Print 124 comment(s) - last by hiscross.. on Sep 12 at 12:42 PM

Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points.  (Source: Simple Thoughts -- Computer Security Blog)
Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Just as attacks against Macs were beginning in earnest, and security software makers were ready to step into this new market and begin selling customers security suites, Apple dropped a bomb on the security software vendors -- OS X 10.6 "Snow Leopard" comes with built-in malware detection for a few Mac-specific viruses.

Apple, which has long lambasted Windows PCs as dangerously insecure in its advertisements, brags that its new OS offers unmatched protection against malware and cyber-attacks.  It points to hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and built in antivirus protection -- dubbed XProtect -- as strong improvements in its OS design.

Now security companies are responding to Apple's boasts via blogs and emails that range from skeptical to scathing. 

Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system.  File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

The company points out that OS X's Software Update is not fully automatic and that it does not inform users what signatures have been downloaded, to indicate the current level of protection.  They also criticize that Apple's firewall is turned off by default and lacks the configurability of most third-party solutions.  Also they point out that the OS provides little to no protection against unauthorized access of sensitive information on disc or for information being transmitted over networks.  Finally, they say that Apple's reliance on site lists for its anti-phishing efforts make its blocking close to useless as the attacking sites typically change on a daily basis.

Andrew Storms, director of security operations at nCircle Network Security, also criticized the new software. "It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo.  So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats, " he remarks.

Sophos researcher Paul O Baccas takes a more measured approach, stating that Apple's XProtect may be somewhat useful for certain programs -- Entourage, Safari, Mail, Firefox, Thunderbird -- which call LSQuarantine, an XProtect utility that detects malware.  However, for Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- there is no protection, he conversely points out.  He elaborates, "They haven't really integrated an antivirus program.  They've added something which can block some malware under some conditions."

He does say that the changes are better than nothing, however.  Apple meanwhile, refused to directly respond or comment on the criticism from security software vendors.

Security vendors will be facing a double-whammy when Microsoft officially releases its more full-featured security solution for Windows XP, Vista, and the new Windows 7.  Microsoft is set to drop this free security suite, dubbed Microsoft Security Essentials, before the end of the year.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: If it was Microsoft...
By gstrickler on 9/1/2009 2:52:49 PM , Rating: 0
To everyone who persists in claiming the Mac has no security or it's security through obscurity, do 10 seconds of research. The core of Mac OS X is open-source (Darwin project) and is largely based on BSD Unix. There is nothing obscure about it, the source code is freely available and has been studied quite thoroughly.

As far as malware goes, Mac users have benefited from having a relatively low market share, thereby presenting a lower potential return for the malware authors. That's not the same as "security through obscurity". The Mac OS is not unknown, or indistinct, it's got the 2nd largest installed base in the world. Before we get into an argument over installed base (always a lively debate), see Installed Base Criteria at the end of this post.

While no system is ever 100% secure, Mac OS X is designed to be secure. The implementation might not always be secure, but it has security, many different layers of security, which is key to any security system (computer or physical). With multiple layers of security, a security hole in any layer does not usually translate into a viable exploit.

To everyone claiming Mac OS X has no security or is insecure, I say prove it. Your assertion doesn't make it true, no matter how many times you say it. Demonstrate that security holes exist AND that those holes can be turned into an exploit. Demonstrate that disclosed vulnerabilities are not addressed promptly. Demonstrate that it's less secure than Windows or Linux. When enough people have done that and/or the exploits are dramatic enough (e.g. allow root/administrator access), then you'll have something to back up your claims, until then, it's just trash talk.

The weakest link in any decent security system are the humans who have authorized access. That's why social engineering attacks are usually the easiest or most effective way to bypass security. Any security system that is designed or implemented without considering how to mitigate the risks posed by legitimate users is easily bypassed. That means that you need to set appropriate defaults and give users the minimum access necessary to do perform their regular tasks. Require some additional authorization to perform tasks that are potentially "riskier". Mac OS X has had that since at least 10.2 (probably earlier), and Windows UAC in Vista was a step (too far) in the right direction. I haven't seen Windows 7, but it sounds like it's much better than Vista in that regard.

