they’ll be surprised to hear that…