Print 124 comment(s) - last by hiscross.. on Sep 12 at 12:42 PM

Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points.  (Source: Simple Thoughts -- Computer Security Blog)
Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Just as attacks against Macs were beginning in earnest, and security software makers were ready to step into this new market and begin selling customers security suites, Apple dropped a bomb on the security software vendors -- OS X 10.6 "Snow Leopard" comes with built-in malware detection for a few Mac-specific viruses.

Apple, which has long lambasted Windows PCs as dangerously insecure in its advertisements, brags that its new OS offers unmatched protection against malware and cyber-attacks.  It points to hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and built in antivirus protection -- dubbed XProtect -- as strong improvements in its OS design.

Now security companies are responding to Apple's boasts via blogs and emails that range from skeptical to scathing. 

Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system.  File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

The company points out that OS X's Software Update is not fully automatic and that it does not inform users what signatures have been downloaded, to indicate the current level of protection.  They also criticize that Apple's firewall is turned off by default and lacks the configurability of most third-party solutions.  Also they point out that the OS provides little to no protection against unauthorized access of sensitive information on disc or for information being transmitted over networks.  Finally, they say that Apple's reliance on site lists for its anti-phishing efforts make its blocking close to useless as the attacking sites typically change on a daily basis.

Andrew Storms, director of security operations at nCircle Network Security, also criticized the new software. "It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo.  So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats, " he remarks.

Sophos researcher Paul O Baccas takes a more measured approach, stating that Apple's XProtect may be somewhat useful for certain programs -- Entourage, Safari, Mail, Firefox, Thunderbird -- which call LSQuarantine, an XProtect utility that detects malware.  However, for Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- there is no protection, he conversely points out.  He elaborates, "They haven't really integrated an antivirus program.  They've added something which can block some malware under some conditions."

He does say that the changes are better than nothing, however.  Apple meanwhile, refused to directly respond or comment on the criticism from security software vendors.

Security vendors will be facing a double-whammy when Microsoft officially releases its more full-featured security solution for Windows XP, Vista, and the new Windows 7.  Microsoft is set to drop this free security suite, dubbed Microsoft Security Essentials, before the end of the year.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By FITCamaro on 9/1/2009 8:12:09 AM , Rating: 5
Them offering anti-virus and malware protection software is anti-competitive and therefore they need to make available a version stripped of these features.

Oh what? We're talking about Apple? Oh ok, then go ahead. They can do whatever they want. Thought we were talking about Microsoft for a second.

RE: Clearly
By Motoman on 9/1/2009 10:35:19 AM , Rating: 5
...I find it hilarious that Apple is marketing their next OS as "more secure" - I mean, it was 100% perfectly secure before, right? Because Macs can't get viruses, trojans, worms, or malware of any kind...right? That's a PC problem...right? So - how can this new release be "more secure" than before?


RE: Clearly
By dark matter on 9/1/2009 1:15:52 PM , Rating: 2
Same way snow leopard "just works" better.

RE: Clearly
By sprockkets on 9/1/2009 5:55:04 PM , Rating: 2
No, it isn't that way. You have to give it to Apple and their sly, marketing techniques when they say:

"And Macs do not get PC viruses, ever."

Which then most people think: "Oh, they don't get any viruses!"

It is a true statement so they can get away with it, until someone shows them a cross platform Java trojan, which does exist.

RE: Clearly
By Motoman on 9/2/2009 8:02:37 PM , Rating: 2
No, they categorically don't specify "PC viruses" - they just say "viruses."

Security by obscurity FTL.

RE: Clearly
By sprockkets on 9/2/2009 11:25:39 PM , Rating: 1
Read their web site. If you are referring to the commercials, that's different

RE: Clearly
By Motoman on 9/2/2009 11:52:31 PM , Rating: 3
...K, well, different how? It's still advertising, and it's still deliberately misleading. No matter where it is.

RE: Clearly
By akugami on 9/1/09, Rating: 0
RE: Clearly
By theapparition on 9/1/2009 1:04:13 PM , Rating: 4
How about a combined total of close to 2 billion in fines from the EU.

Is that what you consider a slap on the wrist? All because they dared to include IE in Windows.

RE: Clearly
By akugami on 9/1/2009 3:16:09 PM , Rating: 2
I was thinking more in terms of the USA and, no offense, forgot about the EU but the EU is pretty wacky and seem to be fine happy. Not sure I agree with some of the fines because they seemed very borderline, and some of them were on MS and Intel among others.

Let's be honest, getting fined billions for including a web browser in your OS is pretty retarded. Even if we all agree (and it's hard to argue against this) that MS is a monopoly and that monopolies require careful watching.

It's not like Apple hasn't been on the EU watch list either.

But getting back to the USA, you can't argue that considering how damning the evidence against MS was, all they (MS) got was a slap on the wrist. I mean, any small company (or most companies period) would not be able to go to a court, submit fake evidence, get caught and still have relatively minor repercussions.

Apple is also the new MS considering how dominant they are. They are also control happy, manipulative and screwing people left and right. While MS has toned down such practices, Apple has actually gone up.

RE: Clearly
By Lightnix on 9/3/2009 6:56:28 AM , Rating: 2
I have to wonder how the graph in that first link would look if they also included JavaME applications - which the iPhone specifically cannot run.

RE: Clearly
By Bender 123 on 9/1/2009 12:43:58 PM , Rating: 2
I dont understand why Apple continues to try to draw the eye of black me crazy, but when your software has security by obscurity, the last thing you want to do is run around and dare people to test your untested defenses.

"HA!!!! I have never been had a break in at my forested cabin on 80 acres in the middle of nowhere! I keep all my money and gear there and only ten people know it exists. I DARE you to try to rob it, because nobody has ever been successful...or even tried for that matter..." Man comes home and the entire house is gone...

RE: Clearly
By michael2k on 9/1/2009 6:59:25 PM , Rating: 3
The problem is that if no one knows where your cabin is, it'll take a while to break in.

The same is true of Macs right now. 1 in 21 systems are Macs on the internet. Send out a Mac virus to 1,000 people and only 40 Macs will respond, and of those 40 Macs maybe only 1 will get infected.

Try the same thing with PCs... 960 targets and if only 1/40 of them get infected you've got 24 infected PCs.

If each infected Mac sends another 1,000 trojans and those 24 PCs send 1,000 each (24,000 total), you will see another Mac but 576 infected PCs. Rather, rinse, repeat, and at the end of day you will have a couple hundred Macs (not enough for a DDOS) but several thousands of PCs.

"We’re Apple. We don’t wear suits. We don’t even own suits." -- Apple CEO Steve Jobs

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki