Apple does not read this blog
Posted February 5, 2007
By The Macalope
Looks like there’s a new “Get a Mac” ad.
Entitled “Security”. And the fact that it was posted today (or so the Macalope surmises) is most likely a return salvo after Gates’ comments to Newsweek.
Um…
OK, it’s really funny but it’s kinda not what the Macalope had in mind when he asked Apple to demonstrate that it takes security seriously.
Sigh.
Comments
Leave a Comment
It’s definitely funny, but I don’t know that it shows a disregard to security on Apple’s part. If Vista does require user authorization for nearly everything the user does and the user only has the all or nothing options of granting or denying authorization or turning the security feature off completely then the ad makes a good point.
Security is a trade off, between protection and convenience, and if users find that a security feature is more hindrance than help users will likely shut it off completely which would completely defeat the purpose of the security feature. Granted, I have not used Vista and can therefore not be sure that the security feature does require authorization for “just about everything” a user does. If it does, however, I think the Apple ad is spot on.
I love it. Anyone who’s used Vista for 10 minutes will get this one, and for the rest of the population, this beats the security drum and calls MS’s reassurances about Vista’s security into question.
Also, I’ll bet it will drive Gates to suck his thumb and Ballmer to put his fist through his monitor, which is reason enough to love this ad.
Hey… Bill Gates was right… Macs can get pwnd every day by MS Security Vulnerabilities…
http://www.macnn.com/articles/07/02/05/excel.zero.day.attack/
So, basically, you’re saying that to show that it “takes security seriously”, Apple can’t point out the flaws in the security of another operating system?
So, to the Macalope, Apple should have instead filmed the Mac guy holding a poster of a Mac OS X authentication dialog, and had the script go something along the lines of:
Mac: Hi, I’m a Mac.
PC: And I’m a PC.
Mac: Hey, PC, look at my sweet authentication dialog. Isn’t it sweet?
PC: Oh, yeah, and it uses little bullets in place of your password! That’s cool!
Mac: Yeah, that’s so if someone is standing near you, they can’t figure out what your password is by looking at the screen! See, Apple takes security seriously! Sweet!
I kid, but seriously, I don’t see how having a sense of humor and taking security seriously are mutually exclusive.
I agree that Apple should continue to have a sense of humor about these ads. However, believe what the Macalope was trying to express was his dissapointment that Apple had a great opportunity to fire a shot across Microsoft’s bow in regards to Bill Gates comment and they seem to have (for the time being) squandered it with what really is a sucker punch.
Aw, it’s funny!
But yeah. Apple, spend some of the iPod money on hiring rilly smart programmers, bringing them up to speed, and them getting them to fix outstanding security bugs.
Funniest ad yet.
Go watch the IT State of the Union broadcast on the Apple Developer Connection website (via iTunes). There’s a whole presentation on security – Apple are taking it very seriously, it’s just that (as usual) they don’t make a big song and dance about it.
As for that Mac & PC ad – “You are coming to a realisation that it’s funny. Accept or Deny ?”
Taking security seriously has nothing to do with quotes in Newsweek or television adverts or blog entries. Taking security seriously has to do with what your software does and how it does it.
Very funny. Mostly because it’s so true.
This is one of the funnier of the current TV ads. I get it, but would the average viewer? I thought maybe it was more of an “insider ad” that would only appear on the website, but I saw it on TV last night.
I just don’t think an average Windows user is going to “get it” until maybe they use Vista (which surely most have not yet) and after two hours they cry out in despair for the permission windows to come to a merciful end.
I think this is just targeted at Vista evangelists and developers – which to me is funny – but not that effective as a sales tool.
I think what Apple is indicating here — that Microsoft puts the onus for security on the user — is a very valid point.
Microsoft simply wants to be able to say to the user, “Hey, you ALLOWED something you should have CANCELED it. Tough luck, naive internet user.” This is not a practical approach to security for Great Aunt Clicky.
XP is crazy-making enough, Vista apparently more so. Fair game.
I think this isn’t a security ad. It’s a user experience ad. Apple is saying, “OK, Microsoft is finally serious about security, but they *still* can’t walk and chew gum at the same time.”
This one is my favorite of the bunch.
Correct me if I’m wrong, but on my Mac, when I try to do something that requires root-level permissions, it pops up a little dialog requiring me to approve the permission escalation. It looks like this:
http://alastairs-place.net/images/Authbox.png
It’s pretty odd for Apple to make fun of Windows for adding a feature that’s been in OS X since day one. If anything, the Vista dialog is easier to dismiss, since it doesn’t require a password.
Now you could argue that the Mac dialog shows up less frequently than the Windows one, which is true, but that’s a minor implementation detail. Instead of criticizing Microsoft for trying, we could do something constructive and make a list of actions that currently trigger UAV, but should not, and vice-versa.
Pretending that this sort of thing is a PC-only issue is like claiming that Macs never get blue-screens, because hey, ours are *grey*.
Bergamot –
When you clicked on the Macalope’s “Submit Comment” button, did your copy of OS X ask you for password confirmation that you were submitting material to a website? What about every time you tried to change the name of a file in the Finder? We’re not talking about confirmation dislogs only when installing apps or drivers.From many reports, Vista is indeed doing that for actions as trivial as this. Over and over. It’s as if every single action you perform was the equivalent of emptying the trash.
I agree with Erik. The new ad’s about the user interaction, not the security infrastructure.
In a way, this kind of “Cancel or Allow” intrusiveness makes sense. Microsoft has to do more than just improve their security, they have to SHOW they’ve improved security. What better way to do that than show active involvement in every facet of the user interaction?
I think this approach is woefully misguided, but it is understandable. And strangely enough, it doesn’t really tell you anything about the quality of the underlying security infrastructure. It could be intrusive and exploitable at the same time.
And I don’t think this ad was released in response to BillG’s comments. At most, the ad was already produced and ready to broadcast, and Apple may have changed their mind about when to release it. But there’s no way they could have written the script, hired the MiB actor, done rehearsals, filming, and editing all in the time since BillG made that comment. When was that, Friday last? Thursday?
I think Erik hits it right on the head. It’s totally about user experience, and I think many of us thought this was the funniest ad yet because it’s the truest so far.
I don’t run Vista, but in my experience when Mac OS X prompts you for your administrative credentials, you are doing something you know to be altering the system. It’s deliberate. If it’s not, and the dialog comes up, you are more likely to go, “hmm, what’s this about, maybe that script I downloaded is suspect.” Not that this has ever happened to me, and I would be curious to hear from anyone for whom it has.
AFAICT from anectdotal evidence, Vista’s security prompts are ubiquitous to the point of being meaningless. It is precisely their ease of dismissal, Bergamot, that makes them pretty silly in terms of actual security. It all comes down to the user experience and interface, once again, to allow the user to operate their computer in a secure yet productive manner.
Agreed with Follower. It’s not the case of prompting, it’s the case of crying wolf. True, For the Mac, I’d like to see an addition/change to the API where you have to enumerate in the details all that you’re going to do, but:
1) It only comes up for major surgery (Overriding unix permissions, or accessing hardware in a guts-level way)
2) even then, only once per session. Software update, for example, only asks for the password once, even if you’re updating 4 packages.
3) Details give some hint about what the program is trying to do,
4) Well-behaved apps will ask for lower levels of permissions, only wanting installer privileges.
5) It’s not asking for ‘cancel’ or ‘allow’. It’s making you put in your password. This reduces (But not eliminates) the habit of users to just click through any dialogs automatically.
There does need to be some way to make this dialog box unique, however; I can see decoy security boxes used for phishing.
The only saving grace is if, IF, Vista allows a way to adjust this feature on an ACL-level. That is, ‘For this folder, always prompt. For this folder, never prompt for this, this, and this user. For this folder, always require an administrator password.’ For some reason, I don’t see this happening.
Disgracefu! The cool kid is beating up on nerd again. This bullying will drive Bill’s *insecurities* about Vista to such new heights the anxiety will cause him to wet the bed.
Hey Jay,
Isn’t “Great Aunt Clicky” married to Artie McStrawman?
Obviously the Macalope does not think it was filmed over the weekend. Please. His comment was in reference to the timing of its release – not its creation. It is a little unusual that this ad was released by itself and seems to have bumped one of the ads released two weeks ago off the page of new ads.
More realistically, though, it was probably just held for the Vista launch.
I like the ad. I think it points out the difference between MS’s approach (accept or deny everything) vs Apple’s approach (just ask for Admin PW when installing a program or modifying a system component). Not too many people will get it, but the some people will get it.
Yes, the point of the ad is that dealing with security on Vista is still a pain.
Donn said: “Vista’s security prompts are ubiquitous to the point of being meaningless.”
This is part of the point, as well as the fact that they don’t ask for a password: you are exasperatedly clicking, allow allow allow- you may accidentally click allow when you mean cancel. And, anyone sitting at your computer can also click “allow” for anything.
Seems kind of absurd.
This is a great ad, the funniest yet. That security dude is one cool cat- disengaged and yet totally condescending…
Andy,
The Macalope has now had time to go back and watch Bud Tribble’s address and he was rather unimpressed. It’s not really an in-depth discussion of secuirity so the Macalope doesn’t want to be too hard on it, but it doesn’t address what Apple might be doing in the area of implementing new technologies (other than FileVault which is really more related to physical security) like Microsoft has done.
There is a rumor that Bill Gates has a mild form of Autism, called Asperger’s. That would explain a lot of his actions (I think). He seems to act like a child with little emotion or concern for others’ feelings, so it is entirely possible he does have this disease.
Although he does seem to be taking these ads to heart, so maybe he does have feelings. If it were not for his wife, he would probably be more ruthless than Ballmer. This is all just payback for all the cruel things Microsoft has done to Apple in the OS wars through the years. Karma rocks!