The security features introduced in Apple's Leopard operating system need work. That's according to security experts who have been putting the new version of Mac OS X through its paces since the upgrade was introduced last Friday.
Leopard introduces a number of important security features to the Mac, but they are often implemented incompletely, leaving users vulnerable to attack, said Thomas Ptacek, a researcher at Matasano Security, who Monday wrote a detailed assessment of Leopard's security.
"They've done a really good job of robbing Microsoft advocates of their talking points," he said. But, "I don't see anything that they've done out of the box, where it's really any more resistant to attack than Tiger was," he added, referring to the previous update to Apple's operating system.
According to Ptacek, two of Apple's key security enhancements -- Sandboxing and Library Randomization -- are great ideas that are imperfectly applied within Leopard.
Take Library Randomization. It's a new feature that's supposed to make it hard for some of the most commonly used computer attacks, such as buffer overflows, where the attacker takes advantage of a software bug to place code somewhere in the computer's memory where he knows it will be run. Microsoft developed a similar technology for Vista, called Address Space Load Randomization. Library Randomization makes it much harder, if not impossible, for the attacker to know where to place this code, reducing the risk of attack.
The problem is that Apple did not randomize all of the parts of the operating system that it should have, according to Ptacek. In particular, Apple's Dynamic Link Library has not been randomized.
Security researcher Dino Dai Zovi said he's used this library in several of the Mac exploits he's written over the past few years. He has taken advantage of the fact that this library is not randomized, and he agreed with Ptacek's assessment that this feature, as it's implemented in Leopard, would simply make things a little more difficult for attackers.
Sandboxing is another feature that could ultimately make Mac OS X more secure. Sandboxing restricts software running on Mac OS so that even if it's hacked, it can't, for example, add new software to the computer. The problem is that Apple hasn't sandboxed many of the most commonly attacked applications such as the browser, the mail client, or instant messaging software, Ptacek said.
And the programs that have been sandboxed have not been walled off as thoroughly as they should be, he added.
For example, the Quick Look file viewer has been sandboxed, but only to restrict network access. The software can still be misused to write malicious files where they will be automatically launched, Dai Zovi said. "Most of the things that were sandboxed were network services," he said. "Increasingly these days IM, e-mail, and Web surfing are where most of the attacks are coming from, not directly on your network."
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
1 Recommendation
