Thursday, November 26, 2009

Fool's Paradise

The Apple community has always touted that their software and various products (iMacs, iPhones, iAnything...I'm not sure if that last one is an actual product or not) are inherently more secure than that of their competitors (ie. Microsoft). Although Apple's wide suite of techie gear has arguably had the upper-hand when it came to usablity and innovation, the unfounded false sense of security has always been a pipe dream.

I've always been troubled with Apple's argument that few vulnerabilities exist for their products. Arguing that your software/hardware is more secure because such few vulnerabilities have been found is a flawed argument. I could make the same argument that the applications I made during university are the most secure on Earth on the basis that no vulnerability has ever been found. Well, that's because very few (if any) people use it, therefore from the bad guy's perspective, it's not worth the time to try and attack it and there will be little revenue to be found. Remember: just because vulnerabilities haven't been found, doesn't mean that they aren't there.

Malicious attacks are always going to be targeted to the most popular (in terms of market share) devices/systems. As the market changes so do the targets for attack. For the better part of a decade (and more) this has been Microsoft Windows and Office Suite. Don't get me wrong, Microsoft has developed their fair share of insecure and unstable detritus over the years. However due to the fact that the vast majority of attacks until now have been squarely aimed at their stuff, this has given the illusion that Microsoft's products are inferior from a security perspective. While this judgement isn't entirely fair, I would argue that the constant bombardment of attacks has actually been beneficial to the boys in Redmond. The top executives realized that they needed to adopt more secure coding practices and even developed the secure development lifecycle for their new products. As a result, a strong security culture has since formed within the organization and it has become a top priority for future releases. 

As I alluded to earlier, there has been a noticeable market shift in the consumer industry. The younger generations (of which I am a proud member) are adopting iMacs/iPhones/iPods etc. as their system(s) of choice. Over the course of the next decade, the number of mobile devices (most of which of Apple related) will swell in the consumer marketplace (whether or not Mac OS X will ever make inroads in the corporate world remains to be seen), the number of malicious attacks aimed at Apple will increase exponentially. As I mentioned earlier, the bad guys aim their attacks at the most popular systems/applications/devices. It is becoming more apparent that the most popular venue of attack will be aimed squarely at Apple. I could be all wrong, maybe the notoriously secret company that is Apple really does make incredibly secure products, only time will tell.

Microsoft's been through the gauntlet and came out stronger as a result. As Apple will soon find out, it's one thing to talk smack from the sidelines; it's quite another to be jawing off on the field. The day of reckoning will come at Apple and the world will witness whether or not Apple devices are truly more secure than Microsoft's products or whether they've been living in a fool's paradise all this time.

No comments:

Post a Comment