“I think [Apple is] ten years behind Microsoft in terms of security,” Kaspersky told CBR. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but [Flashback] was a bit different. For example, it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.”
Kaspersky suggested that OS X’s relatively low incidence of malware over the last decade has caused Apple to fall behind, while the abundance of viruses, worms, and trojans targeting Windows forced Microsoft to step up its game.
There’s some truth behind that thinking—Windows 7 is by far the most secure operating system Redmond has built. But Apple hasn’t entirely rested on its laurels for the last ten years. The company has added malware detection to OS X, continued to remove default installs of popular exploit vectors like Flash and Java, and added features like address space layout randomization (ASLR) and sandboxing to prevent one application exploit from affecting the whole system.
Furthermore, Apple intends to improve security in the next version of OS X, dubbed Mountain Lion. Features like ASLR and sandboxing will have a more robust implementation in Mountain Lion. Meanwhile, Apple is also adding a new feature called GateKeeper, which allows users to limit software installs to either the Mac App Store or to only verified developers.
The recent hubbub over the Flashback trojan has certainly raised concerns over the security of OS X, and we agree that Apple could do more to be responsive to malware threats when they are discovered. But to suggest Apple is “10 years behind” belies the efforts it has made to secure the OS from different angles.