Some pretty interesting questions are raised by this story at Computing.co.uk that describes Kaspersky's Lab's CTO's take on how serious Apple is about security.
The first question deals simply with the veracity of what Nikolai Grebennikov said about Apple. Essentially, his take is that Apple is behind the eight ball. He points to the Flashback Trojan, which the story says is a botnet that used a vulnerability in Java to infect 600,000 Macs earlier this year. The story said that Apple insisted on patching Java itself - two or three months after Oracle did it.
The first and most obvious question was whether what Grebennikov said is accurate. There is no verification in the story, so that by definition remains an open question.
There are two follow-on questions that must be posed. Let's assume, for the sake of argument, that Grebennikov's facts are accurate. The first subsequent issue to deal with is whether Apple's approach to security is being fairly illustrated by this incident. Is the delay in patching Java - again, if that really is what happened - how Apple operates, or was it an isolated occurrence? Does it extend to iOS and the lion's share of the company's hot mobile properties?
The second thing to think about is best described as a "meta" question. The first quote from Grebennikov in the story is this:
"Mac OS is really vulnerable," he claimed, "and Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," said Grebennikov.
Does "invited us" mean it was hired? Was Kaspersky informally challenged say, at a trade show panel? That's sort of a big deal. The quote - which may have been taken out of context - sounds as if it was more than an off-hand "if you're in town, drop by" type of arrangement. But, if Kaspersky indeed was hired by Apple, going public with negative comments such as these seems a bit odd. Conceivably, there is a political agenda being played out.
This isn't the only recent piece suggesting that the situation is getting dicey for Apple on the security front. MSNBC outlined problems being encountered by iOS and suggests that the crackers likely will train their guns on the operating system going forward. The sense of the story is that Apple is trying to run a tight ship, but that things may become more difficult as brighter - but not law abiding - minds set it in their sights.
Apple is a smart company, and recognizes that security is vital. For instance, the company released iOS version 5.1.1 last week. The version patches three vulnerabilities, according to InformationWeek, and should be installed immediately.
The battle between the good guys and the criminals won't end. Some of the tendencies in the Apple camp - close control and careful vetting - give it a leg up on security compared to the more open Android approach. The company must be proactive, however, if it wants to prove Nikolai Grebennikov wrong.