Apple secretly fixes problems they claim not to have

So Apple has apparently secretly patched OS X to address some Trojan-horse malware issues (HellRTS) that they’ve been having since about April or so.  Basically, the malware allowed attackers basically full access to OS X machines.

Now, some folks have been pretty critical of the fact that they patched this thing in secret.  In my opinion, these folks have a point. It is without question that it is in the best interests of anybody running the vulnerable OS to install the patch – if Apple was going to take the “Path of Optimum Safety”™ , they probably would advertise the fact that this is a security patch to get users to install it.  In other words, they wouldn’t patch the thing all stealth-like, but instead shout it from the rooftops.

So why are they not doing this?  The only interest I can figure they are serving here is a marketing one.  By keeping it secret, they serve their marketing interests by continuing to allow the myth of Mac as a virus-free platform to continue.   Specifically, we know that in the past Apple has encouraged the belief that there is no malware on the Mac platform.   Their consumer advertising implies this – now, they don’t really come out and say that Mac is virus-free (why, that would be illegal).  Instead, what they say is that it’s free from the “thousands of viruses” plaguing PC’s and let the viewers infer what they may.  Educated consumers might read the FAQ to figure out what they really mean by this (but most probably won’t):

Is a Mac safe from PC viruses? Yes. The Mac OS X operating system isn’t susceptible to the thousands of viruses plaguing Windows-based computers. And although no computer connected to the Internet is completely immune to all viruses and spyware, Mac OS X has built-in defenses designed with your safety in mind. The Mac web browser, Safari, alerts you whenever you’re downloading an application — even if it’s disguised as a picture or movie file. And Apple continually makes free security updates available for Mac owners. You can even have them download automatically.

The Mac user community also implies that there isn’t any malware on the platform as well.  Conclusion: non-technical users, based on Apple’s advertising as well as what they read in the community, are likely to assume that the platform is malware-free.  Apple failing to alert anyone to anti-malware fixes does not contradict this position.

As a consequence, Mac users might be vulnerable to security problems but assume they are are not.  This is the worst possible case from a security perspective – the proverbial “false sense of security”.  Is it true that Apple is prioritizing their marketing interests over the security and well-being of their user-base?  We can’t know for sure one way or the other.  But from the outside, it’s certainly one possibility.