The internet has been buzzing this past week over three new security flaws found in OSX. Better coverage on these security issues can be found elsewhere, but what I found amazing was that the Mac community on a whole treated these security holes as a non-event. Apple promptly responded this week with a security update patching all the holes so the issue is moot now. So the indifferent Mac users were right?
When I explored the nature of the Safari vulnerability, I discovered how dangerous the vulnerability was. I was anxious to share my discoveries with other Mac users, so I submitted the story to digg and newsvine, posted about it on various blogs and news sites, and sat back to anxiously read the responses. But the responses were not forthcoming. Two people dugg the story. Three people voted here. A handful of people visited the site. Most responses I received were along the lines of "This is no big deal. It's overblown. Just disable 'Open Safe Files' and the problem goes away."
I am mostly a Mac user (I switched in 2000), but I still use a PC to render fractals. I know how frustrating the infiltration of worms and viruses can be. I've fdisked, formatted, and reinstalled one time too many to be cavalier about security breaches. I don't have to convince PC users how disruptive viruses are to one's productivity, but I was unable to convince Mac users to be even remotely concerned. They were so complacent and unconcerned.
I've been thinking about this a bit and I have some theories. I believe that first and foremost Mac users have an extraordinary amount of faith in Apple to address these matters in a timely manner. I can't say that their faith is misplaced. A week and a half after the vulnerabilities were discovered Apple released their first security update for the year. Problem solved.
My other theory is that some Mac users were more interested in saving face than in taking this matter seriously. There was a strange groupthink at work where everyone decided to downplay the issue as some sort of power play by PC fanboys to tarnish Apple's rep or eager security firms hoping to develop a new market.
My last theory is my least favorite because it cuts to the bone. Mac users are simply naive and complacent when it comes to security. No one seemed concerned that they had to sacrifice convenience and clever automation - hallmarks of the Macintosh experience - in order to protect themselves. A few A-listers discussed the problems, suggested shutting off "Open Safe Files" because only "morons" had it enabled, and that was enough for the majority to be satisfied. Even if there was a vulnerability, I read over and over again, Mac OS X is tight and won't allow the same vectors of automated propagation that users of Windows suffer from. Maybe they're right, but there is a sort of Emperor's New Clothes groove to it all.
As a Mac user I can attest there is nothing more irritating than reading yet another ignorant article written in the press by a Windows fanboy about how "bad" the security situation is for the Mac. There are plenty of bald faced claims that Macs are only secure because nobody uses them. This rankles, too. In addition, many, many Mac users such as myself use PCs as well at work and home and we are constantly dismissed as Kool-Aid™ drinkers when we try to express our educated opinions in favor of Macs based on first hand experience with both platforms. All this explains the rancor among the Mac faithful with the press and Windows using public, but there shouldn't be denial about legitimate security vulnerabilities. I was surprised to see so much insouciance out there. If Mac guys think PC guys laugh at them now, wait until a true malignant exploit spreads in the wild in OS X. The laughter will be unbearable. But we can avoid all that now by being savvy about security and not sticking our heads in the collective sand.