Deserved or not, Apple’s Macintosh and iOS operating systems have long enjoyed a reputation as being largely immune to the kind of virus and other malware problems that have plagued Windows—and to a lesser extant Android—over the years.
Looked at objectively, that reputation has some basis in fact, especially on the tightly controlled iOS side, and also benefits from Apple being a far less lucrative target for criminals than Windows. With iOS’s worldwide popularity and Macintosh’s rising market share, however, the security pressure on Apple has never been higher.
So while the new WireLurker malware does not yet appear to have attacked Apple users outside of China, its very existence could threaten that extremely valuable reputation. Apart from any actual damage WireLurker or other malware might to do Apple systems, the more immediate danger is that significant numbers of Apple users might lose confidence in the relative security of their devices.
That’s already starting to happen, as media outlets sound the alarm and try to put the threat in perspective. Competitors and their supporters, meanwhile, are only too happy to try to pop Apple’s veneer of security.
That’s why it’s so essential that Apple come up with a credible, proactive response to WireLurker before it makes a dent in security for users of non-jailbroken phones who haven’t visited the compromised app story in China.
WireLurker is far from the first threat to Apple security, of course (see Apple’s iWorm fix still leaves major hole). But so far the threats haven’t been significant enough to change perceptions or behavior.
If that changes and Apple was to lose the perception of increased security, it wouldn’t kill the company. After all, ongoing security issues didn’t kill Windows or Android. But it would remove a key competitive advantage that helps burnish the Apple brand and allows it to be successful even when competitors offer similar features first or at lower prices.
Will WireLurker change behavior?
I’ve long worried that the world is waiting for the first widespread mobile security breach. I honestly don’t think that WireLurker will turn out to be that incident. But that’s not really the question.
The issue is whether WireLurker will turn out be the moment when Apple users no longer feel invulnerable to malware and start seriously worrying about the kind of anti-virus and other anti-malware countermeasures that users of other platforms take for granted.
For example, every corporate Windows PC I’ve ever used had anti-virus and other security software installed. Macs? Not so much. Even the conservative Fortune 500 companies I’ve worked for don’t routinely equip Macs, much less iPhones and iPads, with anti-malware solutions. And I’m pretty confident that’s the case for most people reading this as well. Having to add that hassle, expense, and performance overhead to Macs—and to iOS—would be a real drag.
I’m hoping it’s not necessary just because of WireLurker. But I’m resigned to the likelihood that no matter what Apple does now, something will make it happen sooner rather than later. At that point, all we’ll be able to say about Apple’s long, charmed run on the security front is, “it was nice while it lasted.”
By Fredric Paul