Does Apple lull Mac owners into a false sense of security?

Does Apple lull Mac owners into a false sense of security?

Summary: Mac users need protecting from themselves as much as they do from malware.

SHARE:

Is Apple recklessly lulling Mac OS X owners into a false sense of security, or is the company right to downplay the risks from threats?

PC Pro's Davey Winder believes the company is using hyperbole to cover up the fact that the platform is under attack and that users are at risk:

Is it any wonder that many Mac owners think they are immune from the security problems faced by PC owners? Right there on the Apple website it states that "with virtually no effort on your part, OS X defends against viruses and other malicious applications, or malware".

OK, I agree that you put a Windows 7 box next to a Mac OS X box, and the Windows box will come under greater and more sustained attack from malware.  But there's more bad stuff out there than malware. Take email phishing attacks that try to dupe the unwitting out of money. How does Mac OS X fare against that sort of attack? Not well it seems:

When security vendor ESET surveyed computer users about their perception of computer security, more than half thought PCs were either very or extremely vulnerable, whereas the figure was only 20% when it came to the Mac.

The same survey revealed that when it comes to phishing attacks, Mac users lost more money on average than PC owners did. Is Apple guilty of lulling its users into a false sense of security?

So while Windows malware won't run on Macs (and why would it, it's code designed for Windows), other tricks that the bad guys use against Windows users (such as email phishing) work. The OS might be more sophisticated (or just targeted less), but the users are respond just as well to social engineering tricks whether they're sitting in front of a Windows desktop or a Mac OS X desktop.

Note: It's worth pointing out that F-Secure's chief research officer Mikko Hypponen believes that the security offered by Windows 7 is better than that currently offered by Mac OS X.

Winder also takes to task Apple's claim that 'when a potential security threat arises, Apple responds quickly by providing software updates and security enhancements' by pointing out that the company took three years to fix a vulnerability related to a remote Trojan, and 91 days to patch another serious vulnerability. Is that really responding quickly? Apple also took its sweet time blocking those untrustworthy DigiNotar SSL certificates.

Then there's the issue of all the hyperbole on Apple's website. Here's no shortage of hype on Apple's security page for Mac OS X. Take a look for yourself. However, down the bottom of the page I did come across this:

So there's at least an admission from Apple that things can still go wrong, but the company still refuses to come out and clearly advise users that installing anti-malware and anti-spam software would dramatically increase protection offered to them, and not only protect them against malicious code, but also from themselves.

Related:

Topics: Security, Apple, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

212 comments
Log in or register to join the discussion
  • RE: Does Apple lull Mac owners into a false sense of security?

    You're going to get the Apple Lemmings REALLY angry AK-H. :-)
    IT_Fella
    • RE: Does Apple lull Mac owners into a false sense of security?

      @IT_Fella if anyone gets "angry" at this rehashed article, they need to get a life. That having been said, it doesn't seem you know anything at all about OS X so perhaps you should just STFU and go back to maintaining the desktops in your office pool.
      bobjones2007
      • So how DOES OS X protect against phishing?

        @bobjones2007

        By that, I mean exactly [b]what[/b] "security features" in OS X will prevent the user from responding to phishing emails & providing their bank account/credit card numbers to scammers? Because those are actions that, in the majority of cases, are due to [b]active[/b] choices & decisions made by the users.

        Unless you're suggesting, of course, that Apple reads every Mac users emails, whether they're sent from a mac.com email address or not, and scans every bank account or credit card number before sending on to the recipients/web sites (i.e. online vendor) they're supposed to go to?
        spdragoo@...
      • RE: Does Apple lull Mac owners into a false sense of security?

        @bobjones2007

        LOL...what a loser.
        IT_Fella
      • RE: Does Apple lull Mac owners into a false sense of security?

        @bobjones2007 And you proved IT_Fella's point for him. Excellent.
        athynz
      • come now, spdragoo@...

        @spdragoo@...

        Haven't we heard it a million times right here, that Apple users "are smarter"?

        Hence their brains will protect them. :)
        William Farrel
      • RE: Does Apple lull Mac owners into a false sense of security?

        @spdragoo@... I'm confused. Is there any software that will protect users from phishing? For any OS?
        The Danger is Microsoft
      • There isn't.

        @The Danger is Microsoft

        And hence the purpose of the article in pointing out that OS X users think they're 100% safe on the Internet, a viewpoint reinforced by Apple... despite the fact that they are [b]not[/b] 100% safe, & while technically they are [b]equally[/b] vulnerable to phishing attacks as non-Mac users, their belief that they are "safe" makes them [b]more[/b] vulnerable.
        spdragoo@...
    • RE: Does Apple lull Mac owners into a false sense of security?

      @IT_Fella

      Well, the lemmings sure are out. Just not the ones you're referring to. As usual, it's the anti-Apple crowd who show up first and furious at articles like this.
      msalzberg
      • RE: Does Apple lull Mac owners into a false sense of security?

        @msalzberg

        I love the way you allow absolutely no middle ground, if someone criticizes Apple for ANY reason, even when the criticism is justified, then they are 'an Apple hater' without qualification.
        Doctor Demento
      • I don't see where the article is justified.

        @Doctor Demento: A phishing attack is not an attack against the platform. Mac users know this. So far, real malware hasn't been very successful against OS X.
        Vulpinemac
      • @Doctor Demento

        +1
        toddybottom_z
      • RE: Does Apple lull Mac owners into a false sense of security?

