• Explore the magic and the mystery!

  • Apple’s Annoying Policy of Security and Support Secrecy

    November 25th, 2008

    When it comes to Apple, sometimes you don’t know what to think about some of their long-time behavior patterns when it comes to marketing and support.

    In taping an interview for this week’s episode of The Tech Night Owl LIVE, author and commentator Kirk McElhearn brought to my attention the fact that Apple, after extolling the Mac OS’s freedom from malware, is actually recommending, in a tech note, the three top commercial anti-virus applications.

    Now I’m sure you recall that very popular TV ad, where the dude who plays a Mac told the PC guy how Macs didn’t suffer from malware threats. Indeed, if you look at the facts, that’s essentially true. After all, as I said yesterday, the infections discovered so far have either been proofs of concept, or reflected minor outbreaks. In some cases, Apple’s own periodic security updates have patched some of the known leaks that presented potential threats.

    So why spend money for software that, in fact, you may not yet need? Well, I suppose you could suggest that, since Apple sells those security products at their online and retail stores, maybe they just want to earn a little more profit to pad the bottom line. While I can understand the motive, are you being well served by this mixed message?

    Overall, while Apple is quite explicit about what it fixes in a security update, they will rarely say anything about those issues until the patch is ready. Now from a security standpoint, I can see why it makes sense not to remind people what they can do to infect Macs before the fix is available, but quite often third parties have already spilled the beans.

    This tentative security management policy is why the specifics about Safari 3.2’s anti-phishing protection took several days to unearth. Apple gave very little information about the feature, though it didn’t take too long for security experts to figure out that Apple teamed with Google to provide a database with data about bogus sites that’s actually downloaded when you first run the new version of Safari.

    The feature itself is identified by a singular preference labeled “Warn when visiting a fraudulent website” that’s checked by default. It’s also quite possible that this week’s 3.2.1 update was, in part, designed to address potential crashes that occurred when that feature was activated. Then again, Apple said nothing specific about that either.

    In all, you get the feeling that the company is reluctant to admit that, yes, personal computer operating systems aren’t invulnerable, and that there have been some virulent Mac viruses over the years. Sure, most of that occurred in the Classic Mac OS era, but still the job of protecting the Mac OS is always trying to stay one step ahead of the Internet criminal.

    The anti-phishing feature was, itself, long in coming, and may have been precipitated by that statement a while back from PayPal executive warning about using browsers without such protection. While they claimed they really didn’t include Apple in their list of discredited browsers, the message was obvious, and it’s good to see the feature in Safari, even though it’s a case of better late than never.

    Then again, you do get the impression that, by word and deed, Apple wants you to think that their products are perfect, and even when the inevitable bug fixes arrive, only recently did you get any solid information about what was changed in those updates.

    That may indeed be the reluctant response to constant complaints in the tech press and by many Apple customers that they wanted to know what an update was designed to do before deciding whether to download a copy and install it.

    In contrast, the beleaguered Microsoft, a chronic offender when it comes to building bloated software riddled with security leaks, is usually overly-descriptive about what they are fixing. Since they cater heavily to the business crowd, they are responding to the needs of system admins to understand all the deep and dark secrets about patches before they decide whether to deploy them to their networks.

    Now that Apple has made it quite clear they are putting greater emphasis on a growing business-related user base, they really have little choice but to follow the same practice. That’s a good thing, though it’s unfortunate that Apple must be dragged kicking and screaming to adopt smart policies.

    Indeed, when it comes to security, Apple needs to do a lot more to show they’re being proactive about the matter. While it may not be time to install antivirus software on your Mac yet, that time may be close at hand. Apple will help greatly by identifying potential threats early on, and helping Mac users protect themselves against what may be inevitable, even if that inevitability takes a year or two to arrive.

    | Print This Post Print This Post

    One Response to “Apple’s Annoying Policy of Security and Support Secrecy”

    1. Oz says:

      It’s a tempest in a teapot. Nothing more.

    Leave Your Comment