Dear Apple…

The Macalope loves his Macs. He loves their design. Their simplicity.

He loves their smell. Their touch. Their taste.  Their warmth in the middle of the night.

And he loves it that they don’t force him to reinstall the operating system every X number of days to get rid of viruses and malware (maybe there are other ways around this, but the Macalope knows many Windows users who resort to this).

The Macalope started thinking about security the other day when he read this article on ZDNet Australia (antler tip to MacSurfer).  He was all set to lay into it as part of his ongoing war against silly pundits, but the more he read, the more air was let out of his balloon of outrage (“Ballons of Outrage” come ten to a bag – ask for them by name at your local five and dime).

It’s true, there’s a lot to complain about in this piece. The lead-in referencing a system compromise that was only made possible by third-party software. The appearance of Artie MacStrawman (“OS X didn’t somehow, magically, prevent the attack as some users seem to think it’s capable of doing.”). The absurd idea that it’s “time to admit” anything, as if Apple should hang its head, kick at the dirt and say “I’m soooooorry”.

But, ultimately, there is a valid point there.

The single biggest contributing factor to the fact that Mac users don’t currently have to worry about security is that OS X has been less of a target than Windows because of its smaller installed user base.  Mac users can go on and on about the inherent advantages of Unix-based systems over Windows, how Apple is perfect and good and the embodiment of the pure radiant light of joy that fills the universe, but that’s still the biggest factor.

Now, the Macalope enjoyed your Get A Mac ad where the PC has a virus and it only made him a little itchy around the haunches at the thought that it might raise the pale, pimply faces of hackers looking for a new challenge.

David Maynor and John (Johnny Cache!) Ellch certainly noticed. If they had decided to use their powers for evil rather than good (well, “good” isn’t really the right word… how about “self-promotion”?), then one guy in a Starbucks somewhere might have lost his user data.

Granted, Maynor may have had to shove him out of the way and replace his kernel with a custom one to make it possible but, look, the point is that there are a few important lessons to take away from the SecureWorks debacle. The biggest is don’t stick a verbal cigarette in the eye of a highly partisan user base, but another is hackers are starting to notice the Mac.

You, Apple, apparently did not get that message as yesterday you decided to take a long drag off that verbal cigarette and make it nice and hot.

Hey, it was great that you got out ahead of this and announced the problem before it was all over the Internet.  And we all love a good jab at Windows – preferably something below the belt.

But shipping virus-infected iPods was your mistake.  Not Microsoft’s.  James “Randy” Abrams (the Macalope would rather not know how he got that nickname) is correct in saying:

The Apple iPod incident was not about Microsoft having a hardy operating system, it was all about security and process.

That Apple would blame Microsoft demonstrates a lack of understanding of remedial security and manufacturing processes. [The] virus was only a symptom of the problem. Apple didn’t know what they were shipping.

Of course the person who wrote the press release and the people who handle your vetting of third-party production controls are not the same.  But from an organizational standpoint, the point is dead on.  The comment was irresponsible.

So, speaking as a Mac user, Apple, the Macalope would really prefer it if you cut the crap.  How about being the strong, silent type on security, hmm?  No one needs any apologies (particularly Steve “iPod Users Steal Music” Ballmer).  But it’s one thing to have someone else slap a “hack me” sign on your back and it’s another to put it there yourself.

Love always,
The Macalope

  • […] 43f Links for Thursday, October 19th The Macalope » Blog Archive » Dear Apple… “But shipping virus-infected iPods was your mistake. Not Microsoft’s.” (tagged: microsoft ipod security viruses mac apple) Hawk Wings » Blog Archive » Why do people call it “”? Ever try to Google help for “Mail?” Might as well be looking for an app called “The” or “Sex.” It’s a really stupid name. [via:Daring] (tagged: osx mac apple dumbnames mail An interview with Jim Donald, CEO and president, Starbucks – October 16, 2006 I love ‘how I work’ pieces like this, and this fellow seems to have a lot on the ball. [Thanks, Rebecca Blood] (tagged: howiwork interviews worldofwork) Word Spy – potty whispering “She removed his diaper, held his bottom over a potty with his knees pulled into his chest, and . . . the rest is history.” (tagged: toilettraining heh) […]

  • […] That incident, by the way, was marked by a universal condemnation of Apple’s comment from Apple bloggers (including the Macalope) and suggestions that the company needs to take security more seriously, an inconvenient truth for Maynor who loves to rail against Mac zealots. […]

  • Ken:

    Absolutely. Apple needs to retract that statement now, and offer virus scanning software to those affected. It was their fault, their problem, and bashing Windows doesn’t exactly build goodwill with [i]anyone[/i] other than hardcore Mac zealots. Even they should be shaking their heads at this one. I hope someone at Apple pays attention to the row this is causing on [i]pro-Mac[/i] websites.

  • Agreed. PR releases for self-inflicted wounds should be more even keeled. Let the windows bashing stay in the commercials. Matt Detherage (via Daring Fireball) had similar words to Ken’s and the Macalope’s.

  • Ok, ok, ok. You’re right, but, this is really about outsourcing, not security. It’s not as if Apple ever sees an Ipod before it gets shipped. Some little dude in China does. Apple build quality has dropped through the floor after starting their entire process in China. Look at Powerbooks (MacBooks). Apple should have have taken the low road and attacked MS on this one, but the breakdown in Apple was a monitoring breakdown, not a security breakdown.

  • Ken:

    Well, to be absolutely fair, the reason I sounded like Matt Detherage was that I saw the DF link first…

  • Their warmth in the middle of the night.

    Dude. The first rule of doing your Macbook is you DO NOT TALK about doing your Macbook.

  • GadgetGav:

    Well said Macalope. I aslo agree with Ken, Apple should look at the reaction on pro-Mac sites to see how low that comment was.
    The reason it slipped through the net may be outsourcing, but that doesn’t matter to end users. They buy an Apple product, they open a box with the Apple logo on it, the software (apart from the virus) is written by Apple, so it’s Apple’s problem. The end user should not need to know or care who actually puts the chips on the circuit board.
    I’m not sure I agree (as some have said) that Apple should be providing full versions of anti virus software though. Most Windows users should have it anyway, and Apple should only have to clear up the mess from this worm, not from anything the Windows box picks up next week or next month and a 30 day version is good enough for that.

  • You totally miss the point.
    This is not a security problem, this a leak of a beta test for a future firmware update.

    The day Leopard will be release, millions of windows computers which have been connected to an iPod once will form a mega cluster and kick all the others windows system out of the internets then burn.
    Apple will then start an exchange program “Massive reduction if you exchange your recent PC for a new mac” saying they do this to help the poor people screwed by Microsoft.

    A new world is coming. Our time has come, brothers.

  • tm:

    Personaly I think it was brilliant, but from a different perspective than it was a good jab. Think about it. By that one little snide comment, Apple has ensured that EVERYONE will be linking to that page or linking to a page that links to the comment. It’s brilliant, it ensures that people will actualy visit the page and learn what they need to do and even better is that it gets more people talking about it, so more people hear about it so more people get the problem fixed. I bet if we took a look at the unique page views for Apples public statement with the links to the anti virus software vs the page views for the recent battery recall just 2 days after both announcements that it’s much much much much higher for the iPod one.

    I think Apple is just using the same techniques that people like Dvorak and Thurrott and every member of DF’s Jackass of the Week club do to generate page views and ad revenues. Say something out of line and stupid, get everyone pissed, and have everyone pay attention.

  • I don’t think Apple was using Dvorakian/Jackassian tactics and I do think it was silly to be so snarky about Windows given that ultimately iPods are Apple’s product, so they’re Apple’s responsibility. It was my understanding however, that because of it’s inherent architectural flaws, even if Windows marketshare was more like the Mac’s of today, it would still be easier to hack. So, certainly there is more interest in the Mac now, but this doesn’t mean it’s as easy to maliciously hack as Windows is.

    This is not to say that Mac users or especially Apple should be smug by any means, but just a point of clarification. Apple, should certainly focus less on jabbing at Windows and more on keeping their security superior, but by all accounts of which I’m aware, Windows is far less secure and therefore easier to maliciously hack AND it’s more ubiquitous due to capitalist circumstance, so I fail to see how this situation portends that MacOSX will become just as vulnerable as it’s popularity increases.

    I’m just sayin’…

Leave a Comment