Perimeter
Guest Blog // Selected Security Content Provided By Sophos
What's This?
2/27/2014
10:19 AM
Maxim Weinstein
Maxim Weinstein
Security Insights
Connect Directly
RSS
E-Mail
100%
0%

Preying On A Predator

Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.

If Windows XP is the dinosaur in the room, then OS X Snow Leopard — despite being named after a predator — is more like a sitting duck. The four and a half year old operating system lives on 20% of the world's Macs, yet it no longer receives security updates from Cupertino. How long will it be before criminals sniff out this target and start directing their attention to over-confident Mac users?

The overconfidence stems from the popular belief that Macs aren't vulnerable to security threats. Yet, while Mac has been targeted far less than Windows, threats do exist, and attackers have been getting increasingly aggressive in going after OS X. Apple has responded with some updates and security features designed to reduce the attack surface, and some patches for serious vulnerabilities, but of course these only apply to supported versions of OS X. Snow Leopard, for example, did not receive the recent patch for the now widely-known "gotofail" bug. As additional vulnerabilities are discovered and more developer signing certificates are stolen, Snow Leopard will become more and more susceptible to malicious activity.

For IT professionals, especially those in schools and other organizations with very limited IT budgets, this is cause for concern. In the short term, what do you do with older Macs running Snow Leopard? Upgrade, replace, or install AV software and hope for the best? (Hint: Even working for a vendor of Mac AV software, I don't recommend the latter. You want a patched system plus antivirus, not one or the other.) In the longer term, is it worth investing in computers without confidence that they'll receive security updates through their entire life cycle?

This also creates a dilemma for Tim Cook and company. To date, Apple has responded reactively to security incidents, even while positioning its products as the more secure choice. If 20% of Mac users start experiencing security incidents, the shine will come off the Apple pretty quickly. On the other hand, continuing to maintain several OS releases is expensive and distracting for a software company. Plus, too much focus on reactively patching old systems will send a clear message that security really is a problem for Macs, and that's something the company doesn't want. The best option may be to create incentives and marketing campaigns designed to drive Snow Leopard users to upgrade to a more recent OS version. Unlike Microsoft, though, Apple would be wise to avoid using security as the selling point for the upgrade if it wants to maintain its image of being a safer OS.

Maxim Weinstein, CISSP, is a technologist and educator with a passion for information security. He works in product marketing at Sophos, where he specializes in server protection solutions. He is also a board member and former executive director of StopBadware. Maxim lives ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ciderblush
50%
50%
Ciderblush,
User Rank: Apprentice
4/25/2014 | 9:29:48 AM
Re: the prey has mechanisms
Rate it, i dont care. Arent we talking about a computer not an opinion.
Ciderblush
50%
50%
Ciderblush,
User Rank: Apprentice
4/25/2014 | 9:24:20 AM
the prey has mechanisms
Unix is also an outdated dinosaur yet has a community of supporters outside of the organisation that are willing to work for no money to ensure that operating system is constantly able to receive updates and security data kr patches as you call them. It is not hard to maintain a system but it is difficult to learn a system that you have never known. Enjoy your criticisms. :)
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.