• Explore the magic and the mystery!



  • Is Mac Security Going Down the Tubes?

    May 29th, 2007

    If you’re a fear merchant and get a charge out of spreading suspicion about Mac security, you have to be delighted. If you’re a Windows user wondering what the fuss is all about and whether a switch to the Mac is a good idea, you might want feel a little concerned. And certainly my fellow Mac users are wondering if Apple’s world-class operating system isn’t quite as bullet proof as it’s supposed to be.

    You see, every few weeks so far this year, Apple has released a security update to address potential vulnerabilities of one sort or another. Some of them sound awfully frightening, using such pithy phrases as “remote execution” and “denial of service” or laced with other dark prose that delivers images of impending doom and gloom.

    Is there something wrong here? Isn’t Mac OS X built upon a solid Unix foundation, tried and tested across the planet for several decades? Where did all these terrible-sounding security leaks come from and why isn’t Apple doing more to be proactive about allowing them to appear in the first place?

    How do you protect yourself against such dangers? Is Windows all that bad after all?

    Well, it’s time to settle down. You see, what you’re reading about in all these descriptions of security fixes relates to potential vulnerabilities. Security experts have shown that there are leaks in the dam that need to be sealed. But that is definitely not the same thing as having an Internet criminal take over your Mac and do nasty things.

    Indeed, these vulnerabilities have, so far at least, not been exploited outside of the test laboratory. They need to be patched, of course, but that’s not the same thing as seeing lots of Macs being exploited because of such problems.

    It does, however, remind you of a clicking time bomb.

    I am not, however, as fearful as some of the tech pundits want you to be. You have to realize that all operating systems have security leaks that need to be patched, and it’s very likely nobody will ever figure out a way to seal all the openings. Well, at least not in our lifetimes.

    Unfortunately, this state of affairs creates the climate for some folks to write purple prose claiming that the Mac really isn’t all that secure after all. They might even look at the numbers of security holes that Apple has been patching of late and compare them to the number of Windows vulnerabilities Microsoft has to handle. That’s an easy way to obscure the facts. It’s much harder to sit down and do research and explain whether or not the regular Mac user needs to live in fear that the sky is falling.

    I realize it’s hard to look at the regular release of security updates as a good thing, but it really is. You see, Apple is, of late, taking the hard work of security investigators very seriously. When they find something with the potential for trouble, they put a fix into place extremely quickly. Some say Apple is slow about reacting to such things, but a recent QuickTime issue was resolved within days of its discovery. In case you’ve forgotten, that was revealed during a security contest, in which someone got a $10,000 payday for breaking into a MacBook.

    In fact, the timely release of security patches demonstrates that folks who claim that Apple is ignoring such problems do not know what they are talking about. And even if it takes more than a few weeks to close a specific security hole, you have to realize that knowing there’s a problem and fixing it promptly are two different things. It’s always possible, you see, that a simple code change may impact other functions and creat unexpected problems. So even if the fix is found in a few hours or a few days, it make require several weeks of intense testing to make sure that it works as advertised and doesn’t crash your Mac or create other anomalies.

    This doesn’t mean, of course, that the security updates are necessarily perfect. Every single time Apple releases an updater of one sort or another, some folks will have problems. And it’s not just the very few in our audience who have ripped their Mac’s guts apart with operating system hacks. Sometimes regular people encounter these woes as well, which only goes to show that Apple has to tread slowly and carefully before releasing any software that modifies the operating system in some fashion.

    My suggestion after looking over this ongoing effort to show Mac security in an unfavorable light is simply not to get out of shape about it. Accept the imperfect reality, and just be alert to the release of the ongoing updates. Frankly, I’m not as worried as some about installing them just about as soon as they appear, because no Mac OS X update has ever cost me a moment of trouble.

    At the same time, you probably want to be careful about the third party toys you add to your system. As far as security is concerned, you also want to follow the usual cautions: Have a strong system password, with a mixture of numbers and varying upper and lower case letters. If a password is too easy to remember, someone out there can figure it out. You also want to be careful about downloading unexpected file attachments, even if they come from people you know. It’s always a good idea to confirm first that it’s authentic.

    While you probably don’t need to fret over an impending malware epidemic on the Mac platform, don’t throw caution to the wind either. Stay alert, and don’t let the fear mongers get you down.



    Share
    | Print This Post Print This Post

    10 Responses to “Is Mac Security Going Down the Tubes?”

    1. Tom B says:

      I take encouragement from the fact that no really serious exploits have been achieved. I think it is just that disgruntled Windows fanatics and anti-virus software vendors are simply targetting the Mac more to slow the collapse of the Redmond Empire.

    2. Frank says:

      You think the wireless exploit wasn’t a serious exploit.

      I take encouragement from the fact that no really serious exploits have been achieved. I think it is just that disgruntled Windows fanatics and anti-virus software vendors are simply targetting the Mac more to slow the collapse of the Redmond Empire.

    3. Tom B says:

      “You think the wireless exploit wasn’t a serious exploit.”

      My understanding is that it wasn’t — perhaps you have more info than I do?

    4. Steve W says:

      I love the way the Windows envangelists turn lemons into lemonaide. They claim Windows is more secure than Mac OS X, and point to the fact that Apple issues more security updates than Microsoft as proof that Mac OS X has more security holes than Windows.

      Maybe my thinking is dyslexic; I see it the other way round. The system that gets breached the most, is the one with fewer updates. I think that is because it’s maker isn’t finding the holes fast enough. Rather than find and patch holes in it’s own system, it pays hackers to find holes in the competition.

      As my mother always said, “If you are so right, why aren’t you rich?” Clearly, Microsoft has a better handle on security than Apple!?

    5. I love the way the Windows envangelists turn lemons into lemonaide. They claim Windows is more secure than Mac OS X, and point to the fact that Apple issues more security updates than Microsoft as proof that Mac OS X has more security holes than Windows.

      Maybe my thinking is dyslexic; I see it the other way round. The system that gets breached the most, is the one with fewer updates. I think that is because it’s maker isn’t finding the holes fast enough. Rather than find and patch holes in it’s own system, it pays hackers to find holes in the competition.

      As my mother always said, “If you are so right, why aren’t you rich?” Clearly, Microsoft has a better handle on security than Apple!?

      Well, Microsoft is, of course, rich. But so is Apple 🙂

      Peace,
      Gene

    6. “You think the wireless exploit wasn’t a serious exploit.”

      My understanding is that it wasn’t — perhaps you have more info than I do?

      Consider how many people were affected by this exploit, other than the folks who discovered it of course. Do I hear the sound of silence?

      Peace,
      Gene

    7. Here's my favourite Mac Trojan: OSX.Leap.A, affectionately known as Oompa Loompa. Take a peek at all the poor Mac computers affected since its discovery back on February 16, 2006. More sounds of silence?

      http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=OSX%5FLEAP%2EA&VSect=S&Period=All

    8. Here’s my favourite Mac Trojan: OSX.Leap.A, affectionately known as Oompa Loompa. Take a peek at all the poor Mac computers affected since its discovery back on February 16, 2006. More sounds of silence?

      http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=OSX_LEAP.A&VSect=S&Period=All

      Yeah, I'm shaking in my boots 🙂

      Peace,
      Gene

    9. Ilgaz says:

      For interested, if you use Firefox 2.x and want a quick check on your system, http://housecall.antvirus.com online virus checker in fact works on OS X but for some reason Trend Guys don't publicise it.

      It would be good for finding Windows viruses in your mails, I don't expect anyone except actual virus(!) author is infected by Leap 🙂

    10. For interested, if you use Firefox 2.x and want a quick check on your system, http://housecall.antvirus.com online virus checker in fact works on OS X but for some reason Trend Guys don’t publicise it.

      It would be good for finding Windows viruses in your mails, I don’t expect anyone except actual virus(!) author is infected by Leap 🙂

      Thanks for the update. And, yes, we should all be mindful of the problems our friends on the Windows platform might encounter. It doesn't serve them right. Sometimes they have no choice in the matter of which platform to use.

      Peace,
      Gene

    Leave Your Comment