The Macalope Daily: Accountable parties

The Macalope knows he shouldn’t, but he does love a good technology-pundit slap-fight. It’s hard work putting the business end of the antlers to these pundits, so you’ll have to forgive him for enjoying it when they turn on each other.

OK, you’re right, it’s not always hard work. Some of those Rob Enderle pieces pretty much write themselves.

Over the weekend ZDNet’s Ed Bott lit into All Things Digital’s Arik Hesseldahl on Twitter, accusing him of being insufficiently damning of Apple for not patching the Flashback vulnerability sooner.

Does that let Apple off the hook entirely? No, though to its credit, Apple had a fix ready within a week of learning of this vulnerability. That’s not exactly a pokey response, especially when the problem lies not directly within Apple’s software, but in Oracle’s.

The Macalope actually thinks Bott’s right to take exception to this. Hesseldahl seems to be referring to the amount of time it took Apple to patch the flaw after the public reports came out. But Oracle had already patched the vulnerability in Java almost two months ago.

We have to hold Apple accountable here. It’s no good closing the barn door after all the cows’ credit card card numbers have been stolen. And while the flaw may be in Oracle’s Java, Apple’s the one that needs to provide a patch to Mac users.

Bott maintains that “many if not most Mac users” believed an attack like Flashback was impossible. As we have no statistics on this, the Macalope will simply have to agree to disagree with Bott, who is awfully thin-skinned for someone repeatedly trying to climb our fence and deposit Baby Ruths in our pool.

Again, the Macalope will quote himself, as he did on Saturday:

We, as Mac users, have been skating. We’ve been skating on the fact that no one writes exploits for the Mac. And as Apple becomes more and more of a household name, that will not stand.

This is not to say that Apple isn’t already working on security enhancements for OS X or that it will ever have as much malware as Windows. But while Apple has been attempting to leverage its historically good reputation, Microsoft has been trying to reverse its historically bad reputation by aggressively implementing new technologies that will make it harder to write exploits for Windows.

The Macalope wants OS X to be the most secure operating system there is, practically as well as theoretically, and there is certainly some evidence that Apple does not take security seriously enough.

The Macalope believes that Apple’s improved, at least incrementally, since he wrote the above in 2007, but it still needs to do better. That said, the company is showing that it’s willing to, ugh, “think different” about security by making choices Microsoft would never make, such as removing Flash and Java and making developers sandbox applications sold through the App Store. Not to mention making sure that technologies like Flash and Java are virtually unknown on its mobile platform, generously providing a model for Microsoft to follow in developing its own mobile platform.

The Macalope is sure, of course, that if you asked Bott, he’d jump at the chance to give Apple credit for removing these vectors of attack from HAHAHAHA can’t say that with a straight face.

It’s amusing to see Bott try to claim he’s saying the same thing as respected Mac security experts like Rich Mogull only to have Mogull say, “Uh, no, we’re not saying the same thing.” Funny enough, an almost identical thing happened last summer when Mac Defender hit the virtual streets.

The Macalope’s not sure if there’s enough lighter fluid in the world for us to torch our hair over these exploits to the degree Bott would prefer, but if we don’t hold Apple accountable for keeping the Mac safe and secure, who will?

[Editors’ Note: In addition to being a mythical beast, the Macalope is not an employee of Macworld. As a result, the Macalope is always free to criticize any media organization. Even ours.]

Subscribe to the Help Desk Newsletter

Comments