Feb 10, 2012 - 05:30 PM EST — AAPL: 493.42 (+0.25, +0.05%) | NASDAQ: 2903.88 (-23.35, -0.8%)

Apple’s Mac OS X security strategy differs from Microsoft’s Windows

Monday, November 17, 2008 · 1:22 pm · 32 Comments

“As Apple has increased its share of the computer market, hackers have become more interested in developing exploits for its software vulnerabilities. Like Microsoft, Apple must issue security patches from time to time, but the two companies have very different distribution approaches for their security fixes,” Jim Offner reports for MacNewsWorld.

“‘Software update’ is common parlance among regular computer users,” Offner reports. “More than likely, an ‘update’ is a ‘patch’ — a code modification designed to protect against the latest virus, worm or other security threat.”

Offner reports, “Patches are all in a day’s work for Microsoft and Apple engineers. Indeed, the second Tuesday of every month has become known in tech circles as ‘Patch Tuesday.’ That’s when Microsoft issues its latest updates for its operating systems and applications.”

“Apple disseminates patches on a less-predictable schedule,” Offner reports. “Does Apple need to adopt a more regular routine as its platform becomes more popular among consumers, or is Patch Tuesday more about enterprise users — an area in which Apple’s business has not grown as substantially? Or is a more flexible, whenever-it’s-needed strategy a better idea, regardless of who’s using the OS?”

Full article here.

[Thanks to MacDailyNews Reader "Judge Bork" for the heads up.]

Categories: All Sites, News

Thank You for supporting MacDailyNews!

Apple Store Online:
• Order iPhone 4s. From $199. Fast, free shipping only at the Apple Online Store.
• New Apple MacBook Pro. Now faster than ever. Starting at $1199, plus free shipping.
• MacBook Air. Available in two utlracompact sizes. Starting at just $999. Fast, free shipping from the Apple Online Store.
• The new iMac. With next-generation quad core processor and advanced graphics. From $1199. Fast, free shipping at the Apple Online Store.
• The new Mac mini. Now up to 2x faster. From $599. Fast, free shipping. Buy now at the Apple Online Store.

Comment Feed

32 Comments

1 2 Next »

Jeremy

Monday, November 17, 2008 - 2:31 pm · Reply

I like how the entire article is fairly reasonable, and takes great lengths to see both sides of the issue and the pros and cons of each approach, …

… then the last paragraph just throws out the (completely unsupported) idea that “Apple might have to change it’s policy,” (based on the similarly unsupported and un-stated assumption that Apple is “slow” at handing out patches), and leaves it there stinking at the end.

Classic dumbass writing.
Raving MacHead

Monday, November 17, 2008 - 2:36 pm · Reply

First off, Windows has a HUGE market share that demands it’s updates occur more frequently because of the impact of even minor security issues.

Apple has allowed SERIOUS public vulnerabilities to go unchecked for several months before issuing a fix.

So the answer in my opinion is yes, Apple needs to issue more frequent updates, but then we all know that Apple rolls OS X features (bloat) into those updates first and treats the security issues as second rate.

Is Apple’s approach better than Microsoft’s?

If you go by vunerabilities, then of course the answer is yes.

But Apple could do better to not allow any vunerabilty the chance to exist more than a few days or weeks, instead of waiting for months before a update.

Who knows what has hack our boxes?

And what about checking the current install of OS X for alterations with each update? Instead of just fixing the bugs?

How do we know if something bad hasn’t altered OS X itself from previous exploits?

For instance with Windows, once it’s compromised, it has to be cloned from a pristine copy with all the current updates before getting on the interenet/LAN. Because the previous exploit turned the OS into swiss cheese.

What is Apple doing about that? Huh?

Anyone? Bueler?
Raving MacHead

Monday, November 17, 2008 - 2:39 pm · Reply

By the way, Time Machine is nearly worthless because one can’t boot from it.

So one can’t simply clone it and apply the updates to get back to a unhacked version of OS X.
Cubert

Monday, November 17, 2008 - 2:40 pm · Reply

A few years ago Micro$ucks decided to release patches every Tuesday and not just the first of the month – too many zero day exploits.
Gabriel

Monday, November 17, 2008 - 2:43 pm · Reply

The article doesn’t seem to address a larger question – what percentage of Mac users actually *stay* updated, compared to Windows users?
Gabriel

Monday, November 17, 2008 - 2:44 pm · Reply

@Raving MacHead – Well, you got half of your name right anyway.
Raving MacHead

Monday, November 17, 2008 - 2:51 pm · Reply

Raving MacHead – Well, you got half of your name right anyway.

Raving – because I live/work near a severely Liberal Flamer enviroment with Leftist Loonies from hell.

MacHead – because I’m a lifelong Mac user from day one. But now forced to use Windows (VISTA and XP under Fusion 2.0, nice) because I predict Apple will no longer offer a matte screen laptop and will have to buy a DELL.

Now you know why I’m MAD as a hatter.

That’s hatter not hater. You Liberal SWINE!!
PXT

Monday, November 17, 2008 - 2:56 pm · Reply

If microsoft do release security patches on the second Tuesday of every month, doesn’t that mean that they hold back security fixes for up to a month?

Making fixes available when tested seems better to me. It does not prevent IT teams from having their own ‘patch tuesday’ if they want to work to that schedule.

Though I did agree with a point above, that Apple might do better to separate out security fixes from feature updates, to make sure we always get ( and apply ) the latest fixes. I’d like Apple to work at the speed of AntiVirus.
films are us

Monday, November 17, 2008 - 2:57 pm · Reply

“MacHead – because I’m a lifelong Mac user from day one. But now forced to use Windows (VISTA and XP under Fusion 2.0, nice) because I predict Apple will no longer offer a matte screen laptop and will have to buy a DELL.”

Chill dude. Just apply a matte film to the thing and quit whining.
Cubert

Monday, November 17, 2008 - 3:00 pm · Reply

Raving Machead,

2 things: Time Machine was never advertised or intended to be a bootable clone, but it does what it is supposed to do – back up files! It has saved me big time on more than one occasion.

The issue with a Winblows computer needing to be offline to be repatched after it has been compromised speaks to the ubiquitous nature of Windoze viruses, the vulnerability of the OS, and how quickly a machine can become compromised. So, why does Apple have to do something for a problem that doesn’t exist on their platform?
Sixvodkas

Monday, November 17, 2008 - 3:14 pm · Reply

@Raving MacHead

RTFM;

Boot from your installation disc, go to utilities menu and choose “restore from TM”, follow the instructions.

You have just done a complete restore of a bootable OS using Time Machine, so there is no need to boot from your Time Machine backup.
PXT

Monday, November 17, 2008 - 3:16 pm · Reply

@ Sixvodkas

I was thinking that. And also I think that it’s more secure to boot off a read-only disk than a potentially compromised HDD backup.
DLMeyer

Monday, November 17, 2008 - 3:19 pm · Reply

It’s true … Apple has left several serious potential vulnerabilities open for multiple patch cycles. You’d almost expect us to have mal-ware up the gooch by now. Funny … I don’t recall having to clean out any infestations. Did I miss something?
And … how does Mac use equate to “liberal”? “W” uses a Mac, as does Rash Limburger! Many of the Mac folks who get their Mac news here are conservatives – and many of the loonies who hang around just to flame seem conservative as well, but … who can tell? <b><i>MDN, any way to tag the platform and/or browser a poster uses? Be interesting to know.
Cheule

Monday, November 17, 2008 - 3:21 pm · Reply

To raving machead:

You’re somewhat confused on how time machine works. It’s true that you cannot boot from a time machine backup, but then again why in the world would you want to?! I can see it now, a machine infected with a trojan that stays in ram after a warm reboot (it’s happened before) boot off the backup, and it becomes infected.

No, the proper way to do this is boot fresh off a non-writable presite source, AKA your leopard install disk. And right from the pull down menu of your leopard installer there is an option to restore from time machine.

So in essence, yeah you can restore right from a time machine backup as long as you have the leopard disk.
HolyMackerel

Monday, November 17, 2008 - 3:35 pm · Reply

How come I can still install updates on my Parallels PC without entering a password even though it is XP SP3?

Even MacOS X Rhapsody had better security.
shen

Monday, November 17, 2008 - 3:36 pm · Reply

Raving MacHead:

you know that over the years you have come to have less than zero credibility on this site due to your constant barrage of stupidity, right?

….and now we find you are a right wing tard.

is there anything left of your character to destroy?

“It is not true that all conservatives are stupid, but it is demonstrably true that the vast majority of stupid people are conservative.” -Mill

thanks for backing that up!
spyinthesky

Monday, November 17, 2008 - 3:39 pm · Reply

Anyone who equates computer usage to political affinity truly is off his/her head, and in so many ways. As for being ‘forced’ to use windows through an emulator on a Mac because you fear a glossy screen means you will have to use it in the future, well that truly is a complex that needs serious medical attention.
elgarak

Monday, November 17, 2008 - 3:45 pm · Reply

“More than likely, an ‘update’ is a ‘patch’ — a code modification designed to protect against the latest virus, worm or other security threat.”

Anyone else having trouble with this statement? The way I see it, an update and/or patch is applied to correct bugs, i.e. errors, or to change the behavior of the system to a more desirable state. It may, or may not, include the fixing of vulnerabilities, but that is not it’s primary function. Although the mainstream media seems to see it this way, unfortunately.

What troubles me most about the articles viewpoint is that it does not refer in any way to security related system architecture, where I see a very different approach between Mac OS X and Windows, with the latter one being extremely sloppy. Which means that Apple does not need that many patches and does need to fix some vulnerabilities because the system architecture is designed to not be affected that much by vulnerabilities in applications compared to Windows.
Splat

Monday, November 17, 2008 - 3:53 pm · Reply

Raving MacHead—ummm why don’t you just buy a matte screen. I don’t get it. I realize Apple doesn’t offer a matte screen on some systems and I agree with you about glossy sometimes but I have never found it to be such a big deal. If I want matte I jack in to my matte display and life goes one. I also use a Dell machine and you MIGHT think you will like it because of the screen but I assure you, you will HATE it…the dock is super nice but gosh darn it, the DELL is a freakin BRICK to carry around. I hate it.
fixit

Monday, November 17, 2008 - 4:09 pm · Reply

Or is a more flexible, whenever-it’s-needed strategy a better idea, regardless of who’s using the OS?

How about a whenever-it’s-READY strategy?

Getting critical updates out ASAP is certainly a Good Thing.

Rushed updates that break & in turn need re-patching certainly aren’t!

A regular schedule for non-critical fixes makes sense.
branded

Monday, November 17, 2008 - 4:19 pm · Reply

Anyone who equates computer usage to political affinity truly is off his/her head

Really? Computers are just another consumer product, and as such certain ones carry stereotypes.

For example, one person drives a Detroit SUV, the other a Prius. What are their views? Or one person uses a iMac, the other a Dell. What are their views?

Fair or not, that’s the way it works.

As for Apple’s security strategy, of course it differs!! Windows needs security software, Mac OS X does not. Case closed.
Hm...

Monday, November 17, 2008 - 4:34 pm · Reply

Folks, don’t feed the trolls. Then ‘Raving Machead’ will starve and disappear…
freebeer

Monday, November 17, 2008 - 4:47 pm · Reply

Let’s not get crazy zeolotry here. Windows is targeted more often. That’s probably indisputable, but no system is invulnerable. Mac OS belongs with UNIX and Linux, so of course their security strategies are different from MSFT/Windows, and so far *nix systems have not gone to a need for regular vendor assigned regular patch day.

Note: any predictability is a vulnerability (like knowing an OS only gets updates once a month on 2nd Tuesdays). Crackers don’t work on a schedule or release their viral wares on schedule either.
HMCIV

Monday, November 17, 2008 - 6:47 pm · Reply

Ki>”…one person drives a Detroit SUV, the other a Prius. What are their views?”</i>

Detroit SUV: The Road
Prius: The SUV
G4Dualie

Monday, November 17, 2008 - 7:45 pm · Reply

Detroit SUV: power
Prius: power