AAPL Stock: 111.31 ( + 0.53 )

Printed from

BBC: Mac users still 'lax' on security

updated 03:00 pm EST, Tue February 20, 2007

Mac users lax on security

Mac OS X users are still slacking on security measures but Apple itself is warming up to improving its stance on security, according to independent researcher Kevin Finisterre -- one of two researchers to produce the Month of Apple Bugs (MoAB) website. Finisterre and another, anonymous researcher released one bug in Apple's operating system or its bundled applications each day for an entire month, which spurred security updates from Apple in Cupertino as the company worked to repair the flaws. Finisterre says Apple's own attitude toward security was one of the primary reasons he and the anonymous security pro began the Month of Apple Bugs project. "Try calling any Apple store and ask any sales rep what you would do with regard to security, ask if there is anything you should have to worry about?" Finisterre said. "They will happily reinforce the feeling of 'Security on a Mac? What? Me worry?'."

The researcher added that the Month of Apple Bugs project succeeded in its original aim of raising the level of awareness around Mac security.

"I would really hope that people got the point that there are most definitely some things under the OS X hood that need a closer look," Finisterre noted.

Mac experts note that while the exploits discovered by the researchers were never known to have successfully compromised an Apple system, hundreds of thousands of Microsoft Windows systems were hijacked and used as part of "bot nets," or networks of compromised computers that together deliver millions of spam email messages across the globe, according to BBC News.

Finisterre said Apple has become more open to discussing security issues, but that the company was uninterested in dialog regarding security matters in the past.

"They have certainly given some extra efforts on the backend to open up lines of communication, at least with me," he said. "I chat quite regularly with some of the security engineers."

Finisterre said there are no current plans for the MoAB website to continue its efforts, citing real life and the cost of living alongside the fact that the entire project was done for free.

"If someone wanted to invest some of their own resources I would be more than willing to continue."

by MacNN Staff



  1. ecrelin

    Joined: Dec 1969


    Dear Mr. Finesterre

    While your questionable method of exposing weaknesses did appear to identify a couple actual potential problems, and one actually crashed a browser, I still feel that spending hundreds of dollars a year on software, a lot of time overprotecting my machine and limiting my protocol freedoms to be a waste of time or money. I backup often and am behind a NAT firewall, and don't leave extraneous services on, however, when ANYONE ACTUALLY COMPROMISES a Mac I will become less lax, and perhaps Apple employees will then mention doing any of the above, because today THEY DON'T HAVE TO, even after your 30 days of shame and horror! PS I'm being real, NOT smug, and BTW I won't blame you if I lose data on my own so just what is it that pisses you off so much?

  1. ecrelin

    Joined: Dec 1969


    Oh andů

    calling it slacking is exactly like saying that people in San Diego who don't put snow tires on their cars during the "winter" months are "lax" about the dangers of a blizzard. Even if they got one snow storm it would still not be good investment. When there is real danger then open your mouth, until then you are chicken little, nothing more.

  1. jad713

    Joined: Dec 1969


    that's it?

    Ok, I'm the stereotypical Mac user: I know zip about security. Did I miss the huge security loopholes in OS X that these guys were so keen to find? They lasted a whole month? I thought they were wanting to address the smugness of Apple and Mac users. Really, is that it? Are they just waiting to spring something on Apple in the future? Am I crazy or is this project wrapping up too close to the Windows Vista launch?

  1. horvatic

    Joined: Dec 1969


    There are no security iss

    Mr. Finesterre there are no lacks in Apple's security regarding OSX. Go visit Vista and XP to find security issues. What was found in the month of January was minimal at best mostly to do with other vendors programs not OSX. OSX was designed with security in mind unlike any Windows product. I'm quite confident in OSX versus any other OS out on the market today in regards to its security.

  1. Grrr

    Joined: Dec 1969


    Worst BBC article

    This has to be the worst and most ill informed BBC tech article i've read to date.

    Yes we're 'lax' on security because we can afford to be. And we can afford to be because there are no viruses and whatnot for us to get worked up about.

    Is it any wonder that we're not all running around in a frantic blind panic worrying about something which doesn't even exist? Well then..

    So yeah, until the situation changes, I'll continue doing some laxin thanks very much, and leave i'll all this worrying to our PC using comrades instead, just as I have done for the past 12 years, and most likely will for another 12.

  1. bhuot

    Joined: Dec 1969


    go after Windows

    Why isn't he going after Windows? Aren't there still hundreds of thousand of viruses that can still infect XP which have not been patched against. Real operating systems issue a patch when there is a flaw and then there are no more known holes. Having a virus program as a security measure is a joke - it is because Microsoft is too lazy or incompetent to fix these problem once and for all. Nobody is keeping Microsoft from using on of the BSDs or Linux to build Windows on top of in a virtual machine and transition people away from the security abomination that is Windows.

  1. hokizpokis

    Joined: Dec 1969



    Security tools on a mac are superior than anything pre-vista and I have NO problems at all!! and only time will tell if 'vista' security is any good.

    Mean while macs have been running for years WITHOUT A SINGLE LEGIMATE EXPLOIT!!!!! (ahh, but no pc guy will ever admit it...)

    Windoz PC's are harder to secure (almost impossible) without third party software (which in itself is a security breech) which is why I recommend NOBODY use these horrid devices of yesterday technology and instead donate them to china (so our hackers can turn the tables on those eastern hackers and chinese landfills can be filled with all the toxic PC junk)

    The sentiment of this article would be different if this 'wacko author' would just admit that security on a mac is way better then any other current shipping operating system, period. Instead he prefers to live in Windoz h***, so I say let the guy suffer all he wants!!! Mr. Finesterre is still unable to convince any mac user to give him the time of day (even after his PC locks up after he surfs' the latest p*** an infects himself with the latest 'PC worm' or spyware; which on last count boggles the mind in quantity)....

    So possibly this is the worst career move ever by a pc guy; this article won't sell any magazines or PC's so why bother reading this dribble...

  1. slider

    Joined: Dec 1969


    Motives < Honorable

    His efforts are not for the benefit of Mac users. John Q. Publik with zero computer knowledge running on Mac is far safer from exploits than a John Doe with average PC knowledge running on Windows. And, from my experience, your average Mac user is far more savvy than your average PC user, probably comes from actually being able get work done on a Mac vs trying to figure out where your download got saved.

  1. walafrid

    Joined: Dec 1969


    to grrr

    I actually thought the BBC article itself was quite resonable. It pointed out that all that was found were flaws, that they still had not been exploited, Apple have published a fix, and that there are many more actively expoited faults in Windows. Quite balanced reporting, I would say.

    As for Mr. Finisterre's comments? Well...

  1. gskibum3

    Joined: Dec 1969


    Not Very Informed

    The author says "...anonymous researcher released one bug in Apple's operating system or its bundled applications..."

    He doesn't seem to understand that VLC Player, OmniWeb, Application Enhancer, Colloquy, Rumpus & Flip4Mac aren't Apple products.

    MOAB was a huge flop. Check the support forums at Apple, MacFixit and MacNN - there are very few threads as a result of MOAB at these forums.

    Also, most of the "exploits" are nonsense. Most of them require admin and/or physical access to the computer. Given admin and physical access to a computer, there are much simpler ways of "exploiting" a computer than the hoops the MOAB losers jumped through.

    They seem proud of themselves because they demonstrated their prowess at crashing Safari.


    Still no Mac ever compromised. Not even close.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented