Before I delve into this topic I’d like to remind readers that I’m a Mac user and Apple fan. We are a 2 person, 2 Mac, 3 iPod, 2 Airport Express household, with another Mac in the plans this spring. By the same token I don’t think Microsoft is evil and consider some of their products to be quite good. That said I prefer OS X and have no plans to switch to Vista, although I’ll probably run it in a virtual machine on my Mac.
What I’m about to say is in the nature of protecting, not attacking, one of my favorite vendors. Apple faces a choice. Down one path is the erosion of trust, lost opportunities, and customers facing increased risk. On the other path is increased trust, greater opportunities, and happy, safe, customers. I have a lot vested in Apple, and I’d like to keep it that way.
As most of you probably know by now, Apple shipped a limited number of video iPods loaded with a Windows virus that could infect an attached PC. The virus is well known and all antivirus software should stop it, but the reality is this is an extremely serious security failure on the part of Apple. The numbers are small and damages limited, but there was obviously some serious breakdown in their security controls and QA process.
As with many recent Apple security stories this one was about to quietly fade into the night were it not for Apple PR. In Apple’s statement they said, “As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.”. As covered by George Ou and Amrit Williams, this statement is embarrassing, childish, and irresponsible. It’s the technical equivalent of blaming a crime victim for their own victimization. I’m not defending the security problems of XP, which are a serious epidemic unto themselves, but this particular mistake was Apple’s fault, and easily preventable.
While Mike Rothman agrees with Ou and Williams, he correctly notes that this is just Apple staying on message. That message, incorporated into all major advertising and marketing, is that Macs are more secure and if you’d just switch to a Mac you wouldn’t have to worry about spyware and viruses.
It’s a good message, today, because it’s true. I bought my mom a Mac and talked my sister into switching her small business to Macs primarily because of security. I’m overprotective and no longer feel my friends and family can survive on the Internet on XP. Vista is a whole different animal, fundamentally more secure than its predecessors, but it’s not available yet so I couldn’t consider that option. Thus it was iMac and Mac mini city.
But when Apple sticks to this message in the face of a contradictory reality they expose themselves, and their customers, to greater risks. Reality is starting to change and Apple isn’t, and therein lies my concern.
All relationships are founded on trust and need. (Amrit has another good post on this topic in business relationships). One of the keystones of trust is security. I like to break trust into three components:
- Intent: How do you intend to treat participants in a relationship?
- Capability: Can you behave in compliance with your intent?
- Communication: Can you effectively communicate both your intent and capability?
Since there’s no perfect security we always need to make security tradeoffs. Intent decides how far you need to go with security, while capability defines if you’re really that secure, and communication is how you get customers to believe both your intent and capability.
Recent actions by Apple are breaking their foundations of trust. As a business this is a critical issue; Apple relies heavily on trust to grow their market. Trust that their products work well, are simple to use, include superior capabilities, and are more secure. Apple’s message is that Macs are secure, simple, elegant, and reliable. Safe and secure is a powerful message, one that I suspect (based on personal experience) drives many switchers. When I told my cab driver today that Macs have no spyware or active viruses he was stunned.
Should Apple lose either their intent to provide superior security, their capability to achieve security, or their ability to communicate either of those, they face reasonable risk of losing customers, or at least growth opportunities. Security, today, is one of Apple’s cornerstones. Anything that erodes it increases their business risks.
At the same time, should communication disconnect from either intent or capability, Apple places then places both their trust relationship, and their customers, at risk. Take my favorite snake-oil salesmen at Diebold– by having no intent to secure their products and no security capabilities in their products, and communicating that the products are secure, they create huge potential for security failures. Less educated customers buy products thinking they’re secure, but the products are so flawed it places these customers (the voting public) at extreme risk. Software vendors have done this in the past- claiming products are secure and covering up failures in the hopes the customers and prospects won’t notice.
Recent events indicate that Apple may stay on an impossible message (perfect security) and face failures in capability despite the best intent. The entire Black Hat debacle showed Apple pushing the message so hard that the debate lived far longer than needed, exposing more of the public to a potential security failure than would have otherwise noticed, drawing the attention of researchers who may now want to prove Apple isn’t invincible, and losing the trust of some of us in the industry disappointed by PR’s management of the incident.
The iPod virus infections shows a lack of capability (security QA in shipping products) and poor communications (failure to take full responsibility). It’s a very small problem, but their arrogant approach to spinning the story lead me to question how they might respond to more serious issues. We have, over the course of a couple months, two incidents where Apple decided to play the PR game rather than taking responsibility and communicating openly. I realize those of you that still believe the wifi hack was BS probably believe Apple dealt with the situation reasonably, but for reasons I can’t disclose I still think PR overrode good security practices.
The latest security updates indicate that OS X, while still materially more secure than XP, has its own fair share of flaws. We’ve seen zero day vulnerabilities in Safari, multiple holes in QuickTime, wireless vulnerabilities, and even a flaw that could allow a specially crafted image sent in email to exploit and own your Mac. The first time Microsoft patched an image vulnerability like that I spammed all my friends and family to update their computers pronto. Macs are pretty secure, but not invulnerable, and fortunately we’ve managed to avoid any significant mass exploits. I’d really like that trend to continue.
Let’s look back on the three components of trust. Right now I believe Apple still intends to keep us secure; of that I have little doubt. The next release of the operating system should be very telling- should they adopt some more advanced OS security features, like memory randomization (a very cool feature of Vista) it will indicate they continue to push towards a secure OS. So far they’ve done pretty well. Next is communication, which is a mixed bag. On one hand, the message is clear and unambiguous- Macs are secure. On the other hand is their arrogance, as best illustrated in the response to the iPod virus and the wifi vulnerability. Those are early indications that the message could exceed reality, eventually (probably) leading to an erosion of trust.
The linchpin is capability. As I already stated- OS X is materially more secure than Windows XP, but is far from perfect. We’ll eventually see a mass exploit (I hope I’m wrong). Recent vulnerability disclosures by Apple themselves indicate that the kinds of serious flaws that lead to worms and viruses can exist in OS X. We also shouldn’t underestimate the impact of goodwill towards Apple on exploit development- researchers and attackers tend to focus on hot issues (just look at the recent spate of Microsoft Office exploits). If you piss off the bad guys, or just the generally good social malcontents, eventually they’ll come after you. Anyone still think Oracle is unbreakable?
Thus Apple stands at a crossroads. Should they choose the marketing line they’d better be able to back it up. If you base your reputation on security, and that security is eroded, trust is equally eroded. If they communicate more openly and honestly about security, communications will reinforce intent and capability and even imperfect security will be accepted by the market. If they intend to deceive the market (the one option I don’t think they’ll take) it will place customers at risk and eventually destroy trust.
I’ve trusted Apple. I’d like that trust to continue. But incidents like the wifi flaw and the iPod virus are starting to weaken that relationship. Not because Apple made mistakes and vulnerabilities and flaws made it into products, but because Apple mangled the communications and lead me to believe image was more important than substance and accountability.
When capability, intent, and communications are aligned, trust is reinforced. If any of those degrade or deviate from reality, trust disappears, customers are in danger, and Apple’s business is at risk.
It’s early. Opportunities are still open. The roads are clear. If Apple is open and honest, and harbors good, intentions they’ll succeed. I really REALLY don’t want to see them go the way of other vendors who put PR in charge of security.
Reader interactions
3 Replies to “Apple, Security, and Trust”
But with Vista now released we all need to be clear about which operating systems we’re discussing. On paper Vista has more security built in at a more fundamental level than OS X. But Vista is brand new, and we’ll have to watch the world kick the tires for a while. Apple needs to respond with similar features, where needed, if they are to compete in the security game. If they want toBut with Vista now released we all need to be clear about which operating systems we’re discussing. On paper Vista has more security built in at a more fundamental level than OS X. But Vista is brand new, and we’ll have to watch the world kick the tires for a while. Apple needs to respond with similar features, where needed, if they are to compete in the security game. If they want to
Rich:
Yes, the crack about Windows was stupid.
But I don’‘t know if I would go as far as you and make this a “trust” issue. I see it more as a “live by the sword, die by the sword.” The Mac OS is, today, a safer place than Windows—whether through design or marketshare or something else. But if Apple decides to make that a selling point—as people have been telling them for 15 years—it will make them look more foolish when they do have a real security problem.
If I ran Apple, I wouldn’‘t advertise that my computers are more secure.
But I don’‘t, and the reality is that the MacOS enviornment is so much healthier than Windows that it is a competitive advantage (no need to spend $100 a year on anti-virus/anti-spyware software) and one that sells computers.
One key advantage that Macs have is they are single source—software and hardware coming from a single company. Apple also used to manufacture computers, but have relied on outside contractors for both computers and ipods for some years now. But the breakdown here was from the horiztonal intergration—using a contractor to build ipods—and a lack of proper monitoring. That is very different than a security problem arisng from bad code in the OS—and the tools to fix that problem are also very different.
I saw that Gartner just put out a study suggesting Apple should licence the MacOS to Dell and get a 20% market share. But a lot of the problems we have in security arise from building these horiztonal companies, rather than a vertical company like Apple. System integration is hard work, and leaves a lot more gaps.
Rich,
“I’m not defending the security problems of XP, which are a serious epidemic unto themselves, but this particular mistake was Apple’s fault, and easily preventable.”
I don’‘t quite agree. This was Apple’s *responsibility*. The error was apparently made by a contractor (I believe that), and Apple picked the contractor and makes most of the profit, and writes the contracts between them, so it’s Apple’s problem.
“As with many recent Apple security stories this one was about to quietly fade into the night were it not for Apple PR.”
Yes, the crack about Windows is embarrasingly juvenile. Apple can take pokes at Windows when their own hands are clean, but Apple sold infected iPods, so this is weaselly. Rather than distracting people from Apple’s failure, this cheap shot draws attention to Apple’s embarrasment and hostility.
“It’s the technical equivalent of blaming a crime victim for their own victimization.
“I’m not defending the security problems of XP, which are a serious epidemic unto themselves, but this particular mistake was Apple’s fault, and easily preventable.”
I don’‘t quite agree here. One of the reasons I don’‘t put any real data on Windows machines is because it’s so easy to slip up and get infected. If Windows viruses as a group were easily preventable, we would just buy SAV licenses and forget about them. The reality is that there are millions of ways to get infected, and it seems unrealistic to expect anyone to get away clean if you play in that swamp. The fact that this specific virus is known isn’‘t really relevant, since any of thousands of others would have had exaclty the same effect.
From my perspective, you can use Windows when you’‘re not knowingly infected. There are things you can do to increase the time between infections, and if you’‘re lucky that might cover your whole life, but you can’‘t simply decide to be careful and be done with it—there are always new avenues for attack, or mistaken clicks which can immediately lead to compromise, so I see dealing with viruses as part of using Windows, and I don’‘t mean just running AV/AS, but actually recovering from the almost-inevitable infections.
“On one hand, the message is clear and unambiguous- Macs are secure. On the other hand is their arrogance, as best illustrated in the response to the iPod virus and the wifi vulnerability.”
My father, the shrink, would say this bluster might be covering real fear, which is being expressed as arrogance. If Apple’s wondering “What if people stop believing Macs are secure?”, they can’‘t say that, so the arrogance could be a dysfunctional cover-up.