Subscribe to this blog's feed

Amazon

Recent Posts

Bio

  • David Rice is a globally recognized cybersecurity leader, Executive Director of The Monterey Group, a strategic consulting firm, and Consulting Director for Policy Reform at the U.S. Cyber Consequences Unit. Called upon by high-performance organizations for his ability to achieve, integrate, and drive deep corporate objectives in the face of globalized competition, rapid technological advances, and increased sophistication of cyber adversaries, David is a key figure shaping the discussion and practice of cybersecurity.

    Prior to his current roles, David served as an Global Network Vulnerability Analyst for the National Security Agency and Special Duty Cryptologic Officer for the United State Navy. The U.S. government recognized and awarded David for “significant contributions” to the Department of Defense and the National Security Agency for developing security configuration and design guidance for critical national infrastructure and global networks.

Archives

More...

Links

Blog powered by TypePad

The views and opinions expressed are those of the author and do not reflect the official policy, position, or recommendations of the author's affiliations, partners, employers, or clients.

« U.S. Cyber Consequences Unit Names David Rice Consulting Director for Policy Reform | Main | FDCC: Put Your Party Hats Away »

May 15, 2009

Apple: Pragmatism Should Trump Romanticism

Two recent posts on Apple security deserve attention:

To quote the first article (Feeling the Pinch):

...Apple has long encouraged a mythological image of perfection by presenting products as self-contained black boxes that should be, as much as possible, wholly a product of Apple. But the image has been cracking of late, and the company’s own actions show tacit, if not explicit, acknowledgment.

When it comes to security, Apple certainly has its defenders who largely argue for the company’s effectiveness by pointing to what hasn’t happened. For example, I recently had an email exchange with a technology journalist who has never had a security problem with Macs. However, up to that point, he had also never used antivirus software on his system. Nothing showed up when he finally did, but I saw this as an example of selective attention. That feature is a big one among a class of Apple loyalists (and I’m not putting said unnamed journalist into this camp) that I call Defenders of the One True Technology, or DOTTies — a term hardly limited to Apple-devotees..

But even if the Appe DOTTies are reluctant to look at external evidence, they might pay attention to Apple’s recent activities. A big one earlier this week was Apple Patch Day, which included 67 Mac OS X and Safari vulnerabilities...[and hired] Ivan Krstic a big name in security who developed the Bitfrost system at age 21.

Apple recognizes its own security weaknesses, even if the DOTTies don’t. ...Apple knows it needs more attention to security as it gains market share in various areas, even if it won’t [publicly] say so. Apple will just buy some company or product, incorporate it, and pretend that it was there all the time.

To quote the second article (Prediction):

Within the next 18 months, Apple will begin recommending that Macintosh users install Internet security software on all systems...Now I realize that this statement is blasphemy to dedicated Mac users, so let me start with a few qualifying statements. I am not comparing Mac OS with Windows, or Apple with Microsoft, and my prediction should not be interpreted as an attack on Apple, its developers, or the security of its code.

The truth is that all sophisticated software contains vulnerabilities and Mac-based malicious code is nothing new...The company and Macintosh users should not fight this trend--doing so would only increase risk and help cybercriminals.

Senior citizens often hark back to a time when people left their house unlocked and left their car keys in the ignition. Now they lock their doors for safety. Apple, along with Mac users, should prepare for a similar transition. Given the state of cybersecurity today, pragmatism should trump romanticism.

Well stated.

Now, if only Apple could make security as sexy and sleek as their products...that would be innovative.

Posted on May 15, 2009 in Apple |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54f9408a3883401156f9536d3970c

Listed below are links to weblogs that reference Apple: Pragmatism Should Trump Romanticism:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.