Apple Snubs Security Firm That Spotted Mac Botnet 409
Sparrowvsrevolution writes "Now that it's being increasingly targeted by botnet herders, Apple has a thing or two to learn about cooperating with friendly security researchers. Boris Sharov, the CEO of Dr. Web, the Russian security company that first reported more than half a million Macs were infected with Flashback malware last week, says when his company alerted Apple to the botnet, it never responded to him. Worse yet, on Monday Apple asked a Russian registrar to take down a domain it said was being used to host a command and control server for Flashback, but in fact was a 'sinkhole' that Dr. Web had set up to observe and analyze the botnet. Sharov describes the lack of communication and cooperation as a symptom of a company that has never before had to work closely with the security industry. 'For Microsoft, we have all the security response team's addresses,' he says. 'We don't know the antivirus group inside Apple.'"
Of course not. (Score:5, Insightful)
We don't know the antivirus group inside Apple.
Apple is to arrogant to admit they have any flaws, so odds are there isn't one.
Just like with the iPhone 4 antenna, they'd rather take bad PR and have their users suffer than admit there's an issue.
Re:No overwhelmingly surprising (Score:5, Insightful)
But in Apple's defense, the permissions structure of Macs are inherently different than on a Windows machine.
Most mac users run at normal user level, a la Linux/Unix. When the computer needs to do something at the priveleged level, it asks for a password.
Most Windows users usually run as administrator by default. Anytime some virus/trojan wants to do something, it just prompts the user with a "Hey, Windows Explorer wants to do something. Continue?"
There is something different about having to type in a password than just clicking ok. Then again, Windows has so many random dialogue boxes that most users don't read them anymore.
Re:Of course not. (Score:5, Insightful)
As much as I love Apple products, I hate their arrogance towards anything related to security. Could break their neck.
Re:"We don't know the antivirus group inside Apple (Score:5, Insightful)
They did that. They sent email there. They got ignored. What they have for Microsoft, what they *don't* have for Apple, is direct phone numbers/email addresses for the right personnel.
Re:"We don't know the antivirus group inside Apple (Score:5, Insightful)
Seriously? It's that difficult to understand the difference between a generic address that goes $DIETY knows where (and mail rent to it is probably vetted by an intern) and the actual address of the responsible individual(s)/team(s)?
Re:And? (Score:5, Insightful)
Yes, they don't have much communication and cooperation with the 'security industry' since it is mostly full of leeches and parasites who make money spreading fear. Now, this doesn't excuse them from failing to acknowledge issues, since that's just as bad, but the less this 'industry' leeches itself to OS X the better.
Yeah, just let the trojan spread unacknowledged. Ignore it and it will eventually go away, right?
"Leeches" or not, someone needs to work on stopping malware. MS didn't step up the plate in the past, and I have little reason to think Apple will now (after all, their website still claims "Macs don't get viruses".)
Re:Mac's don't get malware (Score:5, Insightful)
Re:No overwhelmingly surprising (Score:5, Insightful)
Re:Mac's don't get malware (Score:5, Insightful)
From Mac's website: "A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in OS X Lion that keep you safe, without any work on your part."
1) No shit a Mac isn't susceptible to PC viruses. PC's aren't susceptible to Mac-only malware either
2) In this case, my car isn't susceptible to Windows-based viruses thanks to built-in defenses of it's windshield. Viruses weren't written for my windshield, so that counts as a built-in defense, right?
Re:Blaming the messenger (Score:5, Insightful)
Eh? Not to make a "no true Scotsman" plea, but the security world is not that big. If Apple hasn't heard of them before, it means that Apple has no presence in this field. Not surprising when you consider that can't seem to keep their top-secret iphone prototypes in their pants.
Next, you'll excuse Utah for not knowing that Oracle is a giant security suck-hole. And in other news, RSA didn't realize that PDFs can carry exploits. Uh...
Re:there is no Apple AV group (Score:5, Insightful)
If this is a trojan, then exactly what piece of legitimate software is it piggybacking on in order to get installed? It sounds to me like it's exploiting a Java vulnerability using an applet that does not disguise itself as something useful, it is specifically to install the payload. That sounds like a traditional virus. Previous versions that were actual trojans were embedded in warez downloads.
