Tuesday, June 02, 2009

Mac Security and Responsibility

Rich Mogull writes in Macworld about The truth about Apple, Mac security, and responsibility. A week ago I posted about a Mac OS X Java Security Hole, there's been more postulating since. This article I thought was going to be reasonable but then I found it contradictory. I think these two paragraphs sum it up:

"Yes, Macs are plagued with as many (and sometimes more) vulnerabilities as other operating systems. These are the doors attackers use to exploit our systems, and Macs are far from invulnerable. But the truth is that in the real world, Macs suffer from far fewer compromises. This is the difference between security and safety. A highly secure home in a bad neighborhood is still more likely to be robbed than a less secure home in a safer area. Mac market share is probably an important reason here, as is the history of the platform, the focus of the bad guys, and a host of other factors."

"The real failure of this, and many other, calls for Mac security is that they fail to accurately identify those who are really responsible for Apple’s current security situation. It isn’t security researchers, malicious attackers, or even Apple itself, but Apple’s customers. Apple is an incredibly successful company because it produces products that people purchase. We still buy MacBooks despite the lack of a matte screen, for example. And until we tell Apple that security will affect our buying decisions, there’s little motivation for the company to change direction. "

So which is it? Is mac safe because it's a niche product that hackers don't care about or is it selling so well Apple has no incentive to fix things? I suppose it could be both, but if Mac has say about 9% marketshare, wouldn't Apple think there's a lot of room for improvement? Though by that logic, security certainly isn't driving factor for marketshare dominance. Sigh. Still it seems odd to blame consumers for buy macs for their security shortcomings; more consumers are buying windows machines and they get (some) security holes fixed faster.

No comments: