Print 124 comment(s) - last by hiscross.. on Sep 12 at 12:42 PM

Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points.  (Source: Simple Thoughts -- Computer Security Blog)
Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Just as attacks against Macs were beginning in earnest, and security software makers were ready to step into this new market and begin selling customers security suites, Apple dropped a bomb on the security software vendors -- OS X 10.6 "Snow Leopard" comes with built-in malware detection for a few Mac-specific viruses.

Apple, which has long lambasted Windows PCs as dangerously insecure in its advertisements, brags that its new OS offers unmatched protection against malware and cyber-attacks.  It points to hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and built in antivirus protection -- dubbed XProtect -- as strong improvements in its OS design.

Now security companies are responding to Apple's boasts via blogs and emails that range from skeptical to scathing. 

Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system.  File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

The company points out that OS X's Software Update is not fully automatic and that it does not inform users what signatures have been downloaded, to indicate the current level of protection.  They also criticize that Apple's firewall is turned off by default and lacks the configurability of most third-party solutions.  Also they point out that the OS provides little to no protection against unauthorized access of sensitive information on disc or for information being transmitted over networks.  Finally, they say that Apple's reliance on site lists for its anti-phishing efforts make its blocking close to useless as the attacking sites typically change on a daily basis.

Andrew Storms, director of security operations at nCircle Network Security, also criticized the new software. "It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo.  So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats, " he remarks.

Sophos researcher Paul O Baccas takes a more measured approach, stating that Apple's XProtect may be somewhat useful for certain programs -- Entourage, Safari, Mail, Firefox, Thunderbird -- which call LSQuarantine, an XProtect utility that detects malware.  However, for Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- there is no protection, he conversely points out.  He elaborates, "They haven't really integrated an antivirus program.  They've added something which can block some malware under some conditions."

He does say that the changes are better than nothing, however.  Apple meanwhile, refused to directly respond or comment on the criticism from security software vendors.

Security vendors will be facing a double-whammy when Microsoft officially releases its more full-featured security solution for Windows XP, Vista, and the new Windows 7.  Microsoft is set to drop this free security suite, dubbed Microsoft Security Essentials, before the end of the year.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Apple and security? Where?
By HrilL on 9/1/2009 12:57:36 PM , Rating: 2
This whole thing is getting rather old. Apple has never had good security and a small market share has been their savvier for all of time. The pwn to own competition shows this every year when the mac is the first to go down in less than 24 hours. The iPhone could be completely taken over with an SMS message.

MAC doesn't have the servers that make targeting an OS so important. If I were to be making my own botnet I'd want servers with lots of bandwidth and power. As it could take as many as 100 home computers and internet connections to get the same amount of bandwidth and use. Targeting a MAC right now is just a waste of time. But if fall for the mac brainwashing maybe in the future it will be worth while but until then there is not much of a point. Hackers want bang for their buck be it time spent or money and MAC's currently don't have the same bang for the buck and PCs

RE: Apple and security? Where?
By gstrickler on 9/2/09, Rating: 0
RE: Apple and security? Where?
By HrilL on 9/2/2009 1:15:25 PM , Rating: 3
Well you're miss informed. This was able to be exploited and it could allow them to take over the phone completely. You read the proof on concept when it first came out but after that people were able to exploit this. This was shown at black hat. Before you go off defending apple maybe you should know the facts. The black hat event is what lead apple to finally release OS 3.0.1 to fix this vulnerability.

RE: Apple and security? Where?
By gstrickler on 9/2/2009 4:54:04 PM , Rating: 1
You're misinformed, the only part of my post that needs updating is that Miller did figure out a way to exploit it.

The Miller/Mulliner attack was performed via Wi-Fi on a jailbroken iPhone with their fuzzing framework installed, not via OTA SMS messages. Android and Windows Mobile phones were susceptible to the same attack. Android firmware was updated before the Black Hat demonstration, and the iPhone firmware was updated within 24 hours, so the only vulnerable phones are those who haven't updated their firmware and those running Windows Mobile. As far as I can determine, no one has yet demonstrated that this attack and be performed via OTA SMS messages through a carrier network, although the Miras/Lackey attack make me suspect that it might be possible using some carrier(s).

The Miras/Lackey attack is a carrier and GSM problem, it's not specific to the iPhone, and it may be limited to specific (unidentified) carrier(s). As demonstrated, it does not allow taking control of the phone, just changing it's settings such as the Proxy, so it can be used to redirect internet traffic and perform man-in-the-middle attacks.

"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki