Is Apple's corporate culture a security risk?

gallery

“The fact is, all software has vulnerabilities and has bugs, and actually people are very forgiving when you put your hands up and say ‘we goofed’.”

Trend Micro’s security researcher Rik Ferguson said that Apple had spent a long time marketing the idea that the Mac OS X was inherently secure and didn’t suffer from malware exploits.

He agreed with Cluley, saying that he would like to see Apple turn this around to be more open about what problems they’ve faced and were facing, and what they were going to do about them.

“It is starting from a secure model and a better place then most, but it could definitely be more open – having a security team blog or doing more full disclosure.”

Ferguson said that it was rare to see a zero-day vulnerability in Apple, but that it was difficult to say if that was because they didn’t exist, or simply because they were not being fully disclosed.

“[Mac OS X] is becoming a much more widely used and popular platform – deservedly so – but they don’t benefit from being secretive.”

F-Secure security analyst Sean Sullivan said that the state of security at Apple was pretty good, but mostly because nobody was really targeting the Mac OS X platform like Windows.

F-Secure was currently developing a Mac anti-virus client, which was still in beta, mainly aimed at ISP partnerships that they re-sell through.

Sullivan believed that Windows 7 could be a turning point for Apple security, as Microsoft’s attempts to lock it down security-wise could encourage malware authors to target Mac OS X.

He said: “The malware authors would have to change their business models somewhat.”

Apple refused to answer any questions concerning its security model for this story, saying that there was no spokesperson available.

Email to a friend

Print this page