Craig Federighi Says the Mac Has An 'Unacceptable' Malware Problem

Craig Federighi is currently testifying during the Apple vs. Epic lawsuit. While facing questioning from Apple's lawyers, Federighi made some interesting comments about security, particularly noting that the Mac currently has a level of malware that Apple "does not find acceptable." 9to5Mac reports: One of Federighi's goals is to paint the iPhone ecosystem, including the App Store and lack of side-loading support, as a secure and trusted environment for users. To do this, it appears that part of Federighi's strategy is to throw the Mac under the bus. Judge Yvonne Gonzalez Rogers, who is presiding over the Epic vs. Apple case, asked Federighi about why the Mac can have multiple app stores, but not the iPhone. "It is regularly exploited on the Mac," Federighi explained. "iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today." "Today, we have a level of malware on the Mac that we don't find acceptable," Federighi added.

The Apple executive also pointed to Android as another example of a platform with multiple app stores that suffers from security problems. "It's well understood in the security community that Android has a malware problem," he explained. "iOS has succeeded so far in staying ahead of the malware problem." Federighi added that Apple is essentially playing "an endless game of whack-a-mole" with malware on the Mac and has to block "many instances" of infections that can affect "hundreds of thousands of people" every week. Since last May, Federighi testified there have been 130 types of Mac malware, and one of them infected 300,000 systems. When asked whether side-loading would affect security on iOS, Federighi said things would change "dramatically. No human policy review could be enforced because if software could be signed by people and downloaded directly, you could put an unsafe app up and no one would check that policy," he said.

Re:Of course, it's unacceptable...

[Rosco P. Coltrane]

You forgot Linux. It's a hornet's nest of malware, that thing. I feel the only safe alternative is BSD really, primarily because all the users know each other.

Re: Of course, it's unacceptable...

[saloomy]

Maybe so, but he undoubtably has a point about malware and iOS vs virtually every other consumer OS out there. Android being the obvious comparison, iOS is relatively malware free, and that is before you blur the description of malware to determine how much apps intend to steal your data or track you continuously. The App Store approach has certainly proved to be a valuable tool in aiding security. And at what cost to the consumer? Are there a lack of choices for iOS apps? No. Not really. There are literall

Re: Of course, it's unacceptable...

[saloomy]

There are multiple browsers. There are multiple texting apps. Just as an example. Apple competes here. Mail too

Re:

[tysonedwards]

Competes in a sense all those browsers are re-skins of Safari. Apple doesn’t allow alternate JavaScript or HTML Engines on the iOS App Store. Chrome and Firefox iOS apps are nothing like their Desktop or Android counterparts.

Re:

[the_B0fh]

And? If Mozilla or Google wants you to pay to download Firefox or Chrome for iOS, there's nothing to stop them from doing it. I don't see your point here.

Web platform APIs that Safari is missing

[tepples]

The point, as I understand it, is that both Mozilla's skin around Apple WebKit and Google's skin around Apple WebKit are missing all of the numerous web application platform APIs that Safari is missing, and these missing APIs are holding back the platform as a whole [infrequently.org]. In particular, Safari does not support the Push API.

Re:

[CoolDiscoRex]

Maybe so, but he undoubtably has a point about malware and iOS vs virtually every other consumer OS out there. Android being the obvious comparison, iOS is relatively malware free, and that is before you blur the description of malware to determine how much apps intend to steal your data or track you continuously.

In it’s place are scores of fraudulent apps which net the “developers” millions by duping tricking and duping unsophisticated people, unintelligent people, kids, the elderly, et

Re:

[CoolDiscoRex]

I did, that's why I have an Anti Malware software subscription. Got any more nothing-burgers you wanna try and serve us?

Same here! I’m sick and tired of malware! I’m moving to Windows. It’s time to put this virus and malware mumbo jumbo behind me for good.

Re:

[ClueHammer]

Ignorance of the problem is not a solution

Re: Of course, it's unacceptable...

[EirikFinlay]

As it appears clear from what Federighi said, it is clear that the goal of apple is to limit the access to the Mac ecosystem just as they did with the iOS ecosystem. They are literally making up excuses to steal 100 dollars yearly from Mac developers plus 30% on every sale Mac developers manage to make inside they softwares, while also limiting their right to inform their users that there are cheaper alternatives. Just like these thieves are doing today on iOS.

Re:

[CoolDiscoRex]

As it appears clear from what Federighi said, it is clear that the goal of apple is to limit the access to the Mac ecosystem just as they did with the iOS ecosystem.

Yep, been in the works for years. What do you think “rootless”/SIP is about?

Soon, all of your software will come from the App Store, and the only ‘root’ you’ll have is the same on you get on your iPhone.

That’s been planned for the better part of the decade, but it’ll get here soon enough. Like Bruno

Re:

[gnasher719]

Why are the only negative votes possible "troll' and "flame bait"? This one isn't either, it's just plain wrong.

Federighi said that there is more malware on MacOS than on iOS. Absolutely true. And there is more malware on MacOS than he likes. I have no reason to doubt that. And the problem could be "fixed" by locking MacOS down the same way as iOS. True, again.

What is a complete non-sequitur is that this is something that Apple or Federighi wants to do. If you ask him "if it was just down to your choi

I want my cellphone malware

[Rosco P. Coltrane]

vetted by a single vendor. I feel so much safer that way.

Define Malware

[JMJimmy]

For some reason I suspect their definition is any program that does not pay them to be on there

Re:

[thegarbz]

For some reason I suspect their definition is any program that does not pay them to be on there

Sure you could use that definition, but the real definition also works just as well to make his point.

How can these guys sleep at night?

[93 Escort Wagon]

I mean, Federighi can't honestly believe what he's saying. How can he live with himself?

Oh wait, I forgot - he sleeps on a mattress that's stuffed with hundred-dollar bills. It's probably really soft.

Re:How can these guys sleep at night?

[aaarrrgggh]

C’mon, the risk profile on OSX is much higher (in the general sense) than iOS. It is directly linked to functionality though, and is not entirely a bad thing.

In fact, it is why I decided to use a Linux machine for security-sensitive work, despite having a significantly more powerful Mac available.

Re:

[Known Nutter]

Only Americans believe, money buys them happiness...It's that a sad person with money is still a sad person, at the end of the day.

God damn, I hate this kind of tripe. What a stupid and ignorant comment. If you just scratch the surface of that topic and just try to think outside of your tiny worldview, you may find that there are people through no fault of their own who are unhappy for reasons which could easily be remedied by money. Do you need examples?

Fuck off with your bullshit "Only Americans" and "Sad person" -- douchebag.

Re:

[jwhyche]

Not only is it bullshit, studies have proven it's bullshit. Studies have shown that people with money are far more happier than people that don't have money. Imagine living day to day not knowing where your next pay check is coming from or if you will have enough money to provide for your family.

Now, imagine not having do to that.

Re:

[thegarbz]

I mean, Federighi can't honestly believe what he's saying. How can he live with himself?

Well I'm sure you can demonstrate a lovely counterpoint showing how the iOS platform is absolutely full of malware, and open systems like Windows and MacOS are actually malware free paradises. I'll wait*.

*Actually no I won't.

Heâ(TM)s not wrong

[Camembert]

Of course it is a defense strategy in this court case, but it is simply true that downloading software from the net in general is simply less secure than from a vetted app store. Though I like at least that installing âoeunapprovedâ software needs a few mouseclicks more, to ensure you are really certain if you do want that software.

Re:Heâ(TM)s not wrong

[dgatwood]

But the thing is, even though he's not pedantically wrong, per se, in this context, that statement is implying that the iOS "single store" model somehow fixes that problem, which is absolutely as wrong as it could possibly be.

The thing is, the Mac ships by default with a "single store" setup. Everything has to come from the Mac App Store. You have to explicitly enable support for other apps. And then the next level allows only apps that have been signed by a signing cert that was previously signed by Apple's Developer ID certs, which means that the vendors are (at least ostensibly) somewhat vetted. And even in those configurations, malware is happening.

That means the vetting isn't working.

It never did.

What makes iOS relatively free of malware is that it is designed to limit the ability of apps to share data on disk. And that's okay for a cell phone, but it doesn't work well for a desktop computer. And it also has absolutely no bearing whatsoever on this case, because the App Store review vetting itself has almost zero effect on security beyond what is enforced by the APIs and the kernel-level sandboxing.

Re:Heâ(TM)s not wrong

[ArmoredDragon]

And despite all of that, 128 million iOS users were infected with malware approved by none other than Apple.

https://9to5mac.com/2021/05/07... [9to5mac.com]

Re:

[The Evil Atheist]

That should be a class action lawsuit in itself then, should it not? Apple claims having a single app store, and the cut they get from the monopoly, allows them to check for malware. Since it's demonstrably not the case, then they were basically charging for a service that customers were obviously not getting.

Re:Heâ(TM)s not wrong

[SynKKnyS]

Important to note that the bad code stemmed from a hacked version of Xcode on Macs.

Re:

[Anubis IV]

Which actually proves his point: that malware stemmed from a compromised copy of XCode for Mac that devs were using to build their apps.

Re:

[ogl_codemonkey]

The automatic and manual vetting on the App Store absolutely catches maliciously or accidentally insecure apps - and importantly is *re-run* to catch apps with insecure embedded dependencies after those vulnerabilities are found.

If you've had an app on the store, you probably know this first-hand; as I do.

I don't know where your assertion that it has never worked is based, but I assume it's from some land where the security of non-trivial applications and platforms is an all-or-nothing precept. Must be nice

Re:

[dgatwood]

The automatic and manual vetting on the App Store absolutely catches maliciously or accidentally insecure apps - and importantly is *re-run* to catch apps with insecure embedded dependencies after those vulnerabilities are found.

I think you misunderstood me. I said they can't catch malware, not that they can't sometimes catch bugs (some of which are potentially security bugs). Apple does catch a lot of really stupid mistakes like overriding TLS chain validation incorrectly (sometimes), but they're not too likely to catch buffer overflows or other similar issues in your app unless you just happen to get lucky. Rather, what gets caught are crappy, low-quality apps. And yes, that's a benefit, but not necessarily a security benefit

Re:

[AmiMoJo]

Federighi is saying that the amount of malware on MacOS is unacceptable, as a way of justifying iOS being locked down which implies he thinks that the amount of malware on iOS *is* acceptable.

Personally I find any number greater than zero unacceptable. Since there is malware on iOS, some of it quite successful and delivered through the App Store, we can conclude that Federighi is just try to make a dubious defence of a money-making policy.

Desktops could also limit file access

[aberglas]

For most it would be to either files in their specified data directory or to files I explicitly open through the UI or command line (or obviously related ones, e.g. x.*, folders that I open etc.).

There are exceptions of course for systems type applications, but most of the time no, I want to control what files it touches, but in a sensible way.

I hate the way that on Linux when I install something it has access to everything. (The only files I care about are in userland, root is just O/S stuff.)

Re:

[flyingfsck]

Never heard of Mandatory Access Control? Linux, Mac and BSD all have it. Even Windows has it, but it is somewhat broken in the way they use it.

Re:

[aberglas]

MAC does not do that properly, which is why nobody uses it for application partitioning like that.

If you install a package (such as open office) in the standard way it can access all a user's files. That requires much more subtle access control than is available, and nobody does it.

(I suppose you could say that Android does it and is based on Linux, but that is a stretch.)

Re:

[tlhIngan]

People have stolen the developer certificates. In fact, Mac malware generally wants to steal cryptocurrency wallets and the signing certificates.

There aren't many apps in the Mac App Store - there are way more signed apps though.

And Apple has statistics because OS X ships with a malware scanner built in - it's called XProtect and has been around since 10.9 (2009) with updates to the definition file coming in daily.

XProtect is no anti-virus or anti-malware tool on Windows though, it's a very basic scanner. A

Re:

[dgatwood]

Remember, Gatekeeper doesn't do what you think it does. It only blocks apps obtained from an "unsafe" source (like a downloaded app). Apps obtained from trusted sources will bypass Gatekeeper just fine

The risk of some idiot sticking a flash drive into a computer and blindly double-clicking does not represent a frequent threat for most people (unless you're a large business that employs a lot of people).

And you can bypass it using some simple attribute editing. It's easy to miss, given the vast majority of applications are obtained by downloads, but there are other ways to obtain software that will bypass Gatekeeper.

Yes, and that's one of many fairly large flaws in its design from a security perspective, and one that's easily corrected. A Gatekeeper authorization attribute should contain a timestamped hash of the binary (or the entire package, if it is part of one) that is signed by a device-specific certificate/priv

Privilege to Xcode over other compilers

[tepples]

Running a just-compiled tool should trigger a Gatekeeper dialog unless someone running as admin has installed Xcode and agreed to the terms of service

If this were to become the case, competing compiler publishers would have a valid-looking claim that Apple grants privileged treatment to Xcode or Xcode Command Line Tools. In addition, users of competing compilers might owe a data transfer overage fee to their ISP from having to download and install multiple gigabytes of Xcode or Xcode Command Line Tools just to get the ToS form.

Re:

[thegarbz]

But the thing is, even though he's not pedantically wrong, per se, in this context, that statement is implying that the iOS "single store" model somehow fixes that problem, which is absolutely as wrong as it could possibly be.

He never said fixes the problem. In fact his language clearly uses that sliding scale "acceptable" and "unacceptable", precisely because people like you would come out saying perfect is the enemy of good enough.

Re:

[dgatwood]

At the very least, it implies that the extra vetting does *something* meaningful for security, when in fact, it really does next to nothing, as I explained up above.

Re:

[Pieroxy]

Maybe you tried to explain that above, but you really failed. The fact that sideloading an app is possible on a Mac is the crux of the problem. No amount of warnings and popups will save my grandpa from installing the last "game" he found on the net in some dark place.

"'Unacceptable' Malware Problem"?

[Sebby]

I say he has an unacceptable hairdo problem.

This is very true and a great argument

[SuperKendall]

It is 100% true that iOS is about a safe as exists on the planet today for someone using a digital platform to carry out the normal needs of life today on.

The Mac falls short of that because Apple will not do what doomsayers ave been predicting for some time - lock it down as much as they do IOS. And nor should they, as the greater degree of openness is still desirable for a lot of users.

Who can claim with a straight face that Android, which allows side loading, is even close to as secure as iOS? There is vastly more Malware on Android.

Part of what some people want to see, maybe Epic, is Apple losing security restrictions on iOS. But Apple should 100% not do this, as it's the only platform currently that truly tries to take security and privacy as seriously as possible.

The world needs a choice that Apple offers with iOS to exist, or else the entire computer industry falls to chaos.

Re:

[phantomfive]

If you want your Mac (or Android) to be as secure as iOS, then don't download from anywhere other than the app store. Problem solved.

Re:

[phantomfive]

So your definition of "problem solved" is to be infected with hundreds of malware laced apps that litter the play store.

This has nothing to do with whether side-loading is enableable.

Re:

[CoolDiscoRex]

This is why you get modded down. The rest of the world defines solving the malware problem as having no malware, not having hundreds of different strains on your cell phone.

He got modded down for disagreeing? Gosh, the rest of the world sounds like a bunch of intolerant, xenophobic, wet ass pussy-listening dicks. I guess you’re in good company.

That helps, but still weaker

[SuperKendall]

If you want your Mac (or Android) to be as secure as iOS, then don't download from anywhere other than the app store

Sort of true but I think even then it's not as secure, if you ever use the browser... the Mac is just inherently more open and thus less secure.

Re:

[CoolDiscoRex]

If you want your Mac (or Android) to be as secure as iOS, then

Please say “snort coke off a hooker’s taut buttocks”, please say “snort coke off a hooker’s taut buttocks” ...

don't download from anywhere other than the app store.

Blast!

