Forgot your password?
typodupeerror
Cellphones Iphone Security Apple

Apple Blocking iPhone Security Software 148

Posted by CmdrTaco
from the because-we-said-so dept.
Barence writes "Speaking exclusively to PC Pro, Eugene Kaspersky has claimed Apple has repeatedly refused to deliver the software development kit necessary to design security software for the phone. 'We have been in contact for two years with Apple to develop our anti-theft software, [but] still we do not have permission,' said Kaspersky. Although he admits the risk of viruses infecting the iPhone is 'almost zero,' he claims that securing the data on the handset is critical, especially as iPhones are increasingly being used for business purposes. 'I don't want to say Apple's is the wrong way of behaving, or the right way,' Kaspersky added. 'It's just a corporate culture — it wants to control everything.'"
This discussion has been archived. No new comments can be posted.

Apple Blocking iPhone Security Software

Comments Filter:
  • by Yvanhoe (564877) on Thursday March 11, 2010 @01:43PM (#31440522) Journal
    Leaving Kaspersky out is the first interesting feature I see in this whole Apple App Store scheme !
  • by omgarthas (1372603) on Thursday March 11, 2010 @01:43PM (#31440524)
    It's called Apple App Store, they control absolutely every piece of software that can be installed in your Iphone, I can't see the need for any anti-virus solution...
    • by Dancindan84 (1056246) on Thursday March 11, 2010 @01:48PM (#31440620)

      We have been in contact for two years with Apple to develop our anti-theft software...

      I know lots of people never RTFA, but you couldn't even get through the summary? Here's your sign.

      • by mrsteveman1 (1010381) on Thursday March 11, 2010 @01:51PM (#31440664)

        The iPhone has enterprise tools available for anti-theft, too. It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.

        Their control of the App Store is abusing and ridiculous, but i don't see a lack of anti-theft features here.

        • by Dancindan84 (1056246) on Thursday March 11, 2010 @01:54PM (#31440710)
          Just because the iPhone has similar functionality built in doesn't mean 3rd party vendors shouldn't be able to compete. I happen to be writing this comment with Firefox on a machine that came with IE already...

          Also, doesn't change the fact that he was clueless what the article was about.
          • by CharlyFoxtrot (1607527) on Thursday March 11, 2010 @02:13PM (#31441008)

            Just because the iPhone has similar functionality built in doesn't mean 3rd party vendors shouldn't be able to compete. I happen to be writing this comment with Firefox on a machine that came with IE already....

            Apple doesn't want to give developers access to the API's to do things like remote wipe. So they either block everyone from doing it or they make an exception for certain vendors. Apple isn't very big on making exceptions for any external company, even Google gets the choice of doing it the Apple way or hitting the highway. Nobody seems to mind in this case except the anti-virus cartel who are seeing their core market melt way now Windows is becoming secure and they don't have a foothold in this decade's growth market, mobile devices.

          • by timeOday (582209) on Thursday March 11, 2010 @02:27PM (#31441198)

            Just because the iPhone has similar functionality built in doesn't mean 3rd party vendors shouldn't be able to compete.

            Apple dosn't see it that way [intomobile.com]. They openly reject competition with Apple software on the iPhone.

        • by Anonymous Coward on Thursday March 11, 2010 @01:58PM (#31440768)

          Man, you obviously don't deal in the real world or at least in large org.

          Google for a couple of mins and you find that the "encryption" on the latest iPhone 3GS has already been broken.

          There's no proper central management of the device; the iPhone has to be tethered.

          If you set some settings on the device, there's nothing stopping the user from changing configuration again.

          So it's fine for you if you want to keep some personal contacts and maybe your shopping list; it's nowhere near the level one would expect it to be used in the financial or government sectors.

          That's why RIM and BES reign supreme in that area.
          I wish Apple would wise up; lord knows I deal constantly with "senior managers" who want to use their toys at our hospital.

          • by d3ac0n (715594) on Thursday March 11, 2010 @02:12PM (#31440986)

            Two words: Good Technology.

            Works on iPhone, Android and WebOS.

            Disclaimer: I do NOT work for Good technology, but was recently asked to research the use of iPhone, WebOS and Droid in my company's enterprise environment and Good is pretty much the very best of the best out there from what I could tell.

            Of course, your mileage may vary.

        • by RulerOf (975607) on Thursday March 11, 2010 @02:22PM (#31441116)

          It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.

          I know this, because I work for an iPhone nut.

          If you're a business user, you're using Exchange 2007 with ActiveSync to remotely manage the iPhone and deliver email. If you've got a wish to drive yourself insane, you're also using MobileMe on that same device.

          MobileMe has some neat features, but quite frankly it's complete bullshit that those features (Find my iPhone et. al.) are mutually exclusive from a phone with an ActiveSync binding. MobileMe + ActiveSync is highly discouraged by all of the Apple support reps I've spoken with, and to date, my boss has had nothing but nightmares involving the combination of the two.

          • "MobileMe + ActiveSync is highly discouraged by all of the Apple support reps I've spoken with, and to date, my boss has had nothing but nightmares involving the combination of the two."

            Getting those two to work together is as easy as controlling two computers with Synergy.

            Boss needs to be fired if he's not that competent.

            • by RulerOf (975607) on Thursday March 11, 2010 @03:29PM (#31442196)

              Getting those two to work together is as easy as controlling two computers with Synergy.

              It's interesting that you chose Synergy as your example. Synergy is a royal pain in the ass to configure for all but the most logical and technical minded people.

              For a user who doesn't understand how contacts are stored, where they come from, or why they end up getting duplicated (or at least appear to be that way) without making a really stupid car analogy that won't actually transfer back to referenced analogous use of the device... I'll presume you get the idea.

              It just doesn't work or behave the way it should.

          • by smitty97 (995791) on Thursday March 11, 2010 @05:59PM (#31445150)

            Ditto on Exchange + Mobileme being very easy to manage together. I even have a couple of CalDAVs in there.

            Work stuff goes into Exchange, personal stuff into Mobileme, nothing stored locally. Don't put your personal contacts into Outlook and all will be well.

        • by rworne (538610) on Thursday March 11, 2010 @02:34PM (#31441334) Homepage

          That's the rub. Why would Apple allow a $5 or $20 app on the AppStore that negates the only other way to remote wipe or track your iPhone?

          Here's the answer: $90/year subscriptions to MobileMe

        • by Khyber (864651) <techkitsune@gmail.com> on Thursday March 11, 2010 @03:21PM (#31442042) Homepage Journal

          "The iPhone has enterprise tools available for anti-theft, too. "

          Every single one of them useless the moment I turn off the phone and clip the antenna wires so it can't get a signal or just add more wire to completely fuck the antenna. Then it's free reign and I can take all the time I want breaking the encryption.

          Been there, done that, give me something that's actually new and interesting. I have many friends with iPhones and they're always bringing them to me. Anything Apple can do I've already got circumventions around. Until they physically make the inside of the case inaccessible, their software is totally fucking useless.

      • Here's your sign, pal. Software won't stop me from JACKING THE FUCKING PHONE FROM YOUR HANDS (what REAL theft entails) after I pound your face in.

        Anti-theft is a misnomer and bullshit - Anti-data breach would be more appropriate.

        Hope that sign isn't too heavy around your neck, I know it's a mighty big one.

    • by Cyberax (705495) on Thursday March 11, 2010 @01:50PM (#31440660)

      Two words: browser exploits.

      • by Xest (935314) on Thursday March 11, 2010 @02:10PM (#31440966)

        Another two: SMS exploits [cnet.com]

        There is also a lot of iPhone software that phones home, and here's the problem, the app store as a security measure is a complete and utter myth. The app store is NOT about security, it does not make you magically protected. It's also worth noting that Apple boasts about having hundreds of thousands applications on it's app store- is anyone really naive enough to believe that Apple is capable of doing a full security audit on each and every one of these applications?

        The app store brings convenience, uniformity and ease of use to buying, downloading and installing applications on the iPhone and gives Apple a method of controlling what users can do with their iPhone, and controlling whether developers can produce competing products to those Apple provides or instead block them to retain a monopoly on said application type on their platform.

    • by Abcd1234 (188840) on Thursday March 11, 2010 @02:21PM (#31441098) Homepage

      Yes, because none of those apps could possibly have a bug that would allow malicious code to be installed...

  • by sh0rtie (455432) on Thursday March 11, 2010 @01:43PM (#31440532)

    this guy created a whole site because of the problem and the iPhones inability to block/stop such behaviour
    http://i-phone-home.blogspot.com/ [blogspot.com]

    • by TubeSteak (669689) on Thursday March 11, 2010 @02:43PM (#31441458) Journal

      However Spyware on the iPhone is rife

      That's not a bug, that's a feature.
      The whole point of locking down hardware (at least on a mobile platform) is to create a captive audience.

  • No shock (Score:3, Insightful)

    by kennedy (18142) on Thursday March 11, 2010 @01:43PM (#31440536) Homepage

    Why would apple want to allow someone to create and market direct competition for it's own anti-theft service (MobileMe)?

    • Re:No shock (Score:4, Interesting)

      by ircmaxell (1117387) on Thursday March 11, 2010 @02:13PM (#31441006) Homepage
      Very simple. Liability. I would think it would be possible for a lawyer to make the claim that if Apple's product broke causing the loss, AND that Apple actively blocked --potentially-- better products from working, that they then assumed liability for any damage their original product failed to protect. Right now, liability limitations exist because the user has a choice. "We deny all liability, because you read this and still chose to use our product". But with ACTIVELY suppressing competition, aren't they removing that choice, and hence opening themselves up to liability (Since you had no choice in the first place)?

      Note: IANAL
      • by Lunix Nutcase (1092239) on Thursday March 11, 2010 @03:05PM (#31441768)

        I would think it would be possible for a lawyer to make the claim that if Apple's product broke causing the loss, AND that Apple actively blocked --potentially-- better products from working, that they then assumed liability for any damage their original product failed to protect.

        Based on exactly what statutory or case law do you base this assertion on?

      • by DaveGod (703167) on Thursday March 11, 2010 @04:01PM (#31442922)

        But with ACTIVELY suppressing competition, aren't they removing that choice, and hence opening themselves up to liability (Since you had no choice in the first place)?

        No, they aren't. You do not assume responsibility for anything just because someone would like you to do something and you choose not to. Apple would have to deliberately or at least constructively assume responsibility for the data. It's plausable a class-action could attempt to claim the product failed to deliver on features the consumer reasonably expected, but there will be a licence agreement taking care of that and anyway at most this is a refund not damages.

        Not that it matters, but there is ample choice: non-Apple systems are available on non-Apple phones, or don't use a phone for such purposes.

        No I'm not a lawyer either, but this is slashdot/the internet where actual expertise is not required/actively discouraged when speaking as if with authority. The important thing is to come across as authoritative whilst saying something the reader agrees with.

      • by PPH (736903) on Thursday March 11, 2010 @05:11PM (#31444344)

        (Since you had no choice in the first place)?

        Android?

    • by jellomizer (103300) on Thursday March 11, 2010 @02:13PM (#31441012)

      I thought only hardcore fanboys use MobileMe. Everyone else realized Hundred Bucks per year is a bit steep. Especially with other companies offering similar services for less or free.

    • by vijayiyer (728590) on Thursday March 11, 2010 @02:39PM (#31441416)

      Why would they want another app in the background using the phone's resources to duplicate the functionality of MobileMe? Good question.
      It's not like this app would be functional if it only ran in the foreground.
      Yet another guy whining because he has a shitty concept for an app with no user benefit that has been rejected. That there exist other shitty apps on the app store doesn't make his any better or warrant an exception by Apple.

  • by BulletMagnet (600525) on Thursday March 11, 2010 @01:48PM (#31440628)

    Good Mobile Messaging will do what Kaspersky's trying to do - control the handsets on an administrative level. You lose your iPhone? Administrator remotely wipes your unit.

    Mind you, I don't have nor want one of these toys, but it works great across our WinMo and Android fleet...

  • by HalAtWork (926717) on Thursday March 11, 2010 @01:52PM (#31440676)
    "it wants to control everything"

    ...which is one way of preventing malware, it's working pretty well so far for that platform.
    • by srussia (884021) on Thursday March 11, 2010 @02:31PM (#31441288)

      "it wants to control everything"

      So does Microsoft...

      ...which is one way of preventing malware, it's working pretty well so far for that platform.

      Mmmkay...

      • So does Microsoft...

        Not really. Microsoft in the early days turned a blind eye to rampant piracy of its software in order to gain marketshare. The entire Microsoft model of creating software than runs on everyone else's hardware is not about control, it's about network effects.

        Microsoft obviously has bullied hardware OEMs and other companies, engaged in FUD, and so on. But from its sloppy user experience to its "slap this OS on any hardware you can" mentality, Microsoft's idea of control is not the same as Apple's.

    • by prockcore (543967) on Thursday March 11, 2010 @02:35PM (#31441336)

      .which is one way of preventing malware, it's working pretty well so far for that platform.

      Depends on your definition of malware. Spyware is rife on the app store. Pinch Media's analytics tracking is all over the app store.. more than 30 million downloads contained their tracking software... at least according to Pinch Media itself.

      Here is everything that apps with pinch media analytics are sending to them:

      Your iPhones unique ID, iPhone model and OS version, application info, whether or not the iphone is jailbroken, whether or not the application is pirated, time & date you start and stop the application, your current latitude & longitude, and if facebook is installed on your iphone, your gender and birthday.

    • by Mister Whirly (964219) on Thursday March 11, 2010 @02:59PM (#31441662) Homepage
      Another would be to allow no software at all to run at all on the device. 100% security from malware. Of course functionality may suffer some...
  • by clone53421 (1310749) on Thursday March 11, 2010 @01:54PM (#31440716) Journal

    I don't want to say Apple's is the wrong way of behaving

    Well, I do. It’s the wrong way of behaving.

  • by Securityemo (1407943) on Thursday March 11, 2010 @01:56PM (#31440746) Journal
    I'm not familiar with mac development, but the "SDK" in question would basically be kernel internal functions docs/unreleased API docs, yes? There may be other reasons besides appstore control freakery that they don't want to release and/or license that out? And even if Kaspersky would reverse-engineer the necessary parts of the kernel, which they obviously could (and their employees probably already partially have, unofficially) they would be sued to hell and back if they used that data in a product (which would be obvious, since there's no other way besides the official channels to get at it)?
  • by Mekkah (1651935) on Thursday March 11, 2010 @01:57PM (#31440750) Journal
    It is almost zero until they enable tethering.

    Oh wait, that won't happen either.

    *returns ipad
  • Just say "no". (Score:5, Insightful)

    by argent (18001) <peter@slashdot.2 ... com minus physic> on Thursday March 11, 2010 @02:01PM (#31440820) Homepage Journal

    The antivirus companies have been pushing antivirus software for handheld devices since 1999.

    In the succeeding decade... so far as I'm aware... the damage caused by viruses on handhelds, ALL handhelds, has been less than the damage due to one false positive incident caused by Norton Antivirus shortly after the pointless hubbub over the Palm "Phage" malware.

    Antivirus software for handhelds... just say "no".

    • by spottedkangaroo (451692) * on Thursday March 11, 2010 @02:10PM (#31440958) Homepage

      False positives suck. Antivirus software is also virtually useless for all but the very oldest viruses. I went through a long process of reporting a virus going to my customers several times per minute. It took 6 months to get the big three I wanted to list the virus to actually list it. 6 months.

      This whole signature based BS has got to stop. Frequent false positives (and they happen all the time) aren't even the worst thing about this "technology."

  • by DarkkOne (741046) on Thursday March 11, 2010 @02:10PM (#31440960) Homepage Journal
    My guess it's the simple fact that one program still can't really interact with another program's data.

    The likelihood of Apple ever really changing this is probably next to zero, and it's the main reason I have no interest in the iPhone. What use is a computer in my pocket when I either need to use one program that is complex enough to handle every task I could possible need, or I need to make my tasks so simple that no data need ever be shared between two tools?
  • butthurt (Score:5, Insightful)

    by stokessd (89903) on Thursday March 11, 2010 @02:24PM (#31441138) Homepage

    It appears that Kaspersky is butthurt because it sees a potential market for more crap we don't need and the controllers of that market don't want, and have the ability to lock them out of that market.

    From Apple's point of view, they have remote wipe on both the corporate and personal levels already. And having somebody inside your shorts providing duplicate functionality is fail from top to bottom. I'm surprised that apple even answered the phone when they saw who was calling.

    Also Kaspersky can have the SDK anytime they want, it's free. They will have to pay $99 to actually deploy the apps though. What they want is a super special "inside your shorts" SDK that I'd bet isn't coming anytime soon.

    Sheldon

  • by DdJ (10790) on Thursday March 11, 2010 @02:28PM (#31441226) Homepage Journal

    I'm undecided on whether this particular behavior on Apple's part is a bad thing (as opposed to other cases, like the Google Voice one, where I'm sure it's a bad thing, and the Opera Mini one, where I'm at least leaning that way).

    On desktops, it seems to me that various web ads or email messages encouraging users to install some third-party "security tool" are a major infection vector for malware/spyware. Many, many of the sorts of people who buy Apple products -- and I say this as an Apple user myself -- are... not the sorts of people who routinely make informed decisions about computer security.

