On Mac security “flaw”
Yesterday morning Yahoo! News published a story titled “Apple finally patches dangerous DNS flaw .” Because I have been known to talk positively about the Mac’s security, sometimes mistaken for bragging, a number of people I respect forwarded me the story this morning.
The context for this response is my company has been in the midst of a major network security audit, in part to prepare to deliver services to clients with stringent security requirements. I had mentioned earlier this week to one of these clients that I felt the security of our workstations, which was under scrutiny, was enhanced by the fact most are Macintosh computers. This client, a well-educated, experienced technology security professional, immediately pointed out that it has been demonstrated that Mac can be compromised at events like the Black Hat happening now .
He was also one person who forwarded me the link this morning. I responded to him that his point is taken. And yet, this “flaw”, to be executed, requires quite a bit of work, including a successful phishing attack.
That is, to be a victim, you have to be both vulnerable, have the flaw successfully exploited, then be naive enough to click on a foreign link on a foreign website, before you even have the chance of infecting your computer. Additionally, prior to launching this hypothetical virus you may have downloaded, it’s likely the Mac OS would ask you “Are you sure you want to open this file you’ve downloaded from the internet?” You’d have to respond affirmatively to that, too… and while certainly possible, an unlikely scenario.
Safe is always a relative statement, heck, everything may be relative. Take the scene in a recent Generation Kill episode in which the reporter and a marine are behind a humvee wheel. The marine says Iraq is safe, as least while they’re behind that wheel, at least relative to most of the rest of that particular battlefield at that particular moment…
I’m not writing that the Mac is invulnerable, nor am I claiming that I can’t be fooled by phishing, or some other social engineering attack. However, although I have invited examples in the past, never have I heard a direct story about the Macintosh being infected by a virus of any kind, in actual use, in the wild, so to write. In contrast, the countless hours I have spent listening to complaints and helping people disinfect their Windows systems. The Mac seems safer from infection than Windows.
I do not think I am a Mac bigot. If I am biased when it comes to platform, it’s that I think platform should not be material. Software should work and look and act the same for anyone, on any platform, and that it doesn’t yet (except for Zimbra groupware and software like it) is a mystery to me, somewhat frustrating, and while maintaining a positive philosophy of technology , a source of professional dissatisfaction.
I invite you to share your stories of Mac infection. Please only respond with a story if it’s verifiable and happened to you directly, and be sure to leave a working email address in the email address field, so I can reach you to verify your story.
August 3rd, 2008 at 5:14 pm
thanks for intrestning reading!
And it have been for long now tha mac (maybe not safer) but gets infected less often the a microsoft pc.
August 4th, 2008 at 1:39 pm
Gray,
Nice post. I cannot tell you of any type of actual virus infections on the Mac either. And, yes, I have many of the same types of conversations that you have. They usually include statements of, “Every computer, including OS X computers, are vulnerable.” But, I also include a statement along the lines of, “However, while you Windows users are waiting for the Macintosh community to have their first major malware attack, they have been racking up the costs savings of 7-8 years of not having to deal with malware issues.” How much longer that will continue I don’t know. But I’ll keep putting the money in the bank while I wait for it–rather than spending it.
As to your statement about all software on every platform should work the same, I disagree completely. Competition is what drives software vendors to improve (indeed just about every human effort improves with competition). That includes competition for Apple and would love to see some real competition for the iPod line.
I love and use OS X today. However, I’ve been in computers since about 1975. If there is a better system, for me, then I will switch to it and use it. Linux (the various flavors) are all coming along. But there is no clear advantage and several clear disadvantages (again, for me). With no clear advantage, I’m happy not to go through the change of moving to Linux and away from the Mac. By the way, I’ve given the same advice over the years, to even Windows shops if there was no clear reason to uproot their world and make a switch to another platform. Same goes for Linux shops.
Back to the everything-the-same concept. Your workflow may be fine for you and may suck for me. Each platform has different technologies that make them unique–different strengths and weaknesses. I pick my platform and my software according to what needs to be done. I certainly don’t want them to all be the same. In fact, some of the worst software I’ve ever seen is cross-platform stuff that works exactly the same on every platform. All the weaknesses of both with none of the strengths.
August 5th, 2008 at 9:43 am
Nice post. I get lots of emails about every security issue on Macs as well. It seems that folks just love it when something like this is published and can’t wait with the “told ya sos”.
I have never heard anyone claim that Macs were invulnerable, but every one of these things that come out is not something that mainsteam users with a little common sense have to worry about.
August 5th, 2008 at 6:42 pm
J.Scott,
Thanks for your kind note. Let me clarify, I’m saying that a given piece of software should be available on any platform, and function the same on it, not that all software should be the same. For example, the Zimbra web interface looks and behaves the same, presenting shared and delegated email, calendars, contacts, files, documents and tasks, on Mac, Windows and Linux. Even better, regardless of versions of OS, so working on XP and Vista, 10.4 and 10.5, etc…. looking for a consistent experience regardless of platform.
September 25th, 2008 at 2:35 pm
Interesting read, thanks
October 22nd, 2008 at 10:31 pm
Now everyone is talking about the American economy and eclections, nice to read something different. Eugene