Sophos Gets Props For Calling Out Apple

Sophos called out Apple last week for boosting the built-in protection in OS X in its recent 10.6.4 update without disclosing that it had done so. Sophos claims Apple updated its XProtect.plist, a file that contains basic signatures for various Mac threats, specifically to detect the HellRTS Trojan, which masquerades as the iPhoto application and has been making the rounds on various torrent sites.

Sophos suggested that Apple kept quiet about the update so as to preserve the aura of invincible security that surrounds OS X. "You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons," Sophos said in a blog post past week.

But given that Sophos also makes an antivirus product for Mac OS X, one could make the argument that Sophos is trying to spread fear in order to sell products. Kevin Finisterre, head of penetration testing for NetraGard, a Boston based security consultancy, says the HellRTS Trojan doesn't represent anything new when it comes to malware.

"I think Sophos is banging the drum and trying to get attention," Finisterre said.

However, some security solution providers believe that Sophos is doing the right thing by attempting to counteract popular beliefs about Mac OS X security.

"Security vendors are using every opportunity to market themselves. At same time, it's important for the industry to understand that just because you run OS X doesn't mean you're automatically secure," said David Sockol, CEO of Emagined Security, a San Carlos, Calif.-based solution provider.

"Somebody needs to boot Apple users in the rear and get them to acknowledge that their beloved OS is vulnerable to attack," said Andrew Plato, president of Anitian Enterprise Security, based in Beaverton, Ore. "I think it’s very wrong for Apple to be releasing updates and not publishing what is actually updated."

Added Plato: "Ultimately, this is a corporate attitude issue. And as a consumer of numerous Apple products, I don’t appreciate being kept in the dark. If you’re going to fix a bug, have the [guts] to admit you had the bug in the first place, and that you fixed it."

Darrel Bowman, CEO of Tacoma, Wash.-based security solution provider Mynetworkcompany.com, calls Sophos claims "a bit self serving" but agrees that Apple should have been more open about its recent security update.

"Apple should, as a professional courtesy and for the sake of good PR, inform its users whenever a threat has been confirmed which can disrupt or exploit the users of Apple software or equipment," he said.

When it comes to pointing out issues with other vendor's software, Sophos is an equal opportunity whistleblower. Last November, Sophos made waves by claiming that Windows 7, configured with default User Account Control settings and without antivirus software running, was vulnerable to 8 of 10 randomly chosen pieces of malware circulating at the time.