Apple Security Features For Snow Leopard Not Up To Par, Experts Say
September 01, 2009 5:03 PM ET
Apple entered the security race with an array of security enhancements to its new Snow Leopard operating system, but critics maintain that the embedded antimalware is woefully inadequate and could possibly do users more harm than good.
Apple's new Mac OS version 10.6, a derivative of its existing Leopard operating system dubbed Snow Leopard, comes equipped with antimalware features designed to detect certain Mac-related viruses and Trojans.
Apple might have attempted to keep Snow Leopard's new security features under wraps, but news leaked out days prior to the release on a blog site by the Mac security company Intego, which posted a screenshot of an application that detected a version of a Mac Trojan in a downloaded disk image.
Snow Leopard touts antivirus scanning tools designed to combat a myriad of malicious Trojans and worms aimed at the Mac OS X platform in recent months. Among other things, Apple claims that the new antimalware feature protects users from a specific hacking technique called "sandboxing," which restricts user actions on the Mac by limiting access to files and the number of programs they can launch.
Apple says that new scanner screens for malware on its Web browser Safari, as well as Mail and iChat, and inspects digital signatures to verify that an application wasn't altered after it was created.
However, since the Friday launch, the Mac OS X has been on the receiving end of a barrage of sharp criticism from bloggers and security researchers alike.
While most experts have applauded Apple's initiative to ramp up security, critics say that the security enhancements don't go far enough to protect against malicious attacks.
Security experts contend that Snow Leopard's new security features fall short of most legitimate security vendor standards, which will ultimately work against users by lulling them into a false sense of security, when in fact they are actually not secure at all.
According to researchers at Intego, the built-in antivirus feature only scans files on a handful of applications, including Safari, Mail, iChat, Firefox, Entourage and a few other browsers, but fails to scan from other sources, such as BitTorrent or FTP files.
In addition, Snow Leopard's acclaimed antivirus feature is only able to detect two Trojans, despite the fact that researchers have detected dozens of malicious threats that target the Mac OS X platform. Some of those malware threats target e-mail, Web-related vulnerabilities and other threats that often depend on user behavior.
And security experts maintain that while Apple's attempt at antivirus is noble, it barely scratches the surface in terms of comprehensive security.
"As of right now, the main danger on a Macintosh comes not from the operating system, but comes from the behavior of the user -- falling for bad phishing Web sites, responding to ads on Craigslist. There's enough that the end user requires protection," said David Perry, director of global education for Trend Micro. "What are we going to do about it?"
Perry said that thus far, Mac malware is still few and far between. But as Mac's market share grows, the number of viruses, Trojans and other threats will likely experience a sharp uptick.
"We're seeing drips and drops of malware for the Mac, but this is how it began on the PC," Perry said.
Prior to the release, the blogosphere was rife with speculation about whether Apple was going to go the open source ClamAV route or collaborate with a third party antivirus vendor. It turned out neither was the case, as Apple has deployed its own in-house creation into its operating system, which also opens up a Pandora's Box of challenges, security experts say.
Aleks Gostev, senior virus analyst for Kaspersky Lab, said that because Apple is generating its own antimalware product, the company has become a de facto competitor with other antivirus vendors.
"If the company's done that, then it should have all the appropriate departments -- a virus lab, a monitoring service, antivirus technical support, etc.," Gostev said in a blog post. "At the moment, Apple doesn't have any of these things. But it does have its 'antivirus.' "
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
