Partager via

Symantec's "The Mac OS X Threat Landscape: An Overview"

  • Article

This is probably the most in-depth analysis of Mac OS X security I've ever read. It's a worthwhile read. I was especially fascinated by the last section on preventative measures because we've spent so much time on this stuff in Windows Vista, and it's all enabled by default, yet Apple has chosen to not do this work. Hhhmm, I wonder why?

You can get the document from here.

Comments

  • Anonymous
    November 15, 2006
    Too busy making television ads proclaiming how secure they are, probably ;)

  • Anonymous
    November 15, 2006
    Great article.  Thanks for the link. I downloaded and tested the Bastille script on my Mac and so far found that it dorked up my ipfw rules pretty thoroughly.  From the looks of it the script didn't clear the existing rules before applying the new rules creating a hodge-podge of rules.   Users should also know that once they manually change the firewall rules on OS X, they can't control them from the firewall applet in System Preferences.  They'll have to continue to modify them manually or do an "ipfw flush" to clear all changes then go in and re-enable the firewall.  

  • Anonymous
    November 15, 2006
    I wonder why too. I also wonder why it took microsoft so long to implement it as well, considering those features have been widely available in unix-like os's for a number of years. At least its in now, maybe whatever comes post-vista will finally be on a similar level to the security features you can find in Linux and OpenBSD

  • Anonymous
    November 15, 2006
    You wonder why? perhaps they have a good risk assesment: http://www.sans.org/top20/?ref=1814 Just recall how long for Microsoft it took to implement this finally, which is target number one.

  • Anonymous
    November 16, 2006
    My favourite quote "Since OS X is a BSD-based operating system, [stack canary] functionality should be accessible to Applen and will hopefully be enabled by default in OS X applications at some point." Then it rolls into a section on Secure Heap Implementation, detailing several operating systems' use and availability of it, none of which include OS X. Of course, you have to expect that Symantec's conclusion will be that the OS is under threat and needs protection from Symantec's range of products. Having said that, I don't think anything they've said in this article is untrue or exaggerated.

  • Anonymous
    November 16, 2006
    Gee Mike, given the security history of Windows, the security history of OS X and the fact that we ALREADY have cracked copies of Vista in the wild... I think you're being a little cocky. After all, this is a report from a company doing its best to flog it's own software. I'm thrilled that you think you've done such a great job with Vista, but if I recall, we were hearing the same story with XP. I wish you the best of luck with your launch. Let's see which OS has more vulnerabilities in a years time, shall we?

  • Anonymous
    November 16, 2006
    >>Let's see which OS has more vulnerabilities in a years time, shall we? sure!

  • Anonymous
    November 16, 2006
    >>Cocky no, i don't think i am - i just pointed out some facts. that's it.

  • Anonymous
    November 18, 2006
    What does having cracked copies of an OS have to do with its security?  Cracking Windows Activation involves changing the executable code in the software as an administrative-level user, not violating the security model of the running OS.

  • Anonymous
    December 14, 2006
    The comment has been removed

  • Anonymous
    December 23, 2006
    The comment has been removed

  • Anonymous
    January 05, 2007
    The comment has been removed

  • Anonymous
    January 05, 2007
    There is more to life than viruses, much more. Mac OS X machines are constantly compromised, but they're not compromised thru viruses!!

  • Anonymous
    February 05, 2007
    compromised? by what? at least give us an example. i have 2 macs running day and night and have never experienced anything fishy...

  • Anonymous
    February 05, 2007
    most of the attacks are directed at Web sites running on Mac OS X.

  • Anonymous
    February 05, 2007
    ok. so you're saying osx running something like apache is easily compromised? any idea why? different apache build on darwin?

  • Anonymous
    February 07, 2007
    The comment has been removed