As crazy as it sounds, a member of Microsoft’s security team has blasted Apple for failing to coordinate its security efforts and to issue proper security advice. Stephen Toulouse, communications manager for Microsoft’s security response team, has blogged that Apple needs a “security czar” to batten down the hatches against an growing number of attacks on the company’s OS X.
This is too laughable for words. This is like Ford telling Honda they need to tighten up their engineering.
I see it more as someone who has gone through hell with security trying to give advice to someone else who hasnt felt the burn yet, telling them to take security a little more seriously (I’m not talking about from an engineering aspect here).
Would you rather trust someone who has gone through all the pain and agony and has a lot of experience with it, or someone who is still relatively new to having to worry about security, and hasn’t been tested yet?
It’s tough.
It’s students talking to students.
Neither company has yet to prove themselves capable of the security game. Microsoft may have it right now, but they haven’t instilled confidence in a massive sector of the IT field yet.
And there newest security ideas are untested in the wild. So really, he may be giving great advice, but he’s not giving it from a position of great respect … yet.
Well, if you take a look at their newest products, such as Server 2003 and IIS6, they are much better in regards to security. But you’re mostly right, it’s a “students to students” thing.
I just don’t agree with the people saying “omg its microsoft, they dont know anything about security lol!”
I’t just marketing play, to attemting to destroy Apples appeal wrt security in the general public; just before Vista ships.
If they wanted to talk seriously, they wouldn’t have made it in public.
I general, I think that corporate sourced opinion pieces should be regarded as junk by a principle.
This is too laughable for words.
What a childish (fanboyish?) reaction! Have you read the articles? The headline is misleading of course, it is not microsoft, it is a guy who apparently has some experience with security – and his advices are sound! And believe it or not – time will prove him right. Apple needs a security officer – every OS with some market penetration needs a security officer. And saying that we don’t need one, because we write software with security in mind is a flawed way of thinking, especially in the light of recent fsck.ups with security patches. Yeah, Microsoft did that too – and that is why Toulouse speaks from experience.
Edited 2006-03-24 13:00
Care to point us to these “recent fsck.ups with security patches”? Have YOU read the article? Do you run OSX? Do you update it regularly?
The guy clearly doesn’t have a point. Apple’s updates are more than well informing.
I’m running a Windows 2000 at work and OSX at home, and I’ve NEVER seen a single update by Microsoft that provides detailed information on what it is about. In contrast to that every single update by Apple comes with a lot of information about the individual issues being solved.
He may be right that Apple needs a security chief, but that’s not up to him, he’s not even working there, why should Apple follow MS’s way of organizing things? Does he even has a clue how Apple, as company, is organized, and what processes this organization involves? If not – then he’s no better at judging them than me and you and everyone we know.
Edited 2006-03-24 16:13
Care to point us to these “recent fsck.ups with security patches”?
It’s in the article – which answers your question about reading them. Quote: “Toulouse was responding to Apple’s recent update to a security fix that was designed to solve problems in installing an earlier patch. Apple’s Security Update 2006-002 had caused problems with networking and with the Safari browser icon.”
When you update WinXP you can click on a link to detailed description of each security vulnerability and patch – and their are surprisingly honest and detailed.
I run FreeBSD and PC-BSD, and maintain a small comp lab with WinXP desktops.
I take security seriously, and I didn’t like the tone of the post I answered to. I didn’t like its score specifically, because it is in no way insightful or interesting. In one broad sweep it discards the entire blog post, even though the blog itself is no inflammatory, and the advice it gives is good. I understand the sentiment behind it (I don’t like Microsoft either), but it was a knee jerk reaction, something that could have been written even without reading the articles. I simply don’t consider it a “balanced” opinion – hence my harsh words in reply.
Fair enough. I believe the post was provoked by the somewhat misleading title of the article.
hahahahahahahaha
I think that Microsoft are the last people on earth that should be able to talk about security.
First, patch the security holes that are still uncorrected in windows XP since 2004, then you should be able to talk about security …
Edited 2006-03-23 20:38
Maybe MS needs someone from, for instance, the OpenBSD project to explain that to them?
As crazy as it sounds, a member of Microsoft’s security team has blasted Apple for failing to coordinate its security efforts and to issue proper security advice.
Actually, I don’t think it’s crazy at all. Microsoft has lots and lots of experience issuing security updates and information and Apple has relatively little.
MS maybe the last ones to give good advice, but maybe they are right on this one and Apple should listen.
MS has much experience because they have an OS that is insecure by design.
Apple has been:
1. very rersponsive to security leaks
2. had very detailed iformation about fixes*
(* the example of missing information about the 1.1 security update is just wrong because the 1.1 is not about security but about a installer bug that affects users that moved Safari away from the Applications folder).
I think this is just a marketing move from Microsoft after they had to delay Vista once more.
It’s not insecure by design. It’s insecure because of defaults, bugs and legacy support (ok that can be argued to be design I suppose, but I don’t agree).
It’s not insecure by design. It’s insecure because of defaults, bugs and legacy support (ok that can be argued to be design I suppose, but I don’t agree).
If defaults, bugs and legacy support are not by design, then what are they? An accident?
Don’t the Microsoft designers know what defaults they are setting? or whether they will or will not have legacy support?
These things clearly are by design.
When someone says design, I think architecture. The architecture isn’t insecure.
Microsoft giving advice LOL… to Apple? LOL
OMGSTFU! LOOOOOOL no way!
I’ve found that Microsoft is more verbose about bug fixes and security vulnerabilities than Apple. Look at your typical MS KB article for a vulnerability, vs. Apple’s. They’re afraid to disclose too much.
Microsoft has been playing the game longer than Apple has, and they have more experience with it as a result. Apple should swallow its pride and just give a listen.
MS are the first people on earth to give advice on such matters, think about it!
Apple and us Mac users need to get it through our heads that OS X isn’t attack proof, and probably never will be, that is the nature of software at this level of complexity, at least with current technologies anyway…
I know Apple will heed this guys advice…
Um yes they need advice, but not this guys advice.
They should listen to guys from FreeBSD, OpenBSD heck even Linux, because these platforms proved to be relativly secure over time when used as majority in the server area.
Windows and security simply don’t go together, not the software, not the company.
Is it me, or is that guy at Microsoft just trying to be hired for this new “Apple security czar” position he’s suggesting? Well, I don’t blame him. Probably much less hectic to work on Apple’s security team than on Microsoft’s.
Kettle, meet pot…
it’s that the very last thing Apple (or anyone else) needs to do is hire another “executive.”
Right. So someone in Microsoft said something about Apple, it’s Microsoft setting Apple straight? What, if The Register publishes idiotic headlines, that makes the entire UK population master of sensationalist deception, or vice versa?
Everyone here seem to be blasting Microsoft’s advice, the gist of it seems to be “their own OS is insecure therefore they don’t know security”. Frankly I think the advice is worth consideration, how many people have considered that Microsoft’s speaker may be speaking from experience.
You make mistakes and you learn from them. In this case the guy is just trying to share something Microsoft learned.
Another way to look at this article is that here’s a guy from Microsoft expecting OS X to gain market share.
of hearing all this BS about how complacent Mac users are about security.
I know a LOT of Mac users. Not one of them take a blasé attitude in regards to security. We all know the dangers of viruses, spyware and worms. We all know that if a JPEG file pops open a window asking for admin priveleges it is probably NOT an image file. We didn’t need the Leap.A nonsense to remind us of this.
It seems to only be in the tech press that Mac users don’t think security is an issue. We know the dangers, we take the correct precautions for our systems. We just don’t act like children in doing so.
The facts are that there is not threat at the moment. When one appears we will all take the appropriate actions, and that won’t include running around screaming “…the sky is falling.”
It’s ridiculous and grossly inappropriate of Microsoft to lecture Apple on security. This advice comes from a company that has never taken security and methodical programming seriously thoughout its 30-year career.
MS giving security advice. Why would they do this anyway, Apple is no allie of MS.
Well, let’s face it. MS obviously has much more experience with security problems than Apple does. After all, they have had so much more experience with this sort of thing. 🙂