Apple doesn't want a Chief Security Officer

Maybe Apple doesn't want to send out the wrong message? Consider Apple stating, "Yes we have a security task force designed to handle threats and vulnerabilities..." I might be way off base here. But to me, it's the same as saying, "Bring it on..". To this day, I have not heard of any rouge developer that imbeds call homes to send back sesnative details. If it start and becomes rampant, then Apple and it's OS users have a lot to worry about. I'm sure Apples voice will be much louder in that area. IMO, Apple has it's GUI locked and secure. They more or less rely on the unix community to discover and post new vulnerabilities. Therefore fixing what's under the hood would be easier than it's counterpart.

Mr Tribble thinks that security is everyone's responsibility.

I can relate. In most countries, you can buy a car as long as you have insurance and you can afford the payments. Owning a car doesn't mean you how to drive one or have a driver's licence.

I like their sentiment but i'm not quite sure how it works in practise. If their unit level testing is stringent enough to detect security holes then I guess they are probably right and a CSO is superfluous, but I somehow doubt that's the case. In my experience unit testing normally boils down to "does it do what it's meant to do" and rarely checks if it does things it's not meant to do.

That's an interesting attitude for a company to have. IMO, the resources that are devoted to making the OS increasingly widowish to the point the that some of the users are complaining, could be diverted to that effort instead, preventing the mass migration to linux that is currently fustrating MS.

I don't know much about security for the user, but suspected that it and the current trend of taking away user control over the OS are like two opposing ideals, similar to metrogirl's post about that.

I'm not making statments here, more like questions because like I said i don't know much about it... or about coding and stuff.

Call homes are sometimes not calling home so much as they (iTunes, an Apple company) are calls to third parties (http://www.omniture.com) not mentioned in eula, which is alarming to some users who believe this is who is in charge of attaching your name and computer id and ip address to an accumulation of data about you.

Hopefully without getting into the never ending argument with nuts who for some odd unexplanable reason think this is fine and ok or stockholding apple/microsoft appologists, I am interested in learning from the knowlegeable yet neutral people out there if this sort of hidden reporting, or things such as TPM, or whatever else i could place right here if i knew what i was talking about , are the very structures that will make OS X increasingly vunerable to security threats... for the user.

No flaming please!

... I am interested in learning from the knowlegeable yet neutral people out there if this sort of hidden reporting, or things such as TPM, or whatever else i could place right here if i knew what i was talking about , are the very structures that will make OS X increasingly vunerable to security threats... for the user.

 

No flaming please!

I hope I'm fairly neutral (except in rant mode) but I don't know about 'knowledgable' and I'm more than ready to jump on anyone who wants to start a flame fest

I think that apps calling home might actually result in tighter security, at least for the users who know that it's happening. Like many other Mac users I install 'Little Snitch' (highly recommended) which reports any attempt by an app to make an outbound connection. You can block or permit, either once or permanently. Many other firewall products for Windows and OSX have similar features. If people install these to deal with the ET brigade, they are already on the road to increasing their security.

@Ouch! - agree 100%. My company's developers are the worst offenders where security issues are concerned - not just in product functionality but in their whole method of working. "Hey, it works, doesn't it?" is all they are bothered about much of the time. Fortunately we have other people devoted to trying to break things before anything gets sold - and we have a CSO.

Edit: I guess from that last comment you all know now that I don't work for Apple

Thanks metrogirl I downloaded little snitch. Thats what I like about a lot of these apple aps, you downloaded rather than downloading.

Yes this place is pretty good i was sort of joking. I found out about omniture from a blog somewhere else, and why I posted no flaming please, it was remarkable how many responders were upset by his assertions. I pictured an office full of people at omiture or apple stockholders being the ones calling him names and saying that he is paranoid and people have no right to privacy but not in those words.

I think somepeople misinterpret critisim as being anti-apple but if we didn't love them we wouldn't care or spend bandwith critisizing them.

I put a block on omniture and then I got an error when trying to reinstall iTunes... it could have just been crippled from the uninstall and not be related to that block, but I wondered.

Edit: I guess from that last comment you all know now that I don't work for Apple

Well from the recomendation of littlesnitch we were able to garner that you at least were not among their upper management.

Great! you have LS installed. Now what can you install to make sure LS isn't calling home . And look at the LS default settings. Are you sure it is configure for you own benifits?

That's an interesting attitude for a company to have. IMO, the resources that are devoted to making the OS increasingly widowish to the point the that some of the users are complaining, could be diverted to that effort instead, preventing the mass migration to linux that is currently fustrating MS.

Out of curiousity, where is this mass migration to Linux you speak of? Last time I checked, people wanted their Windows insecurity blanket.

In terms of having a security officer, it becomes a pointless idea. A security scare comes up (like Oompa-Loompa) and a plethora of third party vendors step up to the task until Apple releases a security update that fixes it. It makes someone at the top saying "We need to get this fixed" a little redundant.

I have downloaded little snitch just now -thanks metrogirl not to sure if I have to make any adjustments to the rules or if to use the presets it comes with

Or could metrogirl work for apple and by installing this app gives apple everything they need to know about bring a lawsuit to all hackintosh users? :hysterical

EDIT: Sorry metrogirl I know it's proberly not true

I have downloaded little snitch just now -thanks metrogirl not to sure if I have to make any adjustments to the rules or if to use the presets it comes with

 

Or could metrogirl work for apple and by installing this app gives apple everything they need to know about bring a lawsuit to all hackintosh users? :hysterical

 

EDIT: Sorry metrogirl I know it's proberly not true

ROFL - no I don't work for Apple! I think Snitch is probably OK, I learned about it on the newsgroups where people are quite quick to spot problems. Also my external hardware firewall logs don't show anything suspicious.

I think the defaults are reasonable providing you are at least going through a NAT router but if you're plugged directly into a cable modem or dialup you might want to remove the pre-defined rules because your 'local network' could be larger than you think. You get the chance to OK each connection in turn then. I usually set it to the bare minimum and have it ask first time any app tries to call out. It's a pain because all those widgets, .mac, iDisk etc. need you to OK them one at a time but it's worthwhile. It's certainly an education seeing what would get out if you didn't have it.