Posted at Macworld

'How do we get the message to Apple that security trumps everything else?'

Somebody needs to take their head out of the sand. The current crop of Mac viruses are insignificant in themselves, but they CLEARLY demonstrate how easy the Mac can be put in the same category as Windows. Security needs to be addressed big-time.

I ran a test using a proof-of-concept bit of software from a source I trust, and it showed conclusively that my system could be compromised during startup.

Which means that as soon as someone decides to take on the Mac for commercial or criminal purposes, we can be compromised by opening seemingly innocent attachments or installing what claims to be useful or enjoyable software, or by visiting websites and clicking on the wrong button. It's distinctly possible that in time, Mac users could get hit by something like the Windows Metafile Exploit which required no more than LOOKING at an image in an E-mail or on a website!

I've been using - and servicing - Macs since 1987, and running my own business since 1991. Until now, I've reveled in the security we all have enjoyed. Now, I'm very concerned that the party's over.

As far as I can see, the current fixes are band-aid approaches. The Symantecs of the world will cheerfully use this to sell product because that's their business, but Mac owners could end up in the same eternal let's-play-catchup games as Windows system owners. That's not a tolerable situation.

To the best of my knowledge, the answer has to lie with Apple. Unix is the most secure operating system on the planet, and BSD Unix, as modified by Apple, lies underneath OS X. I'm in the camp that believes Apple should take a step back, adapt a Unix file system and Unix security, and maybe lose a few features along the way. A secure system is a lot more important than one with 250 new features, 245 of which I'll never use. Yes, security and ease-of-use are somewhat at odds, but they don't have to be so far apart as to force users to become Unix gurus. I certainly am not, nor am I even interested in becoming one.

I'll gladly trade off a few conveniences to avoid the kind of situation I regularly encounter when I service PCs: having to tell the owner that after a couple of hundred dollars worth of work, I can't remove the spyware and/or viruses, so the only solutions are to back up (because most of them haven't done regular backups), reformat and reinstall, or to back up, buy a new system and reinstall their applications, because it's going to cost them about the same! And I mean bills easily running $500-750 to put Humpty Dumpty back together again.

That's a regular fact of life on PCs. I deal with it once or twice a week, it seems. I don't want my income to suddenly increase by 25-30 percent because I'm delivering the same message to Mac users.

How do we get the message to Apple that security trumps everything else? How do we convince them that a truly secure OS X can sell into the PC world?

Posted by 'Richard' at the CLIX forum and at Macworld. Richard is a PC and Mac support consultant living in New York, USA.