Ride the Lightning

Apple Pull Virus Immunity Claim But Ballyhoos Its Encryption

July 3, 2012

OK, before the flash bangs are hurled my way, I love many things about the Apple product line. Apple's products are feature rich. They are often intuitive. I cherish my iPad (though I wish it were more work product friendly).

That preface out of the way, experts have said for years that Apple is no more inherently immune to viruses than PCs. And of course the massive botnet Flashback, which impacted 600,000 Mac computers, certainly underscored the point. At long last, Apple has pulled its virus immunity claims from its web store.

While I applaud that, I became agitated all over again when I saw that Apple is now trumpeting FileVault encryption. Say what? Using Passware's software, we can crack FileVault's encryption over a lunch break. At $995, Joe Six-Pack is unlikely to own such software, but law enforcement and companies like ours that do digital forensics certainly own that software.

Mind you, cracking FileVault also requires possession of the machine and that the machine be on. Happily for us, most Apple users do not power off their devices – they simply let them go to sleep so they can have "instant on" access. And if we get the machine, we then have access too.

When Apple starts talking about security, it only proves that Steve Job's reality distortion field is alive and well at Cupertino.