Mac users 'too smug' over security - BBC article

[StokeLee]

For those of you who might be interested in what Bill Thompson of the BBC has got to say

http://news.bbc.co.uk/1/hi/technology/4609968.stm

Is this bit true?

Sometimes Apple make things worse. For example, widgets, small programs that can do things like search online dictionaries or let you listen to streamed BBC programs, can be installed without your permission when you visit a website using the Safari browser, just like Windows does with ActiveX controls. It took Apple weeks to fix this.

Lee


P.S Bored at work......Thank god ive got MR

 

[robbieduncan]

Yes that was the case. It is now fixed.

I think in general we as Mac users have good reason to be happy with the current security situation regarding Mac OSX but this should not lead to us being complacent. No OS is 100% secure and we should all think carefully about what we click on online and download to our machines.

 

[Blue Velvet]

Was just reading this about ten minutes ago and thought 'worth posting?'... then I thought it would just get a slating.

Also bored, stuck indoors for lunch.

 

[Applespider]

I did write a comment saying that while he was right to say that Mac users still needed to be vigilant, there was a difference between being smug but wary and smug and oblivious. And pointing out that in general Mac users aren't flaunting having no firewalls and installing willy-nilly.

I felt it was a little too scaremongering considering the current level of threat. And forgot the most important key; that in a world where there are more people who are clueless about security than knowledgeable, encouraging them to use a computer platform that's more forgiving can't be a bad thing.

 

[MacSA]

The BBC area always posting negative stories about Apple.

 

[MisterMe]

If you can back it up, it ain't bragging.

nm

 

[belvdr]

I am a firm believer in making security a high-priority, no matter which OS you run. If OS X were not a target, then why would Apple release security updates? I mean a virus is one thing of which Macs are not susceptible to thus far, but you have to watch out for hackers using any exploit available to gain access.

Security by obscurity and lax security updates are just asking for trouble.

 

[MisterMe]

I am a firm believer in making security a high-priority, no matter which OS you run. If OS X were not a target, then why would Apple release security updates? I mean a virus is one thing of which Macs are not susceptible to thus far, but you have to watch out for hackers using any exploit available to gain access.

Security by obscurity and lax security updates are just asking for trouble.

Apple does not rely on security by obscurity. This is just an excuse promoted by Microsoft apologists. Apple relies of excellent software design and sensible default settings.

 

[balamw]

Apple does not rely on security by obscurity.

Particularly since the foundation of OS X, Darwin, is open source. http://developer.apple.com/darwin/ Obscurity?

B

 

[IJ Reilly]

Mac OS may not have the gaping holes that let viruses spread, but worms, spyware and even keyloggers are out there.

Which viruses? What worms, spyware and "even" keyloggers? And where are they?

This guy is simply trotting out every canard in the book. He hasn't produced any evidence for any of his claims.

 

[mac-er]

One reason why there aren't many malicious Mac programs is that there are fewer Mac users out there, but the fact that some have been written shows that they are possible in principle.

I'm so tired of this being the "only" excuse that OS X doesn't have viruses. Don't you think some hacker would love to be able to claim he/she was the first to write a successful virus for OS X?

If you don't think people aren't out there trying to write a virus for OS X, you are pretty naive.

Viruses are simply harder to write for OS X because of its inherent security and architecture.

He also contradicts himself, I think. He says they have been written, so they are "possible in principle". "In principle" means figuratively in this context. Either they have been written or they haven't.

 

[Applespider]

This guy is simply trotting out every canard in the book. He hasn't produced any evidence for any of his claims.

Giving Bill Thompson some credit; he does actually have Macs in the household and has written about having to clear out his PC in the past.
Still feel that there's a little too much FUD in here although the overall message of 'be aware' is still important.

 

[Sark]

Someone please explain to me why "security through obscurity" is wrong.

Why would someone write spyware or adware infested apps for a Mac? They can gain the most profit by writing it for a Windows PC because most people use Windows.

Why would someone try to hack a Mac when there are thousands more PCs and thus are more likely to find a vulnerable PC?

 

[Kernow]

Giving Bill Thompson some credit; he does actually have Macs in the household and has written about having to clear out his PC in the past.
Still feel that there's a little too much FUD in here although the overall message of 'be aware' is still important.

I agree - I've read his columns in the past and in general he is pro Mac.

However, I think the tone of the article is completely wrong and paints the situation as worse than it actually is. As you say, the main point of 'be aware' is relevant, and whilst he has no duty to sell OSX as a platform, to a casual reader, this article is unnecessarily negative.

 

[jayscheuerle]

Someone please explain to me why "security through obscurity" is wrong.

Why would someone write spyware or adware infested apps for a Mac? They can gain the most profit by writing it for a Windows PC because most people use Windows.

Why would someone try to hack a Mac when there are thousands more PCs and thus are more likely to find a vulnerable PC?

To be the first?
To crack the "uncrackable?"
To show you have mad hacker skills? (Girls like guys with skills)

There'd be some notoriety with writing ANY virus that got through OSX. It wouldn't even have to be malicious. With Windows, it's just another virus...

 

[Motley]

Someone please explain to me why "security through obscurity" is wrong.

Why would someone write spyware or adware infested apps for a Mac? They can gain the most profit by writing it for a Windows PC because most people use Windows.

Why would someone try to hack a Mac when there are thousands more PCs and thus are more likely to find a vulnerable PC?

To shut up all us "smug" Mac users. We've been bragging about lack of spyware and virus' for years. But it's just not as easy to do it was it is on Windows. So not only do we not have a large market share making us a poor targer but it is also actually harder because of OS design.

Remeber, Bill didn't think the internet was important, the future was CDs and Windows was designed accordingly.

 

[IJ Reilly]

I agree - I've read his columns in the past and in general he is pro Mac.

However, I think the tone of the article is completely wrong and paints the situation as worse than it actually is. As you say, the main point of 'be aware' is relevant, and whilst he has no duty to sell OSX as a platform, to a casual reader, this article is unnecessarily negative.

I can't judge him by anything else he's written, as this is the only one of his pieces I've read, and it seems full of misleading and even contradictory statements. The absence of viruses, keystroke loggers and spyware for OSX is a perfectly rational reason to use the Mac platform, whether it results from an inherently more secure OS, "security by obscurity," or some combination thereof. Every day this continues to be the case is a red-letter day in my book. I am getting pretty tired of hearing about how it will all come to a bad end, some day. It's been going on for years, so pardon me if I classify such dire predictions as so much Chicken Little-ism.

 

[Sark]

To shut up all us "smug" Mac users. We've been bragging about lack of spyware and virus' for years. But it's just not as easy to do it was it is on Windows. So not only do we not have a large market share making us a poor targer but it is also actually harder because of OS design.

Remeber, Bill didn't think the internet was important, the future was CDs and Windows was designed accordingly.

Alright, that make sense. However, it would be nice if you had some sort of reference to support your claim that it is more difficult to design malware for a Mac OS X platform. And if your reasoning involves Unix, please elaborate past just saying "cause it's based off of Unix and that's good".

However, with the more market share Apple gains, logically one would presume there would be an increase in malicious programs in the Mac world.

 

[balamw]

Someone please explain to me why "security through obscurity" is wrong.

The Wikipedia article does a pretty good job of explaining the weaknesses of security through obscurity. http://en.wikipedia.org/wiki/Security_through_obscurity

B

 

[Lacero]

Obscurity is the most effective security tool. Like trolls, virus writers are looking for attention. And the fact these obscure OSes are just as easily patched as Windows should a security threat occur to the ones using them.

Here's to the Crazy Ones ​

 

[MisterMe]

....

However, with the more market share Apple gains, logically one would presume there would be an increase in malicious programs in the Mac world.

Logically? You assume the validity of "obscurity by security."

This defense has an origin. It dates back to 1999--a time when Microsoft Windows was under a withering barrage of virus attacks. In Windows's defense, Bill Gates asserted that Windows was suffering so many virus attacks due to its marketshare. He offered no evidence to support his assertion. The popular and computer press simply picked up this assertion and repeated it uncritically. The masses accepted the assertion because it was easier than thinking.

It was and is true that Microsoft has a dominant marketshare. To present this as the cause of its vulnerability to malware, however, is to make the most fundamental mistake in logic: Post hoc, ergo propter hoc.

 

[belvdr]

Apple does not rely on security by obscurity. This is just an excuse promoted by Microsoft apologists. Apple relies of excellent software design and sensible default settings.

Particularly since the foundation of OS X, Darwin, is open source. http://developer.apple.com/darwin/ Obscurity?

B

An OS manufacturer, such as Apple, can't do that.

Users do that, and that's what I'm referring to. When installed on a computer, and a user does nothing to keep it secure, and assumes that since he/she is not a prime target to any hacker or malicious user, this user is practicing security by obscurity.

Sensible default settings? You mean like having the firewall disabled? I think their excellent software design applies only to the GUI and their core apps. The core OS, as balamw pointed out, is open source. So they are using the same software that say, Linux, FreeBSD, NetBSD, etc, are using, such as OpenSSH and Apache.

 

[IJ Reilly]

Logically? You assume the validity of "obscurity by security."

This defense has an origin. It dates back to 1999--a time when Microsoft Windows was under a withering barrage of virus attacks. In Windows's defense, Bill Gates asserted that Windows was suffering so many virus attacks due to its marketshare. He offered no evidence to support his assertion. The popular and computer press simply picked up this assertion and repeated it uncritically. The masses accepted the assertion because it was easier than thinking.

It was and is true that Microsoft has a dominant marketshare. To present this as the cause of its vulnerability to malware, however, is to make the most fundamental mistake in logic: Post hoc, ergo propter hoc.

I agree entirely. "Security through obscurity" is a simplistic explanation which just happens to cover Microsoft's backside. Works perfectly for the credulous, which apparently describes this columnist. This is what ticks me off about the column -- he makes the "security though obscurity" claim without providing even a shred of evidence to support it. What's worse, he claims that Dashboard widgets (as they were implemented for only a short time, even) created a security breach as serious as ActiveX. Show me how a widget can write code to the root level of OSX without any intervention from the user, then maybe I'll believe it.

 

[LethalWolfe]

Correct me if I'm wrong 'cause servers aren't my thing, but I thought that there are more Unix based servers on the WWW than Windows based servers, but that the Windows servers got hacked/attacked more often. If that is true then I guess security through obscurity isn't as great as it's cracked up to be.


Lethal

 

[StokeLee]

An Update From Bill Thompson

It looks like he has had some flak from his comments, and his column can be read at the link below

http://news.bbc.co.uk/1/hi/technology/4620548.stm