Slashdot Mirror
Apple Blocking iPhone Security Software
Barence writes "Speaking exclusively to PC Pro, Eugene Kaspersky has claimed Apple has repeatedly refused to deliver the software development kit necessary to design security software for the phone. 'We have been in contact for two years with Apple to develop our anti-theft software, [but] still we do not have permission,' said Kaspersky. Although he admits the risk of viruses infecting the iPhone is 'almost zero,' he claims that securing the data on the handset is critical, especially as iPhones are increasingly being used for business purposes. 'I don't want to say Apple's is the wrong way of behaving, or the right way,' Kaspersky added. 'It's just a corporate culture — it wants to control everything.'"
Leaving Kaspersky out is the first interesting feature I see in this whole Apple App Store scheme !
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
this guy created a whole site because of the problem and the iPhones inability to block/stop such behaviour
http://i-phone-home.blogspot.com/
Why would apple want to allow someone to create and market direct competition for it's own anti-theft service (MobileMe)?
This is more about the closed nature of the App Store more than the necessity (or lack thereof) for a security app. In fact, the sporadic and seemingly hypocritical nature of Apple's approval process alone is reason enough for me to not get an iPhone (being stuck on AT&T and having no hardware keyboard are the other two reasons...although I could look past those two if it meant anyone could had an app put up for download.)
Granted, you can jailbreak an iPhone and install whatever you want, but I shouldn't have to hack a phone just so I can use whatever program I want on it. Being held to Apple's decision on what I can or can't use on there is a deal breaker for me.
Living With a Nerd
We have been in contact for two years with Apple to develop our anti-theft software...
I know lots of people never RTFA, but you couldn't even get through the summary? Here's your sign.
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
The iPhone has enterprise tools available for anti-theft, too. It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.
Their control of the App Store is abusing and ridiculous, but i don't see a lack of anti-theft features here.
"it wants to control everything"
...which is one way of preventing malware, it's working pretty well so far for that platform.
Twinstiq, game news
I don't want to say Apple's is the wrong way of behaving
Well, I do. It’s the wrong way of behaving.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Man, you obviously don't deal in the real world or at least in large org.
Google for a couple of mins and you find that the "encryption" on the latest iPhone 3GS has already been broken.
There's no proper central management of the device; the iPhone has to be tethered.
If you set some settings on the device, there's nothing stopping the user from changing configuration again.
So it's fine for you if you want to keep some personal contacts and maybe your shopping list; it's nowhere near the level one would expect it to be used in the financial or government sectors.
That's why RIM and BES reign supreme in that area.
I wish Apple would wise up; lord knows I deal constantly with "senior managers" who want to use their toys at our hospital.
The antivirus companies have been pushing antivirus software for handheld devices since 1999.
In the succeeding decade... so far as I'm aware... the damage caused by viruses on handhelds, ALL handhelds, has been less than the damage due to one false positive incident caused by Norton Antivirus shortly after the pointless hubbub over the Palm "Phage" malware.
Antivirus software for handhelds... just say "no".
Just because the iPhone has similar functionality built in doesn't mean 3rd party vendors shouldn't be able to compete. I happen to be writing this comment with Firefox on a machine that came with IE already....
Apple doesn't want to give developers access to the API's to do things like remote wipe. So they either block everyone from doing it or they make an exception for certain vendors. Apple isn't very big on making exceptions for any external company, even Google gets the choice of doing it the Apple way or hitting the highway. Nobody seems to mind in this case except the anti-virus cartel who are seeing their core market melt way now Windows is becoming secure and they don't have a foothold in this decade's growth market, mobile devices.
If all else fails, immortality can always be assured by spectacular error.
It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.
I know this, because I work for an iPhone nut.
If you're a business user, you're using Exchange 2007 with ActiveSync to remotely manage the iPhone and deliver email. If you've got a wish to drive yourself insane, you're also using MobileMe on that same device.
MobileMe has some neat features, but quite frankly it's complete bullshit that those features (Find my iPhone et. al.) are mutually exclusive from a phone with an ActiveSync binding. MobileMe + ActiveSync is highly discouraged by all of the Apple support reps I've spoken with, and to date, my boss has had nothing but nightmares involving the combination of the two.
Boot Windows, Linux, and ESX over the network for free.
It appears that Kaspersky is butthurt because it sees a potential market for more crap we don't need and the controllers of that market don't want, and have the ability to lock them out of that market.
From Apple's point of view, they have remote wipe on both the corporate and personal levels already. And having somebody inside your shorts providing duplicate functionality is fail from top to bottom. I'm surprised that apple even answered the phone when they saw who was calling.
Also Kaspersky can have the SDK anytime they want, it's free. They will have to pay $99 to actually deploy the apps though. What they want is a super special "inside your shorts" SDK that I'd bet isn't coming anytime soon.
Sheldon
The app store is NOT about security, it does not make you magically protected.
The app store is about Apple's guaranteed 30% cut.
Boot Windows, Linux, and ESX over the network for free.
I'm undecided on whether this particular behavior on Apple's part is a bad thing (as opposed to other cases, like the Google Voice one, where I'm sure it's a bad thing, and the Opera Mini one, where I'm at least leaning that way).
On desktops, it seems to me that various web ads or email messages encouraging users to install some third-party "security tool" are a major infection vector for malware/spyware. Many, many of the sorts of people who buy Apple products -- and I say this as an Apple user myself -- are... not the sorts of people who routinely make informed decisions about computer security.
Certainly, if third parties are permitted to sell iPhone security software, one might reasonably want them to be subject to considerably more oversight than other software, because of the potential for damage. Again, not because the software is "magic" or other software can't behave badly, but because of the particular ways most real-world users brains just shut down when dealing with security issues. Most people really don't have the mindset for this stuff.
This "software" could not be ordinary software but would rather require Apple opening up the OS to third party extensions which ran at a privileged level above the sandboxes. I just don't see that every happening for a couple of reasons.
1. The Kaspersky software itself could have exploitable flaws and given that it would be running at a higher privilege level than regular apps, that opens up a new attack vector for web based exploits to use.
2. Such software would potentially slow the OS down and cause a significant battery drain for no real gain of protection.
Much has been made about FUD articles that say that other apps can access contacts without asking for permission. No shit sherlock. That is a "feature" of the official API and the app approval process is supposed to ferret out nefarious uses of contact lists. I would hate to see UAC style boxes for apps each time I wanted to see a contact list in a third party app.
Jesus was a compassionate social conservative who called individuals to sin no more.