Does Apple lull Mac owners into a false sense of security?
Summary: Mac users need protecting from themselves as much as they do from malware.
Is Apple recklessly lulling Mac OS X owners into a false sense of security, or is the company right to downplay the risks from threats?
PC Pro's Davey Winder believes the company is using hyperbole to cover up the fact that the platform is under attack and that users are at risk:
Is it any wonder that many Mac owners think they are immune from the security problems faced by PC owners? Right there on the Apple website it states that "with virtually no effort on your part, OS X defends against viruses and other malicious applications, or malware".
OK, I agree that you put a Windows 7 box next to a Mac OS X box, and the Windows box will come under greater and more sustained attack from malware. But there's more bad stuff out there than malware. Take email phishing attacks that try to dupe the unwitting out of money. How does Mac OS X fare against that sort of attack? Not well it seems:
When security vendor ESET surveyed computer users about their perception of computer security, more than half thought PCs were either very or extremely vulnerable, whereas the figure was only 20% when it came to the Mac.
The same survey revealed that when it comes to phishing attacks, Mac users lost more money on average than PC owners did. Is Apple guilty of lulling its users into a false sense of security?
So while Windows malware won't run on Macs (and why would it, it's code designed for Windows), other tricks that the bad guys use against Windows users (such as email phishing) work. The OS might be more sophisticated (or just targeted less), but the users are respond just as well to social engineering tricks whether they're sitting in front of a Windows desktop or a Mac OS X desktop.
Note: It's worth pointing out that F-Secure's chief research officer Mikko Hypponen believes that the security offered by Windows 7 is better than that currently offered by Mac OS X.
Winder also takes to task Apple's claim that 'when a potential security threat arises, Apple responds quickly by providing software updates and security enhancements' by pointing out that the company took three years to fix a vulnerability related to a remote Trojan, and 91 days to patch another serious vulnerability. Is that really responding quickly? Apple also took its sweet time blocking those untrustworthy DigiNotar SSL certificates.
Then there's the issue of all the hyperbole on Apple's website. Here's no shortage of hype on Apple's security page for Mac OS X. Take a look for yourself. However, down the bottom of the page I did come across this:
So there's at least an admission from Apple that things can still go wrong, but the company still refuses to come out and clearly advise users that installing anti-malware and anti-spam software would dramatically increase protection offered to them, and not only protect them against malicious code, but also from themselves.
Related:
- Schneier on iPhone security
- Apple releases 10.7.3 update for Lion and 10.6.8 for Snow Leopard
- Is Apple's way of dealing with malware attacks the best way?
- Black Hat: 'OS X networks are significantly more vulnerable'
- Apple finally blocks untrusted DigiNotar SSL certificates in Mac OS X
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Does Apple lull Mac owners into a false sense of security?
RE: Does Apple lull Mac owners into a false sense of security?
So how DOES OS X protect against phishing?
By that, I mean exactly [b]what[/b] "security features" in OS X will prevent the user from responding to phishing emails & providing their bank account/credit card numbers to scammers? Because those are actions that, in the majority of cases, are due to [b]active[/b] choices & decisions made by the users.
Unless you're suggesting, of course, that Apple reads every Mac users emails, whether they're sent from a mac.com email address or not, and scans every bank account or credit card number before sending on to the recipients/web sites (i.e. online vendor) they're supposed to go to?
RE: Does Apple lull Mac owners into a false sense of security?
LOL...what a loser.
RE: Does Apple lull Mac owners into a false sense of security?
come now, spdragoo@...
Haven't we heard it a million times right here, that Apple users "are smarter"?
Hence their brains will protect them. :)
RE: Does Apple lull Mac owners into a false sense of security?
There isn't.
And hence the purpose of the article in pointing out that OS X users think they're 100% safe on the Internet, a viewpoint reinforced by Apple... despite the fact that they are [b]not[/b] 100% safe, & while technically they are [b]equally[/b] vulnerable to phishing attacks as non-Mac users, their belief that they are "safe" makes them [b]more[/b] vulnerable.
RE: Does Apple lull Mac owners into a false sense of security?
Well, the lemmings sure are out. Just not the ones you're referring to. As usual, it's the anti-Apple crowd who show up first and furious at articles like this.
RE: Does Apple lull Mac owners into a false sense of security?
I love the way you allow absolutely no middle ground, if someone criticizes Apple for ANY reason, even when the criticism is justified, then they are 'an Apple hater' without qualification.
