Marc Maiffret, popular hacker and security expert, told CNET’s Elinor Mills during an interview that Microsoft cares more than Apple about security and that the Apple community is ignorant to the risks they’re exposed every day.
From the interview:
“Now when you look at Microsoft today they do more to secure their software than anyone. They’re the model for how to do it. They’re not perfect; there’s room for improvement. But they are definitely doing more than anybody else in the industry, I would say.
It’s even a little scarier with them because they try to market themselves as more secure than the PC, that you don’t have to worry about viruses, etc. Anytime there’s been a hacking contest, within a few hours someone’s found a new Apple vulnerability. If they were taking it seriously, they wouldn’t claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don’t see more attacks out there compared to Microsoft is because their market share isn’t near what Microsoft’s is.”
This interview immediately reminded me of Gruber’s 2004 post “Security Cannot Be Spun”, which I suggest you to read even after 6 years. Gruber also talked about security problems at this year’s Macworld Expo in his “Apple Top 10 Issues” presentation. You can find the full video here.
Now this is a very difficult subject to discuss, because I can see some points where Maiffret is right, and many where is not. I think that Maiffret is right when he says that Microsoft is doing a lot of stuff in terms of improving Windows’ security, but I think that the problem is they’re just patching vulnerabilities. They’re not facing the main problem, that of Windows having an internal security architecture worse than Mac OS X’ one. On the other hand, it’s also true that Apple took months to release a security patch for a SSL bug reported by the entire community, just like they weren’t caring about it.
All in all, I don’t think the Apple community is “ignorant” to the subject of security. They’re just not used to think about it all the time.