It’s been all over the news for a while that around 600,000 Mac computers have been infected with a malaware that takes advantage of a loophole in Java. I won’t discuss the details since they’re available in many other places. My interest is rather in discussing how this might affect Apple’s branding, especially long term.
Macs have normally been considered to be safer than Windows, and it is true for some reasons. Inherently OS X can be made safer, especially compared to other operating systems. However, the biggest advantage that OS X had for a long time is that it was the small fish in a big pond. Statistically, users creating malaware for profit (as it is almost always the case) target the biggest fish because, as an old saying that is attributed (likely incorrectly) to WIllie Sutton goes: it’s best to rob banks because that’s where the money is.
Slowly but surely, Apple is becoming, or has already become, a “bank”. With its success of iPod, iPhone and iPad, Mac computers have surged in popularity and they are grabbing market share, making them attractive targets. However, the issue is larger than that because the malaware was actually made for Windows. Why did it infects Macs? Because apple didn’t patch the hole in time, and this is the most concerning fact. Microsoft and other companies have worked (and sometimes failed) to patch vulnerabilities whenever they can, but Apple might be slowly waking up to a situation where it will have to dedicate more resources to the issue than it has in the past.
Is it that Apple is slowly becoming like Microsoft and other companies with traditional security issues? Apple already has for years worked in this sense, but it wasn’t being actively attacked as now, where it’s actually going to affect a large number of users. This gave Apple the ability to claim that their products were safer and better. From the security aspects, this is not necessarily true. A system is only secure when it has been thoroughly tested and when it can withstand attacks. Security analysts have a saying that “anyone can create a system that they cannot break”. Windows and other OSes have been targeted for years, and although they have many holes, many of them are known. In Apple’s case, the illusion of security is much greater, but no one knows what exploits lurk beneath the surface.
Another interesting fact in all this is the fact that Apple’s other products such as the iPhone have been hacked and rooted, and this is something many users want to do. Arguably this was done through bugs and loopholes in the software. But, with each generation, Apple has improved the system to patch the holes and fix them (sometimes without letting anyone know). This seems to me to be driven primarily by the fact that Apple enjoys locking their devices and controlling them. Will Apple realize that security is not just being able to control the device to ensure you can make money off of it? Locking down devices does bring some security, but loopholes remain.
What should Apple then do? First of all, they must react faster to vulnerabilities, especially when the issue is known and patched by other entities. Not doing so makes them look like they don’t care. I truly believe that the perception of the whole situation would have been better had no one known about the issue. They could then claim that they didn’t find the issue. This isn’t acceptable from the security standpoint, but it makes sense from Apple’s point of view.
More than anything, Apple should remember that they enjoy a great brand name that makes customers willing to pay a premium for many things. One of these is security. In the end, they should not let the brand erode so easily for something as silly as not trying to patch a well known issue.