Print 124 comment(s) - last by hiscross.. on Sep 12 at 12:42 PM

Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points.  (Source: Simple Thoughts -- Computer Security Blog)
Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Just as attacks against Macs were beginning in earnest, and security software makers were ready to step into this new market and begin selling customers security suites, Apple dropped a bomb on the security software vendors -- OS X 10.6 "Snow Leopard" comes with built-in malware detection for a few Mac-specific viruses.

Apple, which has long lambasted Windows PCs as dangerously insecure in its advertisements, brags that its new OS offers unmatched protection against malware and cyber-attacks.  It points to hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and built in antivirus protection -- dubbed XProtect -- as strong improvements in its OS design.

Now security companies are responding to Apple's boasts via blogs and emails that range from skeptical to scathing. 

Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system.  File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

The company points out that OS X's Software Update is not fully automatic and that it does not inform users what signatures have been downloaded, to indicate the current level of protection.  They also criticize that Apple's firewall is turned off by default and lacks the configurability of most third-party solutions.  Also they point out that the OS provides little to no protection against unauthorized access of sensitive information on disc or for information being transmitted over networks.  Finally, they say that Apple's reliance on site lists for its anti-phishing efforts make its blocking close to useless as the attacking sites typically change on a daily basis.

Andrew Storms, director of security operations at nCircle Network Security, also criticized the new software. "It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo.  So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats, " he remarks.

Sophos researcher Paul O Baccas takes a more measured approach, stating that Apple's XProtect may be somewhat useful for certain programs -- Entourage, Safari, Mail, Firefox, Thunderbird -- which call LSQuarantine, an XProtect utility that detects malware.  However, for Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- there is no protection, he conversely points out.  He elaborates, "They haven't really integrated an antivirus program.  They've added something which can block some malware under some conditions."

He does say that the changes are better than nothing, however.  Apple meanwhile, refused to directly respond or comment on the criticism from security software vendors.

Security vendors will be facing a double-whammy when Microsoft officially releases its more full-featured security solution for Windows XP, Vista, and the new Windows 7.  Microsoft is set to drop this free security suite, dubbed Microsoft Security Essentials, before the end of the year.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

If it was Microsoft...
By Hieyeck on 9/1/2009 8:48:57 AM , Rating: 4
...I'm pretty sure Mick would've lambasted it. Judging from the "features" I'd say in this case nothing would've been better than something. At least then users wouldn't be lulled into a false sense of security.

Then again, we're talking about mac users. Security through obscurity! [/sarcasm-for-those-to-thickheaded-to-read-it]

Also, I nominate a new footer quote:
Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats.

RE: If it was Microsoft...
By cabjf on 9/1/2009 9:24:55 AM , Rating: 3
There really is something to Security through Obscurity. If I have a house in a city compared to a house in the country, and I leave both unlocked, which is more likely to be robbed? It's like Apple moved from the country to the suburbs. Their house is still less likely to be robbed than in the city, but less safe than in the country.

This seems to be a first step towards installing some actual security underpinnings. The only things in the wild for Mac at this point are viruses that require the user to run something still. Mac OS X was already asking if you were sure you wanted to run something that was downloaded. This is the next step. Now it looks at the files and if it matches any known viruses, it will let the user know a little more explicitly.

They have been beefing up on their security experts lately though. I would expect to see something more significant in the next release or two. It's going to require some major changes to the way they operate though (admitting to security holes, releases fixes quicker, etc), so who knows if they are willing to make those changes.

RE: If it was Microsoft...
By SavagePotato on 9/1/2009 10:47:15 AM , Rating: 5
Nonetheless your house in the country is actually less secure. When the city limits push closer and closer to your little country cottage, Johnny crack smoker decides to take a trip out to your cottage now that it is in his territory and finds it easy pickins as he carts all your stuff off to the pawn shop back in the city, which is now only a few miles away.

That's the thing about security through obscurity, it's only good till you get noticed.

RE: If it was Microsoft...
By cabjf on 9/1/2009 11:25:00 AM , Rating: 2
For the most part though, virus writers aren't paying attention to Mac's yet. Unless every crack smoker from the city (or at least a good majority) decides to take "shopping" trips to the country, the unlocked country house will still be safer than an unlocked city one, even with a few incidents. I guess it's more about the difference between security a safety. The guy with a bullet proof vest is more secure than the guy without one, but the guy with a bullet proof vest being shot at by an army of attackers is less safe than the guy with no vest and no one (or even a few people) attacking him. Not that levels of safety is the way to describe any situation where one is being shot at.

I think Mac OS X is going to be easier to secure than Windows. Not that it is more secure now, but the way the back end is designed (over top of Unix) is going to make it easier to secure the operating system. Like I said before, they are hiring more security minded people, but it will all depend on how willing they are to listen to them.

RE: If it was Microsoft...
By Alexstarfire on 9/1/2009 2:36:42 PM , Rating: 2
I'm sorry. I didn't expect to come on here today and see a person make themselves look stupid, though it happens a lot. I think you need to learn the definition of secure. Safer != secure, and you should really remember that.

RE: If it was Microsoft...
By adiposity on 9/1/2009 6:12:09 PM , Rating: 2
But what is the meaning of "secure" if nothing is truly 100% secure?

Safer == more secure?

Regardless of whether the two are synonyms, the truth is that Macs aren't "safer" unless "less likely to be targeted" means "safer."

A combination of the number of threats and their frequency with the steps you take to "secure" your system will determine your total likelihood of "infection."

The fact is, the likelihood of infection is all that really matters from an end user's point of view. And it is lower on Macs. For now.


RE: If it was Microsoft...
By Alexstarfire on 9/1/2009 6:29:12 PM , Rating: 5
I would say secure is the odds that someone could hack it provided they tried. Why you think Macs are the first to go down at a hackers convention? Windows and Linux don't usually go down until they allow user intervention. Mac goes down day 1 which is when they only allow like remote access and a lot of restrictions. If they can't get past that......

And yes, less likely to be targeted does mean safer. That's why I don't have a bodyguard protecting me 24/7 from assassins. I doubt someone would waste the resources to do that since I'm a nobody. Takes more effort to kill someone with security forces, ironic enough, than it does me, yet I'm far safer from being killed.

RE: If it was Microsoft...
By adiposity on 9/1/2009 6:41:19 PM , Rating: 2
Ok, I don't really disagree with anything you said.

However, you do realize, that in the dictionary, secure and safe are basically synonyms, right?

So, you are working with a computer definition that is different from the general definition. If so, that's important to state upfront, rather than just telling someone two synonyms aren't synonyms.

Perhaps you meant to use the term "secured." That term is better, perhaps, as it implies steps have been taken to make something safer, rather than just measuring inherent safety.


RE: If it was Microsoft...
By michael2k on 9/1/2009 7:13:59 PM , Rating: 4
A Mac is safer than a PC; there is literally less chance of being attacked because of it's low marketshare.

Safe and secure may be synonyms in the English language, but they aren't in computing. A secure system is one that has been protected. Macs are arguably less secure than Windows PCs.

A safe system is one that is not being attacked. Macs are safer.

Just like I am perfectly safe in an unlocked house, but because the house is unlocked I am not secure.

RE: If it was Microsoft...
By MonkeyPaw on 9/1/2009 6:21:48 PM , Rating: 3
There really is something to Security through Obscurity. If I have a house in a city compared to a house in the country, and I leave both unlocked, which is more likely to be robbed?

The problem is, all the other houses in the "city" are likely locked, since that is the common practice and assumption among city dwellers (even dumb criminals). That's why when I forget to lock my house in the city every once in a while, I don't come home to it being completely cleaned out. If I did it all the time, yeah, I'd probably get robbed. However, the only time you hear about robbers just walking in an unlocked house is in the suburbs, where people think they are safe because of where they live. You see, Apple is not the house in the country. Apple is the ritzy little suburb--safe probably 99% of the time, yet a sitting duck to a motivated criminal.

RE: If it was Microsoft...
By gstrickler on 9/1/09, Rating: 0
RE: If it was Microsoft...
By Alexstarfire on 9/1/2009 5:45:55 PM , Rating: 2
You mistake security for good coding and design. We say security like anti-virus/anti-malware programs. Doesn't matter how good your code is there are always ways to take advantage of it. If you think Mac has great security programs..... then idk what to say. It's false, but you're not on my computer so I don't give a rats ass.

RE: If it was Microsoft...
By gstrickler on 9/1/2009 7:08:05 PM , Rating: 3
You've mistaken having anti-malware software for having security. Anti-malware programs are one part of a security system, but they're not the security system . Anti-malware isn't any more effective against new attacks than having a good security system to start with. Many of the types of "suspicious" activities that anti-malware programs on Windows look for are already prohibited by the kernel in Unix derived systems.

Security starts with the design of the system (access control, etc.), and continues through the coding, installation, user permissions, file system permissions, firewalls, etc. Anti-malware tools look for specific, known infections, and/or look for "suspicious" types of activity, and as such, they can be useful as another layer to the security, but they're nearly useless if you don't have a good design and implementation of the security model for the system.

The claim that the Mac has no anti-malware is incorrect, as many of the capabilities Windows users rely on anti-malware to provide are built-in on Unix derived systems. It's also incorrect to state that the Mac doesn't have anti-malware software available, there are 3rd party anti-malware tools, they're just not used by most Mac owners because it hasn't been necessary yet.

I've been installing, using, and supporting PCs (mostly) and Macs for 24 years. I've set up and secured thousands of machines in large, medium, and small businesses, as well as some home/home office machines. None of the Windows NT/2K/XP Pro or Mac OS X machines I've secured have become infected by malware, except those where the user had to run as administrator (usually because of software that won't work any other way, but occasionally because the boss/owner demanded to be an administrator and wouldn't take no for an answer). That doesn't mean users didn't manage to download any malware, just that the malware didn't do any damage, and didn't spread.

RE: If it was Microsoft...
By Alexstarfire on 9/2/2009 12:40:23 AM , Rating: 2
I wasn't suggesting that none existed or that the programs I mentioned where the whole thing. It just seemed like you were trying to say that security was how well the OS is "locked down" so-to-speak, which isn't the whole story.

The worst part of security is the user, so a lot of times when a computer get's infected there is little a program can do other than minimize the damage.

RE: If it was Microsoft...
By Hieyeck on 9/1/2009 3:33:42 PM , Rating: 2
Good god. I make one comment and everyone picks up on the sarcastic remark. All I implied was that Apple's security record is good only because nobody cares enough to try to REALLY break it.

Nothing that Apple released in the "security package" highlighted in this article looks in the least bit promising. Users just THINK they're secure, making them more reckless in their practices.

"I modded down, down, down, and the flames went higher." -- Sven Olsen

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki