More security professionalism, please.
David Maynor has come out in defense of Bill Gates’ recent comments that OS X is security swiss cheese and he churlishly derides the Mac community’s response.
In the post, Maynor reminisces that Apple’s “Get a Mac” ads were what got him into Apple security research last year. Is it just the Macalope or is that a little odd? As a child did he also run after Mean Joe Green with a Coke bottle, begging him to throw a jersey at him?
The thing that really upsets me about the Mac community going off on Bill Gates is that Apple does the same exact thing. Their “we don’t have security problems” commericals [sic] are the same thing as what Bill Gates said. If you want to be mad at Bill then hold Steve accountable for the same actions as well. The arrogant commericals [sic] Apple runs has done nothing but win them alot of researchers who are breaking their systems that would not have otherwise given them a second look.
The Macalope thought there was something strange about Maynor’s assertions here so he went back and watched all of the “Get a Mac” ads. Do you know how many of them discussed security?
So, it’s not “commercials”. It’s “commercial”.
Why did David Maynor get so bent out of shape over one commercial? Seems a little absurd.
It’s also a little absurd that Maynor is trying to conflate Apple’s silly, funny ad with statements made by the founder and chief technologist of Microsoft to a Newsweek reporter.
Those things are not comparable.
But for grins, let’s pretend that they are and take a look at the relative truth behind each. Here’s the salient part of the “Get a Mac” ad entitled “Viruses.”
PC: Last year there were 114,000 known viruses for PCs.
Mac: PCs. But not Macs.
Is this true?
The year in question is 2005 and the data comes from a report from Sophos that says:
By December 2005, Sophos Anti-Virus was identifying and protecting against over 114,000 different viruses, worms, Trojan horses and other malware.
So, we can quibble over the use of the word “virus” to describe a host of malware, but it’s not really important to the argument. Sophos does, however, make a Macintosh version of its program, so maybe some of those are Mac viruses.
OK. Just how many Mac viruses are there?
According to Viruslist.com, 111. [CORRECTION: As noted in comments, this is the number of vulnerabilities, not viruses. The number of viruses is actually probably significantly lower which maybe helps proves the point about the Mac's lower market share being its saving grace.]
Now you can look at the ad’s assertion yourself and decide if it’s “arrogant”, but the Macalope will note that Apple’s at least 99.9% correct here ((114,001 – 111) / 114,001). And it’s 100% correct if you just take it at face value – there are not 114,000 viruses for the Mac.
Maybe it’s the text Apple shows after you run the “Viruses” ad on the web that caused Maynor so much chafing. Let’s look at that.
114,000 Viruses? Not on a Mac.
Kinda covered that.
Mac OS X was designed with security in mind.
Well, that’s a piece of rather obvious fluff. Of course it was.
Windows just wasn’t built to bear the onslaught of attacks it suffers every day.
This is true simply be definition. Most viruses are written for Windows. An OS can’t “bear the onslaught” of a virus written to take advantage of one of its flaws. OS X was not “built to bear the onslaught” of the 111 viruses written for it.
A Mac offers a built-in firewall, doesn’t advertise its existence on the Net, and isn’t compromised within an hour of being turned on.
All undeniable fact.
Aaand that’s it.
Maybe it’s just the Mac guy Maynor doesn’t like. Some people don’t like him.
OK, let’s look at the primary security-related statement against the Mac in Gates’ interview.
Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally.
No. They do not. They didn’t even come out with one every day in the month of January. If Gates had said something more generic like “They keep coming out…” one might be inclined to cut him some slack, but he didn’t. He said “Every single day…” and that is false.
Gates does have something more of a point about upgradability and one can argue about who copied whose interface all day long.
But that’s not what Maynor’s talking about. He’s talking about security and it’s really not a contest. Apple’s ad is true and Gates’ comments are not.
Yet Maynor feels justified in giving props to Bill Gates for stickin’ it to the man.
He also expects howls of uproar over his assertion that Vista is more secure than OS X. Truth be told, Maynor’s far more qualified to make a judgement about that than the Macalope, but the horny one would point out that just because Vista’s more secure on paper, doesn’t mean that it will provide a more secure user experience. Windows is still and will continue to be the bigger target.
The biggest threat OS X has seen recently is from the supposedly responsible members of the security world who seem to be trying to provide Microsoft cover and bring trouble to Mac users by publishing (and executing) OS X exploits.
All because they didn’t like an ad and got pissed off by some comments on Slashdot.
If you read Maynor’s post, you’ll notice that it would be very easy to pump up the volume of the snark in response. Maynor is not a very good communicator. He may be a very good security researcher, but he’s not a terribly good writer (yet, anyway) and history has proven that he’s not terribly adept at PR.
So the Macalope could just haul off on Maynor and we could all have a good time, laugh ourselves silly and go back to watching That Phone Guy. But keep reading. Let’s hear Maynor out.
Microsoft only changed when users demanded better security, and it’s only when the Mac community calls for similar protections that Apple will include them in products.
Here, dear readers, comes the glorious moment. That most special of after-school special moments.
Because you know what? Here, he’s right.
He’s absolutely, 100% right. No matter what crazy-assed things he’s said up until now, his final point is spot-on.
We, as Mac users, have been skating. We’ve been skating on the fact that no one writes exploits for the Mac. And as Apple becomes more and more of a household name, that will not stand.
This is not to say that Apple isn’t already working on security enhancements for OS X or that it will ever have as much malware as Windows. But while Apple has been attempting to leverage its historically good reputation, Microsoft has been trying to reverse its historically bad reputation by aggressively implementing new technologies that will make it harder to write exploits for Windows.
The Macalope wants OS X to be the most secure operating system there is, practically as well as theoretically, and there is certainly some evidence that Apple does not take security seriously enough. Maynor did not even mention the company’s flippant handling of the incident where it shipped iPods infected with a Windows virus.
That incident, by the way, was marked by a universal condemnation of Apple’s comment from Apple bloggers (including the Macalope) and suggestions that the company needs to take security more seriously, an inconvenient truth for Maynor who loves to rail against Mac zealots.
To be fair, some guy on Slashdot probably thought Apple’s comment was teh awesome so…
In general, the Macalope says the hell with David Maynor. Anyone who gets such a gigantic bee up his butt over a 30-second ad shouldn’t be taken seriously.
But at the same time the Macalope would really like to see Apple demonstrate that it does take security more seriously than as a marketing tool.
UPDATE: Maynor provides some clarification in a post that the Macalope agrees with in its entirety. He’s also taken exception to this post in comments.
You are not mad that Microsoft’s latest Operating Systems out classes OSX hands down in the areas of security and anti-exploitation technology but instead one comment Bill Gates made to a reporter? Tell you what, when Microsoft starts running commercials that feature the Month of Apple Bugs then you have every right to complain.
This is really interesting. Maynor, who complains at great length in a previous post about how Apple’s Lynn Fox screwed him by issuing false statements to reporters, does not find Gates’ false statement to a reporter to be noteworthy. It is noteworthy. It’s noteworthy in the kind of way that you write a response to it on your blog. Not in the kind of way that you decide “Oh, yeah? Well, I’m gonna crack Windows!” and then you come up with an exploit but you screw up the delivery and devote months of your life to defending yourself and quit your job because you think your employer screwed you and finally decide to write a book about the whole affair.
In general, the Macalope expects more truth from a Newsweek interview than a commercial where actors are pretending to be computers, but maybe he’s just one of those craaaazy Mac zealots.
As for the first part, the Macalope’s not sure why this isn’t obvious to Maynor but it’s hard to get worked up over security and anti-explotation technology when there are so few exploits for the Mac. Your average Mac user has never, ever been a victim of malware. Ever. Once.
Is this thing on? Hello? Hello?
Of course, an ounce of prevention being worth a pound of cure, the Macalope would really like to see Apple implement some of the technologies Maynor is talking about and sooner rather than later. So he’s doing what Maynor suggests.