Predictably, Apple partisans are fighting back at both Independent Security Evaluators and the New York Times for reporting on an iPhone security flaw that lets attackers gain complete control of the phone. Everyone's making too big a deal of the hack, Apple fans say. After all, only the folks at ISE know how to activate it. The iPhone, thus, is still amazingly swell.
While I found NYT reporter John Schwartz's piece quite straightforward and unsensational, Michael Rose at the Unofficial Apple Weblog chides the reporter for not challenging computer scientist Avi Rubin's assertion that Windows is more unsafe than the Mac because Windows is more popular than the Mac. "Windows gets hacked all the time not because it is more insecure than Apple, but because 95 percent of computer users are on Windows," Rubin told Schwartz. "The other 5 percent have enjoyed a honeymoon that will eventually come to an end."
Rose says Rubin's theory is bogus. The Mac is more secure than Windows, he says, because it's built tougher than Windows -- and in the same way, the iPhone is better than other smart phones because Apple focuses on security. Rose cites a number of articles -- see here and here -- for support; the best is New York Times tech columnist David Pogue's apology for saying that Macs are better because fewer people use them.
In 2003, Pogue pointed out that the Mac OS is safer than Windows because Windows leaves more communications ports open by default; because Windows offers fewer warnings when rogue programs try to install themselves on a machine; because Windows gives users too many privileges to modify system files; and because e-mail apps for the Mac don't run scripts attached to incoming messages, as Microsoft's Outlook does. (A few of these problems have been fixed in Vista, Microsoft's newest version of Windows.)
No doubt this all seems sensible. And considering that the iPhone is pretty tightly locked up -- Apple doesn't want people to install any programs on it, which I've labeled more a bug than a feature -- attackers will find it harder to run malicious code on the phone than on a Mac.
But I don't see how this diminishes Rubin's main point: The iPhone's success will most certainly attract attackers, and the more people gunning for it, the more hacks folks will find. What's important about this process is how Apple responds. For years, Microsoft addressed Windows flaws with nothing more than quick-fix patches. Apple could certainly do better than that when it becomes the market leader in the cell business; precisely because people like Rubin are now setting their sights on the company's products, Apple must keep focused on securing its devices. And discoveries like Rubin's can only help the company in the long run.