This page contains a Flash digital edition of a book.
Apple’s practice of making usability choices can lead to diminished security, as in the case of Safari’s Safe Files feature


geared primarily at computer programmers, Linux has fewer loopholes that hackers can exploit, he says. Chrome has shown to be “formidable on the security front”, but because it is still so new, hackers have not yet uncovered security fl aws, Schrage says. Regardless of the operating system being used, Santorelli maintains there will always be vulnerabilities in any internet-connected machine. “There’s a fundamental dichotomy of usability versus security”, he observes. “You want a system to be nice and secure and diffi cult to compromise, but at the same time you want to make it easy for a legitimate user to log in and do things.” Many of today’s vulnerabilities have nothing to do with the OS, but rather an attack on the application, he says.


When he is asked what browser to use, Santorelli responds that it doesn’t really matter, as long as it is up to date. “A lot of people are still using [Internet Explorer] 6, and that’s not a good thing.” Harley also points out that while most high-profi le exploits tend to be aimed at Windows and generally have had more impact than any OS X vulnerability so far, social engineering tactics exploit the user rather than the system, and tend to be platform-neutral. A wide range of technical threats are also platform-neutral, he notes. “While macro viruses are pretty much dead, exploitation of other vulnerable apps –


think Java, Adobe, etc. – is on the up, and we’re starting to see a trickle of ported Linux threats”, Harley says.


Modern browsers have much better protection and anti-phishing technology, Santorelli confi rms. Apple is also using sandboxing, a computer program that works in “a tiny jail cell that can’t break out and infect the rest of your computer”, he explains. “It’s contained and constrained, and that’s a very strong infosecurity counter to malware.” Another challenge for malware writers targeting OS X/iOS, he says, is that Apple does a lot of human checking of apps before they go into Apple store.


Mac and Security Tools The question of whether security tools are necessary for the Mac depends on a number of factors, including a company’s risk profi le, observers say. “If you are head of the accounts department for a Fortune 400 company, then you have to do everything you can to minimize your exposure”, says Santorelli. “If you are someone who basically uses a laptop for posting Facebook updates, perhaps your risk is a little less.” Santorelli says he has encryption on his own Macs and would never discourage anyone from putting a security tool on their machine. “It’s good to be paranoid and to have as much security as you can these days.”


Harley also believes deploying security tools on a Mac depends on how the system is being used. While he maintains that the percentage of malware on Macs is “no big deal”, he adds that “if it’s your system that’s compromised, one infection is too many”. Schrage believes unequivocally in security tools for the Mac, saying that he previously did not use any on his machines, which left him open to many security threats. “It is only a matter of time before hackers direct more of their efforts toward Macs, especially as their popularity continues to soar.” That view is also shared by Clymer, who says that out of the box, the confi guration of OS X is less secure because it is a Linux-based system. “A lot of tools we’ve leveraged on Linux can be leveraged on Apple; they’re just not included by default…and are not


Linux, due to its barebones operating system and software, is likely the most secure of all


Andrew Schrage


necessarily the most user-friendly”. Anti- virus on the Mac platform, he concludes, is fairly immature”.


The main lesson for Mac users, who industry watchers say can be somewhat naïve about security, is that contrary to popular belief, they are not immune from attacks. “They feel…that any sort of security tool is just unnecessary”, says Schrage. “Unfortunately, the belief that Macs are less vulnerable from a security perspective is much more myth than fact.”


www.infosecurity-magazine.com /// 49


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60