More than 600,000 Macs have been infected with a new version of the Flashback Trojan horse that’s being installed on people’s computers with the help of Java exploits. How does this infection affect Apple’s reputation for security? Let’s see what LI members think on this point:
“Not in the slightest. Most of Apple’s users wouldn’t know what Flashback is, nor would they care. Did Lulzsec’s hack of Sony’s PSN have any effect on Sony users? Not a bit.
If there will be any change it may be from Sysadmins realizing that there’s no such thing as a perfectly secure OS. Good education on how to use systems applies equally to Mac and Windows users – always has. The OS may be slightly better, but there are still multiple different apps and other attack vectors that can be used – following bad links probably the top of that list.”
Yousef Syed
Technical Project Manager & Info Sec Architect
“I think it is funny. Most people still think that only Microsoft software gets viruses.”
Keith Baldwin
Real Time Card Stunts for sports teams & sports events
“Mac OS X has a great reputation for security in general, but it’s not perfect. Most of the malware we see exploit vulnerabilities in other platforms installed on top of OS X like Java and Adobe Flash. The latest, LuckyCat even comes in through Microsoft Word 2011! Apple’s response may have been slow, but it was definitive. Apple has eliminated the threat with standard software updates. It’s just a question of time before the current variant of Flashback is extinct.
As for Apple’s reputation, it will be a bit tarnished by the outbreak because most people don’t understand the true mechanism of these attacks. That being said, Since Apple controls when Java gets updated for OS X, Apple would do well to keep Java updated on a more regular basis. They allowed this vulnerability to exist for Mac OS X even when the main Java codebase had already been patched.”
Jason Miller
Business Technology Consultant
“I would say that it shows that their OS isn’t inherently more secure, just less targeted, but that isn’t actually what was at play here.
The vulnerability wasn’t in OS X, but rather in the implementation of Java that came with it. Apple manages its own JRE deployment to OS X, and as a result this vulnerability came into play only on Apple’s environment. That vulnerability lends itself well to exploitation, and that’s what happened. Security…real security…was never about how tight an operating system or application is. I mean, that’s a part of it, but there isn’t anything that has no vulnerabilities. And so, the really important thing that determines security is the overarching process and capability to manage those vulnerabilities and deal with them. Microsoft used to entirely suck at this…but now they are the industry leader. Nobody issues patches like they do; theirs is the gold standard. And yes, some of their vulnerabilities go a long time without being fixed, but when I look at how much code comprises Windows these days, and the damage that results if they issue a bad patch, I don’t know that I really want to yell at Microsoft over it. And Apple does worse.”
Rob Shein
Power Generation Cyber Security Lead
“I don’t think it affects it at all. Apple has always had a poor reputation for security in terms of providing patches in a timely manner. In terms of overall reputation for security though, the machines have enjoyed a minor user-base for years and thus were not targeted often. Now that the user base has increased exponentially in recent years, one can only expect that the amount of exploits in production for the platform will also rise.
In terms of my own personal feelings on the matter. I still trust my Mac. I still use an industry standard antivirus solution (ClamXav). Most importantly, I don’t surf the types of sites that typically are used to host malware, and watch what I click on. I’ve been pretty happy and virus free for years so no complaints here.”
Kevin Creechan
at Aholattafun Creative Solutions
“It will probably have a small negative effect on the market perception of Apple security but perhaps the real question is will that have any impact on Apple’s business? My feeling is that Apple’s perceived security advantages do not lead to increased sales, but if they ignore the increasing threat to their platforms it could have a significant negative effect in the medium term.”
Robert Rowlingson
an Independent Consultant, Researcher and Author
Maybe you have something to add? You’re welcome with your comments.
The recent vulnerability changes nothing for me. I run Mac OS X because the applications I use run best on Mac – and some, only on Mac. I have used security software on my Mac for years. Everyone with anything more than a cursory knowledge of computers knows that any system can be vulnerable. It is up to users to be aware of the threats and deal with them. I will keep on using Mac, and will keep running security software.