Originally posted by idea_hamster
"The flurry of security flaws in Apple's OS X shows "there's no piece of commercial software that doesn't have security problems," says John Pescatore, a security analyst at Gartner."
I think that's fair comment from a respected analyst in the field, a very smart man, and a guy who's been very critical of Microsoft for its security errors in the past.
It's a very fair argument. There ARE holes in Mac OS, in Linux, in anything. What there haven't been, to date, are massive exploits for those holes. That is a good thing for the Mac user community, but it doesn't mean we're bullet-proof.
However, I do wonder about the context of the quote above, because it's a quote that forms the back-end of a statement by the author. We, the reader, have no way of knowing if Pescatore volunteered that "these vulnerabilities in OS X show that there's no piece of commercial software that doesn't have security problems," or if the part of the sentence quoted comes from an entirely different question.
ie:
Interviewer: Are you surprised to see that these types of security holes are being found in Mac OS X?
Pescatore: No, because there's no piece of commercial software that doesn't have security problems.
The context is different, clearly, in what Pescatore was trying to say... and it's not totally unheard-of for a reporter to bend an analyst's comments to match his or her hypothesis in the worst case, or simply to provide a more flashy bit of commentary in a slightly better case.
Originally posted by idea_hamster
If OS X's security flaws amount to a flurry, then what's MS's? The winter of '92? I don't think that anyone ever said any Mac OS was some sort of ant-proof case, rather that OS X is far more secure than any version of Windows.
Microsoft's security woes have been well-documented in the press and elsewhere, and they've been largely taken to the cleaners for it... many writers, even those who are clearly not MS-bashers, have taken to outright sarcasm in pieces about Microsoft's security problems. I know I find myself doing so, and I do not consider myself either pro- or anti-Microsoft.
They've been taken to task on their security problems, and I think fairness dictates when they show up on Apple software, they should be taken to task there too.
Apple has a bad PR problem going for them, in that they don't want to talk about things until they're damned good and ready to. I'm not going to apologize for what I saw as some pretty bad reporting (well... the reporting itself was sound... the editorializing in the resulting story was bad), but Apple does not do itself any favours. If they had simply said three days ago that yes, there will be a release out for Jaguar, then this whole "crisis" could have been avoided. But because they likely refused to return the journalist's phone call, or at least to make comment on the questions posed, they opened the door for a reporter to run with the most exciting, biggest-headlined, worst-case-scenario version of the story.
I'm not advocating calling up a company and asking them the equivalent of "When did you stop beating your wife? questions to trap them into soundng stupid, but there's some pretty obvious and clear questions that should be asked, and warrant a response from Apple.
1) You've patched Panther, will you be patching Jaguar as well?
2) What is the reason for the patch for Jaguar being released after the patch for Panther?
I'm sure neither of these questions were answered honestly, leaving the door open.
