RSS Alerts

Share

More services

David Harley

Job title:
CEO, Small Blue-Green World, and independent author

Areas of expertise:
Apple security, malware, anti-malware testing, psychosocial aspects of security, user education, email management, social media, medical informatics

Biography:
The Apple Security Blog, by David Harley David Harley, CITP, FBCS, CISSP, is an IT security researcher, author and consultant living in the UK. He has worked in IT (largely in medical informatics) since the 1980s, increasingly focused on security and anti-malware research since 1989. Between 2001 and 2006 he managed the UK National Health Service’s Threat Assessment Centre, and since 2006 he has provided authoring and consultancy services to the anti-virus industry. Since 2009 he has been a director of the Anti-Malware Testing Standards Organization (AMTSO). He runs the Mac Virus website and AVIEN (the Anti-Virus Information Exchange Network), and is a Fellow of the British Computer Society (now the BCS Institute). He was principle author and technical editor of “The AVIEN Malware Defense Guide for the Enterprise” and co-authored “Viruses Revealed”, as well as contributing to many other books including “OS X Exploits and Defense”. He has a daunting back-catalog of research papers and articles, and also blogs for Mac Virus, AVIEN, ESET (where he holds the title Senior Research Fellow), (ISC)², and numerous other websites.

Tag Cloud

cloud security cloud computing Security Cloud encryption compliance cybersecurity David Harley

Bloggers

Blog

Apple Tiptoes Out of the Pavilion and onto the Sports Field

Kelly Jackson Higgins has noted “4 Signs That Apple's Sharpening Its Security Game”. And indeed, there are indications that Apple’s hard-line “We don’t have any security problems” attitude as getting a bit smoother at the edges, as the Mac threatscape has started to resemble a (very) microcosmic version of the World of Windows. (The Mac APT Store is now open.)

In particular, Higgins cites the hardening of Safari to disable older versions of Flash Player and direct the potential victim to Adobe’s downloader site. That should certainly clean up some of the OSX/Flashback fallout, though it won’t necessarily stop Mac users falling for fake updates.
 In fact, she also cites Apple’s participation in the cooperative assault on the Flashback botnet, and that’s certainly gone a long way towards redeeming the company’s initial fumble on patching the Java flaw that Flashback exploits. It wasn’t an altogether smooth transition, though: one of the mildly irritating features of commentary on action against botnets, bank fraud gangs and so on, is that the participation of anti-virus researchers across a wide range of companies tends to be relegated to the small print, and it seems to have been forgotten that Apple’s patchy engagement with the AV industry seemed to result in attempts to close down a sinkhole server operated by Dr Web, the company that’s credited with the initial discovery of the malware. On the other hand, that glitch seems to have resulted in better communication between Apple and the AV industry in general. Nevertheless, I suspect that there’s still a mindset in some corners of the Apple core that finds it embarrassing to admit to having to consider security at all, let alone compromising its independence and reputation by associating with the security industry.  
Higgins also cites the toning down (flagged a few weeks ago by Graham Cluley) of the ‘viruses are a PC problem’ message on Apple’s "Why you'll love a Mac" webpage. In fact, this belated and understated acknowledgement of a world in which Mac malware is not an urban myth goes deeper into the Apple PR psyche. A while ago, I noted that in its PR for the Gatekeeper utility coming up in Mountain Lion, Apple was claiming that “While malware is one of the biggest security challenges on personal computers, it’s hardly an issue on a Mac.” I also noted that ‘700,000 Flashback victims (allegedly) might not agree.’
That assertion seems to have gone: instead, there’s a terse and relatively sober summary of the improved security measures in Mountain Lion. In fact, it doesn’t mention malware at all there now. That may be a case of ‘why mention it if we don’t have to?’, but it’s better than claiming those countermeasures will eliminate the malware problem altogether, as some Microsoft personnel once strongly hinted would happen with the implementation of ASLR. 
One quote (from Rapid7’s Marcus Carey) did worry me a little, though. He apparently told Higgins that “I believe that consumers and organizations don’t typically buy Apple products because they are secure anyway -- they buy them because they are cool.” It’s perfectly true that many Mac users are probably far more influenced by the ‘coolness’ of the product than by an overriding concern for security – when did you last hear anyone say ‘I’d rather use Windows, but Macs are safer’? – but there have certainly been instances where organizations like the US military have been inclined to favour Macs over other platforms because they’ve been perceived as being more secure. While the next generation of MacBook Pro users is likely to be more influenced by the Retina display than the introduction of sandboxing to Safari, that assumption of superior security has been ingrained in customer perception by generations of Apple PR and Mac fan commentary far and wide across the Web, and even with the Flashback setback, it’s far from dead.
In fact, it’s not altogether wrong: Mac security may not be as perfect as some still assume, but Macs are in some respects still a far safer environment. I just wish Apple weren’t so good at not discussing security issues...

Posted 02/07/2012 by David Harley

Tagged under: David Harley , Flashback , Mountain Lion , Darkreading , Kelly Jackson Higgins , ASLR , Mac security , Graham Cluley , Flash , botnet , anti-virus

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×