Apples and Oranges: Leopard Bucks the Trends and Opts for the Counter-Intuitive

I am no different from most of the Apple fan boys out there.  I looked forward to some serious Leopard sweetness for quite some time and tasted it late last week.  I am happy to say that Leopard delivers again with regard to usability and overall coolness.  Unfortunately, despite my initial giddiness at a shiny new Apple toy, it ain’t all roses and rainbows in the cult of Mac.   Apple has struggled for years to break into the business market.  Outside of the creative disciplines, Apple has failed miserably.  On one front Apple has an advantage if they are willing to capitalize on it.  That advantage is with security.  It was my hope that with Leopard that Apple could finally really leverage OS X’s inherent security features and make inroads into the corporate desktop.  My recent installation of Leopard tells me that Apple isn’t serious about going in this direction.  A couple of key items really set me off with my new Leopard installation. 

Being a security geek, the first thing that flipped my switch was that the firewall was turned off by default.  Why in this day of the kiddie scripter, bot nets, and internet bad guys would any developer turn their firewall off by default.  In my mind this completely counter intuitive to the Apple mantra that the OS X platform is the safest platform out there.  Even the folks over at Microsoft turn on the firewall in Vista and XP without user intervention.  Sure you can turn it on yourself, but again Apple has for some time touted itself as a plug and play platform.  Even the physical design of the iMac speaks to this with its one wire design.  If Apple intends to sell itself as a simple to setup platform and be taken seriously by security folks like myself, then turning off the firewall is absolutely the wrong thing to do.  I sort of think of Apple’s design theory as a shoe with Velcro straps.  It’s designed so that a 3 year old can use it.  Using this highly complex design theory, we can relate this firewall issue to a Velcro strapped shoe with no sole.  Sure, you can use it, but it offers little protection.  And if you do want to turn on the firewall or add the sole as in the case of our shoe analogy, you’ll need to dig through system preferences to the “Sharing” (again counter intuitive) console to turn on the firewall. 

…join me as I steer off topic for a brief rant…

In yet another asinine move, why put the firewall in the sharing console?  The security minded may be able to figure out the rationale here, but your average Joe that Apple markets to certainly won’t think to look here to adjust firewall settings.  After all the premise of a firewall is to PREVENT sharing. 

… back on track now…

A second snafu on Apple’s part is that Time Machine won’t back up my File-Vault encrypted profile.  What lunacy is this?  Because my data is encrypted it shouldn’t be backed up?  Why not encrypt the backup as well?  It can’t be a technical hurdle.  Both applications, File Vault and Time Machine are Apple proprietary so I don’t see why they can’t make the two work together. That is like saying you can’t get your left foot and right foot to work together.  Sure you can hop on one foot to get where you are going, but it’s a hell of a lot easier to walk.  Apple is tripping over its own feet on this issue and really needs to reconsider the delicate balance between security and usability.   

All in all, Leopard is an improvement over OS X 10.4, but no major strides have been made to bake security into the platform.  Until Apple figures out what the rest of the world discovered years ago, I can’t see Apple cracking the corporate markets in a significant way.  I think that the only saving grace for Apple right now is Microsoft and the dreaded Windows Vista in all it’s glorious suckiness.