Apple OS X users feeling the exploit pinch
Many Apple users have long sat smug about the security of the OS X operating system. Pundits have expounded on its BSD roots, its imperviousness to spyware and malware, and overall lack of public exploits. Some have even lauded Apple's superior responsiveness when threats arose, and its commitment to information security.
Unfortunately, a lot has changed.
The "Month of Apple Bugs" project has shattered much of the illusions around OS X's security. According to the website, its initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. As of this writing, the project has released 31 public vulnerabilities for OS X and its supporting applications. Of the 31 vulnerabilities, 30 have either proof-of-concept exploits or none are needed to cause damage. Many of the disclosed bugs are serious issues and can be used to remotely compromise the system.
Apple is working on fixes, but patches have come slower than expected. Observers have stopped spreading the image of Apple as a security-focused messiah, and grown used to the idea that for Apple (like every other company that manufactures an operating system), tracking and mitigating security issues is a long, difficult and resource-intensive process.
Hopefully, OS X users will begin to acknowledge the risks, and embrace their need for anti-virus, OS hardening and ongoing patching. One thing is for certain. Information security-savvy users and organizations will need to focus attention on OS X users. Apple will also likely improve their security testing and programming development processes to help stop future holes.
I am paying more attention. I own a PowerBook, running OS X, and I have tightened up my system's firewall, implemented more monitoring, deployed more detection tools to know when I am being targeted and even ratcheted down the time between checks for patches -- which I, like everyone else, am anxiously awaiting. I will still use OS X every day. It is still my operating system of choice, for the same reasons as before - flexibility, power and usefulness plus incredible ease-of-use. That said, I will remain vigilant and take the necessary steps to protect my Mac and all of the other computer systems I depend on. Let's hope that everyone else does the same.
MicroSolved, Inc.
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
