Enderle: Security vendors see Apple as next big opportunity

“It’s no coincidence that not long after security vendors began beating the drum about possible exploits of the Mac OS X operating system, unpatched flaws were uncovered, an analyst has suggested,” Gregg Keizer writes for TechWeb. “Rob Enderle, principal at the Enderle Group, reacted to the recent news of a pair of worms aimed at Mac OS X and a zero-day vulnerability of Apple’s operating system with accusations that the security industry hypes the danger in order to sell more security software. ‘The job of security companies is to make the Apple platform look insecure,’ said Enderle. ‘They’re now convinced that Apple is their next big revenue opportunity.'”

Keizer writes, “According to Enderle, that’s what’s behind recent security alerts and warnings, first for a pair of worms — which Apple argued weren’t worms at all — then for an unpatched vulnerability that could let attackers hijack Macs. ‘I’m not implying that there is collusion between security companies and hackers,’ said Enderle, ‘but security companies only make money if there are security exposures.’ But he did claim that there was a connection between vulnerability disclosures and exploits, that the cause of the second was actually the first. ‘By telling people about an exposure, you’re telling someone else how to [exploit] it. I think security companies should spend more time catching criminals than telling them how to become one.'”

Full article here.

[Thanks to MacDailyNews Reader “Arthur” for the heads up.]

MacDailyNews Take: Proof that even a blind squirrel finds a nut once in a while.

Advertisements:
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

21 Comments

  1. What if Windows notified you every time it was asked to change the registry, and then required you to manually enter an admin password to do so? How many successful pieces of malware would exist? Well, that’s exactly what you get with OS X. Need I say more?

    Me, I’m never buying another Symantec/Norton product of any kind. In the immortal words of my dear departed granddad, they can “go pi$$ up a rope!”

  2. ‘The job of security companies is to make the Apple platform look insecure,’ said Enderle. ‘They’re now convinced that Apple is their next big revenue opportunity.'”

    NO, NO, NO…I can’t agree with this Jack-Ass. Damn you Enderlee.

  3. “Even a blind squirrel finds a nut once in a while..”

    Nice MDN.

    I have to say when i read this article, that perhaps Enderle had bumped into Thurrott… where some positive Apple vibes got rubbed off onto him.

    Funny old world we live in.

  4. Enderlie may be a tool but he is a marketing consultant. He does know marketing. It’s no surprise he’s right about the new Mac OS X malware.

    He’s also convinced the massive iPod success is mostly due to Apple’s iPod advertising campaign. He’s telling that to anyone who will listen. He has single handedly put back the iPod competition a couple of years.

    The iPod/iTunes/iTMS combo is the reason for iPod’s success. Match that and the world will beat a path to Creative’s door. The iPod competition is just getting this now. You need a competative product before you need a marketing campaign.

    Thanks for everything Enderlie.

  5. Of the three PC gurus ( not stooges… ” width=”19″ height=”19″ alt=”grin” style=”border:0;” /> ) that are frequently quoted on MDN, I like Enderle. I wish you mac people would ease up on him.
    The other two (Thurrott and Dvorak) seem to have a bias against Apple.

  6. Will someone explain what the hell a “zero-day vulnerability” is and which one was discovered in OSX? I’ve heard of “zero-day exploit”, which I understand to be an exploit of a vulnerability that had not yet been revealed to the public, but what’s a “zero-day vulnerability”?

    I don’t think “zero-day” applies here. Leap-A didn’t take advantage of any security vulnerabilities at all, and the other two vulnerabilities were never exploited.

  7. The problem we are going to have as a community is that we WILL have novice users that don’t realize that there could be a Trojan in an email they receive from someone they know.

    We can’t turn a blind eye to those less experienced than the hardcore Mac users.

    For those, Apple will need some type of virus/Trojan software to prevent abuse by unknowingly clicking a file.

    Plus, even the hardcore Mac users need something to protect against the deceiving reputable companies that make you agree to unknowingly install a Trojan (remember Sony).

    How do you really know what is being installed on your Mac? Food for thought.

  8. If even Enderle can “get it”, what’s wrong with

    this guy from the Wall Street Journal:

    http://online.wsj.com/public/article/SB114099964776283796.html?mod=todays_free_feature

    I wrote him about his article. Here’s an excerpt of the email exchanges:

    ———
    {me to him}


    You may want to be more careful about your sources in reporting. Your
    piece uses quotes from purveyors of malware detection and removal
    software as if what they are saying is gospel. Very bad practice for
    any “serious” journalist. Scepticism is your friend. Given the fact
    that Symantec, McAfee, et al make money running a technology
    “protection racket”, one should read what they say with a grain of
    salt. Especially on a platform as solid as Macintosh OS X. These virus
    “protection” companies need malware “… Like thunder needs rain, Like
    a preacher needs pain …” – U2

    What has been the real world effect of these so called Mac worms?
    There are probably far fewer actual users of the Macintosh operating
    system affected by these malicious code than articles proclaiming the
    existence of the malicious code! If this happened on the Windows
    platform, would you be running the story?

    {his reply}


    Why don’t you try reading the story thoroughly before sending off
    half-baked critiques like this? The story is adequately balanced and the
    relatively low risk associated with Mac versus Windows are made
    extremely clear. However, it doesn’t do anyone, least of all Mac users,
    a favor pretending that malware couldn’t happen to them. Symantec, et al
    are self interested, of course, in the same sense that Brinks needs bank
    robbers. That doesn’t invalidate them as sources though, if you use them
    properly.
    And to answer your final question, no we wouldn’t write about worm like
    this for Windows, because as I pointed out high in the story the Mac
    worms were relatively innocuous and Windows malware is a dime a dozen.

    {My final reply}


    The defensive tone of your reply is an embarrassment. I assure you, my
    critiques was fully-baked.

    You said: “The story is adequately balanced …” I didn’t know that
    was your aim. I thought your journalistic goal was to report the facts
    in an insightful way. Even if that means being “unbalanced”. I
    apologize. I guess anyone interested in factual, insightful reporting
    should look elsewhere, leaving those happy with contrived “balance” to
    support your WSJ column.

    In your reply you said: “Symantec, et al are self interested, of
    course, in the same sense that Brinks needs bank robbers. That doesn’t
    invalidate them as sources though, if you use them properly.” I wonder
    who is “using” who?

    ———-

    And so it goes…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.