Looks like there’s a new “Get a Mac” ad.
Entitled “Security”. And the fact that it was posted today (or so the Macalope surmises) is most likely a return salvo after Gates’ comments to Newsweek.
Um…
OK, it’s really funny but it’s kinda not what the Macalope had in mind when he asked Apple to demonstrate that it takes security seriously.
Sigh.
David Maynor has come out in defense of Bill Gates’ recent comments that OS X is security swiss cheese and he churlishly derides the Mac community’s response.
In the post, Maynor reminisces that Apple’s “Get a Mac” ads were what got him into Apple security research last year. Is it just the Macalope or is that a little odd? As a child did he also run after Mean Joe Green with a Coke bottle, begging him to throw a jersey at him?
The thing that really upsets me about the Mac community going off on Bill Gates is that Apple does the same exact thing. Their “we don’t have security problems” commericals [sic] are the same thing as what Bill Gates said. If you want to be mad at Bill then hold Steve accountable for the same actions as well. The arrogant commericals [sic] Apple runs has done nothing but win them alot of researchers who are breaking their systems that would not have otherwise given them a second look.
The Macalope thought there was something strange about Maynor’s assertions here so he went back and watched all of the “Get a Mac” ads. Do you know how many of them discussed security?
One.
So, it’s not “commercials”. It’s “commercial”.
Why did David Maynor get so bent out of shape over one commercial? Seems a little absurd.
It’s also a little absurd that Maynor is trying to conflate Apple’s silly, funny ad with statements made by the founder and chief technologist of Microsoft to a Newsweek reporter.
Those things are not comparable.
But for grins, let’s pretend that they are and take a look at the relative truth behind each. Here’s the salient part of the “Get a Mac” ad entitled “Viruses.”
PC: Last year there were 114,000 known viruses for PCs.
Mac: PCs. But not Macs.
Is this true?
The year in question is 2005 and the data comes from a report from Sophos that says:
By December 2005, Sophos Anti-Virus was identifying and protecting against over 114,000 different viruses, worms, Trojan horses and other malware.
So, we can quibble over the use of the word “virus” to describe a host of malware, but it’s not really important to the argument. Sophos does, however, make a Macintosh version of its program, so maybe some of those are Mac viruses.
OK. Just how many Mac viruses are there?
According to Viruslist.com, 111. [CORRECTION: As noted in comments, this is the number of vulnerabilities, not viruses. The number of viruses is actually probably significantly lower which maybe helps proves the point about the Mac’s lower market share being its saving grace.]
Now you can look at the ad’s assertion yourself and decide if it’s “arrogant”, but the Macalope will note that Apple’s at least 99.9% correct here ((114,001 – 111) / 114,001). And it’s 100% correct if you just take it at face value – there are not 114,000 viruses for the Mac.
Maybe it’s the text Apple shows after you run the “Viruses” ad on the web that caused Maynor so much chafing. Let’s look at that.
114,000 Viruses? Not on a Mac.
Kinda covered that.
Mac OS X was designed with security in mind.
Well, that’s a piece of rather obvious fluff. Of course it was.
Windows just wasn’t built to bear the onslaught of attacks it suffers every day.
This is true simply be definition. Most viruses are written for Windows. An OS can’t “bear the onslaught” of a virus written to take advantage of one of its flaws. OS X was not “built to bear the onslaught” of the 111 viruses written for it.
A Mac offers a built-in firewall, doesn’t advertise its existence on the Net, and isn’t compromised within an hour of being turned on.
All undeniable fact.
Aaand that’s it.
Hmm.
Maybe it’s just the Mac guy Maynor doesn’t like. Some people don’t like him.
OK, let’s look at the primary security-related statement against the Mac in Gates’ interview.
Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally.
No. They do not. They didn’t even come out with one every day in the month of January. If Gates had said something more generic like “They keep coming out…” one might be inclined to cut him some slack, but he didn’t. He said “Every single day…” and that is false.
Gates does have something more of a point about upgradability and one can argue about who copied whose interface all day long.
But that’s not what Maynor’s talking about. He’s talking about security and it’s really not a contest. Apple’s ad is true and Gates’ comments are not.
Yet Maynor feels justified in giving props to Bill Gates for stickin’ it to the man.
He also expects howls of uproar over his assertion that Vista is more secure than OS X. Truth be told, Maynor’s far more qualified to make a judgement about that than the Macalope, but the horny one would point out that just because Vista’s more secure on paper, doesn’t mean that it will provide a more secure user experience. Windows is still and will continue to be the bigger target.
The biggest threat OS X has seen recently is from the supposedly responsible members of the security world who seem to be trying to provide Microsoft cover and bring trouble to Mac users by publishing (and executing) OS X exploits.
All because they didn’t like an ad and got pissed off by some comments on Slashdot.
If you read Maynor’s post, you’ll notice that it would be very easy to pump up the volume of the snark in response. Maynor is not a very good communicator. He may be a very good security researcher, but he’s not a terribly good writer (yet, anyway) and history has proven that he’s not terribly adept at PR.
So the Macalope could just haul off on Maynor and we could all have a good time, laugh ourselves silly and go back to watching That Phone Guy. But keep reading. Let’s hear Maynor out.
Microsoft only changed when users demanded better security, and it’s only when the Mac community calls for similar protections that Apple will include them in products.
Here, dear readers, comes the glorious moment. That most special of after-school special moments.
Because you know what? Here, he’s right.
He’s absolutely, 100% right. No matter what crazy-assed things he’s said up until now, his final point is spot-on.
We, as Mac users, have been skating. We’ve been skating on the fact that no one writes exploits for the Mac. And as Apple becomes more and more of a household name, that will not stand.
This is not to say that Apple isn’t already working on security enhancements for OS X or that it will ever have as much malware as Windows. But while Apple has been attempting to leverage its historically good reputation, Microsoft has been trying to reverse its historically bad reputation by aggressively implementing new technologies that will make it harder to write exploits for Windows.
The Macalope wants OS X to be the most secure operating system there is, practically as well as theoretically, and there is certainly some evidence that Apple does not take security seriously enough. Maynor did not even mention the company’s flippant handling of the incident where it shipped iPods infected with a Windows virus.
That incident, by the way, was marked by a universal condemnation of Apple’s comment from Apple bloggers (including the Macalope) and suggestions that the company needs to take security more seriously, an inconvenient truth for Maynor who loves to rail against Mac zealots.
To be fair, some guy on Slashdot probably thought Apple’s comment was teh awesome so…
In general, the Macalope says the hell with David Maynor. Anyone who gets such a gigantic bee up his butt over a 30-second ad shouldn’t be taken seriously.
But at the same time the Macalope would really like to see Apple demonstrate that it does take security more seriously than as a marketing tool.
UPDATE: Maynor provides some clarification in a post that the Macalope agrees with in its entirety. He’s also taken exception to this post in comments.
UPDATE THE SECOND, ELECTRIC BOOGALOO: The blogstorm continues as Maynor responds to John Gruber’s brief post.
You are not mad that Microsoft’s latest Operating Systems out classes OSX hands down in the areas of security and anti-exploitation technology but instead one comment Bill Gates made to a reporter? Tell you what, when Microsoft starts running commercials that feature the Month of Apple Bugs then you have every right to complain.
This is really interesting. Maynor, who complains at great length in a previous post about how Apple’s Lynn Fox screwed him by issuing false statements to reporters, does not find Gates’ false statement to a reporter to be noteworthy. It is noteworthy. It’s noteworthy in the kind of way that you write a response to it on your blog. Not in the kind of way that you decide “Oh, yeah? Well, I’m gonna crack Windows!” and then you come up with an exploit but you screw up the delivery and devote months of your life to defending yourself and quit your job because you think your employer screwed you and finally decide to write a book about the whole affair.
In general, the Macalope expects more truth from a Newsweek interview than a commercial where actors are pretending to be computers, but maybe he’s just one of those craaaazy Mac zealots.
As for the first part, the Macalope’s not sure why this isn’t obvious to Maynor but it’s hard to get worked up over security and anti-explotation technology when there are so few exploits for the Mac. Your average Mac user has never, ever been a victim of malware. Ever. Once.
Is this thing on? Hello? Hello?
Of course, an ounce of prevention being worth a pound of cure, the Macalope would really like to see Apple implement some of the technologies Maynor is talking about and sooner rather than later. So he’s doing what Maynor suggests.
So there.
Remember the Macalope had asked you to hold all your snide remarks about the lameness of the Month of Apple Bugs until, you know, the end of the month?
Well, you may fire when ready.
Or, you can just read TJ’s excellent wrap-up here.
Indeed, it does seem the Macalope may have given the MOAB folks too much credit as TJ subtly alludes. Not that it was a complete failure — some of the bugs could have been serious, if you didn’t know enough to take routine precautions. Still, Apple and the third-party vendors have patched many of the bugs — particularly the most serious one — and let’s not forget Landon Fuller’s work in providing real-time solutions to each of them. That boy deserves a hearty round of applause.
What the Macalope finds most interesting is the MOAB’s apparent belief that all the mundane tasks such as updating, giving credit and providing accurate information are for the little people, not the big swinging dicks of hacking. Weeks later, they still haven’t updated their web site to reflect patches.
Being a hacker is never having to say you’re sorry.
Clearly their intent in picking January was to try to steal some thunder from Macworld. Boy, that sure worked well, didn’t it? Remember how all those reports of bugs in, uh, VLC and, uh, FTP software the Macalope’s never heard of overshadowed the iPhone announcement? The Macalope remembers being on the showroom floor and how everyone was crowding around George Ou, who was behind glass and guarded by a security detail, just to catch a glimpse of him.
Oh, wait, that was the iPhone.
Well, the hacker crusade against Apple (or is it its customers? The Macalope’s a little unclear on that) isn’t over. Next up is the iPhone which, although no one has even held one yet and the final specs aren’t even settled, is apparently some kind of security nightmare. The Macalope supposes this is because it’s based on OS X and there was a whole month dedicated to security holes in that piece of crap.
Hmm.
UPDATE: Ah. So, it’s a crusade against Apple customers (tip o’ the antlers to Rahrens in comments).
OK. Good to know! Thanks, guys!
The Macalope has had a good chuckle at the meat-heads who like to say that Microsoft’s inability to ship a real operating system update for five years is a feature, but the Test Bed’s Emil Larsen — if his whimsically entitled piece “OS X is a rip-off” is to be taken seriously — must be the gristle of head meats.
This is the extent to which Emil covers the features Apple released in every update of OS X:
Apple, on the other hand, charged for OS X updates; sure they had new features – DVD playback, better CD/DVD writing capabilities and interface goodies like gui dpi control, but with v10.1 Apple had the cheek to charge for CD burning and only a minority of people took advantage of v10.3’s “fast user switching”…
Uh, Quartz? FileVault? Safari? iChat? Dashboard? Exposé? Spotlight? Smart Folders? Automator?
Any of those ringing a bell?
Many of those are features you can only now get on Windows by upgrading to Vista and you could have had them a year and half ago when Tiger came out. Earth to Larsen: that’s worth something.
Helloooooo? Anybody home?
Nope. Looks like Larsen must have stepped off the planet.
Larsen’s basis of comparison is looking at each release of OS X, adding up what each cost and then comparing it the price of Vista Home Premium. This is really not comparing apples to apples (no pun intended). Vista Home Premium, for example, can’t be used in a domain/AD-based LAN and OS X can. But, the Macalope is willing to spot him that particular point.
He’s not willing to spot him some other assumptions, however. For instance, how many people really bought Cheetah? The Macalope did, but ran it purely experimentally. It frankly was not ready for prime time and shipped so Apple could say that it shipped OS X. Puma was the first usable version (although most people probably didn’t convert until Jaguar shipped). So, a more realistic comparison is to add the price for Puma, Jaguar, Panther and Tiger for a total of $516 U.S.
Vista Home Premium’s suggested retail price is $159 (note: the Macalope is using suggested retail prices for both operating systems instead of Larsen’s trick of using suggested retail prices for OS X and discounted prices for Vista). If you’re still stupid enough to believe Larsen’s thesis that it’s not worth something to get a feature sooner rather than later then OS X is about 3 times more expensive than Windows. On planet Stupid.
So, advantage Windows!
Well, no.
If not having features to actually use is somehow itself a feature, then two can play at that game.
Because it’s not like Apple held a gun to your head and forced you to upgrade. You could have simply bought Puma (or Jaguar) and not upgraded again until Tiger. Then OS X is only 1.6 times as expensive as Windows. Or, you could have not bought anything and simply continued to use OS 9.2! Or 8.5! Or 7.1! Or a slide rule with the Mac OS smiley face drawn on it!
Advantage Mac!
Conversely, by Larsen’s logic Microsoft could never release another version of Windows again and be infinitely more cost-effective than the Mac!
Advantage Windows!
Ugh.
Do the people at the Test Bed know that if they don’t have any good material they can just not post that day?
The Macalope has read your piece entitled Windows on the Mac changes everything and he wonders what you were drinking last night that you woke up this morning and decided that history begins right now.
At MacWorld [sic], a little company called Parallels won awards for the latest version of its hit product, which enables you to run both operating systems at the same time on a Macintosh. It’s a major breakthrough.
First of all, it’s “Macworld.” Small “w”.
Second, it was a major breakthrough… about thirteen years ago. Sure, it’s a hell of a lot faster now that Apple’s on Intel, but let’s give Insignia, Connectix and OrangePC some props, shall we?
Both companies’ products specifically aimed at the Mac will remain self-consciously crippled in order to satisfy Apple’s demands that users not be encouraged to put Mac OS on a non-Apple machine. But pressures seem to be building in a way that Apple and Jobs will increasingly have a hard time controlling.
Hard != impossible.
Even if Apple didn’t somehow use Intel’s Trusted Computing technology to make running OS X on non-Apple hardware harder [UPDATE: In response to several commenters, yes, the Macalope knows Apple does not currently use Trusted Computing, his point was simply that that could be one way to control the hardware that OS X runs on. There is no evidence that they would even do this, however.] and even if it didn’t take legal action against those who enable it, it can simply not support it. Then it would be run by a smattering of hackers and geeks who probably aren’t Apple customers anyway. Any business, school or home user would find the proposition a non-starter because here’s how a support call would go:
Apple: Hello, Apple support.
Dimwit using OS X on a Dell: Hi, I’m having a problem printing.
Apple: OK. Can you tell me what version of the operating system and what Mac you’re using?
Dimwit using OS X on a Dell: I’m running 10.4 on a Dell Dimension.
Apple: (click)
Dimwit using OS X on a Dell: Hello? Hello?
Maybe what’s confused you, Dave, is that Michael Dell is not the lathe of heaven. His dreams do not become reality.
The pressures are building on Steve Jobs. Eventually, as virtualization improves, it will prove harder and harder not to accede to Dell and others who want to sell his software in different ways.
Right. Please explain how that statement is different than this one the Macalope just made up:
As David Kirkpatrick’s stalking of Beyoncé Knowles becomes more belligerent, it will prove harder and harder for her not to accede to his desire to have sex with her.
Yes, VMWare and Parallels would love to sell OS X virtualization for non-Apple hardware and, yes, Dell would love to sell hardware that ran OS X and drive Apple out of the hardware business.
But why, Dave, would it be in Apple’s interest to simply hand its hardware business over to these companies? It makes sense for them, but it doesn’t make sense for Apple.
Apple makes the iPod, the Mac and soon the iPhone. All of these platforms are closed to varying degrees because that’s Apple’s business model. If you took a few minutes to pull your head out of your ass, you might have heard that somewhere.
Silly pundits everywhere would like to see Apple open these platforms up for no other reason than it would satisfy their desire to report a big story in the industry. As Apple is not insane it’s currently just a useful tool to try to bash the company over the head with and create a controversy out of something that’s more important to the pundit class than it is to the user base.
So, Dave, if we’re going to be forced to endure your stilted technology industry fan fiction, at least give your main character some motivation.
Sincerely,
The Macalope
The Macalope highly suspects that the Month of Apple Bugs is starting off intentionally lame in the hopes that Apple blogs will take the bait.
Please hold your snide remarks until all the bugs have been announced.
Artie MacStrawman? Bi-curious.
The reason is simple: if Steve Jobs appears in pink pants on Young Gay America, so will these zealots.
Who knew?
Are you feelin’ the love from the fine folks behind the Month of Apple Bugs? Because the Macalope is.
They also seem to think there’s something wrong with wearing pink hot pants and being on Young Gay America.
Guess the tent the big swinging dicks of hacking live under isn’t such a big one. Hmm.
The Month of OS X bugs (antler tip to Daring Fireball), brought to you by the somewhat adversarial and misanthropic folks who brought you the Month of Kernel Bugs, is coming in January.
There is much about this to chap the average Mac user’s ass.
But the Macalope is willing to overlook all that because, ultimately, he believes this statement is true:
LMH said that while his upcoming project had the potential to at least temporarily make security more tenuous for the average Mac user, he believes that in the long run the project will improve OS X security.
Unlike the SecureWorks fiasco, this will happen in the open. The bugs will be published with sample code and Apple will have to respond with a fix. It’s not pretty, it’s not completely ethical, but like pulling a Band-Aid off really quickly, it’ll work.
If it happens at all. Somehow the SecureWorks “tell-all” never happened and, as Krebs alludes, Oracle likely shut down the Month of Oracle Bugs.
And the Macalope seems to remember something about someone at Oracle being friends with someone at Apple…
Tom Yager makes a practical comparison between the relative security of Windows and OS X as servers.
So, after all this, do I have enough to judge Windows inherently more vulnerable to severe malware than OS X? I do.
As a desktop OS, one point you could make against OS X is that “just losing your user data” can still be rather devastating, but Yager’s list is a great compilation.
UPDATE: Whoops! The Macalope thought he had gotten this link from the RSS feed of Yager’s blog but he had actually gotting it from Mr. Gruber and he didn’t notice it’s from back in August. Still an interesting read and one the Macalope had failed to take note of at the time. Probably because he wasn’t blogging then.
John Siracusa opines on what “Top Secret” features Leopard might contain and why Apple has embargoed them.
It’s a good read but the Macalope has noticed that despite the scowls of concern over the inconsistency and “unprofessional” look of OS X from many “professional” Mac pundits, it still manages to pull off the one thing it needs to: looking better than any other desktop operating system.
That’s not to say that the Macalope wouldn’t also like to see some things dressed up, a new coat of paint, some curtains, or that Apple won’t certainly provide us something in the eye candy category that will make Vista heads turn.
But the cluck-clucking of the old hens doesn’t seem to have stopped OS X’s market share from creeping up.
Also, Siracusa neglects to mention perhaps the simplest explanation for the embargo.
Showmanship.
Everyone loves a mystery and it sure helps get the asses in the seats.