Surprise! Vendors Trying to Capitalize on Mac Vulnerabilities

Submitted by Mike Rothman on Mon, 2006-02-27 17:24.
::

Stop the presses! Analyst Rob Enderle has caught security vendors being...security vendors. Here is InformationWeek's coverage of the news that security vendors are trying to capitalize on these new Mac OS vulnerabilities.

His big issue is that because the security vendors have publicized the vulnerabilities, the hacker community got to work on exploit code. That is crap and a very flawed argument. First of all, it's not like these vulnerabilities are a secret. Every security vendor shares information and there is a big open source community focused on vulnerabilities as well. So it's not like you can really keep this stuff a secret. And the fact that Apple had a fix very soon after the announcement indicates that these issues were not surprises to them.

Secondly, the architecture of the Mac OS means that even if you are infected, it will be hard to get exponential proliferation of the worm. But to think that security vendors wouldn't try to use this as a marketing hook is naive. How many press releases do we see after every Microsoft Patch Tuesday? You know the headlines: "Vendor A's groundbreaking ferpolator stops nasty Microsoft problem before it's an issue." We see at least 15 of these for every high profile issue announced.

Did security vendors take some kind of oath that they wouldn't market their wares opportunitistically? Give me a break! The AV vendors are trying to make their numbers like everybody else, why vilify them because they are doing their job?

Now the impetus is on end users to figure out whether there is anything to the hype or not. Personally, I think it's a non-issue. That being said, I am in the process of buying an AV product for my Mac. I've just been lazy and it's this kind of thing that is a buying catalyst for someone like me, and probably lots of other people. I'd rather be safe (and $40 poorer) than nailed if something really does happen.

So I will buy the insurance. But don't shoot the friggin' insurance salesman because he brings up the issue that someday you might die.