Last week, Eugene Kaspersky — the eponymous founder of the industry leading Kaspersky security company — made some waves by claiming that OS X was “at least 10 years behind Microsoft in terms of security.”
Since Kaspersky’s eyebrow-arching claim, there’s been a lot of bickering about whether what he said was true, or whether his comments were self-serving. Maybe Kaspersky’s right, though, and Apple should follow in Microsoft’s footsteps and outsource OS X security to the anti-virus industry?
Over at MSNBC, Paul Wagenseil makes an interesting argument that Apple may very well be ten years behind Microsoft when it comes to security… not because our favorite operating system has more holes in it than Windows, but because Apple insists on patching all OS X’s security vulnerabilities itself. Instead, Wagenseil says Apple should follow Microsoft’s lead, and turn over most of their security to the third-party antivirus industry.
“Microsoft has improved their security massively since 2002,” Hypponen said. “Today, they are [a] model for good security process in many ways.”
Microsoft got to that point by essentially outsourcing Windows security. The entire anti-virus industry, with sales of several billion dollars per year, is built on defeating malware that targets Windows.
The existence of that industry frees up Microsoft to work on patching its Windows, which it does extensively every month. Microsoft’s open model lets major Windows software makers such as Adobe or Oracle do the same without Microsoft’s approval.
Apple, on the other hand, disdains third-party anti-virus software for Macs — though it does exist — and insists on patching certain pieces of third-party software itself.
In regards to the latter point, Apple’s shown some signs of loosening up some of its insistence on personally patching third-party software. For example, Oracle will apparently now managing updates to Java for Mac.
That said, Apple is still ridiculously slow to patch vulnerabilities in its operating system. It took well to patch Flashback, the most recent OS X malware that infected over 600,000 Macs, and in the past, Apple has taken months to patch various iOS security problems.
Apple’s doing a lot right when it comes to security: GateKeeper, app sandboxing, and so on. Could Apple keep OS X even safer by pulling a Microsoft and outsourcing most of its security to third-party antivirus companies? Let us know what you think in the comments.