Installed Base Criteria
Reliable installed base numbers are notoriously hard to collect, so any argument about them is essentially a pissing contest. However, since someone is likely to argue it anyway, here are my criteria. Common code base, APIs, and CPU architecture are the things that make it easy to write software for systems, therefore, those are the "installed base" from the perspective of a software developer (including malware authors). Therefore:

1. I lump all versions of Windows together. You could argue for separating Win9x/Me from NT and descendents, but there is still a lot of commonality between them. It's common for an application or exploit for one version to work on the others. If you separate Win9x and NT lines, it's possible (although unlikely) that Win9x would be 2nd.

2. I lump all versions of Mac OS together. In practice, that means Mac OS 10.3-10.6, as there are few people running anything earlier. You could argue for separating PPC Macs from Intel based Macs, which would create two smaller installed bases, however, since Intel Macs can run PPC code via emulation, a PPC based application or exploit might work on both systems. Additionally, PPC based Macs are minority of the installed base and are dwindling, so the Intel based Macs would still be ahead of x86 Linux in installed base.

3. I lump all x86/x86-64 Linux distributions together, but keep them separate from BSD, System V Unix, Solaris, AIX, and these OSs for non-x86 architectures. Same logic, commonality of code base and the ability to run the same binaries. With the same codebase and same processor architecture, the likelihood of an application or exploit working across many of those systems is significant.

I fully understand that there are important differences between the different versions of the above OSs, however their similarities are generally more significant than their differences from a software development viewpoint.

RE: If it was Microsoft...
By Alexstarfire on 9/1/2009 5:45:55 PM , Rating: 2
You mistake security for good coding and design. We say security like anti-virus/anti-malware programs. Doesn't matter how good your code is there are always ways to take advantage of it. If you think Mac has great security programs..... then idk what to say. It's false, but you're not on my computer so I don't give a rats ass.

RE: If it was Microsoft...
By gstrickler on 9/1/2009 7:08:05 PM , Rating: 3
You've mistaken having anti-malware software for having security. Anti-malware programs are one part of a security system, but they're not the security system . Anti-malware isn't any more effective against new attacks than having a good security system to start with. Many of the types of "suspicious" activities that anti-malware programs on Windows look for are already prohibited by the kernel in Unix derived systems.

Security starts with the design of the system (access control, etc.), and continues through the coding, installation, user permissions, file system permissions, firewalls, etc. Anti-malware tools look for specific, known infections, and/or look for "suspicious" types of activity, and as such, they can be useful as another layer to the security, but they're nearly useless if you don't have a good design and implementation of the security model for the system.

The claim that the Mac has no anti-malware is incorrect, as many of the capabilities Windows users rely on anti-malware to provide are built-in on Unix derived systems. It's also incorrect to state that the Mac doesn't have anti-malware software available, there are 3rd party anti-malware tools, they're just not used by most Mac owners because it hasn't been necessary yet.

I've been installing, using, and supporting PCs (mostly) and Macs for 24 years. I've set up and secured thousands of machines in large, medium, and small businesses, as well as some home/home office machines. None of the Windows NT/2K/XP Pro or Mac OS X machines I've secured have become infected by malware, except those where the user had to run as administrator (usually because of software that won't work any other way, but occasionally because the boss/owner demanded to be an administrator and wouldn't take no for an answer). That doesn't mean users didn't manage to download any malware, just that the malware didn't do any damage, and didn't spread.

RE: If it was Microsoft...
By Alexstarfire on 9/2/2009 12:40:23 AM , Rating: 2
I wasn't suggesting that none existed or that the programs I mentioned where the whole thing. It just seemed like you were trying to say that security was how well the OS is "locked down" so-to-speak, which isn't the whole story.

The worst part of security is the user, so a lot of times when a computer get's infected there is little a program can do other than minimize the damage.

"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki