FUD: Security Marketing 101


Now, I'd be just about the first person in line to claim that people don't take security seriously enough on computers. However, Symantec may well have reached new heights in the use of FUD (Fear, Uncertainty, and Doubt) to promote the sale of product.

A number of articles, such as this article from ZDNet UK News, have been quoting a recently- released Internet Security Threat Report from Symantec indicating that Mac users are in for a big surprise any moment now.

The ZD article is particularly crass because of its quoting of an Australian analyst who insults the entire Mac community by saying that "The iPod, PowerBooks and mini Macs are cool products, ... The by-product is that people are buying these products for form over function. They say it looks pretty and then buy it but dont secure it. As Apple increases its market share, it will be a legitimate target"

Of course, the problem with his millimeter-deep analysis of the situation is that he is assuming that all products ship in an insecure mode. The iPod can't be connected directly to the internet without loading Linux on it (possible, and very cute, but useless and unlikely for all but the most sophisticated users). The PowerBook and Macintosh Mini (and all the others that come with OS X) come with security turned on up to the hilt. Built-in firewalls (which didn't appear on the Windows platform until XP SP 2) and a lack of system- level services that are running by default further add security to the Macintosh.

The assessment that the Macintosh is secure from attacks because it has small market share is about as bright as the assessment that Apple has no influence on the market because it has small market share.

Although the Macintosh is a small target, it is like a pot of gold for glory- seeking virus and malware authors and Apple has been working hard (with items like this AM's 2005-003 security update) to make sure that their so-far mostly-untainted security reputation for OS X remains glossy indeed.

More viruses and exploits exist for Windows because they are easy and Microsoft doesn't respond quickly to them. To add to that, most Windows users don't get all of the security updates that they should, so they consistently run with systems that are perfectly tuned for accepting viruses. So, every "script-puppy" in the world who wants to see their name or handle in the public eye can make a variant and become famous for thirty seconds.

Viruses for the Macintosh (esp. OSX, because, as is noted in the Symantec report, pre-OSX versions of the operating system did have a few viruses) are few and far between because they are difficult to make and even more difficult to propagate.

Microsoft designed Windows in a trusted, administered, non-Internet market and they are still reeling from many of those decisions. It's part and parcel of why things like forms-based email exploits still work and why there are so many administrative services running in the background and open to the network.

Apple had some of the same problems with OS 9, but they've been gone since OS X came out, because it was built from a secure system in the first place. FreeBSD, the core of most of the UNIX underpinnings, is one of the most venerable, highly used, and least-exploited operating systems on the Internet.

Don't fall for it, don't buy Symantec's FUD. If you must be paranoid about these things:

  • double-check your firewall settings.
  • Don't click on files you don't know the origin an purpose of
  • Be careful downloading programs from the Internet
  • Update to the latest Security Updates and OS Updates when they become available
  • and, if you must, use another vendor's anti-virus software (McAfee has a deal with Apple's .Mac to provide their anti-virus software to all subscribers, just as an example).