Apple is trailing way behind Microsoft in security patch responsiveness, according to a study by security researchers. Stefan Frei and Bernard Tellenback of the Computer Engineering and Networks Laboratory (TIK) at the Swiss Federal Institute of Technology, analysed several years of vulnerability disclosures and patching …
wait for it....
I'm sure the Apple Fanboi's and other worshippers of Steve Jobs' phallus will be out in force to criticise this article... just wait for it.
Mine's the black leather one with 'FLAMEBAIT' written across the back in metal studs.
Say it aint so...
Apple cares more about the public relations impact of security vulnerabilities than the risk said vulnerabilities pose to their customers?
Next you are going to tell me that the Apple machine was the first to fall in the Pwn2Own contest and that Apple sells its products on image first and functionality second.
Smell the Coffee Mr Jobs!
I love my Mac. But it should be obvious to Mr Jobs that the key selling points of the mac ease-of-use and productivity suites (in my case being iWorks, iLife, & Aperture) will be fundamentaly undermined WHEN that productivity is stolen, corrupted, or otherwise held hostage by hackers spawning malware.
Steve Jobs, if you want to send me and others back to Linux or worse (oh dear god) Windows, then keep going as you are, don't change a thing.
Really... you're just goading us now aren't you? I think I'll set up my deckchair here and watch the flame wars.
Crumbling Ivory Tower
Macs are coming under as much fire as PC's these days. I guess the its safer on a mac stance was basically because they were largely ignored now they are a contender its not just good attention they are getting.
Me too - I love my macs (all three of them), but I don't take security for granted. Ever.
You can do anything with statistics.
"Colleagues of the duo reckon Apple's antagonistic attitude with security researchers is one of the reasons for its poor response."
Shouldn't that be:
"Colleagues of the duo reckon Apple's antagonistic attitude with security researchers is one of the reasons they're so desperate to find a stick to beat it with.
odd though, that it's always the anti-apple crowd that respond first to these stories
Didn't you read the story MS people get to security before apple so of course the MS people get to the story before the Apple Crowd.
...a study by security researchers from IBM
Isn't that the company that lost Apple's processor business to INTEL?
"odd though, that it's always the anti-apple crowd that respond first to these stories"
- just as odd that it's always the Apple crowd that respond first to stories about any other OS's flaws...
Re: according to...
Joey: "...a study by security researchers from IBM. Isn't that the company that lost Apple's processor business to INTEL?"
Fanboy excuse rating: 2/10
Report to your nearest Apple store immediately for an RDF 'upgrade'.
Was going to post with idle speculation on how long it would take before the Apple apologists turned up - but I see they beat me to it.
Expect the legions of the brain washed to fill this column with how great Apple are and how willing they are to keep emptying their wallets for them. If they can show up as a positive comments on search results, maybe this report won't damage the Apple 'image' as much as it should!
>> Isn't that the company that lost Apple's processor business to INTEL?
A case of shooting the messenger if ever I saw one! Wake up, Fanbois, the best thing that could happen to the Mac's reputation is that it slips back into obscurity so the hackers stop targeting it.
Paris would understand PR disasters.
No Webster yet. Is he dead?
Paris would understand PR disasters.
<quote> Paris would understand PR disasters. </quote>
She would need to view them as disasters to understand them.
Since Apple switched to an intel platform at least it is possible for them to switch to Ubuntu as well...Maybe we can see some Apple commercials with the smug, emo, arty
Apple dude getting owned by some hacker geeks, while the chubby windoze dudes watches with MrT. or Chug Norris as a bodyguard....
Level and balance?
There is a big difference between a vulnerability that exists, but for which there is no exploit, and a vulnerability for which there IS an exploit "in the wild".
I have yet to receive the kind of funds to research this sort of matter extensively, but I would be willing to bet a box of brand new floppy disks that a relatively large number of the Microsoft vulnerabilities has actually been exploited, whereas there have been relatively few succesful exploits of same on the Mac platform.
One thing that would have been interesting to include in this research, is how many of the pulbished vulnerabilities were actually in software written by Apple Inc. themselves and how many were in bundled Open Source packages such as Apache. In the case of bundled Open Source software, Apple would have to rely on the developer community for that specific package to come up with a fix.
Alas I can't say much about the (un?)timeliness of the release of patches to Open Source packages. In the case of Microsoft; they only release proprietary software for which of course they should be able to fix any vulnerabilities very quickly.
Of course the nature of the vulnerabilities also differs greatly. For example I have heard and seen lots of complaints about QuickTime vulnerabilities of the kind that would require a user to visit shady sites and download even shadier movies in order to take effect. This kind of vulnerability is by no means comparable to the slew of Microsoft critical vulnerabilities which require no user interaction to have your PC join a botnet.
So on the one hand we have dodgy movies trying to trick you into giving someone access to your machine: on the other hand we have the usual wide open back doors that turn your PC over to the russian Maffia or anyone else who cares to hijack it. As far as I know there has yet to emerge any Mac-based botnet, while the number of Microsoft Windows Based PC's involved in botnets has risen over a million.
Of course Apple should work on their act, but they have not left the kind of backdoors open that Microsoft seem to include as a courtesy with every software release. Cue the millions of PC's sending us spam everyday courtesy of Outlook being a tool molded to hacker's hands.
Only researching patch time intervals does very little to convey the actual reality of the state of security matters on each platform. One could as well have researched the bytesize of the patches to conclude that bigger patches are more effective, and hence, the firm who has pushed the most bytes in security updates has won the security brownnose of the week prize.
Dead bird because the research proves nothing.
Re: Level and balance?
"bla...bla... Only researching patch time intervals does very little to convey the actual reality of the state of security matters on each platform. One could as well have researched the bytesize of the patches to conclude that bigger patches are more effective, and hence, the firm who has pushed the most bytes in security updates has won the security brownnose of the week prize. Dead bird because the research proves nothing."
Fanboy excuse rating: 7/10
The iForce is strong in this one, a true believer.
A Fanboy speaks
Right, that explains why my Macs are infested with viruses and associated malware.
Oh, wait a minute..
Is there a contest among El Reg Hacks for Webstr baiting? Do you declare a winner based on how incoherent his responses are? Can I chip in for a prize?
I am just a Macboy
My mac is laden with viruses and security holes. Please help me! I'm at my wits end as I'm just a Maccie and I don't know security and complicated things.
Should I get Doctor Norton? How do you turn on the firewall? Is there one on my Mac?
There are tens of millions of zombie windows computers out there and no zombie Macs. Which user has more to worry about?
And, no, I'm not saying that Mac users will never need to worry about security. Even today, if a computer user is stupid enough to click 'ok' repeatedly when asked to install software, ANY computer can be infected. But in practice, Windows users have infinitely more to worry about than Mac users - no matter how many of these sensationalistic stories the Register manages to publish.
...I venture into another far-flung corner of the Interwebs and read yet another fascinating round of the apparently never-ending, never-changing yet endlessly pointless Mac vs PC flamewar, I can't help but wonder what mighty achievements are left unfulfilled, what life goals ignored, what potential cures for all the world's ills left unfound, how many extra keyboards are sold and how many relationships broken in the pursuit of a victory as Pyrrhic as it is unattainable
"Macs are coming under as much fire as PC's these days. I guess the its safer on a mac stance was basically because they were largely ignored now they are a contender its not just good attention they are getting."
WAIT A SECOND!
...I made this exact same prediction with the bloody iPhone!
Maybe, just maybe, it's proving to be true!
"There are tens of millions of zombie windows computers out there and no zombie Macs. Which user has more to worry about?"
How do you know there's no zombie Macs? Saying there are no zombie Macs is like saying there are no zombie UNIX/Linux boxes -- just not true, I've seen some myself.
You fail at argumentum ad populum.
No Linux Freetards?
I might have missed it but usually there's some comment along the lines of 'gee if you had linux you wouldn't have these problems, snigger'. Come on people - I'm disappointed.
And Webster, Webster, whats wrong? I saw on the 'apple is best brand' article you flamed a guy for reading it wrong, but didn't take the opportunity to bag EVIL Apple. Get well soon!
BTW, I just love the term 'Freetard' and how it's made some of you squirm and get all indignant. Hilarious flame bait.
Fear of a Black Hat!
My whole office was laughint at that one. Then again we're probably some of the 38 people on the planet that have seen that movie.
And did anyone notice the URL for this article? apple_security_response_pants
RDS in full flow tonight..
<quote>And did anyone notice the URL for this article? apple_security_response_pants</quote>
They would be the tastefully styled brown ones I assume.
Ok, I'll step in to be branded a fan boy
This sounds like sour grapes. Yes, apple has to work with researchers who find bugs and vulnerabilities to patch them. And they may have to stroke their ego's a bit more too but the bottom line is the less anyone knows about specific security flaws in an operating system the better! It is no surprise that the day or week after Microsoft issues a patch that a slew of new attacks come out to try to take advantage of these newly documented bugs.
Also, I have to say the basic idea behind this article is flawed. Apple has responded very quickly to all actual threats to it's users (which admittedly have been few so far). It has done so well, that even the couple of trojans that exist for the Mac have gotten huge press but caught very few victims.
So, here is analogy. This is like a teacher with two students. One spends 10 minutes a night on homework and Aces all the tests and the other spends 3 hours a night but can get better than a C. This article praises the C student predicts that once the work gets harder the A student will obviously fail.
All I'm saying is that I see no facts to support the C student over the A student.
Apple Droids defend being MacIntel "PC Clones" now
Just enjoy this thought ...... MacTards are proud of being Intel PC CLONES now and all the wonderful advantages, like being a Virus target!
Hey remember the days of your Emperors claims of G3's / G4's / G5's are Sooooo much better and faster than Intels??? Hypocrites!
Every day you Apple FUDs prove you are MacTards.
@ Doug Petrosky re: OK, I'll step in to be branded a fanbbbboiiii
Doug did sed:
> the bottom line is the less anyone knows about specific security flaws in an operating system the better!
What you refer to goes by the stage-name of "security through obscurity", and it's
1.) Been discredited since long before the first time someone who hid their house keys under their doormat came home to find they've been burgled, and
2.) As realistic as belief in the healing power of crystals when it comes to OS security.
If Apple want people to develop software for their platform, they can't keep the inner workings of their OS secret. They have to let non-Apple people know how they map memory, how they prioritise the stack, how they write to the pattern buffer and assorted other garble. This is the information on which exploits are built, and it's out there for anyone with enough of an aversion to sunlight to use to haXOR an Apple box (crate?), and boast about it afterwards. As soon as one person knows, everyone knows.
Time was, IBM and M$ would respond to reports of exploits with cease-and-desist orders from their legal departments, and their customers would learn about the discovered hack when they got pwned months later. They largely learned their lesson. It's Apple's turn now.
- Vid Reg bloke zips through an iPHONE 6 queue from ZERO to 60 SECONDS
- Anal-ysis Buying memory in the iPhone 6: Like wiping your bottom with dollar bills
- Teardown Pop open this iPhone 6 and see where the magic oozes from ... oh hello again, Qualcomm
- Competition Your chance to WIN the WORLD'S ONLY HANDHELD ZX SPECTRUM
- Analysis Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring