FT.com / Technology - Google ditches Windows on security concerns. I do hope this turns out to be true. If so, it's about time some IT folks wised up about Windows. The myth that Windows security problems are all due to the OS' large market share continues to dominate mindshare, but it's just that… a myth. Microsoft is singlehandedly responsible for the Antivirus/Anti-malware growth industry, and all of the security patches needed to keep Windows secure is keeping a lot of IT guys employed. This doesn't mean that Windows insecurity is a good thing, folks.

Government going Apple? - Security Systems News. I guess I missed this little tidbit from last fall, courtesy of Security Systems News. If true, it sounds like there at least a few Federal IT execs who are beginning to listen to reason, rather than being always feeling like they're on the defensive about Macs.

Virtually every Windows PC at risk, says Secunia

There have been a rash of articles in recent weeks about a new Windows worm that takes several routes to PCs, including Facebook. Apparently, it is now building a huge "Botnet," a network of zombie PCs that can be commandeered to do various evil things, like sending junk mail.

In the midst of this, security firm Secunia now finds that 98% of Windows users work on PCs that already have some form of malware installed. Now, let's see... What percentage of Mac users have this problem? Oh yes, it's still 0%, but don't worry, as the "experts" have been telling us for years now, the hackers will get to the Mac platform eventually. Yeah, right.

Oops, I guess that makes me a "smug Mac user," right? How does that make me smug? Just stating the facts. Despite what they say, it's no accident... and no reflection on market share... that Mac OS X users aren't vulnerable to this kind of bull*hit. It's just good engineering and an attention to detail.

Apple's patch process a mess, say researchers - Computerworld

This is clearly a case of limited-brain humans thinking that something different is something bad. Also a bit of Microsoft-minded FUD here, with statements about Mac OS X's "aging code base" (huh?) and Microsoft being "way ahead" of Apple in its security-patching (huh?).

Why should a company like Apple, which has never had even a minor security incident affecting its users, follow the lead of a company like Microsoft, which defined the way to Not build a secure operating system?

Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection

And to think I used to like Consumer Reports!

They keep writing me to "come back" and resubscribe, but I've told them that won't happen until they become objective and truly knowledgeable about the Mac... at least as knowledgeable as they are about Windows PCs.

And now, it turns out they're recommending that Mac users "dump Safari," which just happens to be the best web browser on the Mac platform. Oh, and since this article also appears on ZDNet, while other industry journals gave it little play, I begin to conclude that ZDNet is a rats nest of Microsoft zealots.

So, here's the little note I left them today about their latest phishing/Safari scare tactic:

There is nothing in common between phishing and viruses, adware, spyware, or other malware. Phishing is just an old-fashioned scam dressed up in new HTML clothing. Consumers need to be educated about it, and no anti-phishing technology is going to save them. For one thing, most phishing schemes come to consumers through their email client, not their browsers.

Oh, and 6 or 7 years ago, why didn't Consumer Reports advise Windows users to ditch IE? That would have been the single best way for them to avoid Internet malware, but I never heard them do such a thing. The phishing problem pales in comparison to the security nightmares we experienced after IE6 was released (and before SP2), and which millions of Windows users continue to experience today. Active/X is the most dangerous technology out there as far as security is concerned, but is MS being pressured to remove it from IE?

Unfortunately, I don't think we've heard the last of this... At least, until Apple goes ahead and joins the other browsers in adding "anti-phishing technology" to Safari. Like I noted above, it really makes a lot more sense to add this capability to users' mail clients, since phishing is just a form of junk mail in the end.

ZDNet: iPhone vulnerable to phishing, spamming flaws

There has lately been a rash of articles about how "insecure" Safari is because it has no anti-phishing mechanism. Frankly, I think this is a bunch of hogwash. It's an attempt to show how lax Apple is about security, and, by implication, how great Microsoft is.

It's not that I don't think phishing is a serious problem... I do! It's just that phishing is not a security issue, which is how the anti-Apple, pro-Microsoft (and pro-Firefox) zealots are trying to portray it.

Here's the comment I left on ZDNet's site about this article, dated 7/23/08:

Phishing scams are very bad, but they are not the same as viruses or malware that gets installed on your operating system. Not even in the same category. They are simply a sophisticated con, and unfortunately there are a lot of naive, clueless web users who will click on any link they're offered. Then again, I know people who are so paranoid they won't click on any link in an email at all... even if it comes from a trusted source (like a friend). I'm not at all convinced that anti-phishing software will work any better than junk-mail filters have, though I understand the need to try.

All you guys who are so hot to jump on Apple need to at least know what you're talking about. Though the companies who make money on security vulnerabilities like to lump phishing in with "security" flaws, in my opinion they aren't. Why? Because they pose no threat to the integrity of your computer or to your network.

Later, in reply to a reader who thought I was kidding with this opinion, I wrote:

Of course it's bothersome... on the same plane as the scum who trick old ladies out of their social security checks by conning them into some phony investment.

Phishing is more insidious, but if you have an ounce of common sense, it's easily avoided.

Not so with viruses and spyware, which can invade your system without any action on your part... not even clicking on a link. If following a link loads a virus, that's not phishing, defined as [blockquote] the activity of defrauding an online account holder of financial information by posing as a legitimate company[/blockquote].

My point is, phishing is not so much a security liability as it is a privacy issue... Phishing amounts to identity theft.

I'm not arguing that phishing isn't a serious concern that needs to be addressed. But I'm saying it's not a security issues in that it doesn't install software on your system, invade your network, or propagate itself to others.

I am arguing that it's more like spam, which is likewise a serious problem that can lead individuals to dangerous websites or tempt them into bad decisions. Like spam, I'm doubtful that any software solution to eradicate phishing is possible.

In this light, the urgency to correct a phishing vulnerability is much lower than that to correct a security vulnerability, and the fact that such a vulnerability exists should not alarm users to the same degree.

Turns out this "phishing" scam isn't over with the iPhone or Safari. See more of my ranting in Part 2 of this topic.

Gone in 2 minutes: Mac gets hacked first in contest The fact remains that neither I nor any other Mac user has ever had our machine infected with a virus, a worm, or any of the numerous forms of malware that Windows users have suffered from since 2001, when Mac OS X was released. The single biggest risks users have faced online during this period are (a) running Windows XP, (b) running Internet Explorer, and (c) running Microsoft email software. Why? Microsoft has called it various things over the years, but I know it best as Active/X. Microsoft argued in the aborted antitrust trial that tying IE tightly to the OS was in the best interests of consumers. Right. It certainly has been good for IT security firms. Heck, this gave rise to an entire industry that would never have existed without Microsoft's highly vulnerable system, and it made consumers and businesses spend billions of dollars on antivirus/antimalware software to combat the problem. Plus it created a generation of people who are afraid to use the web to the fullest, and who are neurotically suspicious of hyperlinks in emails... even when they come from people they know and trust.

Even if you believe these things would have happened if Apple's OS held the monopoly (which is a demonstrably false opinion), the burden of computer security has fallen exclusively on Windows users over the last 7 years. Exclusively... not just 90-95% of the burden. I have never spent a dime on security software or subscriptions, nor have I spent a moment worrying about going online. I've never had my machine hijacked by malware, or had my browser go haywire because I visited the "wrong" website. I take sensible precautions about suspicious emails, and I don't download files from suspicious websites.

If someone has developed a true exploit for hacking Mac OS X, I'm sure it'll be quickly squashed by Apple. And one or two such exploits in 7 years is a far more intelligent risk than dealing with thousands of such exploits a year over that period, don't you think?

Computerworld: Microsoft admits it knew about, didn’t patch, bugs

OK, Microsoft apologists, take a healthy bite of this one and see if it doesn’t taste as bad to you as it does to me. When are you guys gonna realize that Microsoft is only out for itself and cares nothing for anything but money and maintaining its illegally obtained monopoly? The fact that our government (I mean, specifically, the Bush Administration) has chosen to look the other way is just one more example of how our country has abdicated its moral leadership in economic, political, military, and environmental affairs.

Daring Fireball: Lies, Damned Lies, and Bill Gates If anybody is confused about whether this guy is honest or not, or thinks he might have turned over a new leaf since his wife is giving lots of money to charity, get a load of what he told Newsweek in a Vista-promo interview:

Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine.

As John Gruber at Daring Fireball points out, "Gates’s claim about Mac OS X security is simply false. Flabbergastingly false." And that's just the latest example. This guy will say anything to win. Is that OK nowadays? Is "unscrupulous" an OK personality trait in today's world? Let's remember what "unscrupulous" means: "having or showing no moral principles; not honest or fair." In my book, that's a bad thing, which is why I continue to boycott Microsoft products and encourage others to do the same.

Just like Hit--you know who--ler, Bill Gates and his buddy Steve Ballmer are masters of telling the Big Lie to get their way. Heck, it's worked for them in the past, so now they're convinced no one will ever call them on it. Just like the Newsweek interviewer, who let the statement roll right on by without question! As Hitler discovered, people will believe Big Lies before they believe small ones. Too bad humanity has advanced so little since that experience that people are still willing to be misled like this.

MacSlash | Why Are Macs More Secure? This article is interesting as a virtual catalog of the ongoing argument about whether or not Macs are more secure than Windows. You have the doubters and the market-share believers, but you also have a huge number of intelligent folks who make a very reasonable, solid case that market share and security-through-obscurity just doesn't hold up to analysis.

From the Mac Observer - Apple, Microsoft and the War Mentality Here's a thought-provoking essay that makes a number of good points and asks a number of good questions about the IT world's continued reliance on Microsoft Windows despite clear evidence that it's a losing battle. In one of the author's most astute moments, he compares IT's war to shore up Microsoft Windows to the Bush Administration's war against terror. That's actually quite a good analogy. The author's perspective is the same as the one from which I wrote "Protecting Windows: How PC Malware Became A Way of Life" a couple of months ago.

Tom Yager, InfoWorld: Is Windows inherently more vulnerable to malware attacks than OS X? I was on vacation when Yager wrote this terrific article in late August... It's the best attempt I've seen to document in detail the many vulnerabilities in Windows that simply don't exist in Mac OS X. It also lists the built-in security features of Mac OS X that are missing from Windows. Absolutely essential to anyone who wants to have a serious talk with their Windows IT guys about letting Macs in the office door.

Safe storage, Mac style So much skepticism from Windows users that Macs could be better than Windows at anything important... yet here's a new article in Computerworld that points out more uncomfortable facts for Microsoft fans: Mac OS X's built-in File Vault, together with encrypted trash and virtual memory, simply tops Windows out of the box. This is not an opinion.

MacSlash: Gone In 60 Seconds The story about the MacBook that was compromised has been making the rounds the last day or so, supposedly pointing out a security flaw in Apple's Airport (wi-fi) implementation. On closer inspection, the flaw originated with a 3rd party wi-fi add-on, and had nothing to do with Apple or Mac OS X. I'm only documenting this incident for future reference.

iTWire - Vista not for home users: security expert This is interesting, especially since improved security is one of Vista's supposed best features. The article explains and follows up on Sophos' recent recommendation that Windows users who are concerned about security should switch to the Mac. Pretty damn straightforward.

MacDailyNews: Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X Here's a great quote from this Symantec security expert, Todd Woodward. Speaking about the teeny and rare security incidents Mac OS X has been subject to in recent months, he says:

From the 30,000 foot viewpoint of the current security landscape, these Mac OS X security threats are almost completely lost in the shadows cast by the rocky security mountains of other platforms.

Well worth reading the entire article from Woodward's blog on the Symantec website.

BBC News: Web perils advise switch to Macs This advice comes despite the fact that Windows Vista, with its enhanced security features, is still expected to be released within 12 months or so: "It seems likely that Macs will continue to be the safer place for computer users for some time to come." The report says that viruses and worms have become less of a threat to Windows, but Trojans have increased dramatically. Sophos is one of the world's leading security consulting firms. Gee, I wonder if anyone will pay attention now?

Mac360: Macs And Viruses. Fact vs. FUD. From Mac360, this is a two-part article addressing five myths the authors identify that have become common regarding the Mac and Windows Viruses:

1. Macs are just as vulnerable to Viruses, Worms, and Trojans as Windows computers.
2. Macs using Intel Processors are more vulnerable now because they use the same processors found in generic PCs.
3. Mac vulnerabilities have increased 228% since 2003, but Windows vulnerabilities have increased a much smaller amount. That means the Mac is MORE vulnerable than Windows!
4. Now that Macs are getting more popular, aren’t virus writers going to start attacking the Mac more?
5. Mac users now have to purchase and run Anti-virus software, install firewalls and scan their computers for spyware the same as Windows users.

Good list of myths! I haven't read their analysis yet, but they're off to a great start!

Both the Yankee Group and Paul Thurrott chronicle Vista's Failed Security Model I love this, from the Yankee Group:

Vista's new security features will make for such a disruptive user experience that business users might want to steer clear of the operating system for the time being... the new features will make it difficult for many enterprises to upgrade their users, because of usability issues..."

You know Microsoft... nothing like making software that's always "in your face," especially when they really want you to know they're there for you.

MacDailyNews: Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype One of the bad journalists who started this week's anti-Mac ruckus is back, apparently trying to make amends. At his side is a respected Unix security expert who verifies that the outcry the journalist has been hearing from Mac users is justified. Macs are not susceptible to viruses, and Windows is. Macs are better protected by design, not by market share, and Windows are attacked often because it's easy to do so, not because there are so many of them. Makes sense. Of course, as the MacDailyNews editor asks the journalist in question, Stan Beer, "Why the truth now?... Get it right the first time, before you publish it."

AppleInsider: Apple launches "Get a Mac" TV campaign These are indeed the commercials Mac fans have been waiting for... a long time. Check them out at http://www.apple.com/getamac/ads/ Apple posted a couple other pages for potential switchers, including this one, which has the following hidden gem--a quick dispelling of some favorite Mac myths:

Dan Goodin: Macs are virus targets, some experts warn It's articles like this that make me say nasty things like "Windows users are stupid." Where do guys like this come off acting like they know what they're talking about? MacDailyNews has a good lampoon of a few mis-facts here.

E-Commerce News:Apple May Be Low-Hanging Fruit for IT Columnist suggests IT departments should rethink their long-standing aversion to Apple computers and gives three specific reasons why now is the time: (1) Apple's switch to Intel processors, (2) Boot Camp, letting Windows XP run natively on Macs, and (3) Vista, which has suffered disappointing delays and may not be worth the upgrade anyway. Those are th main reasons, but the writer also points out a number of other Apple pluses, including Mac OS X's better security.

From Yahoo News: Symantec Rethinks Firefox vs IE Security, Using Its Brain This Time I wasn't the only one who was incredulous when Symantec gave the security edge to IE in a study they released last year. Now, it seems that some in Symantec were not pleased, either. That study was driven more by vendor payments than objective analysis, unlike the new one, which clearly gives the edge to Firefox. Symantec isn't the only company that really needs to worry about its credibility when accepting money from a vendor for doing analysis. The sham results we see so often make it impossible to engage in reasonable debate on matters like this... and reasonable debates on OS security, ROI, usability, and much more are very much needed nowadays!

Attacking the Misleading ZDnet article, Wisconsin U Has Issued a Mac OS X Security Challenge The ZDnet article was (deliberately?) misleading, claiming that Mac OS X had been hacked in under 30 minutes... Oh, and by the way, the person who "hacked" it was granted access with a local account! Duh. Really fair, wasn't it? So some smart folks at the University of Wisconsin have issued an honest challenge in response: Alter the web page on test.doit.wisc.edu, which is a Mac mini running OSX 10.4.5. I like that one!

Winn Schwartau Gives the Numbers of Network World: Macs Are Half The Cost Schwartau is a security expert who recently converted to the Mac... this article is a frank assessment using standard TCO tools, which show the Mac costs only 50% as much as comparable PC's when you consider reliability, downtime, productivity, and system maintenance.

MacSlash | Interview With The "Virus" Creator All this brouhaha about the pitiful worm that was let loose to exploit some security weaknesses in Mac OS X is perhaps understandable. After all, many of us have been bleating loudly about the Mac's superiority over Windows in security. Doesn't the worm prove us wrong? This interview, and the fascinating dialogue on MacSlash that accompanies it, only reinforces my view that Mac OS X is far safer to use than Windows. Does it have weaknesses? Certainly! Are they truly exploitable by a virus? Highly doubtful. How about by worms or adware? More likely, but as attempts like this are made, the opportunities for doing so will shrink even further.

Spyware Barely Touches Firefox - Yahoo! News Cool study from the University of Washington compared exposure to malware between IE and Firefox. Guess which one won?

Ancient flaws leave OS X vulnerable?: ZDNet Australia: News: Security I'm not sure what to make of this... It comes from a credible source, a security consulting firm called Suresec. However, I'm inclined to agree with many of the commentators on the ZDNet website, who charge the writer with a kind of blackmail against Apple. After all, they're in the business to make money by finding security vulnerabilities. Apparently, Apple declined to pay for their services, and they're miffed. The whole security industry is suspicious, in my opinion. They exist because of vulnerabilities in Windows and now they want to extend their "market" to Mac OS X as well. Hmmm.

Microsoft admits to Wi-Fi security hole - ZDNet UK News I don't have the hard disk space to store every Microsoft security-hole story that comes along, but this one seemed particularly interesting in light of the fact that Microsoft is putting rushing Vista to market ahead of fixing security problems. Microsoft has obviously gotten the message that they can let security slide endlessly with no consequences, and so they will.

Mac Security Concerns Answered by BBC Security Reporter This British expert led Mac readers to think he was exaggerating concerns about the Mac's security against viruses and the like. Turns out he was a bit misunderstood, but he admits to a bit of exaggeration as a result of his desire that Mac users not become too complacent. (Note: He's a Mac user himself.)

InfoWorld Daily | InfoWorld | Time for a class-action suit against Microsoft? | January 5, 2006 04:55 AM | By Tom Sullivan It's great to see a discussion like this springing from one of the top IT news magazines. With the failure of the Federal antitrust trial to make Microsoft pay for their many misdeeds, perhaps consumers will actually realize that the security problems in Windows computers is Microsoft's fault and demand compensation.

MacDailyNews - Apple and Mac News - Welcome Home This one sounds pretty serious... When are these idiots going to learn you don't have to be vulnerable to virus scares? Switch to a Mac before it's too late!

Browser Wars: Network Managers Flee IE Interesting article suggesting that when IT wakes up to the fact that Firefox is easier to support than IE, the game will be over for Microsoft's dominance of the web.

Consumer Reports: Intel chips may cause Mac viruses?? Unfortunately, Consumer Reports continues to allow technologically illiterate writers/editors to prepare their personal computer report. Besides misreporting the Mac security versus Window security data, they now speculate that Macs may be more susceptib

Ask MacSlash: How Safe Is An OS X User From Spyware? A user asks about OS X security, and the (occasionally uninformed) readership responds.

Cincinnati E Technology Kim Komando - Personal Tech News, Video Game Reviews, Gadget Reviews and more from Gannett News Service Macintoshes ARE personal computers. This article is based on a prejudice against Macs, by not even mentioning them in an article about windows in-security.