Malware, Network Security, Vulnerability Management

Apple is the richest company in the world, but it’s not very good at dealing with malware

Last weekend, I headed from Brooklyn to Manhattan with my girlfriend so she could get her iPhone fixed. Our destination was the Apple store, a hip and stylish three-story building in the Meatpacking District.

Surprising as this may sound, it was my first time ever at an Apple store. Within a few minutes, I became fairly convinced that nobody ever comes here to buy anything; it's merely a hangout, much in the same way the popular nightclubs in the vicinity are.

As expected, the Apple fanboys and girls were out in full force on this Sunday afternoon, so the place had its usual air of elitism to it -- at least that's the way my Windows and Android-using insecure self perceived the surroundings. I gotta admit, though, I've kinda gotten over my grudge toward Apple. That's because every time I've played with one of their gadgets, I've really enjoyed it, even though the only device I own from the House That Jobs Built is a busted iPod that I will toss out one of these days.

Still, as a security journalist, Apple and I have a tough time being great friends. And that was only compounded when I was making small talk with the "Genius Bar" dude who was troubleshooting the girlfriend's phone. I asked him if he thought Macs needed anti-virus protection. He, without hesitation, responded no.

Cue a few days later, and Apple is facing possibly its largest outbreak of malware in its history, with news that the dangerous Flashback trojan has contaminated some 650,000 Macs, many of which are located in the United States.

In my mind, Apple -- the richest company in the world, remember -- has failed on two levels here. For starters, it was abysmally late in pushing its own update for Java for Mac OS X, even though in mid-February, Oracle, which owns Java, fixed the vulnerability that is allowing Flashback to spread.

You see, Apple insists on releasing it own patches for third-party products. And Flashback is known for disabling built-in Mac OS X defenses, so any attempt at security that Apple already had in place wasn't going to help out.

The second problem is security communications. Over the last several years, I can count on my fingers the number of times a PR person from Apple responded to a query from me. Maybe SC Magazine isn't big enough of a name when considering the publications that fawn over Apple's products, services, (and stock price), but is that really an excuse? Or maybe Apple just likes to stay true to its "security code of silence."

But one would think that, in the case of a malware outbreak, Apple might prefer to get ahead of the story by providing, at the very least, some user guidance. After all, viruses on Macs are likely a new concept for most Apple users, so they may actually need some help dealing with them.

In the end, I guess not much changes in three years.

Maybe Flashback will give Apple the wake-up call it needs. Only time will tell, of course. Don't forget, Apple still makes up only a fraction of the world's operating systems. 

In the meantime, I wonder if I head back to the Apple store tonight if that air of elitism would seem a little less dense.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds