Apple released ProtectMac AntiVirus this month. <sarcasm> Curious, I thought Macintosh computers were immune to malware?</sarcasm>
Apple has been running ads with a guy in a suit representing the PC and another actor in jeans and a t-shirt as a Macintosh. Various commercials show the PC character being paranoid about viruses, Apple even goes so far as to dress the PC actor in a white clean room suit (it’s supposed to look like a biohazard suit). This is supposed to imply that a Macintosh computer is immune to security threats like viruses and malicious websites. It’s not.
Since the dawn of Macintosh Time, the original Macintosh computers used Motorola and later IBM processors, neither of which was compatible with Intel processors. Thus, viruses that ran on a PC with an Intel processor would not run on a Macintosh which used the Motorola or IBM processor. Modern Macintosh computers now use Intel processors, (yes, you can still buy a Macintosh with a non Intel chip) so that myth bit the dust five years ago when Macintosh made the switch to Intel. Further complicating things is Java, which is a virtual environment that renders the actual processor used as meaningless. Java code runs anywhere there is a java engine to run it, which is all current Macintosh computers and PC’s.
Which brings us to the latest Java vulnerability in the Macintosh browser that lets sites hijack the Macintosh and run any command on it they wish, remotely. A security professional, frustrated by Apple not patching this bug even after knowing about it for six months and knowing there was code in the wild to exploit this Macintosh Java vulnerability, released a proof-of-concept piece of Java software to prove the Macintosh could be hacked via Apple’s Java engine. See Computerworld’s article: Angered by Apple delay, hacker posts Mac Java attack code.
CIO magazine’s Ira Winkler felt the hacker releasing the code was a ineffective at best and argued that it’s time for the FTC to investigate Mac Security.
My personal opinion?
I don’t have as big a problem with companies making insecure products, consumers just shouldn’t buy them if they know they are insecure and have a choice. I have a problem with companies misrepresenting products as being secure when they’re not, knowing full well that their consumers are not educated enough to know the difference.
I suppose this is becoming routine now, because very few places reported this. Monster, a major job search website, had another breach in their security. Monster claims that only usernames, passwords and demographic information was compromised and that no financial data was taken.
Here’s the link to their public announcement regarding the incident:
http://help.monster.com/besafe/jobseeker/index.asp