A report released this week on AppleInsider details the Pwn2Own hacking contest results indicating that Apple computers are less secure than their WinTel counterparts, but ultimately safer.

“Insecure but safe” sounds like a contradiction when taken at face value.  I’ve long been  told, and frankly seen for my self that there is precious little malware floating around cyberspace that is targeted specifically to OSX.  Apple’s own marketing touts their products as safer than Windows.  In my opinion this a perfect example of the Mayberry Paradox.

Now the Mayberry Paradox isn’t something that has undergone peer review.  It hasn’t been endorsed by the I.A.E.A., Underwriter’s Laboratories, and certainly doesn’t have the Good Housekeeping Seal of Approval.  The Maberry Paradox, simply put is a term that I use to describe the baffling belief that an inherently insecure environment can be rendered secure by the sheer absence of perceived threats.  That is to say that an environment with few, if any security controls can achieve some level of security through some type of isolation.

In the case of Apple, the powers that be have made a case that OS X can be called “secure” because of the relative handful of malware floating around.  Is this fair?  Are consumers being duped into a false sense of security?  Although I do love me some shiny Apple goodness, I have to say that I feel somewhat cheated every time I hear these claims.  In my consulting practice I ran into one CIO who summed it all up by saying, “people don’t do that here.  We don’t have thefts, robberies, or too much crime at all.”  Bear in mind that this particular engagement was an information security risk assessment and that the crimes he mentions are all location-based.  The criminal has to actually be present in a physical form to commit the illegal act.  Apple has taken a similar stance in that there is an assumption that because there isn’t much malware, that the platform must be secure.  I think that a more honest approach would be to say that, “no our platform isn’t as secure as others, but there is much less risk in our vulnerabilities being exploited”.  I suppose that wouldn’t sell too many MacBooks though, eh?

FULL STORY