Home > Computers and the Internet, Mac News > Apple Security Myths

Apple Security Myths

February 6th, 2015

How many times have you heard Apple users say that Apple devices are invulnerable to malware, 100% safe from viruses, and simple are so secure that they can never, ever be hacked?

It might seem that you have heard it said countless times.

However, I’d be willing to wager that you have, in fact, never heard any such thing.

What you have likely heard is a combination of two things. First, Apple users saying that their devices are more secure than other devices, and second—and likely much more commonly—you have heard people annoyed by Apple users claim they have heard Apple users make such claims countless times.

Here’s an interesting test: go to Google, and search for “Apple” along with terms like “invulnerable” and “hack-proof.”

I guarantee you that you will not find hordes of Apple users gushing about the bulletproof nature of their products. In fact, you will probably not see even a single result of that nature.

Instead, you will find an endless stream of results which impugn the purported claim. These consist of two basic groups: reports which “debunk” the “myth” of Apple’s invulnerability (often by security companies making overblown claims about the vulnerability of Apple products so as to sell their Mac-based products), and non-Apple users expressing undying irritation at Apple users smugly claiming that their devices are invulnerable.

But not anyone actually making the claim itself.

This tracks with my own experience: I have never heard any Apple user claim that Macs are 100% secure.

In short, the myth is not that Apple products are incapable of being hacked. They myth is that Apple users make that claim at all.

Here’s what Apple users will claim:

  • Apple devices are more secure than Windows or Android counterparts (true)
  • Most Apple users have never experienced any kind of malware attack (probably true, though some may have just never discovered the attack)
  • There have been very few successful attacks against Apple devices that have resulted in any harm (true)
  • Hackers less often target Apple devices, often because the target is much smaller (probably true, though ironically, an argument more often made by Windows enthusiasts trying to prove that Macs are equally vulnerable)
  • As an Apple user, they don’t really need security software (a matter of opinion—not a claim of invulnerability, but rather like not having to buy insurance against being struck by lightning)
  • Apple’s OS software has built-in security (true)

When Apple users make such claims, this is inevitably translated into the often-heard “My Mac can’t be hacked” claim.

Imagine telling people that you live in a safe neighborhood, and then later hear other express exasperation at your smug claims that you live in an impenetrable fortress and criminals could never, ever break into your home.

Wouldn’t that kind of irk you, just a little? ‘Cause it does me. I get really tired of the endless whining about how Mac users are just so smug and so stupid.

Here are the actual myths: (1) that Apple users commonly make the claim, and (2) that Apple devices are “just as vulnerable” to attack as Windows and Android devices, and happen just as frequently.

Regarding the second claim, it just isn’t true. That does not mean there are no successful attacks against Apple devices—the 2012 Flashback trojan, which could infect a Mac without users helping it, infected a large number of Macs.

However, one should note that that event was the single worst successful attack against Macs. Almost all other malware for Macs consists of social-engineering trojans, or else fringe attacks which have little actual effect.

The social-engineering trojans are inevitably going to appear on any system, and no security system will ever be able to fully protect a computer from them. They are essentially programs which the user is tricked into installing, usually software purporting to allow videos to play.

What you hear about more often are the fringe attacks, usually things like rootkits which require physical access to the device, or else proof-of-concept hacks and attacks which do not penetrate the community deeply and/or do little if any damage at all.

These are usually ballyhooed by security firms like Sophos or Kaspersky, made to seem like dire universal threats so that Mac users will be frightened into using their software. However, apps claiming to protect your Mac are usually more trouble than they are worth. They give the impression that they provide a wall of security for your computer, but in fact cannot block any exploit which is not already in their libraries—thus, any new attack will slip by them. This happened with Flashback, which Apple fixed with security updates almost as quickly as apps like Sophos added the ability to detect and thwart the attack.

When I myself used these anti-virus apps to do sweeps of my Mac, I was eminently annoyed by the fact that the apps reported dozens of threats. I was not annoyed because my Mac was infected, but because it was not infected. What the “security” app reported was all the Windows malware that sat in my Mail app’s attachment repository. Not a single Mac threat among them—but this “security” app I used did not note that fact, and so I wasted an hour or so looking up every last one on the list, only to discover that none were in fact a threat to me.

I do use security on my Mac; I won’t go into detail about the specifics for obvious reasons, but I will say that I don’t use Sophos, Kaspersky, or apps of that nature on a regular basis. From time to time I will install one and do a sweep out of curiosity, but then I’ll delete the app, for good reason. I have several other solutions, one of which protected me from the Flashback trojan at a time when the “security” apps would have missed it.

I also follow some basic common-sense rules which every computer user, Apple or otherwise, should know and follow. Don’t trust pirated software. Don’t follow email or other links which claim to give you profit or protection. Try to download apps or plug-ins only from trusted sources, and ensure you are doing it right by directly entering the URL (to update Flash, for example, I never follow a link from a broken video; I type “http://get.adobe.com/flashplayer/” into the address bar). Before clicking on a link, check the URL displayed in the status bar, and watch the address bar for any suspicious redirects. If I do install something, I get 1000% more suspicious when the installer requires the system password. And I monitor the news for emerging malware threats to the Mac.

Am I invulnerable to attack? Hardly. But I live in a good neighborhood, have a security system, and I keep my eyes open. That’s about as good as it gets.

Categories: Computers and the Internet, Mac News Tags: by
  1. Barbara Bachmeier
    February 15th, 2015 at 09:49 | #1

    I am planning to fly Space-A from Elmendrof AFB to Yokota AB. I figured I would not be able to return Space-A to Alaska exactly when I wish to, so I plan to exchange accumulated airline miles for the return trip. Your comments and suggestions about the trips to Japan and back are very helpful to me and I appreciate your good writing.

    Thank you.

    P.S. I served in Japan for 3.5 years some time ago and have always wanted to return. Do you have any good advice for Americans seeking employment there (other than USAJOBS)?

  2. Luis
    February 15th, 2015 at 16:15 | #2

    Barbara:

    I think you wanted to comment on the previous post about flying, not Apple Security Myths…

    In any case, I have no clear ideas about employment outside of teaching. Most people can get jobs at conversation schools, but if you don’t have a visa valid for working, you have to (a) get a job from a recruiter in the US (of which I don’t know any), or (b) come to Japan and interview, then do the visa process. As I recall, a B.A. degree is a minimum requirement.

    If you have a relevant degree or certificate for the topic to be taught, then better jobs can be had, mostly in ESL, less commonly in specialized fields. Some good sites to check for help-wanted ads:

    http://ohayosensei.com
    https://jrecin.jst.go.jp/seek/SeekTop?ln=1
    http://www.jobsinjapan.com

    Or possibly JALT.

Comments are closed.