Risk
6/29/2012
09:40 AM
50%
50%

6 Ways Apple Is Polishing Mac Security

Apple no longer markets Macs as malware-free, but rather "built for security," and refines protection in Mountain Lion.

Apple WWDC 2012: 17 Cool Innovations
Apple WWDC 2012: 17 Cool Innovations
(click image for slideshow)
Have you heard the Mac security boilerplate, courtesy of Apple? "A Mac isn't susceptible to the thousands of viruses plaguing Windows-based computers. That's thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."

In fact, that was Apple's security-related marketing message, but only until earlier this month, when the company refreshed its "Why you'll love a Mac" reasoning. The revision instead highlights how "built-in defenses in OS X keep you safe from unknowingly downloading malicious software on your Mac."

Malicious software on a Mac, can it be true? Indeed, fair Apple aficionados, and as the company previews OS X 10.8, a.k.a. "Mountain Lion"--due in July--here are six signs that Mac security continues to mature, as it must.

1. Flashback Previews Mac Malware Future
Apple's change in language was no doubt spurred by fallout from the Trojan Mac attack known as Flashback, which infected an estimated 600,000 Macs, including 274 in Cupertino, where Apple is headquartered.

Why didn't Apple OS X devices previously see mountains of malware? That question has been argued to no end. Previous thinking often centered on network effects--namely, attackers were skilled at writing Windows malware, and the majority of people use Windows, hence why bother with Macs? In the wake of Flashback, however, Macs are facing more mature threats, and that's led Apple to get more forceful on the security front, for example by releasing OS X and Safari updates that disable old or unused versions of Flash and restrict how Java plug-ins launch.

2. "Malware," Says Apple In Crowded Room
In other words, Apple's security posture has been changing. In fact, Craig Federighi, Apple's VP of Mac software engineering, this month even pitched the forthcoming OS X Mountain Lion feature dubbed Gate Keeper as a way "to help keep your system free from malware" at Apple's 23rd Worldwide Developers Conference.

[ Will Apple's planned upgrade treadmill annoy even ardent device fans? See Apple Obsolescence Debate: More Analysis Please, Fanboys. ]

3. Walled Gardens: OS X Cultivates iOS Restrictions
Gate Keeper does that by channeling aspects of iOS on Mac OS X. For starters, Apple has started requiring developers to sandbox their applications, defined by Apple as "restricting what actions programs can perform on your Mac, what files they can access, and what other programs they can launch." In short, sandboxing reduces the potential "attack surface" that a rogue application can exploit, which in security terms qualifies as a "good thing."

4. Enforce Background Checks For Apps
More Gate Keeper goodness is that it allows users to restrict application execution based on origin. Users can set OS X to allow only applications obtained via the Mac App Store or from a trusted developer. Apple is building a database of developer ID codes and a related tracking system. For people who decide to keep the current "anything goes" approach, Apple is still putting new controls in place to ensure that any user-installed applications must ask permission before accessing a user's personal information, such as contacts or calendar data.

5. Receive Daily Apple Security Updates
Historically, Apple's approach to security information--barring Flashback and a fix for Mac Defender--has been consistent: silence. In other words, Apple would neither confirm nor deny any security vulnerabilities in its products until, at some future date, it released a security update to patch the issue, at which point the related update notes might--or might not--detail the vulnerabilities that had been patched.

While Apple isn't suddenly promising immediate full disclosure, it does at least appear to be refining its patching approach. According to Apple news site iClarified, for example, the OS X Mountain Lion Security Update Test 1.0, pushed Monday, includes daily checks for security updates, plus "the ability to install required security updates automatically or after restarting your Mac," meaning that Mac users can see much more timely--and automatic--security updates, which should help the company more quickly nuke any forthcoming Flashback spawn. Finally, the security update also touted having "a more secure connection to Apple's update servers," which is notable, given how the Flame malware was able to spoof a Microsoft certificate, allowing it to use Windows Update to automatically install the malware on targeted Windows PCs.

6. Full Disk Encryption For All
If Apple has recently refined its security tune, it's important to acknowledge that the company has already included some key information security features as standard in its operating system. Chief amongst those is FileVault 2, introduced with Apple OS X 10.7 (Lion), which offers full-disk encryption. The previous FileVault feature, for comparison, only encrypted a user's home folder.

Contrast that "security for all" approach with Microsoft's offerings. Notably, Windows Vista and Windows 7 included BitLocker full disk encryption, although only with the Enterprise and Ultimate versions. Likewise, the feature is built into only the Pro and Enterprise versions of Windows 8.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
7/12/2012 | 8:10:34 AM
re: 6 Ways Apple Is Polishing Mac Security
This article does a great job of summarizing the aspects regarding Mac security. Recently, Kaspersky said that Apple is 10 years behind Microsoft in terms of security. But, we think itGs more significant to look at the software, not the operating system when thinking about security.
As security professionals, we expect Apple to be more transparent and change the way they deal with security researchers.
For more information on our vision, check out this article http://blog.securityinnovation...
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
7/3/2012 | 2:39:50 AM
re: 6 Ways Apple Is Polishing Mac Security
I think the biggest takeaway here is that Apple is trying to do what it can to protect the user from their own actions which is the primary attack vector on the OS X platform.

The theory goes that if you keep your Mac updated (i.e. all of the relevant OS updates, all of the security updates, all of the application updates), that you'll be much better off with regards to defending against threats in the wild.

However, keeping updated is part of proper system hygiene - and there aren't too many people that are diligent about it because Macs are supposed to be easier to work with and impervious, so users don't think twice about "set it and forget it". That's the bane of the security pro's existence and the best case scenario for the malware crowd.

Andrew Hornback
InformationWeek Contributor
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
6/29/2012 | 9:19:34 PM
re: 6 Ways Apple Is Polishing Mac Security
It's hard to inject viruses into any UNIX-based system, whether it be Mac OS, Android, Linux, or any of the original flavors of UNIX. This publication has clearly explained why that is more than once. That why since Apple released OS X they have legitimately made the claim that Windows viruses can't hop over to the Mac.

At this point malware other than viruses has become the dominant threat, particularly via the interet. Plenty of malware that is OS agnostic can wreak as much havoc on a Mac as it could on a Windows box; the UNIX advantage has diminished. Flashback is emblematic of this situation.

Apple is wisely reframing its strategies and its marketing language to reflect this changing reality. This is what they should do, so no need for outsized praise. On the other hand finding fault with a strategy that was more than adequate several years ago is not useful.

It would be nice if Apple did a better job of explaining patches but what's most important to me is frequency and efficacy of patches and ease of installing. Apple seems to be heading down the right path on that front. Now let's just turn on the security features rather than ignoring them. . .
ANON1251568162539
50%
50%
ANON1251568162539,
User Rank: Apprentice
6/29/2012 | 7:11:59 PM
re: 6 Ways Apple Is Polishing Mac Security
The essential question is GǣWho gets hurt here?Gǥ

Novice Mac users want a walled garden. Especially, those who fled from Windows.

Power users get vetted third party apps. And a means of automatically removing accidentally installed malware.

Expert Mac users and Linux advocates get to take the level of risk they choose.

Malware writers donGt lose, because they were never on Macs anyway. You canGt lose what you never had.

The only losers I see are the Windows Anti-virus venders who have been fraudulently coercing people into buying their worthless software. They were the oneGs who corrupted the word Gǥ virusGǥ into meaning any malware regardless of type or function.

Apple doesnGt lose when they give up a contention which no one believed.
ANON1251568162539
50%
50%
ANON1251568162539,
User Rank: Apprentice
6/29/2012 | 6:58:10 PM
re: 6 Ways Apple Is Polishing Mac Security
YouGd have to prove that you own it.
Tronman
50%
50%
Tronman,
User Rank: Apprentice
6/29/2012 | 5:10:46 PM
re: 6 Ways Apple Is Polishing Mac Security
Want to buy a bridge?
hlubinv8l
50%
50%
hlubinv8l,
User Rank: Apprentice
6/29/2012 | 4:49:21 PM
re: 6 Ways Apple Is Polishing Mac Security
It's easy to understand why Apple had to change the statement that Macs don't get viruses. Since some Mac owners run Windows on their Macs (either in Boot Camp or in emulation), those users can get Windows viruses infecting their Windows installations.

Even though Windows viruses have no effect on OS X, they still count as viruses. So for those people running Windows on a Mac, the statement would not be true.

The statement should have read that Mac OS X (the operating system) has never been susceptible to viruses.... simply because there has never been an OS X virus.

There have been a few examples of malware for OS X in the past, like the recent Flashback Trojan, but nothing that spreads to other users without user interaction (as Windows viruses do).
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.