Does the Mac Really Have Enterprise Security Issues?
Editorial - Does the Mac Really Have Enterprise Security Issues?
by , 5:15 PM EDT, July 15th, 2008
On Tuesday, Computerworld published a story about so-called security flaws in Mac OS X that affect the enterprise. The six arguments actually amount to a collection of shibboleths.
Security Flaw #1: Apple Updates. The argument is that security updates pop up unannounced and insufficient information is provided to make a decision as to whether to roll out the update.
Reality: Experienced IT administrators who maintain Macs have access to information that helps them better understand the updates. With Apple Remote Desktop, they can lock down their clients and prevent individual users from installing updates while they evaluate the update themselves. Then they can roll it out when ready. The CW argument above draws from the experience of the desktop user, not the Mac IT administrator.
Security Flaw #2: Serious Flaws are slow to be fixed. "While the project running the software often patches such vulnerabilities in hours or days, Apple often lags in releasing such updates," the author noted.
Reality: I suspect, based on my experience, that Apple evaluates the impact of the vulnerability in the light of the system architecture. If there are no known exploits in the wild, as the author admitted, then Apple can take a wholistic approach that's better for system stability. Also, they have to take into account that the FreeBSD subsystem is open source maintained by committers. In contrast, Microsoft can roll out emergency patches that simply cause trickle down effects and result in the need for new patches on patches and reduce system stability.
Security Flaw #3: Administrator Mode. The argument here is somewhat incoherent and suggests that the distinction between administrator mode and an unprivileged user is a problem in the business world. The argument fails to take note of the tools Mac IT administrators have.
Reality: Corporate users of Mac OS X do not generally have Administrator privileges and IT Administrators lock down the Mac and dictate what can be done. Entire disk images ("spins") can be rolled out or specific updates installed. See Item #1 above. The CW article goes over the top when it suggests that Mac users with Admin privileges can all too easily access dangerous functions, which is not true in a managed corporate environment. "It's hard to enable those things on Windows," said a consultant who noted that "even when such settings are available in Windows, the settings are typically obscure or complicated enough to deter average users. By contrast, a single click might be enough in Mac OS X." The obscurity argument is hardly comforting and fails to take into account the fact that enterprise Mac users can be denied access to the the terminal or other configuration options.
Security Flaw #4: Naive Use of Back to My Mac. "Mac OS X includes one special service that sounds alarming at first glance -- and it can be a real security hole in unmanaged environments," according to the author.
Reality: Enterprise installations of Macs are managed environments. Back to My Mac is a toy for individuals who assume the entire risk. The article goes on to basically admit that.
Security Flaw #5: Complacency over Malware. The author goes on to say, "The fact is that the Mac has not been a malware target, and it is safer than Windows from such threats." The argument is then that that may not be true in the future.
Reality: The author negated his own headline and then added some speculation.
Security Flaw #6: Apple's security is half-baked. "Nothing in Leopard is completely implemented," according to a consultant cited by the author. "They finished enough to get their marketing bullet point, but not a real strong level of defense," was ascribed to another consultant. The solution suggested was to wait for Snow Leopard for serious Mac deployments when the users will "know precisely what security improvements Apple commits to for that release."
Reality: Quoting consultants who have an opinion doesn't make for quantitative truth. Any OS is an evolving ecosphere. No OS will ever be perfect, and suggesting that the entire security posture of Leopard won't be complete until Snow Leopard is like suggesting that 90 percent of corporate America completely delay the deployment of Vista until Windows 7 comes out. It's a pipe dream.
In my opinion, the article isn't really about security flaws in Mac OS X that affect the enterprise. It's really just a collection of quotes and differing opinions regarding Apple's business practices and technical approach.
Observer Comments
Tue Jul 15, 2008 8:14 pm Subject: I hope I got it there in time...
I hope no one, especially John Martellaro and the Mac Observer owners and staff oppose my posting of John's opinion as a comment on Computer World's website with that article. I have a nephew that works for NASA in Houston and he's in the internet security for the lack of the correct term, and he's always sending me outdated Mac FUD reports such as this. I believe this is a part of the M$ scheme of payback on the Get A Mac ad campaign since they said they were going to fire back.
Tue Jul 15, 2008 8:26 pm Subject: Posting at Computerworld
Wow, I've never heard such a collection of B.S. when it comes to OSX's security.
I especially take note of the last comment about OSX's security being half-baked.
It is to laugh!!!! When Steve Jobs and Apple went forward with OSX, SECURITY was the NUMBER 1 on there list. To date how many Macs have been compromised over a network? None, zero, nada, zilch, no where, no how, never happened. You get the picture. I'm not talking about those supposed security contests where everyone has admin access already. These guys were talking to the naive IT folks on the Windows side to spread FUD!!! If I were to go into a list of how many times Windows was compromised and companies lost money because of Windows LACK of security it would look like the Webster dictionary, about 500 pages long!
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 10th
- Mon, 7:20 PM
- Rumor - Apple May Update iPod touch in December
- 6:45 PM
- Product News - MacUpdate Desktop Updated to 5.0.1 with New Features, Bug Fixes
- 5:16 PM
- Apple Releases Mac OS X 10.6.2 - Guest Account Bug Fixed, Much More
- 4:12 PM
- Games - New For iPhone: Star Rangers, Air Force Supremacy, Blood Beach, More
- 2:51 PM
- Apple Stock Watch - Radio Shack Jumps 14% on iPhone Deal, Apple Up 3%
- 2:25 PM
- Games - EA Scoops Up Social Games Publisher Playfish
- 1:51 PM
- Deal Brothers - Western Digital 1TB SATA Intellipower Hard Drive: $84.99
- 10:58 AM
- News - StarHub Signs Singapore iPhone Deal
- 10:36 AM
- Hot Forum Topic - Reader Speculation: What’s in Apple’s Tablet?
- 10:08 AM
- News - Apple Kicks Off New Credit Program
- 9:26 AM
- News - Apple Launches Reserve and Pick Up Program
- 8:49 AM
- News - ikee Worm Rickrolls Jailbroken iPhones
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Plug & Play Hardware RAID up to 8.0TB. High Performance, Data Redundant Solutions. FireWire 800, FireWire 400, USB2, or eSATA. Hot Swappable Bays, Data Rates over 200MB/s. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
