Apple and Microsoft clearly have two different visions of what, exactly, security is all about. And the winner is not who I expected.
The Apple website has long been praised for its straightforward, easy-to-grasp structure that allowed us, Mac users to type almost any URL blindly in our address bars with a very low error rate. Indeed, despite its inner workings probably being frightfully complex, the Apple.com site uses pseudo-folders to organize products and sections.
So, in the light of this week’s announcements, I was curious to see what Apple.com/security would be. Hopefully the Apple Product Security page, featuring a link to security mailing lists, RSS feeds, security updates and a way to report security issues!
Let’s try, shall we! Here we go: Apple.com/Security… Ta da! Here appears a beautiful, shiny promotional page about how truly secure Mac OS X is. Updates are mentioned, but barely and there is certainly nothing useful here for a security researcher or even an end-user looking into ways to secure his Mac in real-world situations. The real page I am looking for is actually on Apple.com/Support/Security and, by the look of it, hasn’t been updated in a little while.
Let’s try the evil empire, shall we? Microsoft.com/Security? Check. (But still no RSS.)
What is this about. Bashing Apple? Implying their security team does poor work? Most certainly not. The security engineers at Apple are not in charge of web design and I am sure they couldn’t decide to go RSS without pleading for months with legal and marketing first. This does however show one thing: the Mac world is not used to communicating around security issues in a PR-conscious and easy-to-understand fashion.
The Mac OS X security community is there and is active. Apple has some wonderful designers and PR people. AppleCare is staffed with Wonderfully Outstanding Workers. Let’s just hope the machinery gets put into gear before dramatic changes are required.