Apple tones down language touting OS X security measures

Posted:
in macOS edited January 2014
Apple's website used to boldly claim that the Mac "doesn't get PC viruses," but following the spread of the Flashback botnet, the company has since toned down the language to say that OS X is "built to be safe."

The changed list of features on Apple's promotional website for OS X was first noticed by PCWorld. Another headline on the site used to say that users could safeguard their data "by doing nothing," but the page has since been changed to read, "Safety. Built right in."

The new, revised language is less boastful about OS X security, and the it no longer mentions "the thousands of viruses plaguing windows-based computers." Rather than putting down Windows PCs, Apple now simply focuses on how OS X helps to keep users safe.

The changes come just a few months after more than 600,000 Macs were estimated to have been infected by a trojan horse named "Flashback." More than half of the Macs believed to be infected by the botnet were found in the U.S. alone.

Security


The first iteration of the malware appeared in 2011 disguised as an Adobe Installer. Following installation, Flashback harvests sensitive data like user IDs, passwords and web browsing history and sends the information to an off-site server.

After the malware began to spread rapidly, Apple responded by releasing a number of software updates to block Flashback. Apple also issued a Flashback-specific malware tool in April.
«13456

Comments

  • Reply 1 of 109
    tallest skiltallest skil Posts: 43,388member
    If there's any better reason for the removal of Flash and Java, let me hear it. "Pathetic performance" might fit that bill.
  • Reply 2 of 109


    "Safeguard your data. By doing nothing." was a terrible tagline in all senses anyway.

  • Reply 3 of 109


    I'm sure after the Australia 4G advertising lawsuit, Apple's lawyers scoured all of the promotional material to see what could be future lawsuit material. If anyone lost any data to a Mac virus and Apple is saying "to protect your data, do nothing", it's an automatic lawsuit. Going forward, I'm sure all advertising will be going through the lawyers for a final check.

  • Reply 4 of 109
    quadra 610quadra 610 Posts: 6,757member


    PR. They had to. 


     


    The average user doesn't know the difference between "trojan" and "virus" and "malware." In fact, Joe Lunchbox lumps everything into the "virus" category. 


     


    Next time a trojan shows up for OS X (we get one or two every few years, Lol) they'll scream "virus!!!"  and there goes the neighbourhood.


    And whereas media coverage about the precious few pieces of OS X malware in the past was next to nonexistent, Apple's brand name has


    garnered more attention over the past few years than ever. Count on the news about next trojan (maybe sometime next year)


    to clog tech news sites and mainstream news outlets. 


     


    Apple doesn't need to deal with that kind of bullish*t. Can't blame them for modifying the PR blurb.


    It wasn't necessary, but the possibility for negative PR arising from consumer misunderstanding (or rather, ignorance) is far too great. 

  • Reply 5 of 109
    MacProMacPro Posts: 19,718member
    I'm sure after the Australia 4G advertising lawsuit, Apple's lawyers scoured all of the promotional material to see what could be future lawsuit material. If anyone lost any data to a Mac virus and Apple is saying "to protect your data, do nothing", it's an automatic lawsuit. Going forward, I'm sure all advertising will be going through the lawyers for a final check.

    Excellent point.
  • Reply 6 of 109
    elmsleyelmsley Posts: 120member

    Quote:

    Originally Posted by Quadra 610 View Post


    PR. They had to. 


     


    The average user doesn't know the difference between "trojan" and "virus" and "malware." In fact, Joe Lunchbox lumps everything into the "virus" category. 


     


    Next time a trojan shows up for OS X (we get one or two every few years, Lol) they'll scream "virus!!!"  and there goes the neighbourhood.


    And whereas media coverage about the precious few pieces of OS X malware in the past was next to nonexistent, Apple's brand name has


    garnered more attention over the past few years than ever. Count on the news about next trojan (maybe sometime next year)


    to clog tech news sites and mainstream news outlets. 


     


    Apple doesn't need to deal with that kind of bullish*t. Can't blame them for modifying the PR blurb.


    It wasn't necessary, but the possibility for negative PR arising from consumer misunderstanding (or rather, ignorance) is far too great. 



    It's perfectly reasonably for Joe Lunchbox to think so.  Whether it's a worm or virus, or an STD, he doesn't care, "It just doesn't work, fix it" he yells.


     


    Regardless, his understanding should be that "OS X doesn't need extra anti-viral software, because Apple will issue a security update ASAP if there is anything wrong".  It really doesn't make sense that they would need to teach us anything too technical. 


     


    Should I be worried about my iOS running on 'unsecure wireless networks' yet?

  • Reply 7 of 109
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by Tallest Skil View Post



    If there's any better reason for the removal of Flash and Java, let me hear it. "Pathetic performance" might fit that bill.


    Flash and Java have already been removed form OS X. It is up to the end user to install them if they wish. BTW I have a Flash to HTML5 job that I need programmed if you know anyone who is good at that stuff. It should be quite a challenge so if you think you are up for it send me a PM.

  • Reply 8 of 109
    nicolbolasnicolbolas Posts: 254member


    Apple needs to get serious about security fast.  At least they are not being so crazy about how safe it is.


     


    I hope Apple gets security build back up to when it had a smaller market-share.


     


    Sadly i think it will not happen.


     


    My bigger concern is now that most OSX users are much less careful than most Windows users....


     


    :(

  • Reply 9 of 109
    solipsismxsolipsismx Posts: 19,566member
    I'm sure after the Australia 4G advertising lawsuit, Apple's lawyers scoured all of the promotional material to see what could be future lawsuit material. If anyone lost any data to a Mac virus and Apple is saying "to protect your data, do nothing", it's an automatic lawsuit. Going forward, I'm sure all advertising will be going through the lawyers for a final check.

    I think there is plenty of truth in what you say. Of Apple can be sued for correctly stating the iPad has LTE HW and that it will not work in Australia they an surely get sued by their very comment about Macs and Windows-based PCs.
  • Reply 10 of 109
    tallest skiltallest skil Posts: 43,388member
    mstone wrote: »
    BTW I have a Flash to HTML5 job that I need programmed if you know anyone who is good at that stuff. It should be quite a challenge so if you think you are up for it send me a PM.

    Have you looked into Wallaby, or is that still too threadbare?
  • Reply 11 of 109
    popnfreshpopnfresh Posts: 139member


    Apple did the right thing by covering their @ss on this. There may have been no viruses for OS X to date, but that's not to say there couldn't be. It's impossible to say with absolute certainty that any OS can be made 100% impervious to viruses. That said, I still think OS X is one of the most, if not the most, secure OSes available.

  • Reply 12 of 109
    tribalogicaltribalogical Posts: 1,182member

    Quote:

    Originally Posted by popnfresh View Post


    Apple did the right thing by covering their @ss on this. There may have been no viruses for OS X to date, but that's not to say there couldn't be. It's impossible to say with absolute certainty that any OS can be made 100% impervious to viruses. That said, I still think OS X is one of the most, if not the most, secure OSes available.



     


    The thing is, it is highly unlikely that we'll see "viruses" on OSX, because of its Unix foundation. The permissions-based architecture of Unix all but precludes the possibility of a virus spreading like it does in the Windows environment. But viruses aren't the only kind of malware out there. 


     


    It's notable that almost all the 'malware' we've seen for OSX so far requires explicit user approval to gain entry to a user's system, and it can't spread itself to other systems automatically. That said, once installed Trojans and Worms and the like can destroy data, steal data, and forward emails to your contacts in the hopes that they will in turn give permission for something to run… 


     


    This is the main reason the Flashback trojan was so successful. We often have apps set up to "automatically check for updates", and they'll pop up a notification and dialog to enable an update when one comes available… Flashback looked exactly like the all-familiar Adobe Flash update installer, so many people didn't think too much about the timing or sudden appearance… it was an unexpected surprise perhaps, but, oh, it's a Flash update… *click. 


     


    I also find it notable that although 600k sounds like a lot, it's a very small proportion of the total installed Mac base…


     


    No doubt we're still a LOT safer (and hassle free) than that other mainstream OS…

  • Reply 13 of 109
    anantksundaramanantksundaram Posts: 20,403member


    I have noticed that, with later versions of 10.6 (and now with 10.7) none of the software updates that come directly from Apple ask for a system password anymore, prior to installation.


     


    When/how/why did this change, and is this wise? Couldn't someone use something that looks similar to fool consumers into accidentally downloading bad stuff?

  • Reply 14 of 109
    tallest skiltallest skil Posts: 43,388member
    When/how/why did this change, and is this wise? Couldn't someone use something that looks similar to fool consumers into accidentally downloading bad stuff?

    How could a fake App Store install itself on your computer?
  • Reply 15 of 109
    anantksundaramanantksundaram Posts: 20,403member

    Quote:

    Originally Posted by Tallest Skil View Post





    How could a fake App Store install itself on your computer?


    Is that an answer, or a question, or are you just being snarky-rhetorical?


     


    And who said anything about an App Store?

  • Reply 16 of 109
    tallest skiltallest skil Posts: 43,388member
    Is that an answer, or a question, or are you just being snarky-rhetorical?

    And who said anything about an App Store?

    Come Mountain Lion, all updates are done through the App Store. They'd have to have a fake App Store app install to get any updates to pretend to happen. Unless you think someone could somehow inject "updates" into the real App Store.
  • Reply 17 of 109
    anantksundaramanantksundaram Posts: 20,403member

    Quote:

    Originally Posted by Tallest Skil View Post





    Come Mountain Lion, all updates are done through the App Store. They'd have to have a fake App Store app install to get any updates to pretend to happen. Unless you think someone could somehow inject "updates" into the real App Store.


    Read my question. If you don't have a useful answer -- or don't understand the question -- go somewhere else and play.


     


    Go on, now....

  • Reply 18 of 109
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by Tallest Skil View Post





    Have you looked into Wallaby, or is that still too threadbare?


    I have not even heard of Wallaby before. I looked at Sencha which is ok for basic animations. The project I have in mind is converting a Flash based menu system into CSS JS but this menu is really complicated and parses an xml structure. I can do it by hand, I just don't have time right now.

  • Reply 19 of 109
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by anantksundaram View Post


    I have noticed that, with later versions of 10.6 (and now with 10.7) none of the software updates that come directly from Apple ask for a system password anymore, prior to installation.


     


    When/how/why did this change, and is this wise? Couldn't someone use something that looks similar to fool consumers into accidentally downloading bad stuff?



    I think they are probably signed and have an MD5 key. If any hacker tried to alter the OS or install an application, especially one from the Internet the built in security controls would pop up.There are probably many new users who don't know their root password and have no login either so perhaps Apple simplified the process to help keep these new people up to date. If they don't know the password they wouldn't be able to upgrade. 

  • Reply 20 of 109
    Quote:
    Originally Posted by nicolbolas View Post


    Apple needs to get serious about security fast.  At least they are not being so crazy about how safe it is.


     


    I hope Apple gets security build back up to when it had a smaller market-share.


     


    Sadly i think it will not happen.


     


    My bigger concern is now that most OSX users are much less careful than most Windows users....


     


    :(

     

    I think that is a fair concern. Apple has for years misguided its customer base into thinking that OS X is inherently (technically) safe, using Windows as a foil, whereas the truth was actually in OS X's lack of value for hackers. With Apple's ballooning share of the market, the years of security neglect are starting to show. Apple can hope its loyal base will shift blame onto Flash and Java (which *do* increase security risks), but the fact remains that OS X has *not* been hardened in the way Windows has over the years. OS X will have to go through the *same security evolution* as Windows if OS X continues to gain traction.

    Flame this post if you like, but if your beloved platform continues to grow, you will "suffer" as do Windows users for being high value targets.

    Summary: OS X is not secure, play safe and be ready for battle.
Sign In or Register to comment.