RUSSIAN INSECURITY OUTFIT Kaspersky Lab's CTO believes that Google should take a few lessons from its competitor Microsoft when it comes to security.
Google's Android market growth and open nature means that cyber criminals will inevitably see the system as an increasingly good target to make money. But Nikolay Grevennikov, speaking at London's Infosec conference, said that Google is quite insular about security. He said that the Internet search giant will need to change to cope with growing malicious threats, which Microsoft has done in the last few years by working with partners such as Adobe and various security vendors.
He said, "Google has the experience of dealing with big systems and has done a good job. But currently it doesn't have any real security partners which can help it to increase protection. I don't think that's the right approach. I think it would be better if it partnered with someone and really established good security expertise."
"Google has experts in search and cloud, but not in security. It doesn't understand many things in security because it doesn't have the past experience to make the right decisions. It can hire some people, but it's not a replacement for real process in a lab."
Grevennikov said that in 2007 Microsoft attempted to do security by itself, spending lots of money hiring experts from the security industry, establishing its own security unit and publishing its own anti-virus software. The problem was that for many, Microsoft has a poor reputation for software security, whether fairly or not.
He said, "Microsoft was forced to provide its product for free and a lot of experts left. I know because we hired some of them. Nobody feels any fear over Microsoft. The same with Google. It can try to do [security] by itself, but I don't think it will be successful."
In the future, Grevennikov said it is inevitable that Android will have to be regularly patched for security vulnerabilities if its market share grows the way people expect. The complexity of Android software is a benefit because there is so much you can do with it, but is also a weakness.
"For mobile phones I think security updates will put up on-the-fly rather than following some Microsoft style patch schedule," he said. "If you don't patch your systems, you shouldn't be using the Internet." µ
Watch your back, Huawei
Porn-based prattery gets fisted
As long as it follows the rules
The Home in the home could be a legal minefield