Apple's Mobile Success Puts it on Thin Security Ice
(Login cwc.mgmt) Forum Owner Posted May 19, 2012 6:27 AM
The author makes an excellent analogy between Apple's position with respect to smartphones and Microsoft's position on the desktop.
By John Linkous on Thu, 05/17/12 - 10:10am.
Comparing Apple's current position in mobile to Microsoft's long-running security battle in PCs.
Last week, I was hanging out with my friend Steve, who is a professional digital cinematographer and long-time Apple Macintosh user. We were talking about how great a piece of hardware the iPhone 4S is, when there was a pregnant pause in conversation before he asked me, “So why did this Flashback thing happen?”
Ah, yes … the Flashback malware. For many Apple users, this is the first time they have ever been familiarized with the string of dead silence, followed by tacit acknowledgement, vendor scrambling, and eventual mitigation (far too late, of course) that comes from a major breach of a vendor software platform. To the Apple fanboys, I’m honestly not here to rain on the parade that is Apple. To the Apple haters, sorry, but I own several Apple products, and I’m very happy with them. I’m here today only to give a cold, objective eye to the Apple model of security. And to do that, I’m going to compare Apple to … Microsoft (I can hear the cringing now!)
The comparison, however, is a very legitimate one. Starting with Windows 95, Microsoft found itself propelled into the unique position of being the consumer operating system of choice. When that happened, Microsoft put itself firmly in the crosshairs of malware producers, and unfortunately, it wasn’t prepared for the maelstrom that followed. Seemingly every few months, another malware or worm time-bomb was discovered, resulting in a substantial increase in revenue for anti-virus vendors while Microsoft continued to get bashed in the press.
However, a funny thing happened in the subsequent years: Microsoft got smart on security. By taking their head out of the sand, listening to (and working with) white hat security analysts outside of Redmond and developing a concerted effort of programs around security (think “Patch Tuesday”), Microsoft not only improved the security and overall quality of their products, but eventually overcame the stigma of “Swiss-cheese security” and is now recognized as one of the most security-conscious technology giants in the industry. Unfortunately, they also took a heavy and prolonged PR hit in the process, one that haunts them to this day.
Apple, as any Apple fan will tell you, is not Microsoft – but at this point in time, it certainly is behaving like Microsoft, circa 1995. Within just the past few years, Apple has gained a massive share of the desktop OS market, and has even done a good job of starting to crack the ever-elusive corporate desktop world. And, of course, when it comes to portable consumer equipment, Apple’s software reigns supreme. Unfortunately, just like Microsoft before it, this is going to place a giant target on Apple’s back, not for malicious reasons, but simply because, to paraphrase Willie Sutton, “that’s where the money is.”
There are a lot of hard-fought lessons that history can teach Apple. For one thing, don’t advertise your products as “more secure” than your rivals. For another, start releasing patches to your core operating system components on a more regular basis. Also, please look at the security analyst community as partners, not enemies. Finally, when bad things do happen – and they will, as with any technology company – don’t simply ignore them, put your PR folks in charge of the mitigation process or live by the mantra, “if we don’t tell our customers about it, then it doesn’t exist.” Spin, unfortunately, does not equal security.
As Apple continues to increase its market share, the company is going to have to own up to the fact that – just like any other vendor’s technology – it contains threats that can be exploited, and patching those threats must become a reality. Steve Jobs was a brilliant, visionary leader, but the “reality distortion field” he brought to Apple’s employees and faithful consumers isn’t going to extend to the legions of black hats that look at Apple products as simply another green field ripe for the picking. Apple makes great products, and they deserve their substantial market share – but they must learn that wearing the crown comes with a price.