Re:

[Ed Tice]

And if you want your iOS device to be as insecure as your Mac or Android, you could jailbreak it and sideload applications! I don't want that which is why, despite not being an Apple fan, I still use iPhone and probably will for the foreseeable future. Or you know, Apple could allow third-party app stores and then the race is on to try and trick users into installing apps from the third-party store via deceptive methods.

Re: This is very true and a great argument

[higfchjgddljr5778]

I do not think the reason android has more malware is because of sideloading. The vast majority of people donâ(TM)t sideload anything at all. I do not see what is Apple worried about. People will still use the app store for all their apps even if they have another choice.

Re:

[CoolDiscoRex]

all. I do not see what is Apple worried about.

Seriously? You don’t see what they’re worried about?

Re:

[countach]

Because Android allows side loading it isn't as safe? But every Android app (and more) or equivalent that you can get from the iOS store, you can get from the Play Store. It's not like to get equivalent functionality to iOS you have to exit the official store and wander on the unregulated internet. You're basically saying that a home isn't safe because you have the freedom to shove a fork in the electric socket.

Re:

[CoolDiscoRex]

You're basically saying that a home isn't safe because you have the freedom to shove a fork in the electric socket.

Yes. Are you saying you can see the Aurora Borealis — at this time of year, at this time of day, in this part of the country, localized entirely within your kitchen?

Re:

[Dixie_Flatline]

That's actually what modern iOS devices are. App consoles. They're not general purpose computers, even though they're certainly powerful enough to be. I can't program on my iPhone, and I don't want to. That's why I have a Mac.

Once you realign your expectations for smartphones—Android phones included—to being app consoles rather than pocket general purpose computers, the whole idea makes a lot more sense.

What do devs use to make console games?

[tepples]

Consoles are effectively hackproof, so might as well use the same tech to ensure devices and PCs are not breachable.

What do developers use to make games and other apps for consoles? And what in your answer will change once PCs are not breachable?

Re:

[Bert64]

While there is vastly more malware on Android, most of that is not applicable to the typical user who runs a vendor-supported device with the supported software repository.
The devices becoming infected with malware are the cheap knock off devices from china, devices which are out of support (short support cycles being another separate problem) etc.

There is also ChromeOS which has a pretty good security track record.

What you're seeing here however is the switch from general purpose devices to devices more su

Software diversity & security = mutually exclu

[couchslug]

Convenience is why NO consumer OS are seriously locked down.

It's not convenient to for example boot from a ROM (though Linux and BSD work nicely live as does WinPE) and only update software from a single source by burning then swapping ROM or similar measures. That's why most people don't browse using TAILS from a live DVD.

Modern user needs exclude effective security so it doesn't exist and as software and OS complexity inevitably increase security will become even more difficult. If you don't want the world to see it don't put it on internet-connected systems.

Re:

[thegarbz]

Convenience is why NO consumer OS are seriously locked down.

Actually convenience of the iPhone shows how silly your argument is. When apple introduced the completely locked down platform it did so with a convenience and easy of installing software that was unparalleled from any other platform on the market. There's a reason for it's popularity, and that reason is not because users like jumping through hoops or making things hard for themselves.

*Usefulness* is the reason why *some* consumer OSes are not locked down. ChromeOS, iOS, Android, Windows 10S they are all co

Let me choose

[doragasu]

It's just a tradeoff. You just have to warn the users that installing apps outside the app store is dangerous and let them choose at their own risk. Just like earlier Android versions did: a not that easy to reach toggle that triggered a warning. If a user enables it and installs malware, well, that's what freedom and being an adult means.

Re: Let me choose

[BAReFO0t]

Go one step further:

Don't *ask* them to "let" you choose. That's still being a beggar instead of a chooser.
Just *choose*. Do not *let* Apple even have a role in it.