        @Vulpine
        Just because the vulnerability is biological rather than electronic does not mean that software isn't malware. MacDefeder was a disaster and it most certainly was malware delivered by a human vector (as almost all malware is these days). Fortunately is *appears* to have been short-lived but don't downplay the real threat that is out there. Doing so adds to the problem.
        use_what_works_4_U
      • @vulpine: please reread the article

        "A phishing attack is not an attack against the platform"

        No one said it was. That isn't what the article is about. You admit that phishing is platform agnostic and therefore is a problem for OS X.

        The question raised by the article is not whether the malware and other attacks are a platform specific problem, the question raised by the article is whether or not Apple uniquely lulls Mac owners into believing they are safe from ALL malware and other attacks, whether those attacks are platform specific or not.

        The article is clearly very justified. At no point was Apple's technical platform attacked. What is being questioned is Apple's approach to what YOU admit is a platform agnostic problem. If Microsoft is telling Windows users to be careful out there but Apple is making OS X users believe that they have nothing to worry about since only Windows users get attacked (something YOU disagree with since phishing is platform agnostic) then Apple is not doing its users any favors. Clearly OS X users DO have to worry about phishing.

        So vulpine, does Apple do enough to make OS X users aware of the platform agnostic dangers out there or does Apple lull OS X owners into a false sense of security? The question is a good one. The article is very justified.
        toddybottom_z
      • So what you're saying is that the headline lies

        @msalzberg: Whether the article was about phishing or not, the title specifically claims that Apple is giving the owner a "false sense of security" and quite clearly mentioned that "Apple does not warn people about the need for security software." Well guess what: Security software doesn't stop phishing, does it?<br><br>My point is that the title states one thing and the article implies that only Apple has this problem because of that 'lack of notice.' As such, this article is not justified no matter how you wish to argue otherwise.<br>
        By the way, Apple does recommend their users find and install security software "because no platform is completely immune."
        <br>Oh, and for being such a disaster, Macadam, Mac Defender still only reached zero point zero two percent (0.02%) of all Macs in use. How does that count as a disaster when different security companies list Windows as more than 15% infected in the US and nearly 50% world wide? Who's having the disaster?
        Vulpinemac
      • RE: Does Apple lull Mac owners into a false sense of security?

        @Vulpine
        MacDefender was a disaster because of how it was handled. First Apple (true to form) refused to acknowledge that anything was going on. Then they released a 'Security Patch' to look for the file by specific name (as if they name couldn't be changed) and told the world "It's OK, we patched against it".

        In short, they went blithely on like Macs were immune and added to the false sense of security that Mac users have. Apple is setting its user base up for a very hard fall one day.
        use_what_works_4_U
      • ZDNet, you make commenting so difficult

        @vulpine
        I'm going to break this up into multiple posts, that can sometimes help get around ZDNet's filtering.

        " the title specifically claims that Apple is giving the owner a "false sense of security" "

        Ignoring the fact that the title is a question (and I'll give that one to you, AKH is well known for using this tactic) the title is still totally accurate. A big part of Apple's advertising campaign is based on the premise that OS X is "safer". The question being posed is: did Apple go too far? In other words, did Apple's well advertised claim that OS X is immune to Windows viruses send out the false message that OS X is also immune to all trojans and all phishing? No, Apple never specifically stated this but you and I both know that what a company specifically states and what a company is trying to get out there as a message can be 2 totally different things.

        So while the underlying attacks are not an Apple specific problem, Apple has responded in a unique way. Apple claims that none of this is a very big deal. That is what Apple is being called out on. It is totally fair to call them out on it because Apple's response is unique and very specific to Apple.
        toddybottom_z
      • Part 2

        Okay, I give up trying to post these links. Go to Microsoft's home page and search for phishing. The first result takes you to MS's security section and explains all about phishing and how to protect yourself.

        Go to Apple's home page and do the same. The first 2 hits are from 2008 and relate to Mobile Me and look like press releases. The 3rd hit takes you to OS X's security page which reads like an advertising:
        "OS X contains powerful defenses to help keep your Mac safe from PC viruses and other malware without the hassle of constant alerts and sweeps."

        Most would immediately see the difference in attitudes and how Apple's approach is very different from MS's for a problem that everyone here admits is platform agnostic. It is Apple's approach that is being called into question. Clear enough?
        toddybottom_z
    • RE: Does Apple lull Mac owners into a false sense of security?

      Whilst what you write is obviously true Adrian. How many real world examples of Mac Malware are there? I read several months back about new Malware in the wild for Macs on Zdnet, the reality hasn't changed. There's very little.

      I'm not sure I agree that Mac users are more likely to be a culprit of phishing than Windows users. Most consumers access e-mail by going directly to Gmail.com/Hotmail.com and are intelligent enough to realise they're not connected to their Mac.

      Whilst a lot of people don't know what the word phishing means, they are well aware of spam and fake e-mails.

      All that said I do agree Apple deliberately down play the risks because the myth that Macs are 100% robust has served their business very well the past 20 years.

      The opinion that Mac OS X is better than Windows is largely an outdated point of view too. I could well believe Mac OS X was better than Windows XP/Windows Vista but Windows 7 is very secure and just works. I've never seen a Windows 7 BSOD on any computer.
      bradavon
      • I so do not see how youcome to your conclusion

        @bradavon <br>I use both Win and OSx.<br>I get phishing emails on both. The OS does not matter. The notebook does not matter. I could reply to them from either system.<br><br>MS has lots of information about phishing and how to avoid it.<br>Apple has basically nothing.<br>Heck, Android has more than Apple about it.<br><br>Based on what they communicate, an Apple user is more likely to fall for a phishing scheme than an MS user.<br><br>This has nothing to do with virii or malware.
        rhonin