Why engaging with the Mac community over security is a hopeless task

Rich Mogul talkes about his "Curious Relationship With Apple And Security" and what he wants to do in the future:

"Actively engage with the Apple community, give Apple credit for what they get right, and point out where they get things wrong while educating Mac users. This hopefully gains me enough credibility that they can’t simply dismiss me as anti-Apple and I can help the Mac community pressure Apple for needed change."

Good luck with that, Rich. The problem with talking to the Apple community at large is that there’s far too many people – usually, ironically, people who haven’t used the Mac for more than a handful of years – who believe that the fact that "there is no malware for the Mac" means it must be perfectly secure.

They simply refuse to believe the "security through obscurity" line which states that the Macs low market share helps it safe, by reducing the opportunities for malware to be effectively spread. As the Mac is a small target, it’s simply not efficient to write a virus for it. This is largely because they have an outdated view of what malware is produced for – they simply don’t understand that a lot of malware is produced not for kudos but for profit, and when you’re going for profit it makes more sense to hit the biggest possible market (ie Windows.

Neither do they understand that a large chunk of modern malware exploits the least-secure part of any system: the user. Most malware which is successful over a longer term doesn’t target a security loophole initially, but attempts to get access to a user’s system via social engineering.

And the notion that Windows Vista’s security model might be as secure as the Macs (if not more so) will be met with either blank, uncomprehending stares or outright hostility. It doesn’t matter that it’s true.

So Rich, my advice is simple: just don’t bother. You’re only going to get 1500 flaming comments whenever you dare to utter the "heresy" that the Mac might not be perfect.

UPDATE: Clarified my point about "security through obscurity", by which I mean the Mac’s low market share reducing vectors for malware spreading, rather than the platform itself being "obscure" and unknown to malware writers.

UPDATE 2: I’m in the middle of transfering this blog from TypePad to WordPress, which means that I’ve now exported all the posts and comments from here to the new place. As this post is still getting comments, I’ve decided to temporarily close comments while the DNS switches over, so nothing gets lost in the move. Once the DNS has switched, comments will be back. Sorry for the interruption – if you really want to comments desperately, you can find the WordPress version of this post here.