Threats don't diminish Mac's reputation

By Bill Brenner, Senior News Writer 27 Feb 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The recent threats to Apple Computer Inc.'s Mac OS X operating system are probably just the beginning, according to the results of a live online poll on SearchSecurity.com. But users interviewed this week remain convinced that on the whole, the Mac's security is rock solid.

Despite that, they also expect Microsoft Windows to remain the dominant operating system among enterprises -- at least for now. Security is important, they say, but so is manageability.

As of late Friday, 52% of those responding to the SearchSecurity.com poll said more Mac OS X attacks are inevitable and will probably get worse. Twenty-six percent said it's too early to tell what will happen while 21% believe the appearance of Mac-based malcode is a fluke that will have little affect on the operating system in the long run.

Bill Royds, an IT security officer with the Canadian government who also teaches an IT security course at Algonquin College in Ottawa, is among those who expect the digital underground to attempt more Mac attacks.

Attempts will only increase should Macintosh software become more popular in the enterprise, he said. Malcode will also be easier to write because the Intel-based central processing unit in the next-generation Macs, which debuted last month at MacWorld Expo, is more widely known and less secure than the PowerPC microprocessor architecture used in earlier Macs.

But in the end, Royds said, "The more inherent security of Mac OS X will prevent [malcode] from being as great a problem as on Windows."

Recent threats, more scrutiny
Mac OS X has come under intense scrutiny in the last two weeks, amid reports that it has become the target of malicious code for the first time and that a new, critical security hole has been uncovered.

For more information Hey, Mac. Is that a worm in your Apple? Critical flaw found in Mac OS X First Mac OS X malcode discovered

Leap, also known as Oompa, was the first malcode to appear nearly two weeks ago. It spreads through Apple's iChat instant messaging application. The next piece of malcode, Inqtana, attempts to spread via an older Bluetooth vulnerability.

The latest flaw, first reported last week, is due to a glitch in how the operating system processes specially crafted resource forks and HFS metadata stored within .zip archives. The security hole affects OS X 10.4.5 and earlier versions. Attackers could exploit the flaw to execute arbitrary shell commands and compromise a vulnerable system by convincing a user to open a malicious e-mail attachment or visit a specially crafted Web page designed to automatically exploit the vulnerability through the Safari browser.

But like Royds, Stephen Escher's faith in the operating system's security hasn't been shaken by recent events.

"I think the Unix underpinnings [of Mac OS X] generally deny access more than Windows grants by default," said Escher, network security manager for the Hilton Grand Vacations Company in Orlando, Fla. "I also haven't seen the same interest in finding vulnerabilities like I've seen in Windows."

But that doesn't mean his enterprise will expand Mac deployments anytime soon.

Security vs. manageability
While Escher believes Mac security is solid, he also finds Windows easier to manage across the enterprise. The more secure the operating system, the harder it is to manage, he said, adding, "In general, you want security, but you want to be able to use and manage it as well."

Right now, Escher's department covers 1,800 employees with about 1,200 workstations. That includes about 20 Macs and seven Mac servers.

"Macs aren't easy to manage from a domain perspective," he said. "As long as we can't manage them, they will be a novelty for a standard desktop configuration in the enterprise."

Macs will need tighter LDAP (Lightweight Directory Access Protocol) integration so they can be managed, he said, adding, "There needs to be centralized control to distribute policies." With Windows, Escher said, IT managers can centrally set those policies so users can't install certain applications. That kind of control isn't available with Macs right now.

And while Macs may be inherently more secure, he believes Windows has come a long way.

"I'm excited about some of the features in Vista," he said, referring to the new version of Windows slated for release later this year. "From what I understand at this point, it lets the browser run in a protected mode where things can't be installed by default. [Microsoft] has also talked about a bidirectional firewall where you can see communication going in and out in a more granular fashion."

He's also encouraged by Microsoft's Windows OneCare Live security software service and Windows Defender spyware scanning and removal tool. "Having that integrated into Vista will be helpful," he said, adding, "I know I can secure a Windows OS to a comfortable posture so I would go with Windows [as the dominant system in the enterprise]." Besides, he said, the more popular Mac OS X becomes, the more attacks will be targeted against it in the future.

How OS dominance could shift in Apple's favor
Royds said he isn't a heavy Mac user and agreed with Escher that the operating system isn't widely deployed among enterprises today. "Right now, it's used by the designers in the office, but it's off to the side," he said. But he believes enterprise use is likely to increase in the future because the Intel chip makes OS X more compatible with some enterprise hardware and networks.

Interestingly, he said, the rise of Vista may actually benefit Apple.

"With Vista coming, many enterprises will be looking to upgrade and will be looking at a choice between Vista, Mac OS X and other operating systems," Royds said. "The Intel chip inside the Macs may make Mac OS X a more attractive option for those who have to get new machines."

Tags: Alternative OS security: Mac, Linux, Unix, etc.,  Web Browser Security,  Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Alternative OS security: Mac, Linux, Unix, etc. Machiavelli Mac OS X rootkit unveiled at Black Hat How secure is 'Platform as a Service (PaaS)?' Security comparison: Mac OS X vs. Windows Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method Alternative OS security: Mac, Linux, Unix, etc. Research Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary