"But there's a difference between that and back-to-back days with patches, with no notice and no mitigation steps. "I'm not saying Apple should hold back patches for some artificial schedule," Storms elaborated today. In late September, Storms, Miller and Swa Frantzen of the SANS Institute's Internet Storm Center debated Apple's patching process Storms and Miller took Apple to task for its laissez faire scheduling, or more accurately, the company's lack of warning before it issues patches. "But in the enterprise, takes resource planning," he said. "They just want their iMac to work and not be full of viruses. "The average consumer hasn't a clue what it means when I say 'transparency' related to security," said Storms. Transparency, Storms continued, may not be of much importance to consumers - admittedly Apple's biggest customers - but it does matter to businesses that use Macs. It doesn't say anything about why it was pulled." Look at the message you get when you try to reach the document now. "Instead, it became a big brouhaha because we didn't have any information. "The original document was posted in 2007, then updated in November 2008, but all it needed was one line that said 'Posted 2007, revised 2008,' to have avoided all this," said Storms. "Hey, Apple actually responded, so that's certainly a good move."īut he also argued that the whole incident - the quiet posting of the document then its disappearance - was a perfect example of Apple's lack of transparency regarding security, something he's criticized before. "Finally, an Apple spokesperson discusses security," he said. Today, Storms used the disappearance of the antivirus recommendation to chide Apple over its reputation for secrecy about security. "If it wasn't for the fact that Apple has been so smug around malware and viruses and such, this would not have been such a big deal," he said. "But at this point, no one's taking the effort to go after the Mac."Īndrew Storms, director of security operations at nCircle Network Security Inc., called the fracas "a big to-do about nothing," but blamed Apple's attitude as much as anything. "There's nothing inherent in the OS to stop someone from writing a virus," Charlie Miller, a researcher at Independent Security Evaluators and a noted Mac and iPhone vulnerability hunter, said in an interview Tuesday. Others, however, called it a tempest in a teapot - though not necessarily because they agreed with Evans' contention that the Mac's operating system provides adequate protection against threats. ![]() Several security researchers applauded the move, and agreed that it was time for Mac users to start buying antivirus software. Some users, bloggers and security professionals had viewed the document - which was actually a revision of one first posted last year - as a change of heart on the part of Apple, which has poked fun at its biggest rival, Microsoft Corp.'s Windows, for being susceptible to attacks in several television ads over the years. and Intego, a small Mac-only security vendor. ![]() It also listed three antivirus programs from McAfee Inc., Symantec Corp. ![]() "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus-writing process more difficult," the document said. The now-missing document was brief - just 81 words - but it was enough to stir debate. "However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection." ![]() "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box," he went on.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |