Apple Security: Invisible and Practical Approaches
For many years, one of the big reasons that lawyers (and others) switched to Apple computers from Windows computers was security. The Windows world was (and is) one of frequent security updates, viruses and malware, firewall settings and software to manage all of the aspects of security. Security issues and concerns seem to be a regular occurrence and a necessary part of the care and operation of a Windows machine.
The popular notion was that in the world of Apple, all that disappeared. That’s never really been the case, but the belief was commonplace. In large part, the idea was that Windows and the Windows user base was a much larger target for the bad guys and malware and virus creators and that they were leaving Apple alone
There’s been a renewed focus on security in the Apple world. One area of concern is basic Internet security – the care we need to take while using the web and visiting websites with security issues – and, of course, basic password security. Also, as Apple products become more popular than ever before, they become more of a target than ever before. That common perception about Apple being less of a target than Windows is no longer a reason to be complacent about security in the Apple world. Everyone needs to be careful.
Rich Mogull’s Macworld blog post, “Apple’s security strategy: make it invisible,” does a great job of summarizing Apple security issues and the approaches Apple has taken and is now taking to security issues.
But as Apple products began to gain in popularity, many of us in the security business wondered how Apple would adjust its security strategies to its new position in the spotlight. As it turns out, the company not only handled that change smoothly, it has embraced it. Despite a rocky start, Apple now applies its impressive design sensibilities to security, playing the game its own way and in the process changing our expectations for security and technology.
Mogull describes Apple’s approach as “invisible and practical.” You have to like that. He gives several examples of Apple’s approach – iCloud Keychain, Activation Lock, Gatekeeper and the Mac App Store, and Filevault2.
Mogull’s conclusion is especially interesting:
The consistent thread through all these advances is Apple attempting, wherever possible, to use security to improve the user experience and make common security problems simply go away. By focusing so much on design, Apple increases the odds users will adopt these technologies and, so, stay safer.
Good security is difficult. Approaches that might make good security practices easier, or even invisible, seem like great steps to take. Mogull’s post is an excellent starting point, whether or not you live in the Apple world, for thinking about some very important issues. Hat tip to security expert Bruce Schneier for blogging a mention of Mogull’s post.
If you still don’t think you need to be concerned about security, take a quick look at a blog post on the How-to Tech blog called “Brute-Force Attacks Explained: How All Encryption is Vulnerable.”