The Macalope: Insecurity complex

The Macalope wonders if there's a corollary to Betteridge's Law of Headlines that says something about editors who don't understand the details of article but frame something as a question just to be on the safe side?

The San Jose Mercury News's Jon Boudreau asks "Are Apple's Macs becoming more vulnerable to malware?"

Are Macs becoming more vulnerable? No, they are not. Are they being attacked more? Most definitely. But they're also far more secure now than they've ever been.

The biggest vulnerability to Macintosh computers is the belief among their devoted users that Apple's (AAPL) superior operating system makes them immune to malware, experts say.

Oh, you know that wacky cult of Apple sheep and their weird views on the infallibilty of their desktop operating system! Wait, can sheep have religious views? Anyway, just who are these "experts"?

"Some Mac users have this perception that the Mac is free from hacks and that is completely wrong," said Zheng Bu, senior director of research for Milpitas-based FireEye, which develops anti-malware products.

The anti-malware industry. Motto: "Be afraid. Be very afraid. It's our business model."

Now, it may be true that "some" Mac users believe Macs are invulnerable. Some also believe other things that are demonstrably false, like that the Earth is flat, that your kids are better off without vaccines, and that Nickelback is a good band.

Mac users, said Kevin Haley, Symantec director of product management for security response, "have let their guard down."

Ah, someone else hustling security software says Mac users are clueless sheep in a world filled with wolves. The Macalope wonders what a security professional who isn't trying to sell anti-malware software would have to say, like maybe Rich Mogull:

Over the past 7 years, especially the past 5+ since I left Gartner and could start writing for Mac publications, I have learned that Mac users care about security every bit as much as Windows users. I haven't met a single Mac pundit who ever dismissed Mac security issues or the potential for malware, or who thought their Mac 'immune'.

The disconnect, of course, comes from the way that Haley and other third-party anti-virus software vendors define "letting your guard down" as "not using third-party anti-virus software."

The Macintosh operating system is "not a super system made by super people," [Cloudmark's Andrew] Conway added.

Gosh. Thanks for the analyst-splaining, dude. We all thought it was pure Kryptonian technology.

"Both Apple and Windows need to work closely with third-party (software makers) to make safer software," he said.

Actually, what Apple's done is to simply dump the third-party software by the side of the road and keep on driving.

Mac users are pretty much like users of other computer platforms. Are they perfect? Of course not. But they're not mindless sheep in the thrall of Cupertino's marketing. As for the white knight of third-party software, let's let Mogull have the last word.

During the Flashback infection there were accusations that Mac users were too smug, or too ill-informed, to install antivirus software. But the reality is that antivirus tools offer only limited protection, and relying on antivirus for your security is as naive as believing Macs are invulnerable.

Join the CSO newsletter!

Error: Please check your email address.

Tags MacAppleMacalopesecurityOS XFireEyesoftwareoperating systems

More about Andrew Corporation (Australia)AppleCloudmarkFireEyeGartnerMacsSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by The Macalope

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place