Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Desktops (Apple) Security Apple

Craig Federighi Says the Mac Has An 'Unacceptable' Malware Problem (9to5mac.com) 99

Craig Federighi is currently testifying during the Apple vs. Epic lawsuit. While facing questioning from Apple's lawyers, Federighi made some interesting comments about security, particularly noting that the Mac currently has a level of malware that Apple "does not find acceptable." 9to5Mac reports: One of Federighi's goals is to paint the iPhone ecosystem, including the App Store and lack of side-loading support, as a secure and trusted environment for users. To do this, it appears that part of Federighi's strategy is to throw the Mac under the bus. Judge Yvonne Gonzalez Rogers, who is presiding over the Epic vs. Apple case, asked Federighi about why the Mac can have multiple app stores, but not the iPhone. "It is regularly exploited on the Mac," Federighi explained. "iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today." "Today, we have a level of malware on the Mac that we don't find acceptable," Federighi added.

The Apple executive also pointed to Android as another example of a platform with multiple app stores that suffers from security problems. "It's well understood in the security community that Android has a malware problem," he explained. "iOS has succeeded so far in staying ahead of the malware problem." Federighi added that Apple is essentially playing "an endless game of whack-a-mole" with malware on the Mac and has to block "many instances" of infections that can affect "hundreds of thousands of people" every week. Since last May, Federighi testified there have been 130 types of Mac malware, and one of them infected 300,000 systems. When asked whether side-loading would affect security on iOS, Federighi said things would change "dramatically. No human policy review could be enforced because if software could be signed by people and downloaded directly, you could put an unsafe app up and no one would check that policy," he said.

This discussion has been archived. No new comments can be posted.

Craig Federighi Says the Mac Has An 'Unacceptable' Malware Problem

Comments Filter:
  • vetted by a single vendor. I feel so much safer that way.

  • Define Malware (Score:5, Insightful)

    by JMJimmy ( 2036122 ) on Wednesday May 19, 2021 @09:32PM (#61402210)

    For some reason I suspect their definition is any program that does not pay them to be on there

    • For some reason I suspect their definition is any program that does not pay them to be on there

      Sure you could use that definition, but the real definition also works just as well to make his point.

  • by 93 Escort Wagon ( 326346 ) on Wednesday May 19, 2021 @09:44PM (#61402232)

    I mean, Federighi can't honestly believe what he's saying. How can he live with himself?

    Oh wait, I forgot - he sleeps on a mattress that's stuffed with hundred-dollar bills. It's probably really soft.

    • by aaarrrgggh ( 9205 ) on Wednesday May 19, 2021 @10:06PM (#61402290)

      C’mon, the risk profile on OSX is much higher (in the general sense) than iOS. It is directly linked to functionality though, and is not entirely a bad thing.

      In fact, it is why I decided to use a Linux machine for security-sensitive work, despite having a significantly more powerful Mac available.

    • I mean, Federighi can't honestly believe what he's saying. How can he live with himself?

      Well I'm sure you can demonstrate a lovely counterpoint showing how the iOS platform is absolutely full of malware, and open systems like Windows and MacOS are actually malware free paradises. I'll wait*.

      *Actually no I won't.

  • by Camembert ( 2891457 ) on Wednesday May 19, 2021 @10:11PM (#61402300)
    Of course it is a defense strategy in this court case, but it is simply true that downloading software from the net in general is simply less secure than from a vetted app store. Though I like at least that installing âoeunapprovedâ software needs a few mouseclicks more, to ensure you are really certain if you do want that software.
    • by dgatwood ( 11270 ) on Wednesday May 19, 2021 @10:32PM (#61402334) Homepage Journal

      But the thing is, even though he's not pedantically wrong, per se, in this context, that statement is implying that the iOS "single store" model somehow fixes that problem, which is absolutely as wrong as it could possibly be.

      The thing is, the Mac ships by default with a "single store" setup. Everything has to come from the Mac App Store. You have to explicitly enable support for other apps. And then the next level allows only apps that have been signed by a signing cert that was previously signed by Apple's Developer ID certs, which means that the vendors are (at least ostensibly) somewhat vetted. And even in those configurations, malware is happening.

      That means the vetting isn't working.

      It never did.

      What makes iOS relatively free of malware is that it is designed to limit the ability of apps to share data on disk. And that's okay for a cell phone, but it doesn't work well for a desktop computer. And it also has absolutely no bearing whatsoever on this case, because the App Store review vetting itself has almost zero effect on security beyond what is enforced by the APIs and the kernel-level sandboxing.

      • by ArmoredDragon ( 3450605 ) on Wednesday May 19, 2021 @11:05PM (#61402386)

        And despite all of that, 128 million iOS users were infected with malware approved by none other than Apple.

        https://9to5mac.com/2021/05/07... [9to5mac.com]

        • That should be a class action lawsuit in itself then, should it not? Apple claims having a single app store, and the cut they get from the monopoly, allows them to check for malware. Since it's demonstrably not the case, then they were basically charging for a service that customers were obviously not getting.
        • by SynKKnyS ( 534257 ) on Thursday May 20, 2021 @12:17AM (#61402506)
          Important to note that the bad code stemmed from a hacked version of Xcode on Macs.
        • Which actually proves his point: that malware stemmed from a compromised copy of XCode for Mac that devs were using to build their apps.

      • Re: (Score:3, Insightful)

        The automatic and manual vetting on the App Store absolutely catches maliciously or accidentally insecure apps - and importantly is *re-run* to catch apps with insecure embedded dependencies after those vulnerabilities are found.

        If you've had an app on the store, you probably know this first-hand; as I do.

        I don't know where your assertion that it has never worked is based, but I assume it's from some land where the security of non-trivial applications and platforms is an all-or-nothing precept. Must be nice

        • by dgatwood ( 11270 )

          The automatic and manual vetting on the App Store absolutely catches maliciously or accidentally insecure apps - and importantly is *re-run* to catch apps with insecure embedded dependencies after those vulnerabilities are found.

          I think you misunderstood me. I said they can't catch malware, not that they can't sometimes catch bugs (some of which are potentially security bugs). Apple does catch a lot of really stupid mistakes like overriding TLS chain validation incorrectly (sometimes), but they're not too likely to catch buffer overflows or other similar issues in your app unless you just happen to get lucky. Rather, what gets caught are crappy, low-quality apps. And yes, that's a benefit, but not necessarily a security benefit

        • by AmiMoJo ( 196126 )

          Federighi is saying that the amount of malware on MacOS is unacceptable, as a way of justifying iOS being locked down which implies he thinks that the amount of malware on iOS *is* acceptable.

          Personally I find any number greater than zero unacceptable. Since there is malware on iOS, some of it quite successful and delivered through the App Store, we can conclude that Federighi is just try to make a dubious defence of a money-making policy.

      • For most it would be to either files in their specified data directory or to files I explicitly open through the UI or command line (or obviously related ones, e.g. x.*, folders that I open etc.).

        There are exceptions of course for systems type applications, but most of the time no, I want to control what files it touches, but in a sensible way.

        I hate the way that on Linux when I install something it has access to everything. (The only files I care about are in userland, root is just O/S stuff.)

        • Never heard of Mandatory Access Control? Linux, Mac and BSD all have it. Even Windows has it, but it is somewhat broken in the way they use it.
          • MAC does not do that properly, which is why nobody uses it for application partitioning like that.

            If you install a package (such as open office) in the standard way it can access all a user's files. That requires much more subtle access control than is available, and nobody does it.

            (I suppose you could say that Android does it and is based on Linux, but that is a stretch.)

      • by tlhIngan ( 30335 )

        People have stolen the developer certificates. In fact, Mac malware generally wants to steal cryptocurrency wallets and the signing certificates.

        There aren't many apps in the Mac App Store - there are way more signed apps though.

        And Apple has statistics because OS X ships with a malware scanner built in - it's called XProtect and has been around since 10.9 (2009) with updates to the definition file coming in daily.

        XProtect is no anti-virus or anti-malware tool on Windows though, it's a very basic scanner. A

        • by dgatwood ( 11270 )

          Remember, Gatekeeper doesn't do what you think it does. It only blocks apps obtained from an "unsafe" source (like a downloaded app). Apps obtained from trusted sources will bypass Gatekeeper just fine

          The risk of some idiot sticking a flash drive into a computer and blindly double-clicking does not represent a frequent threat for most people (unless you're a large business that employs a lot of people).

          And you can bypass it using some simple attribute editing. It's easy to miss, given the vast majority of applications are obtained by downloads, but there are other ways to obtain software that will bypass Gatekeeper.

          Yes, and that's one of many fairly large flaws in its design from a security perspective, and one that's easily corrected. A Gatekeeper authorization attribute should contain a timestamped hash of the binary (or the entire package, if it is part of one) that is signed by a device-specific certificate/priv

          • Running a just-compiled tool should trigger a Gatekeeper dialog unless someone running as admin has installed Xcode and agreed to the terms of service

            If this were to become the case, competing compiler publishers would have a valid-looking claim that Apple grants privileged treatment to Xcode or Xcode Command Line Tools. In addition, users of competing compilers might owe a data transfer overage fee to their ISP from having to download and install multiple gigabytes of Xcode or Xcode Command Line Tools just to get the ToS form.

      • But the thing is, even though he's not pedantically wrong, per se, in this context, that statement is implying that the iOS "single store" model somehow fixes that problem, which is absolutely as wrong as it could possibly be.

        He never said fixes the problem. In fact his language clearly uses that sliding scale "acceptable" and "unacceptable", precisely because people like you would come out saying perfect is the enemy of good enough.

        • by dgatwood ( 11270 )

          At the very least, it implies that the extra vetting does *something* meaningful for security, when in fact, it really does next to nothing, as I explained up above.

          • by Pieroxy ( 222434 )

            Maybe you tried to explain that above, but you really failed. The fact that sideloading an app is possible on a Mac is the crux of the problem. No amount of warnings and popups will save my grandpa from installing the last "game" he found on the net in some dark place.

  • I say he has an unacceptable hairdo problem.

  • by SuperKendall ( 25149 ) on Wednesday May 19, 2021 @11:04PM (#61402382)

    It is 100% true that iOS is about a safe as exists on the planet today for someone using a digital platform to carry out the normal needs of life today on.

    The Mac falls short of that because Apple will not do what doomsayers ave been predicting for some time - lock it down as much as they do IOS. And nor should they, as the greater degree of openness is still desirable for a lot of users.

    Who can claim with a straight face that Android, which allows side loading, is even close to as secure as iOS? There is vastly more Malware on Android.

    Part of what some people want to see, maybe Epic, is Apple losing security restrictions on iOS. But Apple should 100% not do this, as it's the only platform currently that truly tries to take security and privacy as seriously as possible.

    The world needs a choice that Apple offers with iOS to exist, or else the entire computer industry falls to chaos.

    • If you want your Mac (or Android) to be as secure as iOS, then don't download from anywhere other than the app store. Problem solved.

      • If you want your Mac (or Android) to be as secure as iOS, then don't download from anywhere other than the app store

        Sort of true but I think even then it's not as secure, if you ever use the browser... the Mac is just inherently more open and thus less secure.

      • If you want your Mac (or Android) to be as secure as iOS, then

        Please say “snort coke off a hooker’s taut buttocks”, please say “snort coke off a hooker’s taut buttocks” ...

        don't download from anywhere other than the app store.

        Blast!

      • And if you want your iOS device to be as insecure as your Mac or Android, you could jailbreak it and sideload applications! I don't want that which is why, despite not being an Apple fan, I still use iPhone and probably will for the foreseeable future. Or you know, Apple could allow third-party app stores and then the race is on to try and trick users into installing apps from the third-party store via deceptive methods.
    • I do not think the reason android has more malware is because of sideloading. The vast majority of people donâ(TM)t sideload anything at all. I do not see what is Apple worried about. People will still use the app store for all their apps even if they have another choice.

    • Because Android allows side loading it isn't as safe? But every Android app (and more) or equivalent that you can get from the iOS store, you can get from the Play Store. It's not like to get equivalent functionality to iOS you have to exit the official store and wander on the unregulated internet. You're basically saying that a home isn't safe because you have the freedom to shove a fork in the electric socket.

      • You're basically saying that a home isn't safe because you have the freedom to shove a fork in the electric socket.

        Yes. Are you saying you can see the Aurora Borealis — at this time of year, at this time of day, in this part of the country, localized entirely within your kitchen?

    • by Bert64 ( 520050 )

      While there is vastly more malware on Android, most of that is not applicable to the typical user who runs a vendor-supported device with the supported software repository.
      The devices becoming infected with malware are the cheap knock off devices from china, devices which are out of support (short support cycles being another separate problem) etc.

      There is also ChromeOS which has a pretty good security track record.

      What you're seeing here however is the switch from general purpose devices to devices more su

  • by couchslug ( 175151 ) on Wednesday May 19, 2021 @11:20PM (#61402406)

    Convenience is why NO consumer OS are seriously locked down.

    It's not convenient to for example boot from a ROM (though Linux and BSD work nicely live as does WinPE) and only update software from a single source by burning then swapping ROM or similar measures. That's why most people don't browse using TAILS from a live DVD.

    Modern user needs exclude effective security so it doesn't exist and as software and OS complexity inevitably increase security will become even more difficult. If you don't want the world to see it don't put it on internet-connected systems.

    • Convenience is why NO consumer OS are seriously locked down.

      Actually convenience of the iPhone shows how silly your argument is. When apple introduced the completely locked down platform it did so with a convenience and easy of installing software that was unparalleled from any other platform on the market. There's a reason for it's popularity, and that reason is not because users like jumping through hoops or making things hard for themselves.

      *Usefulness* is the reason why *some* consumer OSes are not locked down. ChromeOS, iOS, Android, Windows 10S they are all co

  • It's just a tradeoff. You just have to warn the users that installing apps outside the app store is dangerous and let them choose at their own risk. Just like earlier Android versions did: a not that easy to reach toggle that triggered a warning. If a user enables it and installs malware, well, that's what freedom and being an adult means.

    • Go one step further:

      Don't *ask* them to "let" you choose. That's still being a beggar instead of a chooser.
      Just *choose*. Do not *let* Apple even have a role in it.

      • Exactly. You don't ask Volvo for a button on the dashboard that disables the warning when you're not wearing the seatbelts, disables the crumple zones, disables the auto-break-on-collision-detection, lets you drive with the lights switched off, lets you operate the navigation system while driving, disables the "maybe it's time to take a break" warning when it detects that you're not paying attention to the road, etc. Instead, you decide "This Volvo which does as much as possible to keep me safe is limitin

    • by dnaumov ( 453672 )

      When your infected devices starts affecting others, it stops being just your problem to worry about,

    • Yeah because warning them not to open email attachments worked so well.
  • I bet the VAST majority of android phones have never changed the APK setting that prevents downloads from untrusted sources. But the option is there, defaulted to off and even those have enabled it, the majority would have done so for legit reasons from a trusted source.

    Of course there will be idiots who'll install warez and their phones will be positively lousy from all the malware on it but it doesn't impact on everyone else who didn't. So no, it's not a dramatic change. In a sense I'd say the fact you

    • Who has incentive to escape from the golden cage? Epic? Because the owners/users of iPhone sure have very little incentive to do so. The devices work well and at least make some attempt to focus on security/privacy.
    • Yeah. I actually like Android's solution. IMO: The best of both worlds. You're by default limited to the Play Store and the vast majority of people will not step out of it but, if you know where to look, and need the ability to run whatever you please, you can do it.
  • by Canberra1 ( 3475749 ) on Thursday May 20, 2021 @07:53AM (#61403312)
    Epic will ensure quality in its store - you can bank on that. They are not some minor flaky developer. Apple is still trying the 'Forced Hand' or only from us trick. If there was an outbreak, it would be easy to manage. And besides, Apple can manage the top 10 exceptions, its not like they say 20-50 thousand is too much. The security aspect is a distraction from the real issue.
    • So you want Apple to setup infrastructure so that third-parties can run their own app stores and apple can vet them? That's actually a reasonable proposal and one that Apple should consider. Maybe just a few restrictions to make sure it works out, like having Apple handle all of the payments for a 30% cut?
  • by LostMyAccount ( 5587552 ) on Thursday May 20, 2021 @08:14AM (#61403414)

    ...Apple gets beat up for taking steps which try to minimize malware.

    When people criticize Microsoft's long track record of abysmal security, do they ever ask what they think a hardened platform would look like? It ends up being something with a lot of restrictions around program sourcing and function.

    Admittedly, Apple also exploits this for some level of commercial gain, but so what? Take that out of the equation and at least Apple is *trying* to harden the platform security even if you don't like all the side effects.

    • Nokia 1100 was hardened. A hardened system doesn't care who gets paid to install a program!

      His argument is hail Mary attempt to confuse young people and it seems to be working thanks to gutter level of discussion on Slashdot.

      • Yeah, but look at what the extreme end of "hardened" gets you in terms of functionality. I also think its so feature-free that its not actually a comparison.

        • It is completely possible to design an OS that is hardened and functions as much as android does. Android goes out of its way to make sure google apps are able snoop, going so far as to make it almost impossible to remove them.

  • He is using the same text book maneuver that our beloved governments use to ram stupid law down our throats, example, the terrorism boogiemen.

    This will be the excuse they wanted to enable GateKeeper full on and force everyone to use the app store, which of course means a nice cut for apple.

    Worse part? The rabid cult members that blindly obey anything that cupertino say are actually happy in losing the options.

    Want to test this? Go to Ars Technica (the most devout temple of the rabid ones) and tell them tha

  • If Apple was only about blocking malware from their appstore, that would be fine. But that is not even remotely the limit of what they do. Apple decides what content you can show to users, on phones that they paid for. Want to show something even remotely mature in your app, designed for adults? You are banned. Want to offer people a way to pay for your services that doesn't involve the appstore? Banned.

    If for no other reason to allow people to choose whether to be censored or not, the single appstore model

  • If Apple starts to mandate app installations on Mac OS X through the App Store it could mean the end of OS X as a platform. They probably know this so I don't believe their billowing is more than hot air.

In practice, failures in system development, like unemployment in Russia, happens a lot despite official propaganda to the contrary. -- Paul Licker

Working...