Ripe Like An Apple
Sleek UI design and smooth user experience have become the norm, and a whole generation of users have grown up without knowing and understanding the risks of being online. Who could blame them? Being conscious and aware takes effort, and the marketing machines routinely churn out the chorus of “let us take care of it for you.” I mean, who would want to be concerned with virus/malware, that’s so… “PC” in this post-Apple world. A sea of [Mac] users have been groomed for the easy, hands-off, existence. Their complacency is to be expected. And ripe for exploitation.
It’s like the Nigerian scam. The reason why the bait Email discloses the telltale details of a Nigerian prisoner, is because that serves as a mechanism to screen out smart savvy people who would not fall for the scam. By systematically eliminating the “false positives,” what remains are the willing, and susceptible, victims. The schemers are not stupid. They are lazy and always looking for the short cut. The fact a Flash-trojan specifically targeting Macs, infected almost 600,000 computers, including some 300 from Cupertino, Apple’s own backyard, tells me that it’s not about popularity and it’s not even a numbers game. People who do not exert the effort for basic safeguard will get taken. The combination of ill-informed and lack of consciousness paints a bright glowing target. Adding an AV solution after the machine has already been compromised is a painful first-hand lesson.
Just because your user base isn’t on the scale of billions doesn’t mean your code/application won’t garner the attention of the criminals. Obscurity is never assurance of safety, and nothing appeals to hackers more than… well, identified apathy toward security. Even Apple has had to change their message, removing the “no effort” language itself. Relying on analysis after development has already engaged, or worse… reacting after the breach, should not be the primary means of eliminating vulnerabilities. Security is requirement one, when the Web is at your doorstep. It’s going to warrant involvement. It’s going to demand awareness. It needs consideration, from inception. Education is critical, and as the old GI Joe battle cry rallied, “Knowing is Half the Battle.”