Is Apple putting good PR ahead of keeping users safe?

ZDNet.com ^ | March 31, 2010 | Adrian Kingsley-Hughes

[Wooly]

On Monday Apple released Mac OS X update 10.6.3. This monster update weighed in at up to 719MB (depending on current configuration) and patched a whopping 92 vulnerabilities, some third of which were rated as critical. Is it time for Apple to adopt a “Patch Tuesday” for the Mac OS in order to drip-feed patches to users and plug up vulnerabilities in a more timely fashion? Is Apple putting good PR ahead of keeping users safe?

Apple release Mac OS X 10.6 “Snow Leopard” on August 28th, 2009. Over that time the OS has seen three updates:

10.6.1 - Released September 10, 2009. This update primarily consisted of bug fixes but it did upgrade the vulnerable Flash Player that was shipped on the original Snow Leopard install disc. Download size: 71MB. 10.6.2 - Released November 9, 2009. Bug fixes and security updates. 67 vulnerabilities patched. Download size: 496MB. 10.6.3 - Released March 29, 2010. Bug fixes and security updates. 92 vulnerabilities patched. Download size: 719MB. As you can see, the file sizes are growing rapidly (a ten fold increase between 10.6.1 and 10.6.3), and the gap between updates increasing.

[Wooly]

Smugness and Ego will not keep you safe. The days of the jerk sitting on AOL Messenger with a simple downloaded virus kit are long gone. The threat today is from government sponsered hacking groups that are looking to creat a zombie network that can be exploited. And the Apple OS is no more immune to this type of attack than a Windows machine is.

[loungitude]

Must be some mistake. Everyone knows, Mac’s are impenetrable.

[utherdoul]

As any operating system becomes more popular people begin cracking it. Hell I could write an operating system (with some training) and only use it myself and claim it was impenetrable if only because no one attempted to break into it.

[Mr. Jazzy]

Good grief! That is a mighty big download! I feel bad for those with a slow internet connection.

[Freddd]

Apple? Oh the same Apple that is boycotting Beck, but promoting Che...

[Aqua225]

I’m a bit lost on the Che promotion thing, when did that happen?

As to other comments: Apple will have vulnerabilities like everyone else, at this time. Previously, Apple was a stronger OS than XP, but at Win7, it probably doesn’t exhibit any more security strength than Win7.

In XP, you ran at Admin level on a home install, unless you purposefully downgraded your account at some point to User or Power User.

From the onset of OSX, Apple forced you to elevate your privileges to change critical settings in the system. Win7 has finally brought that to Microsoft -— and Microsoft is eating the dog food with their own apps being compliant (previous to Office 2007, you could find problems attempting to run MS productivity apps at anything less than admin).

Now between pretty much any commercial OS, the security is all about the same. MS pays a heavier price because they are on more systems. Apple also truly attempts to keep users from having to install AntiVirus software. I don’t MS really cares currently, if you look at their position on the matter.

I’d still go Apple if I had to choose between the two, simply because Apple has better control of their HW and the driver update process, and they still don’t have the overall exposure to virii as MS, simply because of a lower number of installed machines.

And Apple has the slickest laptops (of course, that’s a opinion, not a fact :)).

[Wooly]

And before the simpletons with the “I am not worried about virus/malware infections because I own a mac” might want to look at this and read it.

http://www.apple.com/downloads/macosx/networking_security/clamxav.html

[Aqua225]

Simpleton? I’m a kernel level systems programmer, you can smoke it :)

That app was last updated in September 2008. Must have been perfect right out the box, or more than likely, no one uses it.

[GBA]

I dunno...maybe Apple should ask themselves, "What would Che do?"

With respect and condolences for the victims of Che and for their families, Apple and all the grotesquely stupid 'stars' who are Che fashion statements are not allowed in my home and will not be supported by me in any way.

[zeugma]

I’d still go Apple if I had to choose between the two, simply because Apple has better control of their HW and the driver update process,and they still don’t have the overall exposure to virii as MS, simply because of a lower number of installed machines.

for myself, I choose Linux, because it better suits the way I work. (I can't live without multiple desktops). When we're ready to upgrade my wife's PC (she's Linux now too), we'll probably go Mac because I think it will better suit the way she uses computers.

One thing you forgot to mention, is active-x. That is the open barn door that a majority of viruses use as an attack vector.

I agree with you about Microsoft finally getting it together with security. The latest p0wn2own confab saw all three major OSes make it through the first day unscathed. (That's the day for remote exploits that don't require user intervention). This is a good thing for all computer users. It would seem that OSes are getting smarter, in that they don't have a lot of unnecessary listeners running by default. It took the 2nd day, where attackers were allowed to direct someone to a website for an attempt at p0wning with browser defects before stuff started falling.

Do you notice how vicious some of the Microsoft supporters are these days?

I posted this thread earlier: MS Issues Emergency IE Security Update. Contrary to claims by some Freepers, this didn't attract a bunch of MS-hating name-callers, like you find on any FR thread that has to do with Macs.