Category: Technology Author : Steven Hodson Posted: June 9, 2009
Tags : Apple, security, trojans, viruses
Now I have to be careful here on how I phrase this post because we sure wouldn’t want to see a Twitter-Friendfeed real-time angry fanboy rise from the dust and inundate us with all manner of death threats – or worse. So here goes – Apple needs to wake up to its new place in the computing landscape and start to take security seriously and better response to their users.
This is the gist of thoughts of Rich Mogull, founder of security firm Securosis and a self-professed Mac user, in both a post on TidBITS and in an interview by Dan Goodin for The Register.
"Based on a variety of sources, we know that Apple does not have a formal security program, and as such fails to catch vulnerabilities that would otherwise be prevented before product releases," writes Rich Mogull, founder of security firm Securosis and a self-described owner of seven Macs. "To address this lack, Apple should integrate secure software development into all internal development efforts."
Source: The Register
In his TidBITS post Rich provides five points that he thinks Apple needs to address when it comes to its products and security.
- Appoint and Empower a Chief Security Officer
- Adopt a Secure Software Development Program
- Establish a Security Response Team
- Manage Vulnerabilities in Included Third Party Software
- Complete the Implementation of Anti-Exploration Technologies
Given that even six month after Sun warned of a vulnerability in the Java virtual machine Apple hasn’t seen fit to patch the hole Rich’s suggestions might be well heeded. Note that both Linux and Microsoft fixed the bug months ago.
Jun 9, 2009
I'm a loyal Mac fanboy and … I agree wholeheartedly. Apple needs to take security more seriously before it gets real egg on its face.
Jun 9, 2009
Fair comments, and I'm a loyal mac fanboy as well. That being said, there's a lot to be said for the security through obscurity as far as marketshare goes on Macs.
Jun 10, 2009
Apple has hired Ivan Krstic, the developer of the security architecture for the One Laptop Per Child project’s XO system and subsequently a vocal critic of the failed OLPC program. Krstic is a prodigy security guru with anti-malware credentials.
Read more here:
http://www.roughlydrafted.com/2009/05/13/apple-…
Jun 10, 2009
This is more that a little strange. Rich Mogull's complaint is that Apple isn't secure because it doesn't act like Microsoft. Maybe Apple doesn't need a formal security system, because Apple designed Mac OSX right the first time, so they don't have to fiddle with it.
It is Microsoft Windows, after all, which has the 200 thousand virus and malware in the wild and Mac OSX has none and never has. Now, Snow leopard's security is getting even stronger and Rich discounts it.
Where is the proof of the pudding? Where in Mac OSX is the malware, worms, adware, spyware and virus which infest Wintel? I don't get any. Perhaps Apple is doing something right by not following the recommendations of people like Rich.
Lou Wheeler
Jun 11, 2009
I find the foundation of the claim that Apple has no security program rather weak. I agree that not fixing the Java bugs looks very bad (and so do some errors made with Safari 4 beta that were later corrected). But 'no security program' differs from 'a security setup that misses important problems', the latter of which seems correct.
Jul 21, 2009
More marketing masquerading as wisdom. McD