    Certainly, if third parties are permitted to sell iPhone security software, one might reasonably want them to be subject to considerably more oversight than other software, because of the potential for damage. Again, not because the software is "magic" or other software can't behave badly, but because of the particular ways most real-world users brains just shut down when dealing with security issues. Most people really don't have the mindset for this stuff.

    • by fermion (181285) on Thursday March 11, 2010 @03:11PM (#31441858) Homepage Journal
      On the PC virus scanning software has become a primary problem. It is a problem that PC users must tolerate because of the virus problem on PC. An PC with virus scanning software is only slightly more usable than an infected PC. This is why few people have such software on the Mac, even though there is an equally serious threat.

      Spyware and port monitoring software is something different. Programs like Spybot and the like can be implemented without seriously degrading the user experience. My question is if people who load programs on their iPhone have a understand and have real issues with the information exchanged with the vendor. It is like Facebook and Google. Many would agree that the amount of information both have is dangerous, but most seen to have no issue with it.

  • by aristotle-dude (626586) on Thursday March 11, 2010 @02:29PM (#31441232)
    The iPhone3GS already has built in hardware level encryption of the entire storage device. It also has BSD jails for apps to run inside of and there is the Appstore approval process.

    This "software" could not be ordinary software but would rather require Apple opening up the OS to third party extensions which ran at a privileged level above the sandboxes. I just don't see that every happening for a couple of reasons.

    1. The Kaspersky software itself could have exploitable flaws and given that it would be running at a higher privilege level than regular apps, that opens up a new attack vector for web based exploits to use.

    2. Such software would potentially slow the OS down and cause a significant battery drain for no real gain of protection.

    Much has been made about FUD articles that say that other apps can access contacts without asking for permission. No shit sherlock. That is a "feature" of the official API and the app approval process is supposed to ferret out nefarious uses of contact lists. I would hate to see UAC style boxes for apps each time I wanted to see a contact list in a third party app.

  • by roman_mir (125474) on Thursday March 11, 2010 @03:07PM (#31441802) Homepage Journal

    'I don't want to say Apple's is the wrong way of behaving, or the right way,' Kaspersky added. 'It's just a corporate culture -- it wants to control everything.'"

    - look who is talking. A guy, whose entire success (his and the wife's) is based on pretty much a monopoly set up in Russia and the rest of the former Soviet block by Microsoft.

  • by noidentity (188756) on Thursday March 11, 2010 @03:41PM (#31442482)
    Apple is probably waiting until they implement multitasking in the next OS [slashdot.org], so that they can have Kaspersky's software constantly running in the background constantly using 50% of the CPU to block malware.
  • by jemenake (595948) on Thursday March 11, 2010 @03:54PM (#31442780)
    Kaspersky ascribes it to Apple wanting to "control everything", but Apple already doesn't mind turning over control of about 100,000 apps to other developers already.

    I think it's something else. Well, two things, actually:

    First, I think that Apple wants to keep the word "virus" and the word "iPhone" from being any more linked in the consumer's mind than they have to be. If a range of anti-virus tools becomes available for the iPhone, then it implicitly says that viruses are something you need to be concerned about if you purchase an iPhone. For example, imagine you went to a singles bar and, right at the door, there were a bunch of dispensers doling out free condoms. That suddenly changes what you think about the moral fortitude of the individuals found within, as well as their venereal state.

    Secondly, if anti-virus apps are available for the iPhone, then that adds a layer of protection for people who get their apps from less-reputable sources. I'm speaking, of course, about Cydia and the whole jailbreaking scene. I can only speak for myself, but I can tell you that the primary reason I haven't jailbroken my iPhone and availed myself of all of the Cydia apps is because I can't be assured of their source and that they don't have some "new special ingredient" added by the packager. The money I pay to Apple's app-store is paying for Apple to vet the apps I'm downloading.

    Anti-virus tools for the iPhone would tend to "level the playing field", as it were, between the security of using legitimate apps versus using Cydia apps.
  • by gilesjuk (604902) <.giles.jones. .at. .zen.co.uk.> on Thursday March 11, 2010 @05:04PM (#31444238)

    I don't want rubbish anti-virus software on a smartphone. They cripple the performance of the device.

    I don't care if I get a virus on my phone, I can restore it back to a backup easily. It's not like I'm going to loose valuable work.

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...