IT POV: Apple's OS X Lion is a resource and security nightmare

As the Mac starts to make inroads into the enterprise, Apple faces a major problem: Its current operating system is a disaster from an IT management perspective

The Mac is back in the enterprise. Last year, sales of Apple's flagship computer to business jumped substantially, growing 44 percent compared in Q3 with a paltry 5.3 percent increase for Windows machines, according to Needham & Co. Yet its current operating system, known as OS X 10.7 Lion, is a disaster from a CIO's perspective.

Most IT departments wisely wait before unleashing an operating system upgrade on their companies. In Lion's case, it would be wiser to leave it alone entirely. It's already been through numerous updates, now shipping as OS X 10.7.3. And the company already has announced its successor, OS X 10.8 Mountain Lion. But if Apple doesn't address some serious problems in Lion, it too will be a nightmare for IT. Here's why.

[ For tips and tools for managing an enterprise Mac fleet, download InfoWorld's free "Business Mac" Deep Dive PDF special report today. | See InfoWorld's slideshow tour of Mac OS X Lion's top 20 features and test your Apple smarts with our Apple IQ test: Round 2. | Keep up with key Apple technologies with the Technology: Apple newsletter. ]

Once deployed, Lion's current features likely will cause a spike in pricey help desk calls, increase security risks, and cause no end of user frustrations -- all of which will burden the IT department. For those companies who were using the previous OS X 10.6 Snow Leopard and have upgraded, the problems will be the most acute because the gratuitous changes made to the software will confuse users and undoubtedly hurt their productivity.

Lost in Spaces

Let's start with the wonderful tool called Spaces. Introduced years ago as an option, it lets users create multiple desktop views, or spaces, where they could set up task-specific work environments from their System Preferences application. For example, you could configure the number of spaces you wanted -- maybe one for collaboration apps, one for business-sensitive documents, another for games, and so on. It was a great enhancement.

In Lion, Spaces come out of the box set at three, instead of allowing a user or system administrator to set them up. Worse, they're fixed so you cannot manage them from Systems Preferences. You need to alter them by hovering over a given space. However, because you can no longer manage them from System Preferences, you're stuck with three. (Editor's note: The author seems unaware that all a user has to do is launch the Mission Control application from the OS X Dock and then click the Close box for the unwanted space, rather than detour to the System Preferences application.)

Dangerous system settings

In and of itself, that might not be more than a time-wasting IT problem when users, trained for years to use the Systems Preferences application, call the help desk asking how to manage the spaces. However, combined with another inexplicable change, the change in spaces management to the spaces themselves increases an enterprise's security risks.

When you shut down a modern desktop computer, users see a window telling then that their computer will shut down in so many seconds. Most people then press Return to make the shutdown immediate. But with Lion there's an added small checkbox that is permanently checked and tells you that all of your currently running applications, including those running in all of your spaces, will launch again when you next turn the computer on.

That might be considered a convenience to someone inside Apple, but for IT departments, the change is a significant problem. First, business-sensitive data may be exposed to passersby as the previous evening's work gets opened the next morning. Also, it means that server-based applications that were running at shutdown will be launched at boot time, whether needed or not, most likely overloading servers every morning and causing network congestion. And, it also means users will need to wait for their Mac to process all of the apps before they can start any meaningful work.

This dubious change would not be so awful if you could permanently uncheck the option. But you cannot. Users have to uncheck the option every time they shut down the machine. It's an utterly time-wasting, resource-wasting, security-risky "feature" that cannot be changed.

Another enterprise problem with Lion are a couple of updates in the Security & Privacy system preference. The default settings for Location Services and automatically sending system data to Apple are turned on. That means either increased security risks or setup costs when Lion-based Macs are deployed. (Editor's note: The actual settings in Lion do not send Apple system data. They do send anonymized usage and diagnostics data, unless unchecked. Apple does not receive user location data, and by default the Mac OS tracks which applications are tracking the user's location and presents that information to the user.)

Full-screen mode full of problems

Another change that is bound to increase calls to the help desk is the new full-screen mode for application windows. It's a great idea, especially for smaller screen laptops. But it's poorly implemented. That is, the icon for making a window take over the entire screen is on the window itself. However, when launched, the icon disappears, so there's no obvious way to reduce the window's size. That would not be a problem if users could move the cursor down to the Dock to make the change as they can in every other situation. In full-screen mode, though, access to the Dock is removed. To get out of full-screen mode a user needs to go up to the top of the screen to display the  menu bar, assuming they know how to find it, to see the icon to restore the normal view.

Apple's engineers and their managers seem to be making changes simply for the sake of change, not to improve the user experience. For example, what was once a bright blue scrollbar has become a difficult-to-discern gray one.

Apparently these changes are all being done to force-march Apple's users to a world that blends iOS and Mac OS into a distant operating system dream world. But for now, it's a user experience nightmare that will cost IT plenty in terms of support while increasing security risks.

Here's one more thing

If your users want to use iCloud to help them manage their documents, don't let them. It will only make matters worse for them and you with increased cries to the help desk. To move a document to iCloud, a Mac user simply drags and drops it to the iWork section of their online account. But then it gets weird.

After you place, say, a Pages document in iWork from your Lion-based Mac, you need to grab another device running iOS 5, open the Pages app, and then click on the document in iCloud. Until you do that, the Pages file is dead. This head-scratching process is, to say the least, a kludge.

(Editor's note: iCloud does not work as described. Documents saved in an iCloud-compatible application autoatically sync with all devices tied to the same account that have the same application, assuming the user enabled iCloud document syncing on each (it's not on by default). On iOS, the documents are available in the respective application's file list, and on Mac OS X they remain in whatever folder they were stored in. Furthermore, the website referenced is a beta service that Apple is discontinuing on July 31. It predates iCloud and was intended to work like Dropbox and, where users drag or send files to a cloud-based repository.)

Oh, and, as Steve Jobs might have said, here's one more thing. Let's say you want to save your Pages document with a different name in iCloud so as not to confuse it from one on your Mac. As with every other productivity suite in memory, including Apple's, the process is: Go to the menu bar, click File, and, wait, there's no longer a Save As function. It was removed for the Lion version of Apple's iWork suite. Now, if you want to change a version of the document, you need to duplicate it and save it with a new name. Why? Who knows? But I'm sure the folks at Apple's Genius Bar will tell us it's good for us.

Mark Everett Hall has been using Macs since 1988 and was editor in chief of MacWeek from 1993-1996.

Read more about mac in CIO's Mac Drilldown.

This story, "IT POV: Apple's OS X Lion is a resource and security nightmare" was originally published by CIO.