Slashdot Mirror
Apple Blocking iPhone Security Software
Barence writes "Speaking exclusively to PC Pro, Eugene Kaspersky has claimed Apple has repeatedly refused to deliver the software development kit necessary to design security software for the phone. 'We have been in contact for two years with Apple to develop our anti-theft software, [but] still we do not have permission,' said Kaspersky. Although he admits the risk of viruses infecting the iPhone is 'almost zero,' he claims that securing the data on the handset is critical, especially as iPhones are increasingly being used for business purposes. 'I don't want to say Apple's is the wrong way of behaving, or the right way,' Kaspersky added. 'It's just a corporate culture — it wants to control everything.'"
Leaving Kaspersky out is the first interesting feature I see in this whole Apple App Store scheme !
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
this guy created a whole site because of the problem and the iPhones inability to block/stop such behaviour
http://i-phone-home.blogspot.com/
Why would apple want to allow someone to create and market direct competition for it's own anti-theft service (MobileMe)?
This is more about the closed nature of the App Store more than the necessity (or lack thereof) for a security app. In fact, the sporadic and seemingly hypocritical nature of Apple's approval process alone is reason enough for me to not get an iPhone (being stuck on AT&T and having no hardware keyboard are the other two reasons...although I could look past those two if it meant anyone could had an app put up for download.)
Granted, you can jailbreak an iPhone and install whatever you want, but I shouldn't have to hack a phone just so I can use whatever program I want on it. Being held to Apple's decision on what I can or can't use on there is a deal breaker for me.
Living With a Nerd
We have been in contact for two years with Apple to develop our anti-theft software...
I know lots of people never RTFA, but you couldn't even get through the summary? Here's your sign.
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
Good Mobile Messaging will do what Kaspersky's trying to do - control the handsets on an administrative level. You lose your iPhone? Administrator remotely wipes your unit.
Mind you, I don't have nor want one of these toys, but it works great across our WinMo and Android fleet...
Two words: browser exploits.
The iPhone has enterprise tools available for anti-theft, too. It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.
Their control of the App Store is abusing and ridiculous, but i don't see a lack of anti-theft features here.
"it wants to control everything"
...which is one way of preventing malware, it's working pretty well so far for that platform.
Twinstiq, game news
I don't want to say Apple's is the wrong way of behaving
Well, I do. It’s the wrong way of behaving.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
I'm not familiar with mac development, but the "SDK" in question would basically be kernel internal functions docs/unreleased API docs, yes? There may be other reasons besides appstore control freakery that they don't want to release and/or license that out? And even if Kaspersky would reverse-engineer the necessary parts of the kernel, which they obviously could (and their employees probably already partially have, unofficially) they would be sued to hell and back if they used that data in a product (which would be obvious, since there's no other way besides the official channels to get at it)?
Emotions! In your brain!
Man, you obviously don't deal in the real world or at least in large org.
Google for a couple of mins and you find that the "encryption" on the latest iPhone 3GS has already been broken.
There's no proper central management of the device; the iPhone has to be tethered.
If you set some settings on the device, there's nothing stopping the user from changing configuration again.
So it's fine for you if you want to keep some personal contacts and maybe your shopping list; it's nowhere near the level one would expect it to be used in the financial or government sectors.
That's why RIM and BES reign supreme in that area.
I wish Apple would wise up; lord knows I deal constantly with "senior managers" who want to use their toys at our hospital.
The antivirus companies have been pushing antivirus software for handheld devices since 1999.
In the succeeding decade... so far as I'm aware... the damage caused by viruses on handhelds, ALL handhelds, has been less than the damage due to one false positive incident caused by Norton Antivirus shortly after the pointless hubbub over the Palm "Phage" malware.
Antivirus software for handhelds... just say "no".
While AT&T are bad verizon is just as bad if not worse. Ihave watched verizons 3G network slow to a crawl.
You say that with no context as to where you live, which is very important. Because where I am, AT&T just turned on 3G less than six months ago, and it's slower than Verizon's which has been on for two years, and hasn't slowed down a bit since I got my Droid.
AT&T speeds are generally faster than Verizon in my area, but the reception of AT&T phones around where I live is absolutely horrendous...based on what friends who have the iPhone have told me, there are TONS of dead spots around here (Montgomery County, Maryland...hardly the boonies.)
I will gladly take a slow network over spotty network coverage.
Living With a Nerd
Two words: Good Technology.
Works on iPhone, Android and WebOS.
Disclaimer: I do NOT work for Good technology, but was recently asked to research the use of iPhone, WebOS and Droid in my company's enterprise environment and Good is pretty much the very best of the best out there from what I could tell.
Of course, your mileage may vary.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
Just because the iPhone has similar functionality built in doesn't mean 3rd party vendors shouldn't be able to compete. I happen to be writing this comment with Firefox on a machine that came with IE already....
Apple doesn't want to give developers access to the API's to do things like remote wipe. So they either block everyone from doing it or they make an exception for certain vendors. Apple isn't very big on making exceptions for any external company, even Google gets the choice of doing it the Apple way or hitting the highway. Nobody seems to mind in this case except the anti-virus cartel who are seeing their core market melt way now Windows is becoming secure and they don't have a foothold in this decade's growth market, mobile devices.
If all else fails, immortality can always be assured by spectacular error.
It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.
I know this, because I work for an iPhone nut.
If you're a business user, you're using Exchange 2007 with ActiveSync to remotely manage the iPhone and deliver email. If you've got a wish to drive yourself insane, you're also using MobileMe on that same device.
MobileMe has some neat features, but quite frankly it's complete bullshit that those features (Find my iPhone et. al.) are mutually exclusive from a phone with an ActiveSync binding. MobileMe + ActiveSync is highly discouraged by all of the Apple support reps I've spoken with, and to date, my boss has had nothing but nightmares involving the combination of the two.
Boot Windows, Linux, and ESX over the network for free.
It appears that Kaspersky is butthurt because it sees a potential market for more crap we don't need and the controllers of that market don't want, and have the ability to lock them out of that market.
From Apple's point of view, they have remote wipe on both the corporate and personal levels already. And having somebody inside your shorts providing duplicate functionality is fail from top to bottom. I'm surprised that apple even answered the phone when they saw who was calling.
Also Kaspersky can have the SDK anytime they want, it's free. They will have to pay $99 to actually deploy the apps though. What they want is a super special "inside your shorts" SDK that I'd bet isn't coming anytime soon.
Sheldon
The app store is NOT about security, it does not make you magically protected.
The app store is about Apple's guaranteed 30% cut.
Boot Windows, Linux, and ESX over the network for free.
While AT&T are bad verizon is just as bad if not worse. Ihave watched verizons 3G network slow to a crawl.
You trade speed for coverage between AT&T and Verizon. Just like there are tradeoffs between an iPhone or an Android phone or Blackberry. Decide based on the features you want which is best for you personally.
To date the spyware and hacks that have been succesful only target jail broken phones. Why because people are stupid and install things wrong.
But this isn't an anti-hacking application, so that doesn't apply. This is an anti-theft applications. You know, in case your phone is stolen.
So why not approve it? I can think of two reasons:
1) Does things beyond the API or agreement allows, particularly with encryption.
2) Apple provides an anti-theft service, which this application would compete with.
Write your representatives! Repeal the 2nd Law of Thermodynamics!
I'm undecided on whether this particular behavior on Apple's part is a bad thing (as opposed to other cases, like the Google Voice one, where I'm sure it's a bad thing, and the Opera Mini one, where I'm at least leaning that way).
On desktops, it seems to me that various web ads or email messages encouraging users to install some third-party "security tool" are a major infection vector for malware/spyware. Many, many of the sorts of people who buy Apple products -- and I say this as an Apple user myself -- are... not the sorts of people who routinely make informed decisions about computer security.
Certainly, if third parties are permitted to sell iPhone security software, one might reasonably want them to be subject to considerably more oversight than other software, because of the potential for damage. Again, not because the software is "magic" or other software can't behave badly, but because of the particular ways most real-world users brains just shut down when dealing with security issues. Most people really don't have the mindset for this stuff.
This "software" could not be ordinary software but would rather require Apple opening up the OS to third party extensions which ran at a privileged level above the sandboxes. I just don't see that every happening for a couple of reasons.
1. The Kaspersky software itself could have exploitable flaws and given that it would be running at a higher privilege level than regular apps, that opens up a new attack vector for web based exploits to use.
2. Such software would potentially slow the OS down and cause a significant battery drain for no real gain of protection.
Much has been made about FUD articles that say that other apps can access contacts without asking for permission. No shit sherlock. That is a "feature" of the official API and the app approval process is supposed to ferret out nefarious uses of contact lists. I would hate to see UAC style boxes for apps each time I wanted to see a contact list in a third party app.
Jesus was a compassionate social conservative who called individuals to sin no more.
That's the rub. Why would Apple allow a $5 or $20 app on the AppStore that negates the only other way to remote wipe or track your iPhone?
Here's the answer: $90/year subscriptions to MobileMe
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
Except that the iPhone isn't the only phone you can buy and thus you don't have to put up with the rules Apple sets for it's App store unless you choose to buy an iPhone. Thus your analogy falls completely apart.
Apple is probably waiting until they implement multitasking in the next OS, so that they can have Kaspersky's software constantly running in the background constantly using 50% of the CPU to block malware.
Their control of the App Store and anti-jailbreaking measures are because of one reason: Apple wants to avoid bad publicity.
When there was this rash of rickrolled iPhones a few months back, most media reported it, but very few mentioned that it only affected jail broken phones. Apple wants to avoid getting into the news like that, because their brand is the most important asset they have.
RogerWilco the Adventurous Janitor