The recent threats to Apple Computer Inc.'s Mac OS X operating system are probably just the beginning, according...
to the results of a live online poll on SearchSecurity.com. But users interviewed this week remain convinced that on the whole, the Mac's security is rock solid.
Despite that, they also expect Microsoft Windows to remain the dominant operating system among enterprises -- at least for now. Security is important, they say, but so is manageability.
As of late Friday, 52% of those responding to the SearchSecurity.com poll said more Mac OS X attacks are inevitable and will probably get worse. Twenty-six percent said it's too early to tell what will happen while 21% believe the appearance of Mac-based malcode is a fluke that will have little affect on the operating system in the long run.
Bill Royds, an IT security officer with the Canadian government who also teaches an IT security course at Algonquin College in Ottawa, is among those who expect the digital underground to attempt more Mac attacks.
Attempts will only increase should Macintosh software become more popular in the enterprise, he said. Malcode will also be easier to write because the Intel-based central processing unit in the next-generation Macs, which debuted last month at MacWorld Expo, is more widely known and less secure than the PowerPC microprocessor architecture used in earlier Macs.
But in the end, Royds said, "The more inherent security of Mac OS X will prevent [malcode] from being as great a problem as on Windows."
Recent threats, more scrutiny
Mac OS X has come under intense scrutiny in the last two weeks, amid reports that it has become the target of malicious code for the first time and that a new, critical security hole has been uncovered.
The latest flaw, first reported last week, is due to a glitch in how the operating system processes specially crafted resource forks and HFS metadata stored within .zip archives. The security hole affects OS X 10.4.5 and earlier versions. Attackers could exploit the flaw to execute arbitrary shell commands and compromise a vulnerable system by convincing a user to open a malicious e-mail attachment or visit a specially crafted Web page designed to automatically exploit the vulnerability through the Safari browser.
But like Royds, Stephen Escher's faith in the operating system's security hasn't been shaken by recent events.
"I think the Unix underpinnings [of Mac OS X] generally deny access more than Windows grants by default," said Escher, network security manager for the Hilton Grand Vacations Company in Orlando, Fla. "I also haven't seen the same interest in finding vulnerabilities like I've seen in Windows."
But that doesn't mean his enterprise will expand Mac deployments anytime soon.
Security vs. manageability
While Escher believes Mac security is solid, he also finds Windows easier to manage across the enterprise. The more secure the operating system, the harder it is to manage, he said, adding, "In general, you want security, but you want to be able to use and manage it as well."
Right now, Escher's department covers 1,800 employees with about 1,200 workstations. That includes about 20 Macs and seven Mac servers.
"Macs aren't easy to manage from a domain perspective," he said. "As long as we can't manage them, they will be a novelty for a standard desktop configuration in the enterprise."
Macs will need tighter LDAP (Lightweight Directory Access Protocol) integration so they can be managed, he said, adding, "There needs to be centralized control to distribute policies." With Windows, Escher said, IT managers can centrally set those policies so users can't install certain applications. That kind of control isn't available with Macs right now.
And while Macs may be inherently more secure, he believes Windows has come a long way.
"I'm excited about some of the features in Vista," he said, referring to the new version of Windows slated for release later this year. "From what I understand at this point, it lets the browser run in a protected mode where things can't be installed by default. [Microsoft] has also talked about a bidirectional firewall where you can see communication going in and out in a more granular fashion."
He's also encouraged by Microsoft's Windows OneCare Live security software service and Windows Defender spyware scanning and removal tool. "Having that integrated into Vista will be helpful," he said, adding, "I know I can secure a Windows OS to a comfortable posture so I would go with Windows [as the dominant system in the enterprise]." Besides, he said, the more popular Mac OS X becomes, the more attacks will be targeted against it in the future.
How OS dominance could shift in Apple's favor
Royds said he isn't a heavy Mac user and agreed with Escher that the operating system isn't widely deployed among enterprises today. "Right now, it's used by the designers in the office, but it's off to the side," he said. But he believes enterprise use is likely to increase in the future because the Intel chip makes OS X more compatible with some enterprise hardware and networks.
Interestingly, he said, the rise of Vista may actually benefit Apple.
"With Vista coming, many enterprises will be looking to upgrade and will be looking at a choice between Vista, Mac OS X and other operating systems," Royds said. "The Intel chip inside the Macs may make Mac OS X a more attractive option for those who have to get new machines."