Re:

[Sander1685]

Exactly. You don't ask Volvo for a button on the dashboard that disables the warning when you're not wearing the seatbelts, disables the crumple zones, disables the auto-break-on-collision-detection, lets you drive with the lights switched off, lets you operate the navigation system while driving, disables the "maybe it's time to take a break" warning when it detects that you're not paying attention to the road, etc. Instead, you decide "This Volvo which does as much as possible to keep me safe is limitin

Re:

[dnaumov]

When your infected devices starts affecting others, it stops being just your problem to worry about,

Re:

[Ed Tice]

Yeah because warning them not to open email attachments worked so well.

Sideloading doesn't change things dramatically

[DrXym]

I bet the VAST majority of android phones have never changed the APK setting that prevents downloads from untrusted sources. But the option is there, defaulted to off and even those have enabled it, the majority would have done so for legit reasons from a trusted source.

Of course there will be idiots who'll install warez and their phones will be positively lousy from all the malware on it but it doesn't impact on everyone else who didn't. So no, it's not a dramatic change. In a sense I'd say the fact you

Re:

[Ed Tice]

Who has incentive to escape from the golden cage? Epic? Because the owners/users of iPhone sure have very little incentive to do so. The devices work well and at least make some attempt to focus on security/privacy.

Re:

[iampiti]

Yeah. I actually like Android's solution. IMO: The best of both worlds. You're by default limited to the Play Store and the vast majority of people will not step out of it but, if you know where to look, and need the ability to run whatever you please, you can do it.

Missing the point

[Canberra1]

Epic will ensure quality in its store - you can bank on that. They are not some minor flaky developer. Apple is still trying the 'Forced Hand' or only from us trick. If there was an outbreak, it would be easy to manage. And besides, Apple can manage the top 10 exceptions, its not like they say 20-50 thousand is too much. The security aspect is a distraction from the real issue.

Re:

[Ed Tice]

So you want Apple to setup infrastructure so that third-parties can run their own app stores and apple can vet them? That's actually a reasonable proposal and one that Apple should consider. Maybe just a few restrictions to make sure it works out, like having Apple handle all of the payments for a 30% cut?

MS gets beat up for not even trying, yet..

[LostMyAccount]

...Apple gets beat up for taking steps which try to minimize malware.

When people criticize Microsoft's long track record of abysmal security, do they ever ask what they think a hardened platform would look like? It ends up being something with a lot of restrictions around program sourcing and function.

Admittedly, Apple also exploits this for some level of commercial gain, but so what? Take that out of the equation and at least Apple is *trying* to harden the platform security even if you don't like all the side effects.

Re: MS gets beat up for not even trying, yet..

[junglee_iitk]

Nokia 1100 was hardened. A hardened system doesn't care who gets paid to install a program!

His argument is hail Mary attempt to confuse young people and it seems to be working thanks to gutter level of discussion on Slashdot.

Re:

[LostMyAccount]

Yeah, but look at what the extreme end of "hardened" gets you in terms of functionality. I also think its so feature-free that its not actually a comparison.

Re:

[junglee_iitk]

It is completely possible to design an OS that is hardened and functions as much as android does. Android goes out of its way to make sure google apps are able snoop, going so far as to make it almost impossible to remove them.

Here we go!

[RealNeoMorpheus]

He is using the same text book maneuver that our beloved governments use to ram stupid law down our throats, example, the terrorism boogiemen.

This will be the excuse they wanted to enable GateKeeper full on and force everyone to use the app store, which of course means a nice cut for apple.

Worse part? The rabid cult members that blindly obey anything that cupertino say are actually happy in losing the options.

Want to test this? Go to Ars Technica (the most devout temple of the rabid ones) and tell them tha

But it's not just malware, it's censorship

[The Other White Meat]

If Apple was only about blocking malware from their appstore, that would be fine. But that is not even remotely the limit of what they do. Apple decides what content you can show to users, on phones that they paid for. Want to show something even remotely mature in your app, designed for adults? You are banned. Want to offer people a way to pay for your services that doesn't involve the appstore? Banned.

If for no other reason to allow people to choose whether to be censored or not, the single appstore model

App Store

[Malifescent]

If Apple starts to mandate app installations on Mac OS X through the App Store it could mean the end of OS X as a platform. They probably know this so I don't believe their billowing is more than hot air.