1. Your article conveys a tone that blames Apple for being no better than any other OS provider, even though it has experienced way fewer vulnerabilities. An alternate approach would've been to ask Apple to become even better than any other OS provider. It would generate fewer flames (but possibly less hits as well).

Also, Apple has said that they would not market their OS based on lack of security vulnerabilities since they know all OSes can be vulnerable. Apple fans may hype the point based on past experience, but don't confuse Apple fans with Apple the company.

2. As a security professional, isn't it your company's job to investigate and answer your questions about whether OS X is more secure? Can your firm be better than other security firms? Or do you just wait for Apple to tell you? BTW, Apple believes that the way they engineer the system that it is less vulnerable (see Tevanian's speech at a US Senate hearing). Therefore, they may not commit many resources to probing for vulnerabilities as others. Their motto could be "Do it right the first time so we don't have to spend time checking it out later" BTW, do other OS providers (which have experienced way more vulnerabilities) volunteer up-front all sorts of security information, or do these security firms (and hackers) probe the OS for vulnerabilities?

3. Do other OS providers provide security fixes for previous versions of the OS as quickly (or at all) as they do for the current version? I don't think so. How many older versions do you think an OS provider should still support?

It's okay to ask someone to be better than all the rest. But don't blame them for being just like the rest, when their experience-to-date doesn't require that they be any better.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/256/27568#27568