Why Security Could Be Apple’s Greatest Threat

Apple is sitting on top of the tech world. The company has set the standard for smartphones and tablets, tech’s biggest growth markets, and the company’s Mac sales in the U.S. are growing faster than the industry average. So what could derail the most valuable company in the world? Forget rivals like Microsoft and Google: Apple’s biggest threat may come from hackers.

These cyber-criminals are upending Apple’s carefully cultivated perception that the Mac is more secure than Windows PCs. Hackers smashed that notion in April when 650,000 Macs were infected by the Flashback Trojan.

Worse for Apple, the company itself took public blame for the largest Mac infection ever. Hackers penetrated the Mac’s defenses exploiting a flaw in Java that Oracle had patched six weeks before Apple released a fix for its customers. The delay gave the bad guys time to compromise hundreds of thousands of Macs.

What Apple Risks

If Apple continues to stumble on security, it risks losing a key pillar of its leadership in consumer technology. A string of major malware infections on the Mac would shake people’s perception of Apple security and foster suspicion about security vulnerabilities on the iPhone and iPad, which account for the largest portion of the company’s revenue. Customers might then start looking more closely at Microsoft and soon realize the truth – Windows is more secure than the Mac.

For years, Microsoft has worked closely with the security industry in bolstering the defenses in its operating system. Experts say the company is now the best in the industry at informing customers about vulnerabilities and patches for its products. Starting with the release of Windows 8, expected in the third quarter, Microsoft plans to include anti-virus software.

In comparison, a lack of attacks has allowed Apple to pretty much ignore security issues. Changes so far are rudimentary, such as patching Java in Mac OS X on the same day that Oracle, which owns the application platform, releases fixes. Apple did that for the first time this past week and hasn’t explained why it took so long to begin that practice.

Backpedaling in Marketing

Beyond tackling the obvious technical issues, Apple is also softening its marketing messages around security. Graham Cluley, senior technology consultant at Sophos, points out that the company recently tempered its security claims on the “Why you’ll love a Mac” Web page. Apple used to say the Mac “isn’t susceptible to the thousands of viruses plaguing Windows-based computers” and that the Mac would protect against malware “with virtually no effort” from users.

Apple no longer makes those claims. Instead, it highlights the Mac OS X’s “built-in defenses,” such as sandboxing. That technique, which has always been in the Mac, restricts the OS services an application can access. While sandboxing is helpful, it is a long way from being bulletproof.

Following Microsoft’s Lead

Despite the perceptions, Mac OS X was never more secure than Windows. Hackers ignored Apple’s OS because its market share was so small. Now that Apple has grabbed about 10% of the U.S. computer market, OS X is increasingly being targeted.

That means Apple now has no choice but to take a lesson from Microsoft and start working more closely with the security industry. The secretive approach Apple takes to product development won’t serve it well in securing the Mac, iPhone and iPad.

While Flashback should have been a wake-up call for Apple, “it seems like they might be leaning on the snooze button still when it comes to open disclosure or providing enough disclosure,” said Paul Henry, a security and forensic analyst from IT secuity firm Lumension.

An example? In releasing its Java patches this week, Apple fixed only 11 of the 14 vulnerabilities - with no explanation of why it skipped three.

Openness about its products is not in Apple’s DNA. The company’s tight-lippped stance has served it well over the years, of course, helping to build excitement among fans for new products. Secrecy about security, however, could have a very different result.

Computer image courtesy of Shutterstock.