Barney's Blog

Blog archive

Apple Security Myth Busted

Many of us are under the impression that Macs are inherently far more secure than Windows PCs, which is why I've bought no less than six Macs for my 4 kids -- even though they cost three times as much as an equivalent PC. I can't be bothered reinstalling Windows every six months, not to mention the time a horrid virus blasted my eight-year-old son with vile, unstoppable pop-ups -- pop-ups that would make Bob Guccione blush.

A theory on why Apple is safer is that there are fewer Macs to attack, so hackers don't bother. And the bad guys simply don't hate the Mac like they do Windows.

Eugene Kaspersky, founder of the security company that bears his name, apparently believes the latter. Now that hackers are taking aim at the Mac, these machines may be more vulnerable than their acolyte owners believe. They may even have to cough up for some security software unless Apple builds it and maintains it for them free like Microsoft now does with Security Essentials.

It may be that Kaspersky is trying to seed the market for Mac security software (his company does has a $40 antivirus package for the Mac), but I think that market will happen or not with or without Eugene's assistance.

First, he sees attacks on the rise and feels it's inevitable that the Mac become a major target.

While Apple does provide updates, it is over a decade behind what Microsoft does with Patch Tuesday, and here's a personal note: A decade ago, Microsoft chairman Bill Gates declared the Trustworthy Computing Initiative. If there's one thing Gates rarely or ever did, it was give lip service. And over the last 10 years, in my opinion, Microsoft has done anything but give lip service to security.

In fact, Kaspersky believes Apple needs to spend the kind of time Microsoft takes checking code for security problems. "Welcome to Microsoft's world, Mac. It's full of malware," Kaspersky says.

In my heart of hearts I've believed that Mac's OS, having been built on a Unix/Mach kernel, was more secure. Now I must rethink that notion. As usual, my ultimate conclusion may rely on the wise counsel of you, the Redmond Report reader. What say you? Spill it at dbarney@redmondmag.com.

Posted by Doug Barney on 04/30/2012 at 1:19 PM


comments powered by Disqus

Reader Comments:

Thu, May 10, 2012 Andre Vermont

It appears even Apple bought into the notion that their computers were inherently more secure. Why else would they drag their feet so when providing needed updates? All those Apples didn't need to get infected but Apple was very slow about updating software that Windows had updated about a month prior. By the way, even Linux machines need to be updated regularly to avoid being compromised so why would the MacOS, which is built on Linux, not require the same?
All software has vulnerabilities that can be exploited and without proper diligence, it will be. An interesting thing to note is that as Windows has gotten more secure, the bad guys have focused more on other software like Adobe products or web browsers. They do still attack Windows but not as much as they used to. Of course their big time attack front now is social engineering. Which leads to the ultimate security hole, people. We can make our software as secure as possible, and we should, but you will always have people who are uneducated or lazy and don't do the right thing. The answer? I don't know the answer. There are much smarter people than I working on that problem. So, until someone comes up with an answer, we just have to acknowledge that we need to be very careful and protect ourselves the best we can with the tools at hand and know that no matter what computer we have, we are vulnerable.

Mon, May 7, 2012 Andrew Austin, TX

Having serviced Macs in the OS6/7 days (mid-90’s), I can tell you definitively that there were viruses for them back then. Not many, but they did exist.

My argument toward securing Macs better today revolves around the idea that the average Mac user has more disposable money, making them a juicier target at a lower minimum market share. Secondly, virus / spyware / crimeware writers have had a decade to hone their skills writing install routines, root-kits, key-loggers, etc for the PC. Now, a crimeware author could probably quite easily engineer it to install without any glitches or slowdowns noticeable to the end user.

I would not be at all surprised if every single Mac and IOS device out there is already rooted by the bad-guys. Good luck with your clean-up efforts, you are going to need it.

Tue, May 1, 2012 Stuart Los Angeles, CA

1. MACs and Windows have one thing in common: HUMANS. Humans make the OS and applications and humans use them. Since we are still not perfect, there will be issues. Also, Doug, why do you hate on Microsoft so much? When it comes to security Microsoft has a much better track record than Apple, Adobe, Google, Sun, etc.

Mon, Apr 30, 2012 Green California

I agree with the comments that the Unix ancestry belie the 10 years behind statement. Of course even defaults in (or in the use of) basic C statements and it's derivatives can lead to security problems. My guess is that most problems of security will be user aided by opening things that shouldn't be or through third party applications the likes of Acrobat that are used as ways to distribute 'honorable' documents and files.

Mon, Apr 30, 2012 Chris US

Macs are, in my opinion, more secure than Windows. Unix or Unix-like operating systems start with a more restrictive set of permissions for the average user than Windows. However, "more secure" doesn't mean they are secure. Any OS, be it Windows, Unix, Linux, or Mac, is more vulnerable if standard security practices are not followed on a regular basis.

Mon, Apr 30, 2012 jrhmobile

For years I would argue that Apple's OSX wasn't invincible, and that it was as susceptible to malware as any Windows machine. The only reason that Macs weren't infected was because there were so many more Windows systems out there that targeting Macs for infection was a low-percentage play. This would result in viperous response, that Macs were infinitely superior to Windows systems, that there was no way that malware could infect a Mac system and that there was no such thing as security through obscurity. Well, after years of Apple telling people that Macs couldn't possibly be infected with malware, and Mac users blindly believing that nothing could attack those precious Macs,the taunting seems to have finally drawn fire from the hacker community and now Mac-targeted malware is out in the wild. The way I see it, that kind of blind allegiance and haughty dismissal of malware dangers has been a self-fulfilling prophesy. So congratulations. You were right and I was wrong. You've now proven that there is no such thing as security through obscurity.

Mon, Apr 30, 2012 Corey Portland, OR

Being system agnostic in terms of support, but a Mac person in terms of personal purchases and preference, I take umbrage with the "decade behind" comment. I believe Macs are inherently more secure than Windows because of the Unix foundation, but simple popularity is the larger factor. With Apple's increasing popularity, It was only a matter of time until Mac users had to buy Anti-Virus. I don't think that day has arrived yet, but it may be as soon as some time this year.

Mon, Apr 30, 2012 Corey Portland, OR

Being system agnostic in terms of support, but a Mac person in terms of personal purchases and preference, I take umbrage with the "decade behind" comment. I believe Macs are inherently more secure than Windows because of the Unix foundation, but simple popularity is the larger factor. With Apple's increasing popularity, It was only a matter of time until Mac users had to buy Anti-Virus. I don't think that day has arrived yet, but it may be as soon as some time this year.

Mon, Apr 30, 2012 Dan Iowa

Welcome back to reality. I would add that there is probably a sizeable population of Macs that are not very secure, not because of what Apple has or has not done, but because of the flawed notion that if you just buy the right product, you won't have to do anything because it is a superior product. Security happens by the practices you follow day to day, and the processes you put in place. If you don't put any in place, then you're destined to discover the flaws of your assumptions sooner or later.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.