Column

Security Blog Log: Apple lives under 'cloud of smug'

Bill Brenner

    Requires Free Membership to View

When Apple Computer Inc. started running commercials earlier this year featuring a stuffy, suit-and-tie-clad guy playing the role of a PC and a scruffy, laid-back guy in jeans and a t-shirt representing the Mac, one segment in particular raised a lot of eyebrows in the IT security community.

It was the commercial in which the PC guy had caught a virus, and the Mac guy boasted about never catching them. The timing of the commercial was ironic, since it was shortly after the Mac was targeted for the first time by malicious code.

Surely, security experts said, the day will come when Macs will get attacked and Apple will live to regret that commercial. Natalie Lambert, an analyst with Cambridge, Mass.-based Forrester Research, said as much in SearchSecurity.com's Security Wire Weekly podcast last week.

Irritation over Apple's boastfulness was apparent in the blogosphere this week, with the Security Curve blog comparing the situation to a South Park episode where everyone is so pleased with themselves for driving hybrid cars that a gigantic "cloud of smug" forms over the town, threatening to cause the end of the world.

People in the South Park episode went around saying things like, "I prefer to be part of the solution rather than part of the problem and holding themselves up on a pedestal because they're so great," the blog said, adding that Apple's current attitude about security is no different.

About Security Blog Log

Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at bbrenner@techtarget.com.

Recent columns:
Security Blog Log: Opinions abound on IBM/ISS deal

Fear and loathing in MS06-040's wake

Israeli-Hezbollah war spills into cyberspace
Now, the blog noted, Apple has followed the no-viruses commercial with a new one in which the PC guy wears a trench coat and tries not to be recognized by spyware, while the Mac guy is relaxed and carefree.

"Apparently, Mac's don't get malware, and they don't get spyware. Behold the power of marketing," Security Curve grumbled. In the end, the blog said, there's no technical reason why Macs can't be pelted with malware, suggesting that it will happen sooner or later.

Security Curve noted that computing platforms are built to allow the user to manipulate the environment, and that if a user can do it, a user's agent can do it. Since there is no way to know user intent programmatically, if a user's software agent can do it, malware can do it, the blog said.

For example, if a user can install software that gets launched at boot and uses system resources, then spyware can install software that gets launched at boot and uses system resources, Security Curve said. If a user can reformat the disc, malware can reformat the disc, the blog noted.

Sooner or later, people buying Macs based on these flawed assumptions will get a wake-up call.
Security Curve weblog,
"But buy in to Apple's message, and it seems like there's something magical about Mac that defies this -- somehow once software is undesirable to the user, it can longer be installed on the system," Security Curve continued. "Sooner or later, people buying Macs based on these flawed assumptions will get a wake-up call."

The blog entry attracted a healthy trail of responses, some of which defend Apple.

"For six years now commentators have again and again promised that anytime now the sky would fall and all those smug Mac users would rue the day," one blogger wrote. "However, this has still not happened. With 116,000 viruses and worms, 68,000 bits of spyware and adware, countless Trojans, keyloggers etc, Windows remains infinitely more malware-ridden."

Apple is simply stating a fact in its commercials that today's malware doesn't affect the Mac, the blogger said, asking, "What is so unethical about that?"

The end of the superworm?
For more than two years, Jose Nazario has been the keeper of a very comprehensive site called Worm Blog. But devoid of a fast-spreading and highly destructive worm in the aftermath of MS06-040, he wonders if it's time to close the blog down or change the focus.

A couple of years ago, he said, when a vulnerability like this was released, a worm usually wasn't far behind, and "not just a basic worm, (but) the kind that can infect hundreds of thousands of machines quickly. After all, we've been expecting that to happen given what we saw in the past with MS05-039 (Zotob, which really was a bot), MS04-011 (Sasser) and MS03-039 (Blaster)."

But this is 2006, he said, and for whatever reason, "we're beyond simple worms."

At this point, Nazario plans to stick with the blog, though he said he'll probably adjust the subject matter to fit the times.

"Don't be surprised if you see more botnet stuff on here because of such changes," he said. "I think that there's still interesting research going on in worms and not just in bots, and I'll keep digging for it."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: