Washington Post – A Time to Patch III: Apple

By Jeff Jones, Sr Director, Communications

May 5, 2006

You’ve probably already read Brian Krebs article A Time to Patch III: Apple, but if you haven’t, I encourage you to read it and read the various responses he received – the responses run the gamut of

Linux advocates (“You do understand that Mac OS X is not a version of Linux, and is not an open source OS in the usual sense of the word?”),
conspiracy theorists (“…This sounds much more like Microsoft propaganda…”),
open source advocates (“… finally pointing out that Apple is a company that’s even more protective of its intellecual property than Microsoft …”)
existentialists (“… In fact, I have been using Macintoshes heavily since 1984 and I’ve never had a single security problem.”)
allegoricists (“…Potentially, an envelope I lick to seal could have LSD on it.”)
poor analogies (“…Over the years in a far away country, fires have increasingly ravaged …”)
better analogies (“…Imagine someone traveling to a small town and learning …”)

and many, many more. Good reading and entertaining at the same time. Brian even provides spreadsheets with his data and links to sources.

When I read this, I thought to myself “What if this article was about Microsoft?” – would the responses have been different? “What if the article was about Linux?” Sun? Oracle? I think it is clear from the emotional responses that the data matters less to some people than their belief system – and that’s not good for security!

Here’s the question I ask myself. If I had one system that housed my critical business information (say customer credit cards) and I believed there were attackers who might target me to get that information, then wouldn’t I want to know how many vulnerabilities there are and how long a vendor might leave them unpatched? I would. If I was basing a 5-10 year business decision in part on security criteria, I certainly would (among many other things…).

Of course, I would also consider the threat of a virus and the threat of a targeted attack as two discrete risk issues and not muddle them together… but that’s for another day.

Best practices

Incident response

Microsoft Incident Response

Cybercrime
Published Jun 29, 2023

3 min read
Patch me if you can: Cyberattack Series

The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
Best practices

AI and machine learning

Microsoft Intune
Published Jun 26, 2023

7 min read
Why endpoint management is key to securing an AI-powered future

With the coming wave of AI, this is precisely the time for organizations to prepare for the future. To be properly ready for AI, Zero Trust principles take on new meaning and scope. The right endpoint management strategy can help provide the broadest signal possible and make your organization more secure and productive for years to come.
News

Email security
Published May 19, 2023

3 min read
Cyber Signals: Shifting tactics fuel surge in business email compromise

Business email operators seek to exploit the daily sea of email traffic to lure victims into providing financial and other sensitive business information.
Events

Security management

Microsoft Defender
Published May 15, 2023

8 min read
Microsoft Security highlights from RSA Conference 2023

At RSA Conference April 24 to 26, 2023, Microsoft Security shared solution news and insights. Watch Vasu Jakkal’s keynote on-demand (video courtesy of RSA conference).