10 Cool Security Features In Mac OS X Lion

Mac OS X Lion: Roaring Security

No doubt, when it comes to security, Apple’s new Mac OS X Lion is shedding its spots and is ready to roar. As the dust has settled on the release of Apple’s Mac OS X Lion, unveiled July 20, experts have started asking, ’Yes, but is it secure?’

And thus far, the short answer appears to be ’yes.’

The latest Mac OS (version 10.7) comes equipped with a slew of security enhancements—some major, others incremental—designed to harden the operating system, bolster security defenses and ultimately make the system more resilient to security threats.

That said, experts maintain that with Lion still in its infancy, many of the new or enhanced security mechanisms have yet to pass the test of time. But at least Apple has given its new OS a fighting chance. Here are 10 of the Mac OS X security features users can expect to find.

Full Address Space Layout Randomization

This feature, inherent in the new Mac OS X Lion, will make it a lot more challenging for cyber criminals to exploit security vulnerabilities.

Specifically, the Address Space Layout Randomization (ASLR) security feature thwarts exploits by randomizing the arrangement position of key data areas, which make it more challenging for hackers to predict target addresses and launch attacks.

While Mac OS X 10.6 Snow Leopard first introduced the ASLR feature, it was limited to libraries, and missed randomizing the stack and heap.

The ASLR feature baked into Mac OS X Lion, however, is fully implemented, covering 32 and 64-bit applications, and is expected to be a big step up from its feline predecessor.

Automatic Security Updates

As with many operating systems, Snow Leopard users could receive security updates, but had to manually approve and install them. Not the case with its feline counterpart. In Mac OS X Lion, all security updates are going to be automatic for the user, ostensibly occurring silently behind the scenes.

However, security experts have expressed some doubt as to how effective the automatic or updates will be when dealing with compatibility issues.

’We will have to see how well this works as ’automatic’ or ’unmanaged’ update may of course break incompatible applications,’ said SANS Institute researcher Johannes Ulrich, in a blog post.

Application Sandboxing

Among the slew of improved security features in Mac OS X Lion is a greatly enhanced sandboxing capability.

Specifically, sandboxing is a security mechanism that isolates untrusted programs and allows them to run in confined environments, limiting the access the applications have to the rest of the OS.

And Lion features this capability prominently. The most noteworthy example is in Safari. Mac’s update browser now incorporates sandboxing functionality, which enables the Web site content to load in a separate process with limited functionality. As such, malicious Web sites accessed by the Safari browser are prevented from gaining access to and compromising the rest of the system.

Apple ID Authentication

This feature gives Lion users at least some peace of mind when they share content via iChat, Screen Sharing and file sharing.

The authentication certificate has been used by Mac users in the past when talking over iChat, but Lion is taking the feature to the next level over a few more content sharing applications.

Users who sign up for an Apple ID will automatically create a client certification used to authenticate their identity when they share information over content-sharing sites.

Normally capabilities such as Screen Sharing and File Sharing require the user to have an account on the system. However, with Lion’s enhanced authentication functionality, users can enter their Apple ID as an authorized account in order to acquire access.

FileVault 2

The original File Vault in Snow Leopard only encrypted users’ home directory, leaving System and Applications vulnerable to attack. Not so in Mac OS X Lion.

’It was rather clunky and didn’t interoperate well with Time Machine,’ said Johannes Ullrich, SANS Institute researcher, in a blog post. File Vault 2, however, equips Lion with full disk encryption, which also extends to external USB and FireWIre drives.

Apple made it a point to develop the initial disk encryption to be faster and less intrusive; FileVault 2 can rapidly encrypt the entire drive while allowing users to simultaneously continue working on the system.

One salient feature in FileVault 2 is the ’Instant Wipe,’ which gives the user the ability to scrub the encryption key from hard drive of the computer, rendering the system completely inaccessible should it be accessed by miscreants. If users are afraid of losing the key, it can be held safely with Apple.


Essentially, AirDrop allows users to set up peer-to-peer networks on the fly to exchange files. However, Lion’s AirDrop protocol is TLS encrypted and authenticated with users’ Apple ID. Apple also says that it can set up appropriate firewall rules.

Beefed Up Privacy Controls

Apple has added a few more incremental privacy controls in thelatest version of its OS, which give users more control over how their data is stored and used. In particular, the privacy enhancements limit access to location information, giving users full control of which applications can utilize the Location Services features in Mac OS X.

Encrypted Backups

Time Machine, Apple's automatic backup feature, is now a bit more secure in Mac OS X Lion with the ability to back up to an external USB or FireWire drive encrypted with FileVault 2.

Web Site Data Sweep

Want all Web site information scrubbed? Safari makes easy to clear the information Web sites store in order to track users’ online activities. Users have only to access the Privacy pane and click ’Remove All Website Data.’ Safari then removes all cookies and Flash plug-in data, as well as database information, local storage and the application cache. Data can also be cleared on a site-by-site basis.

Private AutoFill in Safari

Among other things, the upgraded Safari allows users to simultaneously fill out forms quickly while maintaining their privacy, ultimately retaining users’ private information until they choose to send it. Specifically, the browser detects Web forms and presents users with a drop-down field, letting them use AutoFill to complete the form with information from the Address Book.