May 14, 2012, 9:11 PM — A week or so ago the founder and CEO of Kaspersky Labs said Apple is 10 years behind Microsoft in security. By that Eugene Kaspersky meant Apple needs to be as skittish and responsive as Microsoft was a decade ago, after being hammered for the previous decade over the many vulnerabilities in Windows and the very little Microsoft did to fix any of them.
Now the company's CTO is weighing in, with more criticism, this time of Mac OS X specifically, not just Apple in general.
"Mac OS is really vulnerable," Kaspersky CTO Nikolay Grebennikov said in press interviews. "Our first investigations show Apple doesn’t pay enough attention to security."
That analysis concluded, as Grebennikov's boss Eugene Kaspersky said, that Apple is not ready to respond quickly enough on its own to counter security threats. Worse, it hinders other companies from doing so as well.
"Apple blocked Oracle from updating Java on Mac OS, and they perform all the udpates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That's far too long," Grebennikov said.
The Java update became an issue after it was discovered the Flashback Trojan, which had infected enough Macs to build a botnet of more than 600,000 machines, used flaws in Apple's Java implementation to take over the machine.
Apple is still struggling to get the botnet under control, while another Trojan aimed at Macs, SabPab, continues to expand its own settlement in the once-utopian fields of Macintosh.
And, late last week, security researchers announced a programming error created a flaw in the most recent update to the security of Mac OS X 10.7.3 Lion that exposed user passwords in clear text.
Flu micrograph from NIH.gov