Slashdot Mirror
Call for Apple Security 'Czar'
conq writes "The second security non-incident to hit the Mac platform in as many weeks has been debunked. People are talking a lot about security on the Mac these days, and the result is that a great deal of FUD is being spread around. BusinessWeek's latest Byte of The Apple column suggests that its time for Apple to appoint a security Czar to get out ahead of the FUD before it spreads much more." From the article: "Creating a CSO position may be viewed by some as an admission of weakness. Still, I say it would be a good way for Apple to inoculate itself against the perception -- warranted or not -- that Mac security may be eroding, and get ahead of the curve for any troubles that may be inevitable. That may not be the case, but in matters related to product marketing, it's the public perception, not the reality that really matters. And once you've lost a user's confidence, it's hard to get it back. Just ask Microsoft."
A chief security officer? Why did an image of Lt. Worf just pop in my mind?
And yet, they still seem to be doing OK.
It's not wasting time, I'm educating myself.
I'm concerned about the security on my new Intel iMac. Do any helpful /.ers want a SSH login on my machine so that they can take a look and tell me if it's secure?
Probably would work just as well to link to ever slashdot argu^^^^discussion on Apple's security issues.
To maintain public confidence in its operating system, Jobs & Co. should consider hiring a security czar
Huh? Most of the "public" I know doesn't have any lack of confidence in OS X and hasn't even heard all the latest "scares" of OS X's security. In fact, I'd venture to guess that most of the "public" knows nothing about OS X being more secure than Windows (as it isn't really an advertised fact) and think that viruses/trojans/worms, etc, are just a part of computing.
that is funny. The reason why you can not trust MS is because they have loads of security issues. With Apple they have been overall secure. What I find funny is that a column would call for them to go through the hoops that MS does now, rather than simply staying the same course that has worked well for mainframes, other *nixs, and all the trusted systems that they gov. uses today.
I prefer the "u" in honour as it seems to be missing these days.
Especially if the appointee is a highly-visible and respected switcher to OSX from the open-source community.
If nothing else, it'll start an effective and accurate comparison of the state of security between OSX and Winodws, a feature of OSX that Apple has not stressed as much in their ads as they should.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
Jacques A. Vidrine was recently hired on (leaving Verio) and now holds a high level position in the Apple Information Security. Jacques was the former FreeBSD Security Officer
"Creating a CSO position may be viewed by some as an admission of weakness." - Not if they market the position like the Maytag Repair Guy...
Remember that to the average luser, anything made by Microsoft is top-notch. If it weren't, they wouldn't be in the position they're in market-wise. It's all those damn "hackers" out there that cause the problems, not Microsoft.
This guy's the limit!
It's not FUD if the vulnerabilities are real. The fact that not many machines were affected is not relevant. With only 3% of the OS market - I wouldn't expect any Apple outbreak to bring down the house. The point is - Mac's are not immune and the sooner people realize it and cast off their false sense of security the better.
Why is it we have so many 'Czar' titles nowadays?
.......
What about other titles for potentates?
'Chief' 'King' 'Master' 'Commander' 'Lord'
It would seem that what the author really wants is for Apple to comment on silly people doing things with Apple computers, which is the job of a marketing person. The marketing person just goes and asks someone authoritative sounding to comment, wraps that in pretty and feeds it to the public. No big deal. And that's certainly not a reason to make a security czar.
it's the public perception, not the reality that really matters.
OK, then everybody else can stick to the illusion of security with Windows despite reality, and I'll be happy in the reality of my secure OS X machines.
OS X is not 100% secure, but out of the box, its about as secure as any system can be that has a network adaptor in it. Try this on your average box:
netstat -an |grep -i listen
tcp4 0 0 127.0.0.1.631 NOT JUNK LISTEN
tcp4 0 0 127.0.0.1.1033 NOT JUNK LISTEN
Go ahead, break into 127.0.0.1. I dare you.
Please use fewer junk characters OK Please use fewer junk characters OK Please use fewer junk characters OK Please use fewer junk characters OK Please use fewer junk characters OK Please use fewer junk characters OK
...just because it hasn't happened yet (in the field, as it were), doesn't mean it won't happen. Apple would do better looking like they're on top of it even if it does appear to be non-event. There is no such thing as a secure system.
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
Ok. Lame. I think that the major attack on mac is that, as more people use it, it becomes less obscure, so people might actually target it for attack, not that the software is becoming less secure.
It is notable that microkernel OSs offer improved security and such, at the cost of performance. Not being a Mac fanboy, I don't know how true they are to the whole bit.
This isn't about Mac security, it's about public perception of Mac security. He's calling for a VP of Marketing/Publicity for Security Issues.
//sorry for the awkwardness of that sentence)
As stated in the article, putting security in the hands of an individual is counter to Apple's philosophy of having security be a priority for everyone.
I personally think Apple's better off letting third parties defend the FUD; they seem to be doing a swell job with the last two instances. By now, no one in the know doesn't know that the past two were FUD.
Those who aren't in the know didn't even hear about it.
IMO, we should never ASK a company to add in another layer of publicity and marketing. That's asking to be mislead by slanted information, be it MS, Apple, Google, IBM, or whomever.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Microsoft's probem isn't the public perception that it has security problems. It's concrete, measurable, reality that thorns their side. It's Microsoft who floated the "Windows get hacked because its a bigger target" fantasy. But you can take a Mac out of the box and scan it and find zero open ports. A Windows machine has more than a dozen. Those ports are open for Bill's benefit, not for the customers'. Bill wants to keep his fingers in every Windows box, and won't give up that capbility in exhange for better security. Yes, the Mac probably still has some OS flaws that hackers could exploit, and thus Apple can't be complacent. But at least Steve isn't holding the door open to let the hacker inside.
it would be a good way for Apple to inoculate itself against the perception -- warranted or not -- that Mac security may be eroding
While I agree that every company that sells operating systems should take security seriously, and that having somebody responsible is practically always a prerequisite to being "serious", it's really too bad that people don't seem to absorb a bit more reasoning skill by the time they get out of school.
Sure, Apple's relatively superior security record "may" erode as they start to gain market share and visibility to the black hats. In fact I'd say there's not much room for it to go other than the direction of erosion. However, we don't have any evidence that that anything like a disaster is about to happen. You can posit that terrible things may happen, and nobody can prove you wrong. You could posit that Steve Jobs is the vanguard of an alien mind-control invasion, and nobody could prove that wrong either. These are the sort of things that can only be proved in an affirmative sense: some researcher finds a vulnerabilityin the Mac OS authentication system, or tentacles suddenly springing from Steve's head.
Right now I'd say the biggest problem are the Mac user base's overconfidence. While back in the day, Mac users did struggle quite a bit with viruses, which were oh-so-much more interesting to write for the more advanced Mac platform than for DOS, recently, they're getting a bit cocky. They're not as used to the security patch grind as the people running Windows.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
What happened with the text? It was supposed to run until Friday, then he shortened the deadline and removed the reference to the Friday end time, and then I forgot to log back into it at midnight. Now the URL gives a "could not find host" error and I can't even pign the IP..... so what happened? What was the end result?
- "Nobody came out that night, not one was ever seen. But Old Man Stauf is waiting there, crazy sick and mean!"
He will be able to work closely with the Quality Emperor. Both ultimately report to the Development Shogun. His office is just down the hall from the Usability Kaiser.
Every week, they hold a cross group meeting with the Sultan of Marketing, the Sales Duchess, and the Distribution Führer. They all are answerable to the Grand Baron of Charging More for Stuff because it is Shiny (he prefers people call him Tim, for brevity).
${YEAR+1} is going to be the year of Linux on the desktop!
Sounds to me they need to hire someone with appropiate skills in either their PR or Legal departments.