Re:Mac's don't get malware (Score:5, Insightful)
The AV software for Apple is the same as it was for Unix and Linux. It was not that PC viruses could infect *nix. Microsoft, Norton, and McCaffee, were using propaganda marketing telling people that *nix file servers could not clean up viruses like a NT file server could and were dangerous since they could house viruses causing Windows to become infected. Since most VPs are dumb enough not to understand the unimportance of that marketing ploy, a lot of AV products sprung up for *nix and iOS.
Many of the vendors still produce AV software for OSes that don't really need it for that reason. I'll bet you can still find iOS AV software for a fee, the PT Barnum theory works as well today as it did when he was alive.
Re:"We don't know the antivirus group inside Apple (Score:5, Insightful)
OS X has what, TWO viruses now?
Wow, they sure are creeping up to the millions on Windows platforms.
Enjoy it while you can, arguments like that have their days numbered.
Re:"We don't know the antivirus group inside Apple (Score:5, Insightful)
Do you know the difference between communication channels for customers and those for partners and specialists?
I work in an IT support position, and sure, if I need to contact a special group (say the Exchange administrators) I could use the phone numbers used by the customers... and would waste valuable time by making the call center agent on the other end understand that I need to speak with the admins directly.
To avoid this, we have phone numbers and email addresses of those other divisions. You know: A direct line.
The security companies have direct lines to the security teams from Microsoft, and certainly Oracle, Red Had etc.
This is to everybody's advantage, as it reduces friction and increases response times.
Only Apple doesn't understand that they are part of an ecosystem where everybody relies to some extend on everybody else...
Re:And? (Score:5, Insightful)
A leech that swims by and says "hey, did you know you are bleeding?" isn't much of a leech. Other than a bit more fame, what does dr web gain from this, it's not like they are extorting apple.
I'm curious were you picked up the idea that security researchers and fake-av sellers were somehow related?
Do you also assume that anyone yelling "fire" in a crowded building is just trying to make everyone scared? if so, I hope you are in a building fire some day so you can ignore the warning, safe in your fire-proof pants
Re:"We don't know the antivirus group inside Apple (Score:4, Insightful)
You only need one bubonic plague...
It doesn't matter how many mac viruses there are as long as apple continues to plug it's ears when it comes to mac viruses.
Re:Mac's don't get malware (Score:5, Insightful)
Unless you happen to be one of the 600,000 who clicked on a bogus/rigged link on a spoofed site and got this Flashback Trojan installed.
Re:"We don't know the antivirus group inside Apple (Score:2, Insightful)
They got no response? It says right on that page that unless Apple desires more information from them that there will be no response.
So if you send them an email that says "If you do this and this in Java it infects the machine" Well then Apple probably won't write you back. It does not mean it was ignored. It says right there they won't make you feel special by responding to you unless they need more information.
On that same note, if you send an email that says "I found a security flaw, email me"... they will likely ignore you, as a troll.
If they legitimately desire more information from someone they will contact them. Not every report needs your personal help though once you've made the report.
Re:Mac's don't get malware (Score:5, Insightful)
The reason they don't know about Apples antivirus group is that it's the same one as their legal department. Operating on the basis that if people can't see or hear or know about viruses and botnets, then they don't exist.
Re:Mac's don't get malware (Score:5, Insightful)
Well in all "honesty" apple's own webpage says "it doesn't get PC viruses". Technically, it doesn't.
Technically, it does. PC stands for Personal Computer, not Windows machine. Macs, just like Linux and Windows boxes are PCs. Since Apple are trying to use pedantry to obfuscate, holding them to definition of a PC is only fair, which puts them squarely back in the realm of lying.
Re:Mac's don't get malware (Score:4, Insightful)
What rounding? The square root of 4 is 2. There's no fractional part. Subtract to and the answer is 0. Again, no fractional part.
I haven't tried it in C, but if a particular implementation also returns something other than zero, then it is also defective.