Sunday, November 23, 2014

No, Apple doesn't need to 'open up' to malware fear-mongers

No, Apple doesn't need to 'open up' to malware fear-mongers

Earlier this week the CEO of an anti-virus company wrote a "guest editorial" on a popular technology website, saying it was time for Apple to "open up" and — wait for it — allow anti-virus software on the iPhone and iPad. The premise is self-serving and the headline spit-take inducing, and it's absolutely not worth rewarding negative attention seeking with attention. However, it is important to address the fear, uncertainty, and doubt (FUD) the "guest editorial" is trying to spread.

The CEO starts off by bringing up a Xsser as an example of why we should be concerned about the security of iOS. Xsser is a type of spyware that can steal data from iPhones and iPads — if the owner first jailbreaks them and then downloads something like an infected Debian package.

The CEO chooses not to mention that and, even though it's immediately mentioned in the comment, the "guest editorial" hasn't been updated to correct the omission.

Next, the CEO claims that BYOD, the bring-your-own-device trend that's helped the iPhone and iPad gain a growing presence in enterprise, will turn into a disaster because Apple won't give "security professionals" the cooperation and system-level access they need to protect our devices.

iOS is already so well protected, however, that exploits typically require explicit user overrides — jailbreak, the downloading of pirated apps, the acceptance of untrusted certificates — to get any access to our data at all.

Just like Xsser can only infect a jailbroken device, the type of system-level access the CEO is asking for under the guise of "openness" would only make us more vulnerable to malware, not less.

If security were the real agenda here, the CEO would ask for Apple to increase their own, already impressive anti-malware efforts on iOS. That way we'd get all the benefits but none of the risks.

Instead, the agenda here appears to be spreading misinformation in a deliberate attempt to make both direct customers and IT departments afraid so, presumably, Apple somehow feel pressured to change.

Well, Apple won't. They're smarter than that, and we are too. We know that misinformation is simply another form of malware. Just like we know this "guest editorial" isn't trying to protect us, it's trying to exploit us.











Eliza Dushku
Adriana Lima

No comments:

Post a Comment