Apple becoming Microsoft-like?
Oh boy how I love the internet. It serves me gems like this on a daily basis.
My favourite bit is at the of the first section where they say "Apple is now where Microsoft was a decade ago" (emphasis added).
This statement is hilarious for more reasons than I could ever possibly cover. Firstly, nothing has changed. Apple products were NEVER more secure than Microsoft products. They simply had a smaller market share and were thus afforded less attempts by hackers. I've been saying this for years by the way.
But what's even funnier is that while I get the implication, it is still wrong. Microsoft was in a MUCH better situation 10 years ago than Apple is now. Microsoft had much the same process in place then as they have today. Sure, things have been refined and the process has gotten incrementally better, but 10 years ago Microsoft was already an enterprise first operating system and they had a decent process for pumping out bug fixes and security patches. They also happened to be effectively the sole target of most exploits.
Beyond that statement however, the article is actually a pretty good read if you're concerned about security and stability in your devices. It is just worth noting that all 5 problems highlighted are also legacy problems.
That isn't to say that the article doesn't trip over itself. I think they are trying to be truthful and then retracting statements to avoid drawing ire. Companies seem mortally afraid of ticking Apple off.
My favourite is the first point they make against Apple. Near the end they claim that Apple treats bugs the way it does products and makes sure that they do them right and that this explains the slow and infrequent updates. Good to know... oh wait! What? Didn't the first paragraph point to an example where they were late to fix a bug AND the fix was so weak hackers got around it?
And then the second paragraph states that Oracle fixed a flaw in Java quickly and that Apple didn't allow macs to receive the patch for months after that? That wasn't even them fixing anything. It was simply allowing someone else's fix to be installed. Both points seem to directly refute the half-hearted compliment.
The secrecy bit is a double edged sword. Companies like MS and Google are more open about their bugs because they have a much better process in place. Given the first point, not admitting or being open about bugs is actually a smart move for Apple.
Though, realistically, pretending less people will know about a bug in this day and age simply because you refuse to talk about is wishful thinking. I seriously doubt admitting and publicizing information about bugs has a substantial impact. If anything, I would think it serves as a deterrent. If a company has openly acknowledged a bug, especially if they have provided details about the bug, as a hacker I know that they are aware of the bug and working on fixing it. If they are actively ignoring or denying bugs, it is much more likely that they either aren't aware of the root cause or aren't currently sure how to fix it. Those bugs present the best ones to exploit as they mean your hacks will be longer lived.
Next is applying patches to only the latest OS. Once again, this is an area where you can't even draw comparisons between Apple and Microsoft. Microsoft publishes planned support lifespans for its products. Enterprises often don't want to upgrade so this is an assurance that a particular OS will continue to be updated. Apple products are meant as consumer products and offer no such assurances.
Unwillingness to pay is up there with publicizing. If Apple can't deliver fixes in a timely fashion already. Offering a bounty will do nothing more than uncover more bugs faster. It won't improve the rate of resolution or anything else.
Failing to admit guilt was the only thing on the list that really shouldn't be there. It doesn't affect the stability and security of the platform. It *should* affect people's perception of the company. But lets face it; it doesn't. It really kind of also goes hand in hand with the secrecy topic to a degree. If you've ignored or denied a problem long enough, it really just doesn't make sense to take responsibility for it later.
Frankly, even if they do successfully react to this, it will only be a PR success. The fact that the things above can be truthfully said about Apple when they had years to see this coming and anticipate it is really kind of sad. And there is no possible way that I can believe that no one at Apple saw this coming years ago. They knew their system was actually drastically less explicitly secure than Windows and they knew that increased popularity would increase OS threats.
Both Google and Microsoft have provided models to address these things which they could have started adopting as they started becoming more popular. They chose not too. And lets not pretend for a second that they couldn't afford it. They are the richest software company on the planet. They have no excuse for being blind-sided by this.
So, in summation... is Apple having a Microsoft moment? Or becoming more like Microsoft? I don't think so. If that were true, we would see concrete evidence of change to address the issues.
My favourite bit is at the of the first section where they say "Apple is now where Microsoft was a decade ago" (emphasis added).
This statement is hilarious for more reasons than I could ever possibly cover. Firstly, nothing has changed. Apple products were NEVER more secure than Microsoft products. They simply had a smaller market share and were thus afforded less attempts by hackers. I've been saying this for years by the way.
But what's even funnier is that while I get the implication, it is still wrong. Microsoft was in a MUCH better situation 10 years ago than Apple is now. Microsoft had much the same process in place then as they have today. Sure, things have been refined and the process has gotten incrementally better, but 10 years ago Microsoft was already an enterprise first operating system and they had a decent process for pumping out bug fixes and security patches. They also happened to be effectively the sole target of most exploits.
Beyond that statement however, the article is actually a pretty good read if you're concerned about security and stability in your devices. It is just worth noting that all 5 problems highlighted are also legacy problems.
That isn't to say that the article doesn't trip over itself. I think they are trying to be truthful and then retracting statements to avoid drawing ire. Companies seem mortally afraid of ticking Apple off.
My favourite is the first point they make against Apple. Near the end they claim that Apple treats bugs the way it does products and makes sure that they do them right and that this explains the slow and infrequent updates. Good to know... oh wait! What? Didn't the first paragraph point to an example where they were late to fix a bug AND the fix was so weak hackers got around it?
And then the second paragraph states that Oracle fixed a flaw in Java quickly and that Apple didn't allow macs to receive the patch for months after that? That wasn't even them fixing anything. It was simply allowing someone else's fix to be installed. Both points seem to directly refute the half-hearted compliment.
The secrecy bit is a double edged sword. Companies like MS and Google are more open about their bugs because they have a much better process in place. Given the first point, not admitting or being open about bugs is actually a smart move for Apple.
Though, realistically, pretending less people will know about a bug in this day and age simply because you refuse to talk about is wishful thinking. I seriously doubt admitting and publicizing information about bugs has a substantial impact. If anything, I would think it serves as a deterrent. If a company has openly acknowledged a bug, especially if they have provided details about the bug, as a hacker I know that they are aware of the bug and working on fixing it. If they are actively ignoring or denying bugs, it is much more likely that they either aren't aware of the root cause or aren't currently sure how to fix it. Those bugs present the best ones to exploit as they mean your hacks will be longer lived.
Next is applying patches to only the latest OS. Once again, this is an area where you can't even draw comparisons between Apple and Microsoft. Microsoft publishes planned support lifespans for its products. Enterprises often don't want to upgrade so this is an assurance that a particular OS will continue to be updated. Apple products are meant as consumer products and offer no such assurances.
Unwillingness to pay is up there with publicizing. If Apple can't deliver fixes in a timely fashion already. Offering a bounty will do nothing more than uncover more bugs faster. It won't improve the rate of resolution or anything else.
Failing to admit guilt was the only thing on the list that really shouldn't be there. It doesn't affect the stability and security of the platform. It *should* affect people's perception of the company. But lets face it; it doesn't. It really kind of also goes hand in hand with the secrecy topic to a degree. If you've ignored or denied a problem long enough, it really just doesn't make sense to take responsibility for it later.
Frankly, even if they do successfully react to this, it will only be a PR success. The fact that the things above can be truthfully said about Apple when they had years to see this coming and anticipate it is really kind of sad. And there is no possible way that I can believe that no one at Apple saw this coming years ago. They knew their system was actually drastically less explicitly secure than Windows and they knew that increased popularity would increase OS threats.
Both Google and Microsoft have provided models to address these things which they could have started adopting as they started becoming more popular. They chose not too. And lets not pretend for a second that they couldn't afford it. They are the richest software company on the planet. They have no excuse for being blind-sided by this.
So, in summation... is Apple having a Microsoft moment? Or becoming more like Microsoft? I don't think so. If that were true, we would see concrete evidence of change to address the issues.
Comments
Post a Comment