is known for its tendency to deny problems with its popular gadgets,
making life miserable for customers when such problems occur.
While Apple's iPhone
4 antenna issues are currently stealing the show, there's
perhaps no better example overall than Apple's spotty
track record on security.Security research firm
Secunia just released a list of vulnerabilities and Apple for the
first has come out on top as the most vulnerable. Secunia
warns, "[The] graph is not an indication of the individual
vendors’ security, as it is not possible to compare the vendors
based on number of vulnerabilities alone."Apple's
supporters were quick to attack the report. AppleInsider writes:
all vulnerabilities are equal: Secunia outlines five levels of
criticality ranging from minor "not critical" issues to
"extremely critical" problems that can result in remote
exploits without any interaction from the user, and for which active
exploits are already known to exist. Yet Secunia's vulnerability
report totals throw all these various types of flaws together into
sums that are frequently used for meaningless comparison purposes.
ironic that almost simultaneous to the report another significant
security flaw in Safari aired. Safari -- Apple's browser
software -- has oft seen releases so
buggy to the point that they were unusable. Safari 5
certainly offered some improvements in that department, but it
apparently doesn't fair particularly better in the security
department than past
releases, including Safari 4 which had a flaw so
severe it prompted a Department Homeland Security warning.While
Safari bug isn't as bad an exploit as some go, considering it's
not a route to installing malware, it can result in the theft of your
personal info. It all starts with one of Apple's features in
Safari -- autofill. Different from the standard browser's
autofill, which remembers users names and passwords for certain
sites, Safari has an even more ambitious autofill which maintains
info about a user in their address book card and offers up these
details when needed.Unfortunately, Apple didn't appear to
realize that it was necessary to screen what it allows to access this
data. Security researchers revealed that a simple web form can
grab much of this data -- first name, last name, work place, city,
state, and email address -- no questions asked.Such info
could be used in phishing schemes. It could also be used in
blackmail schemes if the users were visiting naughty websites.
Ultimately, it represents a gross threat to privacy that easily
surpasses Apple's recent loss
of iPad buyers' email addresses (a problem that was largely
carrier AT&T's fault). Apple was informed of the problem on
June 17, 2010, but since has done nothing.The flaw was
discovered by Jeremiah Grossman, founder of WhiteHat
Security.Security problems are hardly something new for Apple
though. The iPhone has increasingly been attacked.
One security researcher suggested its security was so poor that it
to businesses. Apple has made some improvements with each
release of its iPhone OS, but they didn't stop malicious
worms from cropping up in the iPhone 3GS generation.On
the computer side, Apple also has had numerous past issues.
memory protections in its past two operating systems -- Tiger and
Snow Leopard -- have spawned a number of successful
attacks. Worse yet Apple's latest OS -- Snow Leopard --
shipped with an outdated vulnerable
version of Adobe Flash.Apple has made some gains -- its
new OS does come with mild antivirus protections (though
recommends users purchase dedicated AV software). And the
OS does offer working DEP (data execution prevention), though it
ships with a virtually broken address space layout
randomization (ASLR) implementation (which rival Microsoft's Windows 7 flawlessly implements).Ultimately, though
what is really killing Apple is its slow patch time. Apple's
"there is no problem" mentality has made it the slowest
company at patching, according to recent surveys. It took
it a year to finally last year (June) patch a major
Java hole. Unfortunately, such performance is more the rule
than the exception to it.
quote: In reality using a Mac is much safer than using a Windows PC and many millions of people know that, hence the steady rise in Mac sales.
quote: This means that many millions of people (and businesses) have had real and actual experience of being attacked and compromised whilst using a Windows PC whilst almost no one has had a similar actual experience using a Mac.
quote: Anyone advising her to use a Windows machine like that would be asking for trouble but you can do that with Macs safely - I have seen many people do just that and nothing bad has ever happened to them
quote: Most of the consuming public are like the hypothetical mum above. They want to get tech gadgets out of the box, including computers, and expect to be able to just turn them and use them safely. And why shouldn't they expect that?
quote: I think consumers got tremendously tired of tech kit that didn't work, or was really complex to use, or needed tweaking and constant vigilance and care. Apple, after the return of Jobs, deeply recognised this and tried to make kit that came closest to being the sort or kit people wanted.
quote: next quarter Mac sales will be up again and Apple will probably have higher revenues than Microsoft.
quote: I'm sorry, but you make it sound as though setting up any machine except for a Mac is as complicated as configuring some mid-90's Linux distro. If you're referring to Windows in a similar context, you couldn't possibly be further from the truth. When was the last time you actually used Windows?