Kaspersky Sells Mac AntiVirus Fear Using Charlie Miller… Mac AntiVirus Foe
March 20th, 2009
Daniel Eran Dilger
Why is Ryan Naraine, a “security evangelist” for Kaspersky Lab, writing news for ZDNet? And why is he only serving up half the juice that flows from Charlie Miller, the famous Mac cracker of CanSecWest? I think it has to do with the fact that Kaspersky has a Mac version of its security software in development, and it needs to generate some panic in order to sell it. Here’s the smoking gun showing why.
The Rising Tide of Terror.
You may recall that in January I called out a fear mongering article by Dan Goodin published by the Register. That article associated the idea of “Mac anti-virus” products with the discovery of potentially dangerous tools posing as pirated software, which users would need to manually install with administrative privileges in order to suffer any damages from, an article written apparently just to continue the meme that Mac users were facing a “rising tide” of malicious software.
Apparently, “rising tides” of Mac malware crest after five years of panicked warnings with the arrival of four obscure risks, including two software installers purporting to be stolen versions of iWork and Photoshop, and, get this, two fake antivirus tools. How ironic is it that half of the malware in reported existence for the Mac is fake anti-virus software? And who is that targeting… Windows switchers who don’t know why they’re switching?
In Russia, Anti-Virus Infects You.
Now assume for a moment that you’re in Moscow and your company makes antivirus software. You happen to notice that the majority of Windows PC users steal software rather than paying for it. You also notice that Microsoft is having a difficult time getting its user base to upgrade to Windows Vista, threatening your upgrade cycle.
At the same time, you also notice that Macs have grown from 2% of the entire global population of PCs sold to something closer to 10%. Also, those users are more likely to pay for software.
Might you possibly want to tap that market, even if you only sell software that is pointless for Mac users, not because they can’t possibly be infected by malware threats, but because anti-virus software offers little real protection for threats that don’t already exist, and no real viral threats exist for the Mac?
Lets stop being hypothetical here.
That company is actually Kaspersky Lab, and it is well aware of the slipping share of Windows. Two years ago, co-founder Eugene Kaspersky was cited by PC Pro saying that Vista’s lukewarm reception will drive more customers towards alternative platforms, making them a more attractive target for malware writers.
“Home users are not so loyal to the OS. Not many of them are satisfied with Microsoft Vista,” Kaspersky told PC Pro. “Some Windows users will switch to other OSes. Microsoft will not lose its dominance, but it will be reduced a bit.’”
Kaspersky also issued the dire warning that “there will be a significant rise in virus attacks on both the Mac and open-source platforms.”
A year later, the company told IDG/InfoWorld/Macworld that while it offers no Mac products now, “one could ‘be ready in just days,’” according to company spokesman Timur Tsoriev. The IDG report added:
“Kaspersky’s anti-virus technology is flexible enough to work on different operating systems, said CEO Eugene Kaspersky. The company’s analysts have also cracked open an iPhone, which runs a slimmed-down version of OS X, to see how it runs.”
“As Apple’s share of the PC market has grown, security analysts as well as vendors have forecasted that Apple’s seeming immunity won’t last forever. So far, they’ve been pretty much wrong, as there have been no attacks on the scale that affects Windows machines, such as the Storm Worm.”
“As of now, hackers ‘don’t pay any attention to the Mac at all,’ Kaspersky said. But it may come as no surprise that Kaspersky, whose business is based on selling security products, maintains he is skeptical of the security of most operating systems, including OS X.
”’We see that Mac OS is taking a bigger and bigger share of the market,’ Kaspersky said. ‘We made the prototype to be ready just in case.’“
The IDG report pointed out that Kaspersky isn’t the only company to be hungrily watching the Mac market from the sidelines.
”Finnish vendor F-Secure scuttled its Mac products around 1998, said Mikko Hypponen, chief research officer. But he didn’t rule out the company taking another look at the platform. ‘Most of the hard-core geeks in our lab use Macs,’ he said.“
Also, ”Czech-based vendor AVG is also keeping an eye on how the Mac market shapes up. Miloslav Korenko, marketing director for AVG, said it’s hard to say what level of Mac usage would prompt them to develop a product, ‘we are considering one as well.’“
Speaking Hypothetically, Again
Now say a year has passed and Vista’s adoption is still terrible and the PC industry is actually shrinking for the first time ever. What would it take to get you, were you Mr, Kaspersky, to leverage the known outcome of the CanSecWest Pwn2Own contest, where one researcher was known to be arriving with an exploit that would take down Safari on the Mac?
Would you send a company employee to post at report of the event with a tech news site that will print anything? Would you also have them submit an interview with Miller that suggests Macs are woefully insecure, just to drum up business?
That’s exactly what you would do, even if you had to step around the reality that Microsoft’s latest Windows 7 and IE 8 were also compromised that same day, and even if your report also made it clear that there was no existing market for selling Mac vulnerabilities.
Miller actually complained about having to sit on an unreported bug for a year just to get $5,000 for it from the CanSecWest contest because there was no other way to get paid for Mac vulnerabilities. In contrast, a researcher with an exploitable Windows vulnerability, Miller noted, ”could easily get $50,000 for that vulnerability. I’d say $50,000 is a low-end price point.“
The Sin of Omission
But there’s also something you wouldn’t do if you worked for Kaspersky: you wouldn’t point out that Miller, a Mac security expert, thinks your products are unnecessary for most users to buy and install. This winter, Miller took Apple itself to task for recommending in a support document that Mac users consider installing antivirus software.
Gregg Keizer wrote for Computerworld that Miller ”pooh-poohed Apple’s recommendation using the same logic as many longtime [Mac] users,“ quoting Miller as saying, ”Windows has 90% of the market, but [attackers] give it 100% of their time.“
The article continued, ”Criticizing security software for its cost — both in dollars and in the processor cycles it consumes — Miller admitted that he doesn’t bother running any on his Macs. ‘I don’t think it protects me as well as it says,’ he argued. ‘If I was worried about attacks, I would use it, but I’m not worried.’“
So there you have it: Miller knows where flaws are in Apple’s software, but he also knows that antivirus is unnecessary for the majority of users, just as I stated in January. He knows that because nobody will buy his discovered exploits. When Miller stops showing up to CanSecWest with ready exploits in hand, you can start worrying that he found a buyer. Until then, you can root for Miller to win the contest, because it means Mac users have little to worry about in the real world.
Did you like this article? Let me know. Comment here, in the Forum, or email me with your ideas.
Like reading RoughlyDrafted? I’d write more if you’d share articles with your friends, link from your blog, and submit my articles to Digg, Reddit, or Slashdot where more people will see them. Consider making a small donation supporting this site. Thanks!