Lessons for IT, Apple in Flashback brouhaha
It's clear that OS X is now a target of malware purveyors
Computerworld - While the number of Macs infected by the Flashback malware is seemingly in decline now, the security reverberations for Apple continue. The discovery of the botnet a couple of weeks ago -- and Apple's response -- has prompted criticism by IT security pros, concern among Mac users and even some smug told-you-so's from Windows users who've watched for years while Apple and its fans derided the the omnipresent malware issues plaguing PCs.
Security by obscurity, if it ever existed, is no more.
Now that Apple and several third-party software firms have produced detection and removal tools, it's time to take stock of the situation and dig a little deeper. What does the Flashback debacle mean for Mac users, Apple itself and the businesses that have increasingly adopted Macs? And does it affect those with iPads and iPhones?
Just a drop in the bucket
Let's start with a reality check. The only reason this story got the attention it did is because for more than a decade Mac OS X has not been hit hard with any major malware threat. There have been some proof-of-concept pieces written; plenty of Macs have been infected with Microsoft Office macro viruses (that generally have no damaging effects on Macs, especially those running Office 2008, which didn't offer macro support); and there have been a couple of genuine malware alerts that didn't amount to a serious online threat.
A piece of malware like Flashback that targeted Windows PCs would've been a minor story in tech circles that ended with reports of anti-virus companies releasing updated malware definitions, Microsoft releasing a patch for the underlying vulnerability, and possibly a free detection and removal tool being pushed out to users. This is something that happens in the PC world all the time. But not on the Apple side of the equation.
Given the thousands of malware threats facing Windows PCs, this is barely a drop in the bucket. As a result, Apple came under much closer scrutiny than any other major company would have been in similar circumstances.
The good and the bad of Apple's response
Apple may have been subjected to more scrutiny than Microsoft, but there were some telling points in how it handled the situation.
First, the company made the unfortunate choice of trying to shut down the domain used by Dr. Web researchers seeking to determine the extent of the infection. A generous take would be that Apple took a misstep because this is a new experience for it. A more jaundiced view would be that Apple was trying to minimize information about the extent of Flashback infections. (The truth is probably somewhere in between.)
This much is clear: Apple didn't handle the initial situation well.
That said, it quickly released a fix as soon as its engineers could create the patch, made needed corrections immediately after that, and ultimately released tools that would protect uninfected Macs and remove any infections. Apple did this by leveraging its software update infrastructure so that users who regularly agree to accept Apple's Software Update notices were protected -- even if they had never heard of the threat.
Ultimately, the company dealt with the problem in a way that protected the most non-technical of users and did so at no cost to them.
Whether you like Apple or not, the move shows commitment to its users. Sure, it could have issued an initial patch, scheduled a follow-up release later on, and never looked back, but it didn't.
Still, Apple could've been more forthcoming and engaged the security industry more fully. Not doing so was typical of the company's propensity to keep all information to itself until its executives feel comfortable that they have the best solution at hand. Usually, that works to Apple's advantage. Not so this time.
Apple also focused its efforts around current Macs and the most recent releases of OS X. That isn't surprising. The company has been pretty open and consistent in pushing its platform forward and not offering extensive backwards compatibility.
What about security and antivirus companies?
One of the striking parts of this story was that almost none of the security and antivirus vendors offered up a solution much quicker than Apple did. F-Secure, which provided instructions for detecting the malware early on, was the first major security vendor to offer a quarantine and removal tool. Kaspersky and Symantec followed in quick succession. Apple's offering followed them.
- Apple hands stock worth $12.1M to top execs in retention deal
- Hands on: Apple's Mac Pro is the fastest Mac ever
- Apple CFO to retire in September after he cashes in $53M stock award
- Apple's CarPlay to spark mobile apps war in your car
- Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks
- Apple patches critical 'gotofail' bug with Mavericks update
- Why Apple needs a $700 MacBook Air
- Apple takes top spot in brand value computation
- Apple gets a patent for health-monitoring ear buds
- Apple shifts to hardware-first TV strategy with revamped set-top box
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts