Apple Fans Are Clueless About Security, Hacker Says

Apple fans who claim that the Mac is more secure than PCs not only are wrong, but they're ignorant about their security risks, says a well-known hacker and security expert who has made a name for himself finding vulnerabilities in Windows. And Apple itself doesn't take security as seriously as does Microsoft, he claims.

Marc Maiffret, currently chief security architect at security firm FireEye first gained a modicum of fame as a hacker targeting Microsoft products. For example, he uncovered the security hole that the Code Red worm exploited back in 2001 to attack Windows servers.

He's been no stranger to publicity, being one of the hackers featured on MTV's I'm a Hacker, and named as one of People Magazine's "Next Wave" of people to watch, back in 2004.

In an interview with CNet, he claims that Microsoft takes security more seriously than does Apple, and excoriates Apple fans as being "ignorant" about security risks.

Maiffret says he believes Microsoft does one of the best jobs in the industry around security, telling CNet:

"From an internal process in how they go about auditing their code and securing software from a technical perspective, they do have one of the best models. The area they still have room for improvement is around time lines of how long it takes for them to fix things."

As for Apple and its fans, he has very little good to say, saying that the Mac is vulnerable, and its fans ignorant about security risks:

"...they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is."

And he leaves no doubt that he believes Microsoft as a company pays more attention to security than does Apple, and says the only reason the Mac hasn't been targeted by malware writers is that it doesn't have a large enough installed base:

"I think Microsoft does a better job with their code auditing than folks like Apple do. We've only seen a scratching of the surface as far as Apple vulnerabilities because nobody cares to find them. There's nothing inherent with Apple themselves and their development. The only reason Apple gets little increase in security is because they're running on top of a Unix-based operating system and they can take advantage of some of the things that have been done for them."

Subscribe to the Security Watch Newsletter

Comments