I don't see where the article is justified.
@Doctor Demento
RE: Does Apple lull Mac owners into a false sense of security?
Just because the vulnerability is biological rather than electronic does not mean that software isn't malware. MacDefeder was a disaster and it most certainly was malware delivered by a human vector (as almost all malware is these days). Fortunately is *appears* to have been short-lived but don't downplay the real threat that is out there. Doing so adds to the problem.
@vulpine: please reread the article
No one said it was. That isn't what the article is about. You admit that phishing is platform agnostic and therefore is a problem for OS X.
The question raised by the article is not whether the malware and other attacks are a platform specific problem, the question raised by the article is whether or not Apple uniquely lulls Mac owners into believing they are safe from ALL malware and other attacks, whether those attacks are platform specific or not.
The article is clearly very justified. At no point was Apple's technical platform attacked. What is being questioned is Apple's approach to what YOU admit is a platform agnostic problem. If Microsoft is telling Windows users to be careful out there but Apple is making OS X users believe that they have nothing to worry about since only Windows users get attacked (something YOU disagree with since phishing is platform agnostic) then Apple is not doing its users any favors. Clearly OS X users DO have to worry about phishing.
So vulpine, does Apple do enough to make OS X users aware of the platform agnostic dangers out there or does Apple lull OS X owners into a false sense of security? The question is a good one. The article is very justified.
So what you're saying is that the headline lies
By the way, Apple does recommend their users find and install security software "because no platform is completely immune."
<br>Oh, and for being such a disaster, Macadam, Mac Defender still only reached zero point zero two percent (0.02%) of all Macs in use. How does that count as a disaster when different security companies list Windows as more than 15% infected in the US and nearly 50% world wide? Who's having the disaster?
RE: Does Apple lull Mac owners into a false sense of security?
MacDefender was a disaster because of how it was handled. First Apple (true to form) refused to acknowledge that anything was going on. Then they released a 'Security Patch' to look for the file by specific name (as if they name couldn't be changed) and told the world "It's OK, we patched against it".
In short, they went blithely on like Macs were immune and added to the false sense of security that Mac users have. Apple is setting its user base up for a very hard fall one day.
ZDNet, you make commenting so difficult
I'm going to break this up into multiple posts, that can sometimes help get around ZDNet's filtering.
" the title specifically claims that Apple is giving the owner a "false sense of security" "
Ignoring the fact that the title is a question (and I'll give that one to you, AKH is well known for using this tactic) the title is still totally accurate. A big part of Apple's advertising campaign is based on the premise that OS X is "safer". The question being posed is: did Apple go too far? In other words, did Apple's well advertised claim that OS X is immune to Windows viruses send out the false message that OS X is also immune to all trojans and all phishing? No, Apple never specifically stated this but you and I both know that what a company specifically states and what a company is trying to get out there as a message can be 2 totally different things.
So while the underlying attacks are not an Apple specific problem, Apple has responded in a unique way. Apple claims that none of this is a very big deal. That is what Apple is being called out on. It is totally fair to call them out on it because Apple's response is unique and very specific to Apple.
Part 2
Go to Apple's home page and do the same. The first 2 hits are from 2008 and relate to Mobile Me and look like press releases. The 3rd hit takes you to OS X's security page which reads like an advertising:
"OS X contains powerful defenses to help keep your Mac safe from PC viruses and other malware without the hassle of constant alerts and sweeps."
Most would immediately see the difference in attitudes and how Apple's approach is very different from MS's for a problem that everyone here admits is platform agnostic. It is Apple's approach that is being called into question. Clear enough?
RE: Does Apple lull Mac owners into a false sense of security?
I'm not sure I agree that Mac users are more likely to be a culprit of phishing than Windows users. Most consumers access e-mail by going directly to Gmail.com/Hotmail.com and are intelligent enough to realise they're not connected to their Mac.
Whilst a lot of people don't know what the word phishing means, they are well aware of spam and fake e-mails.
All that said I do agree Apple deliberately down play the risks because the myth that Macs are 100% robust has served their business very well the past 20 years.
The opinion that Mac OS X is better than Windows is largely an outdated point of view too. I could well believe Mac OS X was better than Windows XP/Windows Vista but Windows 7 is very secure and just works. I've never seen a Windows 7 BSOD on any computer.
I so do not see how youcome to your conclusion