MS blogger criticizes Apple's security

This is a joke that anyone actually thinks that Microsoft knows anything about security. Microsoft admitted that even its latest offering - Windows XP has no security whatsoever. And people actually buy what Microsoft claims as servers from them. Windows is the only platform that people have to worry about viruses and other malware.

Agreed. Any employee of Microsoft has no business criticizing anyone on security.

i don't necessarily disagree with this guy, hiring a dedicated security head will continue to keep apple and os x an exceptionally safe operating system. but let's be real here microsoft lecturing anyone on security is a bit like paris hilton lecturing someone on etiquette.

to the bathroom, I'd seriously have pissed myself when I read this.

I doubt I can really add much to these comments, other than that it takes more than a chip change to make an OS weak. It takes a crappy OS to make a weak OS. OSX is not crappy. That didn't change when Apple moved to Intel, just the chip did.

Some people.

... is that it is difficult to find someone who is a true IT security expert. The expertise requires a breadth of technical knowledge which essentially spans the entire OSI model. To find such a person and to have them waiting to audit completed code at the end of the line would be a waste.

The place I worked for had one of these so called Information Security Officers and that person was pretty much useless aside from being a mouthpiece and point of contact. They got paid a good salary while adding an unnecessary layer of bureaucracy since even certain technical related issues (which went well beyond their knowledge level) had to go through this person.

What might be more useful is a corporate culture where every person involved is security conscious and that the auditing process involves everyone. A security team can be composed of key engineers, programmers, and security specialists who do the final audits as checks against audits done during the development instead of one security expert who for the most part will end up just being a PR mouthpiece.

Finally, it is fine that someone at Microsoft is so concerned but maybe they should tend to their own business instead of meddling in the business of others.

Evidently this is mouthpiece from the G-Dubya-Bush school of public relations:

Talk like things are going your way. Enough idiots will believe you.

Fortunately, all the idiots already bought Windows so the rest of us are still safe.

I'm a long-time Mac user, and a Windows Admin for the last 5 years. 2 years ago I began the trek towards security administration, and now administer a rather large network of devices using Host-Based Intrusion Prevention Software (HIPS), firewalls, IDSs, etc... I say this so you'll know I have a clue, though certainly not expertise, in the area of network security and host security.

Stephen is right on the money - and I do mean money. Apple needs to directly address this issue now, because it will take years for a culture of security to begin to permeate Apple Computer. They need to conduct penetration testing and invest R&D into making Mac OS X the gold-standard for secure operating systems.

Apple has an opportunity here to penetrate the Enterprise market, and if they don't specifically address security and make it a priority the Enterprise market won't be impressed.

Yes, Mac OS X has holes in it - every OS does. Secunia lists 64 advisories since 2003 (http://secunia.com/product/96/), with 67% of them remotely exploitable. Apple, by publishing Darwin, has made it easier for the bad guys to figure out how Mac OS X ticks...

True believers will scream that "Apple is secure, you're a jerk!" and plug their ears. Those of us who want secure systems and want to use Mac OS X in the Enterprise will ask hard questions of Apple and watch to see if they take security more seriously. Case in point - check out the lame 'security' web page linked in small text at the very bottom of Apple's support page - http://www.apple.com/support/security/. Pathetic. Where are my white-papers? Where are the downloadable security tools that will walk me through securing my host or network of hosts? Where are the links to third-party vendors that can further secure my systems?

Working in Enterprise, this is the first time ever that I've heard people mentioning wanting to purchase Macs for servers or desktops... Primary reasons? Unix and security....

..Microsoft, security risk #1, lecturing Apple on security.

This must be part of the new Microsoft "Do as I say, not as I do" strategy.

Osama Bin Laden says the Pope is an evil S.O.B.

Since it is apparently very difficult (based on real-world evidence) to pose a real-world security threat to Mac OS X, other than "concept" malware that has to get the user's permission before taking action, the "security experts" are now resorting to challenging Apple's (supposed) lack of a "security expert" as the security threat to Mac OS X.

How desperate can these people get...?