Symantec’s "The Mac OS X Threat Landscape: An Overview"


This is probably the most in-depth analysis of Mac OS X security I’ve ever read. It’s a worthwhile read. I was especially fascinated by the last section on preventative measures because we’ve spent so much time on this stuff in Windows Vista, and it’s all enabled by default, yet Apple has chosen to not do this work. Hhhmm, I wonder why?


You can get the document from here.

Comments (17)

  1. Dean Harding says:

    Too busy making television ads proclaiming how secure they are, probably 😉

  2. Michael says:

    Great article.  Thanks for the link.

    I downloaded and tested the Bastille script on my Mac and so far found that it dorked up my ipfw rules pretty thoroughly.  From the looks of it the script didn’t clear the existing rules before applying the new rules creating a hodge-podge of rules.  

    Users should also know that once they manually change the firewall rules on OS X, they can’t control them from the firewall applet in System Preferences.  They’ll have to continue to modify them manually or do an "ipfw flush" to clear all changes then go in and re-enable the firewall.  

  3. Pete says:

    I wonder why too. I also wonder why it took microsoft so long to implement it as well, considering those features have been widely available in unix-like os’s for a number of years.

    At least its in now, maybe whatever comes post-vista will finally be on a similar level to the security features you can find in Linux and OpenBSD

  4. Andrew Royal says:

    You wonder why? perhaps they have a good risk assesment: http://www.sans.org/top20/?ref=1814

    Just recall how long for Microsoft it took to implement this finally, which is target number one.

  5. Alun Jones says:

    My favourite quote "Since OS X is a BSD-based operating system, [stack canary] functionality should be accessible to Applen and will hopefully be enabled by default in OS X applications at some point."

    Then it rolls into a section on Secure Heap Implementation, detailing several operating systems’ use and availability of it, none of which include OS X.

    Of course, you have to expect that Symantec’s conclusion will be that the OS is under threat and needs protection from Symantec’s range of products. Having said that, I don’t think anything they’ve said in this article is untrue or exaggerated.

  6. Graham says:

    Gee Mike, given the security history of Windows, the security history of OS X and the fact that we ALREADY have cracked copies of Vista in the wild… I think you’re being a little cocky. After all, this is a report from a company doing its best to flog it’s own software.

    I’m thrilled that you think you’ve done such a great job with Vista, but if I recall, we were hearing the same story with XP. I wish you the best of luck with your launch. Let’s see which OS has more vulnerabilities in a years time, shall we?

  7. michael_HOWARD says:

    >>Let’s see which OS has more vulnerabilities in a years time, shall we?

    sure!

  8. michael_HOWARD says:

    >>Cocky

    no, i don’t think i am – i just pointed out some facts. that’s it.

  9. nksingh says:

    What does having cracked copies of an OS have to do with its security?  Cracking Windows Activation involves changing the executable code in the software as an administrative-level user, not violating the security model of the running OS.

  10. tempest says:

    Rabble rabble rabble. If you like Windows, use it and shut up. If you like OS X, use it and shut up.

    I’ve heard better debates coming from Bush… no, just kidding :-)

  11. Paulo Custodio says:

    Hi Michael,

    Im both a user of XP and OS X, I think both are great products. This said, I think it´s really shortsighted on Apple´s part to come out with tv advertisements proclaiming invulnerability. This is wrong because the only reason why OS X isn´t targeted by hackers is simply because it´s not as popular as XP (or as Vista will be), both at consumer and enterprise level. Plus, to use OS X you need rather expensive Apple hardware.

    If OS X were to come under attack at the same level as XP is nowadays, I don´t believe I would consider using it. Apple is definetely not prepared to deal with security at that level, and has much to learn. Instead of using the old "vs Microsoft" stance (which i find rather smuggy), Apple should admit they learned a few lessons from Microsoft (and will continue to do so).

    Microsoft learned the hard way, facing the best hackers in the world, and in the process paves the road to a more secure future (which companies like Apple can only benefit from).

    I know Vista will be attacked continuously, but I also know there are some really hardcore security experts in Redmond, ready to fight back, and keep my data safe.

    So, I congratulate you and your team on a spectacular effort and hope the best for Vista.

  12. Mig says:

    Facts?  I use 2000 , XP and OSX  and I like them all. But , talking about facts. I run my Mac without any kind of antivirus, and cannot think on using my Windows Pcs without protection for a single hour.

    Perhaps Vista will solve that and will beat OSX or Linux in this matter, but it´s not

    the case right now.

    Apple is arrogant and their advertising is annoying (even in my eyes and I´m a happy OSX user) but it doesn´t invalidate OSX high security.

    Good luck with Vista, Michael.

  13. michael_HOWARD says:

    There is more to life than viruses, much more. Mac OS X machines are constantly compromised, but they’re not compromised thru viruses!!

  14. phil says:

    compromised? by what? at least give us an example.

    i have 2 macs running day and night and have never experienced anything fishy…

  15. michael_HOWARD says:

    most of the attacks are directed at Web sites running on Mac OS X.

  16. phil says:

    ok. so you’re saying osx running something like apache is easily compromised?

    any idea why? different apache build on darwin?

  17. James says:

    I would love to have the ammo of web sites that have been compromised that were running on Mac OS X.  Can we get some names so I can hammer my smug Mac friends?