I’ve been thinking a lot recently about this article on ZDNet about Apple’s quiet – and some would say slow – response to dealing with the Flashback malware attacks that infected a lot of Mac users.  Specifically, I wanted to offer my thoughts on why I think Apple has been silent on Flashback.

Over the years, Apple has built a powerful brand narrative around the security of its operating system. They relentlessly pounded their marketing narrative - unlike its PC competitors, the Mac was immune to viruses and security threats. And this was very successful. It’s hard to remember, but Apple wasn’t always an admired tech leader – they used to be the underdog battling Microsoft for market share. The security issue offered an incredible marketing narrative for them because it got to the core of the Apple value proposition – that their software (and hardware) were simple and manageable by regular people. Stated differently, because there were no security concerns, so the marketing narrative went, you didn’t need to be an IT pro to own a Mac and keep your stuff safe. Clearly, Flashback has shown that this marketing narrative is no longer going to be viable going forward.

With that in mind, it makes sense that Apple has been remarkably quiet in its response to Flashback. They had no choice given that their carefully constructed brand identity had just collided with real-world events. Consider this. If they had come out and admitted the success of the attack, they would have had to admit that they had (in essence) lied about their brand. The result – a loss of trust with customers because no one likes to be lied to. If they had come out forcefully against the plug-in, they would have had to publicly explain why it took so long to patch the problem – which would have, again, undermined trust. And if they blamed the users for letting the Trojan in, they would have run the risk of pulling the rug out from their strongest brand pillar – anyone can use a Mac. Anywhere they turned, their carefully crafted brand identity was in danger.

Sure, Apple’s critics were drooling at the prospect of a public mea culpa about vulnerability to Trojans. But Apple can’t be / shouldn’t be worried about the people who already hate them. Their job is to worry about the people who like and trust them. And so, I believe that Apple made the choice to say nothing banking on the fact that people will forgive and/or forget this event over time. Of course, I also expect that you’ll see a whole lot less talk about security in Apple marketing going forward. Which, considering the box they found themselves in this time, is probably for the best.