notes from an admin for himself. you can read it if you want.

Entries Comments

Custom Search

Why Macs are not designed for business use

30 June, 2012 (16:01) | linux, mac, security

Macs are great machines if you are a rich trendy person who was so brilliantly targeted by Steve Jobs. Not so good for normal people trying to keep up with the Joneses. Also not good for business at all.  This list is just a reminder for myself  when people are complaining as to why we protect HIPAA/PHIPA data with a capable OS’ like Windows and Red Hat. I know they all want bling and brainless packages to install. We tend to either install on windows with our own customizations and compile our own packages and automate with RHEL. We use exciting security technologies with certificates, ipsec, dnssec, selinux etc. We do our best to comply with fips-140-2, FISMA, USGCB and other standards that require tools that aren’t available or mature on apple products.


capable of: dell/win dell/rhel macbook pro
dock yes yes no
built in aircard yes yes no
lojack yes yes no
intel AMT yes yes no
gps tracking yes yes no
antitheft 3.0 yes yes no
remote wipe yes yes no
4 monitor support yes yes no
intel vPro yes yes no
FIPS-140-2 encryption yes yes few
FIPS-140-2 authentication yes yes no
Timely security patches yes yes no


That’s a few minutes of thought, I’ll add more as time goes on. Mac is a lot more expensive for quite a few reasons. Up front cost is very expensive. You need a developer to do all the custom security and networking work in a business setting.

Refresh on a Mac is a lot faster than a PC especially now that the hardware is soldered on to the motherboard of a Mac. Good luck upgrading the RAM on a fleet of macbook pros, you will have to buy new ones before your renewal and replacement cycle is done. Or you will have workers without the resources they need to do their job.

Enterprise tools just aren’t out there for mac. Typical users think they know computers because they get along with their home machine just fine. Automation and centralized tools are the name of the game in business. Mature products don’t exist hence the need for a full time developer. At my old job most of the mac staff were developers. We worked closely with Michael Bartosh and had him in house for long periods of time to build the tools that came with windows or were easy to deploy in red hat.

Apple’s HIPAA email address goes to a black hole. Nobody on my team has gotten a response from them on any email we have sent. At my last job we did, but they called Mike down the hall who was already in our building and he laughed about Apple not having any HIPAA support or intention to build it.

Apple is downright horrible when it comes to security. They buried their heads in the sand as a defense against malware and finally last week corrected some statements on their web page about threats against mac. Java patches come out in a few weeks for windows and linux, they take 6 months for mac.

Apple is driven by rabid fanboys like a wacky fringe religion on a recruiting spree. They troll all forums and magazine comments to offer wisdom like OSX doesn’t get spyware. Then the goalposts move to trojan horses aren’t viruses. Now the goalposts move again to Apple people are richer and better targets and other wacky explanations as to why they get attacked like every other OS. The defensive tone is always flooding public forums. The ratio of fanboy posts to market share is way off. If people actually read my webpage I’m sure I’d get comments here.

The main lessons in security are finally being realized by apple. They decided to start checking for updates every day vs every week and automatically install now. I constantly find apple machines who haven’t patched lately if ever. They hate the popup. They did come up with the brilliant idea that if a component like java hasn’t been used in X amount of time it will disable itself. I do like that one a lot.

Apple makes an idiot proof anti multitasking environment perfect for home users. It does a great job in this audience. It is absolutely not built for business use and is not cost effective. I suppose if a company has money to burn or make money with a hip image it makes sense in certain public facing areas. But it is a tool with a very limited job.

I do like apple products the design is brilliant and I would use one at home for basic surfing if given one free. The walled garden ecosystem is very nice for novice users and consumers who aren’t interested in learning what a computer does. I can’t say I’m a mac hater at all. I just hate users forcing their will on business by abusing positions of power vs using logic to make sound decisions.






Write a comment