Security Market Segment LS
Thursday, 24 September 2015 18:26

Bitdefender comments on Apple’s XcodeGhost App Store malware issue

By
Above is Bitdefender's Mac security software - none exists from anyone for iOS Above is Bitdefender's Mac security software - none exists from anyone for iOS

Bitdefender’s Senior E-Threat Analyst, Bogdan Botezatu, offered comment on the Apple XcodeGhost malware issue, saying an extra level of anti-malware tech would definitely improve security.

I received an email from Bitdefender’s Australian PR company offering comment on the XcodeGhost malware incident from that seems to have been primarily aimed at Chinese iOS App Store users, and wrote back with a few questions of my own, asking for additional comment.

Bitdefender’s Senior E-Threat Analyst, Bogdan Botezatu, is the person in question making the comments, which started off by noting that “the XCode Ghost infection is the first large-scale incident to ever make it through the Apple walled garden.

“Human error (the developers running tools downloaded from third parties), paired with lack of proactive countermeasures (in-depth review upon approval and advanced anti-malware on users’ terminals) have exposed a significant number of iOS users to malware.

“For years, Apple users have dismissed the idea of third-party security solutions, claiming that the iOS ecosystem was so well designed that they are practically immune to threats. However, iOS has become the second largest mobile operating system in the world and hackers are constantly improving their tactics to get to those 40% of iOS users,” continued Botezatu.

The comments were presumably sent so journalists could insert it into any story they might be writing on the XcodeGhost event, but I decided to write back and ask some extra questions so I could write a fuller story on Bitdefender’s views on the topic.

Now, you’ll probably expect an Internet Security company is going to want to be able to offer a version of the anti-malware/security suite that would be offered on Android, for example, and to be sure, a variant of that was my very first question.

Q1. Is Bitdefender calling on Apple to explicitly allow third-party security solutions?

Botezatu responded that, “For years, Apple has strongly communicated that, unlike other platforms, Mac OS X and iOS are secure by default and users should not be concerned with running third-party security.

“The recent attacks against both OS X and iOS have proven that built-in security countermeasures, although effective to some extent, are not perfect by themselves. Adding an extra layer of anti-malware technologies will definitely improve the security of the user.”

Q2. Is Bitdefender calling for Apple to make an announcement on how it will dramatically improve its proactive countermeasures?

Here Botezatu replied that “Apple has had a great screening program for applications submitted to the App Store in the past.

“These applications had been reviewed by human operators, but potentially dangerous code such as XcodeGhost still snuck into the Store. It would definitely be interesting to see how Apple is going to improve the screening process given that they already had one of the best review processes in the world.”

Q3. Is Bitdefender calling for Apple to make a further, more detailed statement about the malware incursion beyond the simple statement it has already made saying it has removed affected apps?

Botezatu stated: “Yes, we would have expected a comment related to the number of devices that have been affected by the incident.”

The question was put to Botezatu before Apple’s Senior VP of Worldwide Marketing granted a Chinese news site called SINA an interview on the topic, although the article was published in Chinese.

iTWire’s write-up on Schiller’s statements is here, but aside from Apple’s initial short statement, and Schiller's interview with SINA, I still think it would still be useful for Apple to say something more on the topic - but that's just my personal view. 

Q4. Is Bitdefender calling on Apple to fix bugs and security issues at a much faster pace than it has been doing?

Here Botezatu said that: “With minor exceptions (such as the failed Rootpipe exploit patch), Apple has done a good job in patching vulnerabilities in the past.

“What I would personally like to see is more openness towards third-party security vendors, so when an incident the size of XCodeGhost occurs, the security community is prepare to intervene with tools and fixes.

“However, with the release of iOS 9, Apple seems to go in the opposite direction – rudimentary anti-malware products designed for iOS are now unable to access processes currently being run on other apps, so they lose even the little visibility they had on what is happening on the terminal.”

Q5. Finally, can you please send any links to iOS security issues that Bitdefender has written about?

Botezatu sent the following PDF link to its ‘Mobile Operating System Wars – Android vs. iOS Study.’

DIGITAL MARKETING HAS NO SOCIAL DISTANCING OR TRAVEL RESTRICTIONS

As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com

CONTACT US!

LAYER 1 ENCRIPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments