Security boffins: Apple's blowing it

Well, they don’t actually say “Apple is blowing it,” but only because that’s not the way boffins talk. I translated for you. Security experts question Apple’s approach to avoiding malware and browser hijacks, saying that the process isn’t formalized enough within Apple and not enough is being done to make sure that the OS touting itself as the secure choice actually is so. With the growing market share and increasing surface area of the OS (Exchange support, increasing third-party presence, mobile integration), it may be that the threat is growing faster than Apple’s efforts to combat it.

Clearly it’s not a major issue right this moment, since Apple users are hardly clamoring for extra security (though that’s possibly part of the problem) and the major hack attempts are almost exclusively against Windows machines. But if Apple were to increase its liability overnight with a huge increase in market share, would they be prepared for the onslaught that would ensue? Hackers themselves say most don’t even bother with Mac exploits because there’s no benefit other than proving a point (Mac botnet why?), and Apple doesn’t listen (or pay) anyway.

As repugnant as it sounds, Apple will need to take a page from Microsoft’s book in this area. Years of combating viral threats, malware, and so on (partially through their greater exposure and partially, it must be admitted, through bad programming) have resulted in a well-oiled machine which responds quickly and decisively to the threats which appear almost comically frequently. Apple should preemptively strike in this case and establish a real security center type division, headed by someone who really knows what they’re doing. I’m sure there are measures in place already, but if security pros repeatedly say the risk is increasing and Apple’s not doing enough, then additional measures are warranted.