We have all heard the claims that Apple’s MACs are more secure than the other guy’s computers, PCs that is, from the various home brewed & comedy schticky “I’m a MAC…I’m a PC” commercials. We have also heard of Apple’s deceptive marketing tactics which have netted two banned commercials from the UK’s advertising watchdog agency, the Advertising Standards Authority (ASA). Warning: The following is not for the Apple fanboy faint of heart…
The upheld complaints and details for each of the two Apple iPhone commercials can be found on the ASA’s website HERE (dealing with the false claim of being able to access “all the parts of the Internet”, and HERE (dealing with the false representation of how fast the iPhone 3G can work on AT&T’s 3G network.) The latter of the complaints was empirically verified by Rob Reed in the following video where he literally shows that even under the BEST 3G network conditions, the iPhone 3G still performed 3.5X slower than the ad showed the iPhone 3G performing at:
So, this leave us with a basis for the next foray into the deceptive nature of Apple’s marketing regarding the security superiority of their products:
Claim: Apple’s MACs running OS X 10.x are more secure than PCs running Windows.
Status: Currently False
Research: As reported by CRN HERE Charlie Miller, noted security researcher argued:
“…Apple has essentially gotten away with weak security because attackers haven’t been particularly interested in the Mac; OS X simply hasn’t gotten the kind of scrutiny that Windows has faced for years. That’s starting to change, however, and the iPhone’s high profile will only speed things up.”
Deliver on his promise Charlie did, as this report was from 2007, and since then he has been able to crack the MAC OS X platform twice. Once in 2008, and once this year faster than any other platform.(ZDNet) In both occurrences he was at the CanSecWest Pwn2Own contest. The MAC OS X platform was later that same day this year, cracked by a gentleman known as ‘Nils’ who was able to take advantage of another exploit in the Safari browser.(ZDNet)
As a technology consultant myself, I have several subscriptions to cyber-security organizations. I keep a close eye on emerging vulnerabilities to patch them ASAP on my client’s systems. Only five days ago (8/5/09) a WatchGuard notice came up showing that Apple had released an update to deal with 18 vulnerabilities in 13 different components of the OS X system, including MobileMe, ImagIO and Dock. (Where was the media fanfare regarding this notice? Hmmm…) On the serious tip though, be sure to patch if you have not done so at this point, as one can gain full control of your system via these vulnerabilities.
Elaboration: This fallacy is arising from a misconception (Happily propagated by Apple) regarding vulnerability to security attacks vs propensity for security attacks. Basically, the fact is that since the Apple MAC computers are simply not as globally popular they are not as big a target for malicious cyber attackers. This fact deals with the propensity for security attacks which is, in the case of Apple MAC computers, less than the propensity for security attacks against PCs. The analog of this fallacy would be like suggesting that nuclear power facilities were more secure than banks since there are less attacks on nuclear power facilities than there are on banks. This, as we know from post 911 failures of tested facilities is false.
So what do we know? We know that as Apple computers have become more popular, the rise of known security vulnerabilities has increased.
Where does this leave us? The fact of the matter is that until there are verifiable statistics showing that Apple MAC OS X computers are in fact harder to crack than PCs (based on Windows platforms), this statement is currently false. Unfortunately, this is not just a disservice to those who are considering Apple products as a technology solution to their needs, but also to those who already own Apple products. This current deception leaves owners with a false sense of security which can cause them to be vulnerable to attack, even as Apple fixes vulnerabilities, if they are not mindfully diligent about ensuring that updates & patches are being implemented with their products in a timely fashion.
Commentary: Bottom line, “Don’t believe the HYPE!” Purchase your technology products based on the facts of whether or not they meet your needs rather than the marketed suggestions that they do. If you are not aware of the facts, and/or do not have the time to look it up, then I recommend deferring to an unbiased consulting source where the source only bennefits if you bennefit from their information. (Shameless plug forthcoming..) For consumer information one can always come to us, and make a request in our TEK-Korner, as well as follow us on Twitter @VeracityNation. For business, and/or enterprising, I recommend seeking the guidance of an unbiased technology consultant.