Two non-security incidents in a month almost certainly mean that they're the victim of a FUD campaign.
The right way to answer that is not to validate the fud, but
... communicate the truth - which is a function of PR, and ... make sure no-one's illegally slandering their trademark -which is a function of legal.
The latter is far more dangerous to Apple than the hypothetical security non-issues a CSO could address.If Apple had wanted to move to Windows, they could well have done so a long time ago. They even considered using the NT kernel for the next-gen Mac OS before they settled on NeXTSTEP. Thus far however, they've shown no signs that they're even considering it; and if you look at it, does it make sense? Apple are doing very well producing both the hardware and the software, and the software is definitely considered important to Apple (at the WWDC 2005, Jobs said "the heart of the Mac is its operating system"), and the OS is definitely well-loved by the Mac community (I personally adore OS X; the closest I've come to an operating system as nice as RISC OS). If Apple switched to any form of Windows, the revolt would be huge.
I see no advantages to Apple to switching to Windows; they're doing very well with OS X.
And tomorrow the stock exchange will be the human race
I've examined and compared the security features of operating systems for many years now and I can tell you one thing for certain. No "useful" operating system is invulnerable... and this includes Mac OS X, regardless of what hardware it is running on.
Of course, you could argue that it be completely locked down with no keyboard or connection to the Internet, etc... but this would be a completely moot point.
With this in mind lets consider the overall design of the security subsystem. Apple Mac OS X is much better DESIGNED than Windows in its current state. I won't delve into detail about protected memory, access controls, permissions, default configurations, open ports, etc... but out of the box Mac OS X is more "security minded" that Microsoft's Windows.
Now, keep in mind that things ARE changing. No matter how much heat Microsoft takes they are still managing to improve the quality of their product. Windows XP is a far superior product (security wise) than was 98 or ME... and it appears that the next version of Windows is even more security conscious.
In conclusion, people should not "judge" an OS based on the potential for it to have problems... they all will. Mac OS X has enjoyed a reputation for safety that is based on many factors (including having a small market share). However, the bottom line is that it is very "security aware" and has the potential for you to lock it down even more... and this is the right perspective to look at.
Matt Wong
http://www.themindofmatthew.com
Dvorak? Is that you?
from a group secretly funded by Microsoft who call themselves "OS X Veterans for Truth."
Pictures of Jane Fonda on her iMac will be forthcoming.
Worf sits bored and alone in his corner office:
Worf: "This job gives me an intense feeling of Gardachk! I think I'll kill one of the developers at our next hackeysack battle."
After all, the top secret Apple/Novell skunk works project to show MacOS runing on Intel ('486) was code named "Star Trek". They actually had Finder running and had ported QuickDraw GX and QuickTime by the end of 1992; however when Sculley left and Spindler came in, they turned to the PowerPC instead.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
It's about time--MAC should definitely get on top of security to keep confidence high and avoid bad pr (and a whole lotta losses).
The second challenge debunks nothing. One challenge gave shell access, the other didn't. Only one of those actually ended up demonstrating a result.
Not to mention that the second challenge was pulled early, and not that I expect someone to give away a remote shell exploit for free to prove a point.
Just ask Microsoft.
Or an ex-customer like me.
Perception of course matters to many people. But hopefully reality matters to many more people.
Apple, please... just please... do everything you can to keep your customers' computers safe. That's all I ask. Appoint a CSO or don't, I don't care.
Developers: We can use your help.
I have been using a Mac iBook for some time with 10.4 , and LOVED it until I had to rebuilt it. Now, it's as unstable as Charles Mason on crack.
I'm not a troll, but I play one on Slashdot.
Sounds good as long as they don't hire Microsoft's security czar. They'd want someone who can do something besides spin out of control.
"We are all geniuses when we dream"
- E.M. Cioran
Instead of bleating for help howzabout looking up your question for yourself?
"university wisconsin mac challenge" are some good key words.
If you think the topic is of general interest then post back your results.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
>respected switcher to OSX from the open-source community
Going from open source to close source is ok if the closed source is Apple and not Micro....
oh, Im sorry I forgot I was on Slashdot, the Mac open source web site.
Dvorak, is that you? Seriously mate, you could write for PC Magazine.
It's a Unix system - I know this.
Personally I think they'd be better served by concentrating on improving their security, rather than concentrating on improving their security-related PR.
.jpg. Exploits based on getting the operating system confused about filetype mismatches are really the kind of thing we should not be seeing in 2006, especially since (1) OS X has had security issues of this exact same type before and (2) this is the exact kind of exploit which is the basis for many Windows e-mail worms. Apple needs to take this seriously.
Analysts and bloggers crowing endlessly about "Apple/Linux/Firefox/whatever don't have better security, they're just smaller" gets attention for a little while, but just let time pass. Eventually people realize they're being cried wolf to. After a few years people will have forgotten the bloggers, but will remember whatever the next major Windows worm incident that gets on the nightly news turns out to be.
Unfortunately, this only works if you really do have better security. And while this article is just talking about media events like the mac mini challenge as if they're all that matters, Apple has had real security problems of late. Whether or not the mac mini challenge was important for real security there are apparently some os x privilidge escalation exploits floating around, and there was that incredibly embarrassing bug awhile back where Safari could be tricked into launching a shell script as if it were a
Taking this seriously does not mean-- as the article suggests-- appointing someone to talk to the press about how great Apple's security is. It means actually fixing the problems, and making some effort to see what other problems might be out there. PR is temporary, and if you do too much of it it can backfire (as people start to assume anything positive they read about your platform is just a result of PR). Real security problems like the filetype bug I mention can impact your reputation for years, no matter how much you try to spin them.
Speaking of which, there was a new security update on Apple Software Update this week. Anyone know what exactly that covered? Is the jpg/sh MIME or whatever problem fixed yet?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
more information about the security for mac. I think the security is good enough, but (and I know I sound mental) I feel more secure on windows, because even because i might get a virus/spyware I've got pretty good at knowing how to deal with it if I get it and not get it. If I was on mac and got any security problem I'd never know and so it could run for ages...
That said i do want to migrate...
*''I can't believe it's not a hyperlink.''
Put up a stock OS X box, with default config, and encourage the blackhat crowd to go for it. Take what they learn, apply it to the system updates, and re-iterate.
--
Don't like it? Respond with words, not karma.
... the Maytag repariman.
To a Lisp hacker, XML is S-expressions in drag.
And once you've lost a user's confidence, it's hard to get it back. Just ask Microsoft.
Bill, can I be confident that Vista will not have any security holes?
Yes you can, just make sure you buy Vista Ultimate. It is the best one that we offer.
He who knows best knows how little he knows. - Thomas Jefferson
The second security non-incident to hit the Mac platform in as many weeks has been debunked.
This is crap. It was an "incident" for sure. The fact of the matter is that the Mac, given local access by either a process or login is very subceptible to local privledge esclation. It took someone 30 minutes to prove that this is the case.
The real concern with this is that the Mac is not truly equipped (in it's current state) to be used securely as a multi-user UNIX machine. An example of such an environment would be as a shared hosting environment on an xServe.
The "rebuttal" security challenge isn't much of one, pretty much any machine running SSH + Apache with other ports blocked by a local firewall will be similarly "secure". Even a windows machine running RDC and IIS 6 (not 5) and Wind0wz firewall would be similarly difficult to hack.
I guess we all need something to talk about.
Isn't appointing a czar what ineffective beauracracies do in response to a problem they don't have an answer for?
Have there been any successful czars for anything?
"The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
Don't believe me though.
Read what the pros say about the simplicity of finding vulnerabilities in OS X
How do you expect Apple to dismiss security reports as "a FUD campaign" to be fought with PR when they just released a security update that patched 20 holes and in 2005 released security updates nearly every month (nearly as often as Microsoft)? Apple didn't have to release any from Dec 2005-Feb2006, but the massive March 2006 Security Update makes up for those three months. ;-))
Apple needs to treat their holes as real problems, not just as a PR problem. And they're actually doing just that by releasing fixes and not spouting PR. Spouting PR would only make them a bigger target for hackers, just as appointing a "Security Czar" would. The latter would also undermine confidence of the general public ("If Mac is so secure, why do they need a 'Security Czar'?")
-- "I never gave these stories much credence." - HAL 9000
Creating a CSO position may be viewed by some as an admission of weakness.
I don't think so. I think it's an admission that you arn't a self-centered egotistical fathead who is actually dumb as a stump. Security is always an issue. No matter how well you *think* you are protected.
If I give someone an account with limited rights I've given them an account with limited rights, not an account for them to get root if they feel like it. If I wanted them to have root, I'd have given it to them in the first place!
Avantslash - View Slashdot cleanly on your mobile phone.
...put it in a room with all the security measures like on Mission Impossible 2, oh, wait...nevermind
The Independent: Reverend Spooner Arrested in Friar Tuck Incident - ISIHAC, Historical Headlines
Yeah... I've really noticed Microsoft's market position crumbling because of the public's perception of their products' reliability and security...
nt
"The White House is not an intelligence-gathering agency," -- Scott McClellan, Whitehouse spokesman.
Apple doesn't need no PR guy to handle any security problems that may be exploited in OSX. What they could use is preventive maintenance.
Apple could easily integrate an Anti-Malware system in OSX and it would boost their security immensely and there's nothing Symantec or Mcafee could do or say about it (Unlike MS under an antitrust ruling. I'm surprised they are letting Windows Defender in Vista). All it would have to do is warn you of potentially harmful actions even if it's initiated by the system root (heck, they could just simply expand their root prompt behavior to prompt even when you're logged in as root). This method would not use a lot of resources, since it could be totally integrated into the OS, and would be totally transparent to the user in every way unless they were doing something that was triggering the warning.
Looking at my experience with this method of handling malware, when MS Antispyware came out we did a lot of testing on it to see how well it handled the blocking of spyware. What we found out was that it was so comprehensive, it would warn about viruses trying to infect the system as well, even through unpatched security exploits and backdoors. It wouldn't be able to stop them in all cases since it didn't have any definitions to handle viruses and you could in theory allow the malicious app to proceed, but you were alerted to the point that you knew something bad was going on.
Simply put, If Apple added a simple layer of protection to OSX, the security of the OS goes up drastically without sacrificing performance or security if at some point an exploit is found.
In Soviet Russia, Trojan exploits YOU!
At least with this story we get a peek at how Business Week sees the world. A "Security Czar" job is to create propaganda, not enforce security policies. Appointing such a person is principally "an admission of weakness", not a declaration of strength.
Who do they back on National Security issues? How do their favorite National Security spokesmodels rate?
--
make install -not war
It's my understanding that thus far, Apple has been intentionally downplaying their system's security because they don't want to be seen as taunting hackers. A "security czar" might be seen by Apple as just such a misstep. The last thing they want is a guy standing up at an Apple podium exclaiming how their security is invincible, because that's one sure way to make themselves a bigger target.
Customers just have to go thru nine levels of hell to get the repair guy authorized to go out and fix something!
Is it an coincidence that all this pops up now that Apple has finally released the Mactels ? I suspect the antivirus sw industry is trying to spread the message that Macs are more vulnerable now that they too are running Intel processors, in hopes that the minions will plunk down $75 for Norton AV..
Shut it! I bear no resemblence to the false prophet Dvorak! I am simply attempting to rouse some rabble. ;P
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Yes, Führer and Komissar are spot on. It is a stupid American meme spread by people either unaware of or reveling in the history of the Russian Czars, who on security measures seemed to have just 2 methods: the execution and the pogrom. The term is most offensive when used by our Dear Leaders (e.g., the "Drug Czar"), but really should be rejected across the board (imagine the headline, "Apple to Appoint Adm. Pointdexter to New Position of Chief Security Stalin (CSS)").
These days, I think "president" would work too.
There has been a long-standing design flaw in Safari and Mail as long as they have existed. The problem is that there's a single database, "LaunchServices", for use by applications working with local files and by applications working with untrustable documents. To fix this Apple has been trying to come up with a clever scheme to make double-clicking like a crackhead monkey on any random icon in your download directory "safe". Instead, they need to come up with a separate database (a "WebServices" database) for applications that are designed to handle unsafe files, and let Safari and Mail and third-party software use that.
Because "Open Safe Files After Download" implies that there are some file types that are safe and some file types that are unsafe. that's not true... in the real world there are applications that are safe to use to open untrusted files, and ones that aren't... and most aren't.
Hardly anyone tried.
I'll bet if you compare the numbers to similar "windows challenges" or "openBSD challenges" you will discover that the talented white-hats have little or no interest in XNU security auditing.
The glory is in the big target (MS) or the hard target (oBSD). I doubt Dug Song or Georgi Guninski bothered with the UWisc "challenge".
>And once you've lost a user's confidence, it's hard to get it back. Just ask Microsoft
And yet, they still seem to be doing OK.
Do you mean in terms of security or money? If you are talking about security, given the attitudes toward MS on this forum, I'm surprised you weren't moded up to '+5 Funny' for that comment. Personally I wouldn't exactly call Windows Security 'OK' (as in security provided by Microsoft, out of the box, after patching and with native tools only no third party software), perhaps in a couple of years, if Vista lives up to the security hype that surrounds it then maybe..... I still have occasion to use Win2k3 at work. It has become alot more stable than Windows 2k Server used to be but in terms of Security it still has away to go. I can't speak for the Microsoft Desktop OS'es I stopped using them back in 1997.
Only to idiots, are orders laws.
-- Henning von Tresckow
I'm not sure this will work, because Apple are already perceived as deceptive when it comes to their computers and their OS. People never trust their benchmarks or claims of "2x faster!" for a reason. There's even a name for the way Steve Jobs lies or misrepresents the truth (Reality Distortion Field). The same attitude would be taken towards a potential security Czar.
As others have pointed out, the proposed position is a PR position. I want the real deal -- actual security not the appearance of it. On that note, the clueless keep making noise about Unix being "fundamentally more secure" than Windows, and that's bullshit. Let's be clear: the practical differences between OS X and WinXP in terms of security come down to the vendor's practices and the dilligence of the admins. There's no technological magic juice here. There are, IMO, zero fundamental differences between OS X and WinXP (or stock Linux) when it comes to the potential for local or remote vulnerabilities. Local and remote exploits are quite possible and practical on all these platforms.
Thus Apple has two approaches it can take. First, it can consider tactics that harden the system as a whole, making it much harder for exploits to work in the first place. Look to approaches such as those taken by grsecurity, SELinux, and the other layers found in hardened Linux and *BSD distros for examples. Harden the hell out of the kernel and compiler layers as baseline approach. Perhaps fund Coyotos work as a strategic-term approach, with an eye towards migrating the kernel. The room for innovation here is to present a hardened system that isn't any harder to use.
Second, Apple simply must be dilligent in identifying and fixing exploits. To that end, I'd propose that Apple offer a substantial first-reporter bounty for local and remote exploits on the Mac OS X platform. Think about it: set aside the equivalent salary+overhead of one or more good security experts. Divvy that amount out to leverage a larger community each year. I'd love to see a few students help pay their way through college this way. 8-)
Forget the illusion of no exploits -- go out, find 'em, and close 'em first.
... communicate the truth - which is a function of PR
For holy shitting lobster's sake... what? PR & truth in the same sentence? Not to mention function... Thank god for that " - " in the middle, so these words won't hurt each other at least.
That document is just a joke that is way too technical and obscure for me to understand.
("If Mac is so secure, why do they need a 'Security Czar'?")
Or:
- If the Mac is so fast, why do they have performance engineers?
- If the Mac is so easy to use, why do they have usabilty specialists?
- If the Mac hardware is designed so well, why do they need designers?
- If Apple is a well-run company, why do they need a CEO?
Answer to all of the above: if you want to excel in a particular area, you need people to work at it. You do well *because* you have people focusing on it.
Computers are complex machines, and you don't (generally) get any particular high-level positive attributes without doing any work. If you did, then everybody's computers would have that attribute.
NOW I get it. Duh. Please mod me down as Stupid.
But the geeks have, and the geeks tell the "public" about these things.
Presumably then the geeks are also paying attention to the followup stories debunking the first ones. A self-correcting system.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I was not thinking of Worf, but I did have the thought that an Apple Security Czar would be more of a "black ops" guy, sent in to have a little chat with people posting incorrect stories about OS X security.
Worf would be fine, a visit from Worf would be quite effective I imagine.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"once you've lost a user's confidence, it's hard to get it back. Just ask Microsoft."
Especially when there is a multi-billion dollar industry profiting from it and feeding the press. The security machine has apparently decided either that its MS based business is on the decline or that they simply aren't satisfied with what they have. In either case, Apple, the various cell phone companies, and even the Linux market, beware, they are coming. You are about to feel what MS has felt whether you deserve it or not. Eventually, their minions will be successful in distributing some virus or worm that will cause enough damage to create the business line they desire. Every fortress has a vulnerability. It will be found.
What they really need, IMO, is someone who represents the "professional IT" side of the company in a more public manner.
Something along the lines of a CTO/CIO that is much more public.
(Typically, a CTO deals with inward facing technology, while the CIO deals with client-facing technology, but I know a lot of guys who think it sounds better to be a CTO than a CIO).
Sure, Jobs is THE guy when it comes to announcing the latest iPod case, etc., but more and more Mac's are being positioned and used in high-end situations where it has to do more than "just work" and "look cool".
They need someone to head up the public side of THAT portion of the company... someone that I, as an IT Professional, can relate to and drink Cool-Aid from. This same person could then also deal with any "techie" issues, such as security, etc.
I just wouldn't believe Jobs if he started talking about how they've secured the box... he's reading some marketing talk-point that's been compiled for him.
Maybe that's the problem... they're public face is too much slick marketing for me, not enough tech. Now that they're moving into more of a commercial environment, they need a "second" public face, with a tech to lead that PR... someone that has some tech street cred, and someone my inner-techie won't immediately discount as being a marketing parrot. (Yes, I hate Marketing types, but I also understand their necessity).
It seems to me that the only people I hear of talking about this are some schools that have rolled out 1,000 G5's in a cluster, etc.
$0.02 (CDN)
its time for Apple to appoint a security Czar to get out ahead of the FUD
That's too funny. Czars are generally a propaganda position anyway. Fight FUD with FUD - that's what I always say!
Find coupons in Greeley
Its funny that you talk about FUD, even though you used the tastless comment at the end.
Slashdot fuels FUD against msft.
This article writer for BusinessWeek doesn't seem to grasp the business role of a Chief Security Officer. The author's suggestion for a CSO doesn't come close to the job duties defined in most businesses. It would be a large waste of resources to have a CSO primarily act to "wave the flag for all things related to Mac security, debunking myths, correcting the record, and providing a public face when issues crop up."
The single Apple source the author quoted doesn't seem to grasp the role either. He "said the company would be reticent to assign security issues to any single individual, and that the responsibility of a CSO instead tends to rest with everyone." By that logic, what's the point of a CEO, COO, CFO, or any other chief-level position in the company?
IMHO, the role of a CSO is critical in big business, especially a technology company such as Apple. However, this BusinessWeek writer and the quoted Apple's VP of Software Technology apparently don't understand why. I sure hope somebody in Apple's senior management and/or in the Board of Directors does. Honestly, I'm quite surprised Apple doesn't already have a CSO, but certainly they must already have security management positions and one or more security divisions.
= jombee
I don't think the average user would care one bit if Apple changed the OSX kernel just as long as the GUI remained the same.
Ol' Lonely's predicament is testimony to the durability and reliability of Apple computers. Now if only he had something to do with his days. Like maybe had a computer game to play...
why don't they just use Coverity like linux?
http://scan.security.com/
Yeah, you got corrected, publicly. BFD.
So learn from it. And those other who read it, learn from it.
It was a question you could have trivially answered for yourself. And should have. Instead you wasted folks time posting it. Then, when publicly remonstrated, get snippy.
Now you're perpetuating your mistake, acknowledging it but not learning from it. Howzabout "Gee, that was boneheaded, sorry, won't do that again", and then contributing positively in the future?I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Rats instinctively know when to leave a sinking ship.
Just because it may happen, doesn't mean it will. In the last ten years, I've seen far more damage done to Macintosh systems by the likes of anti-virus products than any virus, worm, or trojan.
Some suggest that Mac users live in fear of something that *may* someday exist, and use products with a proven track record of screwing up Macintosh systems. I'll bet they wonder why no Mac user will take their advice. Thanks, but no thanks. I'll just stick with good backups and the factory DVD containing a full install of Mac OS X while they wave their hands around and proclaim the sky is falling. A spilled cola poses a much greater and more probable threat to my Mac than any virus, trojan, or worm.
Microsoft shows us that you can not worry about security AND still make a profit. They practically invented FUD to deal with the potential backlash from their piss poor security and their unwillingness to deal with it.
1. ... communicate the truth - which is a function of PR,
Thats hilarious.
Remember that to the average luser, anything made by Microsoft is top-notch. If it weren't, they wouldn't be in the position they're in market-wise.
... online. Yeah, that'll work.)
I don't know who you're talking to, but even the most clueless lusers I've met will freely admit that they hate how bad Windows sucks. The only difference is that they feel they have no choice.
When you know what you're doing, you can get a Linux or Mac box and do everything yourself. If you don't know what you're doing, you (feel you) have little choice but to get what everybody else has, and follow the script. Any program or service you might come across has a detailed script for Windows, and at best some hand-waving for Mac/Linux users.
Here's an exercise: start with two computers, one with Windows XP preinstalled, and one with Ubuntu (or any Linux distro) preinstalled. Pretend you know nothing about computers. Try to get DSL. (Oh, yeah, let's go to some online forum to ask for some free help getting
Even if you hate how Windows is insecure and clumsy and whatever else, the folks selling you DSL will step you through the procedure. With Linux, you're basically on your own. It doesn't matter if the Linux way is easier, even: if you have no clue what to do, a person will tell you how to do it on Windows. Has *nothing* to do with the fact that most people think it's crap.
It's all those damn "hackers" out there that cause the problems, not Microsoft.
Riiight, and IIS has more security holes than Apache because it's so rarely used.
You in the market for a bridge?
Because OSX "borrows" from 30+ years OS benefit (more then microsoft) from the FreeBSD heritage, among other things. They didn't just "make" an operating system, they tapped the latent pool of developers, by... gasp.. letting them develop. None of this "here's the One True API bullshit" (PyObjC is already WAY cooler then anything they had, .NET incl.) because they traded that for developers.. and if they try to change that they'll see where they end up. Honestly, with some knowledge from another well-informed source, it WOULD be possible for apple to lock-out open source from their GUI (suprise!) but I wonder when if ever they would feel comfortable doing that..
Anyway, microsoft mostly sucks because it's peer-review has been closed-source, not it's products. Now THERE'S a riddle..
j.