We need to start by defining the terms.
★ May 23, 2011: Measure Twice, Cut Once
- An Apple-related crisis or problem occurs.
- There’s an immediate flurry of news coverage and speculation.
- A week or more passes before Apple responds, but when they do, they do so decisively.
Apple’s policy is to respond to a crisis with certainty, or at least as much certainty as can be mustered. Certainty takes time. No drip, drip, drip of vapid PR statements. Just silence, then an answer. Seems to be working out pretty well for them.
With regard to the Mac Defender situation:
★ May 24, 2011: Apple: How to Avoid or Remove Mac Defender Malware.
Like I said, measure twice, cut once.
Yeah, but I can't imagine that would be looked kindly on by people who were left hanging in the wind for 20 days. I know a lot of security professionals and tech pundits would contest that such a strategy is a good one. In fact, I know of one pundit would strongly criticize Apple for treating this as "a marketing problem".
★ May 30, 2004: Security Cannot Be Spun
The worst aspect of these security issues hasn’t been the vulnerabilities themselves, but Apple’s response to them.
As far as can be determined by anyone outside the company, Apple did nothing in response until last week, when the vulnerability was made public and garnered significant attention.
Seven years ago to the month, Apple finally responded to the reports of a serious security vulnerability, one potentially worse than the initial Mac Defender one of today or its newer variant. However, this response came well after the publication of the issue which, from what I can gather, is a flaw that could allow someone to trick the Safari web browser into executing arbitrary commands on the Mac. That exploit never amounted to much. Today's exploit amounted to thousands of Mac users innundated with porn thanks to a fradulent program. Sadly, Apple's response has not improved much. (And Safari's "Open Safe Files" played a central role in both.) But even more depressingly, we've learned we've lost a clear-eyed pundit to the warmth of the RDF.
(May 28th note: Want some more fun Ed Bott-John Gruber commentary? Click on this! You know you want to!)
Oh god, the PC vs Apple debate, really? It's 2011, get over it.
Posted by: John Susek | 05/28/2011 at 12:54 PM
Well, you can't complain since I never mentioned PCs in this post. This is more of a Gruber vs Gruber thing, like what Jon Stewart did several years ago here. I think you might get less people arguing over PCs and Macs if you didn't bring up the "PC vs Apple" debate in unrelated posts.
Posted by: westwit | 05/28/2011 at 01:34 PM
The Mac Defender issue isn't a security problem with MacOS X. It's a security problem with humanity. To become infected with the Mac defender malware, you need to download the program from the Internet, run the installer, dismiss the warning that programs downloaded from the Internet could be unsafe, and type in your administrative password. Blaming Apple for this is like blaming Apple if your laptop gets stolen because you left it sitting on your front seat with the door unlocked.
Posted by: Allanc | 05/28/2011 at 11:02 PM
I read this article as the note to do so was injected over Gruber's linked article where three or so years ago it was suggested we come back in a year or two to see where Apple stands in the baseline consumer and enterprise markets.
Regarding this article: One could suggest 20 days may be too long and that the Genius directive to 'neither confirm nor deny' the MacDefender issue may be too long a time period / too marketing and appearance related as opposed to user-support-centric. I myself feel that having a proper answer is better than an incorrect answer even if it takes slightly longer. Regardless, your article cites a previous post by Gruber where he explicitly agrees that the policy regarding communication of malicious software issues of 'too little ', 'too late' is unacceptable and reflects poorly on Apple / Mac. In that case, 'too little' was a paltry 'fixes handler issue' in release notes and 'too late' was ~4 months after the first notification of the potential vulnerability. In the current event, we have a full and detailed description of the issue along with its resolution posted to apple.com along with an assurance that a software resolution will be released within days all occurring less than three weeks from the 'outbreak'.
I fail to see the 'not improved much' that appears to be your punchline suggesting hypocritical and contradictory posts on daringfireball.net and (not being a Mac user and therefore not being affected at all) feel that this should be seen as a great success in improved handling of user-critical issues by Apple. I would guess that Mr. Gruber's undertones, if he were to self reference the same previous post, would suggest the same.
Posted by: Dan Emerson | 05/29/2011 at 11:10 PM