For years, people have loved Apples and Macs because of their relative security when compared to the likes of Microsoft, who are the target of tens of thousands of viruses, worms, trojans, and other types of malicious programming.
A large part of this has been because of the prevalence of Microsoft Windows, and the fact that Macs make up a tiny little percentage of the home or office computer realm. However, ever since Apple released the iPhone, it would seem as if they have taken a step out into the world of the unknown, venturing into new territories where no one has gone before.
The problem is, many people have already been in these territories for many years, and Apple obviously has not been paying attention. It’s like they never considered the thought that once they started venturing outside of the obscure marketshare into the eye of the general public, they too would become targeted by script kiddies, spammers, and all-around evildoers.
The fact of the matter is, Apple, Macs, iThings, and everything else they are doing IS being targeted more now than ever before, and unfortunately, Apple is sitting around wondering why instead of doing anything about it.
Take, for example, this new TechCrunch article explaining a simple way for spammers to harvest all the email addresses of MobileMe users.
From the article:
Apple knows about the problem but insists it isn’t an issue because no one has complained publicly. An Apple representative said to one of our readers: “We’ve never had a complaint from a customer about people spamming them because of their iDisk public folder name. There is no way to remove your account name from the iDisk folders. I’m very sorry.”
Um…ok. So if I use MobileMe, I can expect a lot of spam. Maybe they think I’ll get used to it.
TechCrunch goes as far as suggesting that Apple is falling apart at the seams. They suggest failures with customer service and security exploits as warning signs. The sad part is, Apple seems to either not care about fixing things, or just not get it, both of which are starting to come off as being arrogant.
Look at the recent ‘patching’ Apple did with the widely-publicized DNS spoofing vulnerability last month. While every other vendor quickly tackled the problem, Apple released a patch that fixed only their server products, leaving their entire desktop user base still vulnerable. It took them two more weeks, but on August 15 they finally patched it for everyone.
The nature of being secure, in my opinion, relies upon being open, recognizing vulnerabilities, and taking them head-on. That’s why there is such a large, active community of security-aware researchers, vendors, and system administrators out there. Apple seems to be shying away from all of this, perhaps out of naivity, perhaps out of conceit.
Whatever the case, I sincerely hope they come to their senses before it is too late.