We’ve been bombarded by the smug, highly slapable face of the Mac bloke in Apple’s omnipresent advertising campaign telling us how incredibly secure Macs are, but an independent researcher begs to differ.
Researcher Kevin Finisterre feels that far from walking around with an air of superiority over their Windows counterparts, Mac users should also start taking security threats seriously.
After highlighting security holes in Mac applications on his Month of Apple Bugs (MOAB) website, Finisterre said he was initially shunned by some of the Mac community, but his concerns were vindicated when Apple recently issued a patch to plug holes outlined on his website.
The update fixed holes in iChat and Finder as well as a flaw in the user notification process that could potentially let malicious users gain system privileges.
Finisterre says he started the project in response to Apple owners’ blasé attitude to security, commenting, “Try calling any Apple store and ask any sales rep what you would do with regard to security, ask if there is anything you should have to worry about?
“They will happily reinforce the feeling of ‘Security on a Mac? What? Me worry?’.”
Finisterre said he hoped that his campaign has made people realise that there are, “most definitely some things under the OSX hood that need a closer look,” although Mac experts are quick to point out that none of the exploits on his site have been used to successfully hijack an Apple computer.
Things can only get better
Claiming that Apple hadn’t been too interested in opening a dialogue about security matters, Finisterre said that things were now changing for the better.
“They have certainly given some extra efforts on the backend to open up lines of communication, at least with me.”
“That sort of progress is what I am after rather than a particular set of bugs,” he commented.
What complete one-sided twaddle, the researcher did identify some vulnerabilities which were fixed pretty soon after the revelation of their existence, sure, and certainly no computer user should be blase about security – whatever platform they choose to use.
But what is missing in this guy, Slocombe’s write-up of the original BBC story – and what can only be missing because your reporter is biased (or illiterate) is the factual statement made by the BBC that even after a month of attempts to find an exploit in the Mac, not one identified exploit has ever been used ‘in the field’.
But – more tellingly – what is also missing is the comparison between platforms that actually is in the BBC report, where the BBC says (and your irresponsible non-journalist, in a moment that shows what scant regard he has for the security of any PC users among his readers, chooses to neglect to mention) is that while no Macs are subverted by these security FUDs, “hundreds of thousands” of Windows PCs have been taken over by hackers and are used to distribute spam all across the Web.
Pathetic alarmism badly reported, deserves a slap.
I feel heartened that the “MOAB” turned up nothing scary.
A few years ago I bought anti-virus software for my Macs because of articles saying I was too smug about security being a Mac user. I kept the software current for the life of the contract. Of course, it was a complete waste of money as there were no real threats. Now, I keep the built-in firewall active and stay on the qui vive for a real threat.
Shut up already!
As of today, FEB 20 2007, any time or energy any mac user has spent protecting him or her self from potential threats (short of regular updates and backups) has been wasted! When this FACT changes we can all get together to see how Apple and the mac community respond.
But for now, 30 bugs, 30 days, 0 exploits. It is good to be a mac user!
Perhaps the excitable JR missed the bit where I said, “Mac experts are quick to point out that none of the exploits on his site have been used to successfully hijack an Apple computer.”
Oh well…
Mac users are not smug. We know that nothing is perfect, not even Mac OSX. Eventually, the Mac’s security may be breached, but when? How much effort should we put into a nonexistent problem? Should we go around crying “The sky is falling. The sky is falling?” Over nothing but speculation?
As a practical matter, none of those MOAB vulnerabilities were important. Mostly, they were from the fact that the Mac OS didn’t respond well to corrupted files and froze the application. All we had to do was force start the application. There was no harm to the system from it.
There was no ability to take over the system either, as often happens in Microsoft Windows. Those MOAB vulnerabilities were quickly patched– mostly during the month.
Yes, do point out where the Mac OSX is flawed, but don’t be unrealistic about it. There was no real cause for harm, so why should we worry about it? 114 thousand viruses in Windows is serious; zero viruses on the Mac is not.
We Mac users are confident, not smug. We are confident that we have better designed software than Microsoft Windows. All kinds of crackers are trying to break into the Mac for bragging rights and failing. They have been doing so for years.
This article seems to read differently second time around, which is odd.
You’ve got a sharp eye JR, you’re right
“Finisterre found initially shunned by some of the Mac community,”
was altered to
“Finisterre said he was initially shunned by some of the Mac community”
Reads better, no?