X

Working the security drama queens.

Apple's bad rep on security is partly a people problem.

The Macalope
Born of the earth, forged in fire, the Macalope was branded "nonstandard" and "proprietary" by the IT world and considered a freak of nature. Part man, part Mac, and part antelope, the Macalope set forth on a quest to save his beloved platform. Long-eclipsed by his more prodigious cousin, the jackalope (they breed like rabbits, you know), the Macalope's time has come. Apple news and rumormonger extraordinaire, the Macalope provides a uniquely polymorphic approach. Disclosure.
See full bio
The Macalope
3 min read

Unless you're too busy doing the rickrolling that's so popular with the kids these days, you probably saw that a MacBook Air got hacked at CanSecWest last week.

In a repeat of last year's "PWN 2 Own" contest, organizers this time offered three different laptops running three different operating systems.

David Maynor says:

I hope this puts to rest the myth that OSX is more secure but I am sure the zealots will have a million reasons why this is a fixed or rigged contest.

Well, the Macalope for one has already acceded to his contention that Vista is more secure based on the technical merits, if not the practical ones. So the brown and furry one's not really sure what he's on about. But he's sure David will find a Slashdot comment somewhere that will validate his Artie MacStrawmanism.

There's certainly no denying that, as ZDNet's Larry Dignan says (no "Mac zealot" he), the MacBook Air was certainly the more coveted target:

[The Fujitsu running Vista and the Sony Vaio running Ubuntu] are still standing, but that may be because there's more hacker glory in taking down the MacBook Air.

Plus, you hack it, you keep it. So, sure, everyone's trying to hack the Air. (The Vista laptop was later hacked, but only after the rules were relaxed.)

But putting it all down to the Air metaphorically having a big red X painted on it is ultimately just sour grapes -- it got compromised, and that's a frowny face in the Apple column.

So the Macalope will reiterate his call -- again! -- to Apple to get more serious on security.

There are several reasons these security "professionals" are spending their waking and non-waking hours targeting Macs.

First, they're lashing out at what they think is a "smug attitude" by Apple on security. Frankly, Apple's corporate position on security is so lame that the only thing these people are basing this on is the "Get a Mac" ads. Yes, really. These people have the emotional maturity of a cup of fruit salad. That's all territory we've covered already.

Second, thanks to the resurgence of Apple, most of them have only just discovered the Mac. It's virgin territory for them and, like when Columbus "discovered" the New World, their first inclinations is to immediately start shooting the natives and giving them all kinds of horrid diseases.

Third, Apple simply has not implemented a comprehensive security policy (see: Leopard firewall, Back To My Mac defaults). It may very well be that it's easier to exploit certain vectors on the Mac. The Macalope's not qualified to make that call.

Finally -- and this is the issue that would the easiest for Apple to solve -- the members of the hacker community just don't know anyone at Apple. They know people at Microsoft because the company shmoozes the hell out of them.

If it wanted to, Apple could probably make serious inroads to this community and at least reduce its PR problem by hiring someone they know. Now, many of these people are not exactly the corporate citizen type. They often dress and smell funny and, if you've been paying attention, have the emotional maturity of a cup of fruit salad. So maybe Apple would want to poach someone from Microsoft or look to those who write about security -- your Rich Mogulls, your Ryan Naraines -- and tap someone like that. Sure, journalists still dress funny, but they fare slightly better on the olfactory and fruit salad scales.

See, the easiest thing in the world to do is to get someone who will take these people golfing and tell them "Dude, we are totally going to do that. Next release. I swear."

"Now watch this drive."

The company could defuse a large part of this without changing a line of code because it's less about the relative merits of the various platforms -- which are valid concerns -- than it is about emotion (see: salad, fruit).

And, really, this is exactly the kind of game that Apple has gotten wrong for 30 years. Shmoozing is not exactly the company's forté (just ask any Apple developer how the lunches are at WWDC).

The Macalope certainly wants to see Apple come up with a comprehensive strategy for implementing sound security in its software, he's just saying that there's more than one aspect to this issue. One requires coding, the other requires grease.