View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Apple quietly dampens Mac security rhetoric

Apple removes claim Macs are safer than PCs from website following months of negative headlines

By Cbr Rolling Blog

After a bit of an annus horribilis on the security front, Apple has very quietly changed the wording on its website that claimed its Macs were safer than PCs.

As recently reported by CBR, Apple’s website for years has proudly claimed that Macs do not "get PC viruses. A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers," the company claimed. "That’s thanks to built-in defences in Mac OS X that keep you safe, without any work on your part."

Now that message has changed. As spotted CRN, that section of the "Why You’ll Love a Mac" page on its site now reads: "It’s built to be safe. Built-in defences in OS X keep you safe from unknowingly downloading malicious software on your Mac."

No mention of PCs anywhere. No mention of not being susceptible to PC viruses.

The company says "sandboxing" on the system can thwart hackers by restricting what they can do if they do gain access to a machine. Apple also builds up its encryption capabilities through FileVault 2.

It’s clear what has caused this change in heart. The idea that Macs are inherently safer than PCs, while widely believed, is simply not true. And events of the last six months have proved that.

As CBR examined recently, the Flashback Trojan infected around 600,000 Macs around the world. The malware exploited a vulnerability in the Java programming language and meant users could be infected simply by visiting a compromised website.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Apple was slammed for its response to the threat. Oracle plugged the Java vulnerability in February 2012, soon after they were made aware of it. However, Apple does not allow Oracle to patch Java for Mac on its own; instead it takes an active role in the process. This meant the vulnerability was not patched on Mac computers until early April.

This approach to the security process led Eugene Kaspersky, boss of Russian antivirus firm Kaspersky Lab to tell CBR Apple was a full decade behind Microsoft, as the Windows firm has plenty of experience of fixing vulnerabilities that cyber criminals look to exploit.

"I think they are 10 years behind Microsoft in terms of security," he told us. "Apple is now entering the same world Microsoft has been in for more than a decade: updates, security patches and so on. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software.

"That’s what Microsoft did in the past after so many incidents like Blaster and the more complicated worms that infected millions of computers in a short time. They had to do a lot of work to check the code to find mistakes and vulnerabilities. Now it’s time for Apple [to do that]," Kaspersky added.


For more on the security issues facing Apple, you might like to read the following:

Mac security: Apple under fire

Apple ’10 years’ behind Microsoft on security: Kaspersky

Kaspersky blames Apple for massive ‘Flashfake’ malware breakout

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.