Print 124 comment(s) - last by hiscross.. on Sep 12 at 12:42 PM

Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points.  (Source: Simple Thoughts -- Computer Security Blog)
Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Just as attacks against Macs were beginning in earnest, and security software makers were ready to step into this new market and begin selling customers security suites, Apple dropped a bomb on the security software vendors -- OS X 10.6 "Snow Leopard" comes with built-in malware detection for a few Mac-specific viruses.

Apple, which has long lambasted Windows PCs as dangerously insecure in its advertisements, brags that its new OS offers unmatched protection against malware and cyber-attacks.  It points to hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and built in antivirus protection -- dubbed XProtect -- as strong improvements in its OS design.

Now security companies are responding to Apple's boasts via blogs and emails that range from skeptical to scathing. 

Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system.  File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

The company points out that OS X's Software Update is not fully automatic and that it does not inform users what signatures have been downloaded, to indicate the current level of protection.  They also criticize that Apple's firewall is turned off by default and lacks the configurability of most third-party solutions.  Also they point out that the OS provides little to no protection against unauthorized access of sensitive information on disc or for information being transmitted over networks.  Finally, they say that Apple's reliance on site lists for its anti-phishing efforts make its blocking close to useless as the attacking sites typically change on a daily basis.

Andrew Storms, director of security operations at nCircle Network Security, also criticized the new software. "It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo.  So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats, " he remarks.

Sophos researcher Paul O Baccas takes a more measured approach, stating that Apple's XProtect may be somewhat useful for certain programs -- Entourage, Safari, Mail, Firefox, Thunderbird -- which call LSQuarantine, an XProtect utility that detects malware.  However, for Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- there is no protection, he conversely points out.  He elaborates, "They haven't really integrated an antivirus program.  They've added something which can block some malware under some conditions."

He does say that the changes are better than nothing, however.  Apple meanwhile, refused to directly respond or comment on the criticism from security software vendors.

Security vendors will be facing a double-whammy when Microsoft officially releases its more full-featured security solution for Windows XP, Vista, and the new Windows 7.  Microsoft is set to drop this free security suite, dubbed Microsoft Security Essentials, before the end of the year.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

The Weakest Link.
By TEAMSWITCHER on 9/1/2009 12:46:43 PM , Rating: -1
The weakest link in the chain of security has always been the user.

Yea that's right, the problem with cracking the security of the Mac is you have to overcome a smarter user. The higher price of the mac means that your dealing with people of higher socio-economic status, and as such are better educated and less gullible. Also, the Macintosh user interface is more consistent and malware is easier to spot. Macs also come with more bundled applications and its users are less likely to head straight out to the internet to start downloading stuff they need but didn't get from Microsoft.

PC users are still easily duped into running application because Windows hides the extensions of known file types by default. Why that hasn't been fixed yet is completely baffling. And the Windows UAC, what a joke, it's just a message box that's not gonna stop the average Walmart user from running the BestPornEver.exe he saw on his favorite torrent site.

The Macintosh is like an upscale gated community and Windows is like a trailer-park with multiple entrances and registered sex-offenders. It's not "Security through Obscurity", its "Security by Association"

Why Yes, I would like to get flamed.

RE: The Weakest Link.
By mcnabney on 9/1/2009 2:50:53 PM , Rating: 2
The higher price of the mac means that your dealing with people of higher socio-economic status, and as such are better educated and less gullible

You do understand that you are an idiot. Instead of comparing gullibity to income (or willingness to wastefully dispose of income on overpriced toys) you would be better served taking the computer knowledgability angle. The average Apple user may be more affluent, but generally understand far less about computers. My wealthy extended family is full of Mac users who know nothing about their computer besides where the power button is and how to turn on the internet, process email, and download pictures off of their camera. I am actually amazed that Security by Obscurity has been able to protect this Honeypot of users who would gleefully install anything that has a file name of PicturesOfKids.

RE: The Weakest Link.
By TEAMSWITCHER on 9/1/09, Rating: 0
RE: The Weakest Link.
By gstrickler on 9/1/2009 6:10:45 PM , Rating: 2
I am actually amazed that Security by Obscurity has been able to protect this Honeypot of users who would gleefully install anything that has a file name of PicturesOfKids.
That's because it isn't security by obscurity. It has real security, starting with it's BSD foundations and open-source (Darwin project) kernel, to its sane defaults for user permissions. If it were as insecure and as much of a "honeypot" as people keep claiming, the bad guys would have been all over it. Let's see, millions of richer users with limited computer knowledge and no security, almost all of them on the Internet without anti-malware software installed. Sounds like a scammer's dream. So why haven't Mac users been attacked by the millions? Because Mac OS has very good security.

RE: The Weakest Link.
By Akrovah on 9/1/2009 6:18:10 PM , Rating: 2
I'm sorry, you seem to be implying that owning a Mac is automatically a sign of greater intellegence, because they are more exensive?

Completely outside of the Mac vs Windows debate more affluent != more intellegent. Exhibit A - Pick any one of a half dozen teen pop stars who turned 18 over the past decade. Very affluent, but I would argue that they are not exactly intellegent in many regards.

Getting back to the Mac vs Windows debate. Lets do this by your standards. The most affluent person in the world? Oh yeah, he's a Windows user. Meanwhile, on a more personnal level, my uncle, a starving artist, has so little money that they shut off his electricity and he had to huddle by his gas powered oven to keep warm in the middle of a New York winter, swears by Macintosh. Your argument is flawed.

RE: The Weakest Link.
By TEAMSWITCHER on 9/2/2009 11:46:53 AM , Rating: 2
You are talking about specifics, security is more the law of averages. On average, the mac user is better educated and (at the same time) less likely to engage in activity that would leave them vulnerable to malware. This makes the entire Mac community safer.

The "Security by Obscurity" argument is flawed. There are what 30 Million + mac users in the world. Is that number not big enough for a hacker? Especially if the Mac is so vulnerable (according to the security experts).

RE: The Weakest Link.
By Akrovah on 9/3/2009 12:13:40 PM , Rating: 2
How do you figure that the average Mac user is better educated? Do you have some kind of study to prove this? You are making generalizations that have no backing. I'm thinking it is going to be a law of percentages more than averages. For example lets say 50% of all people have higher education. Statistically speaking this means that 50% of Mac users will have had higher education, but also 50% of Windows users.

30 million users is not many in the grand scheme of things. Could also be that there simpy isn't anthing worth taking being stored on a mac. Governments (at least U.S.) use Windows. Most large corporations use Windows. From a business/profit standpoint it makes more sense, since you can get a perfectly adequate Windows workstation for under $1k. Security through obscurity is more than simply numbers, it is also about what they can get. Hackers and malware writers aren't doing it for kicks, they get something out of it. If they weren't it wouldn't be worth thier time. Programming is not an easy task and I'm thinking that most forms of malware are actually pretty complicated.

"A lot of people pay zero for the cellphone ... That's what it's worth." -- Apple Chief Operating Officer Timothy Cook

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki