Does the Mac Really Have Enterprise Security Issues?
Editorial - Does the Mac Really Have Enterprise Security Issues?
by , 5:15 PM EDT, July 15th, 2008
On Tuesday, Computerworld published a story about so-called security flaws in Mac OS X that affect the enterprise. The six arguments actually amount to a collection of shibboleths.
Security Flaw #1: Apple Updates. The argument is that security updates pop up unannounced and insufficient information is provided to make a decision as to whether to roll out the update.
Reality: Experienced IT administrators who maintain Macs have access to information that helps them better understand the updates. With Apple Remote Desktop, they can lock down their clients and prevent individual users from installing updates while they evaluate the update themselves. Then they can roll it out when ready. The CW argument above draws from the experience of the desktop user, not the Mac IT administrator.
Security Flaw #2: Serious Flaws are slow to be fixed. "While the project running the software often patches such vulnerabilities in hours or days, Apple often lags in releasing such updates," the author noted.
Reality: I suspect, based on my experience, that Apple evaluates the impact of the vulnerability in the light of the system architecture. If there are no known exploits in the wild, as the author admitted, then Apple can take a wholistic approach that's better for system stability. Also, they have to take into account that the FreeBSD subsystem is open source maintained by committers. In contrast, Microsoft can roll out emergency patches that simply cause trickle down effects and result in the need for new patches on patches and reduce system stability.
Security Flaw #3: Administrator Mode. The argument here is somewhat incoherent and suggests that the distinction between administrator mode and an unprivileged user is a problem in the business world. The argument fails to take note of the tools Mac IT administrators have.
Reality: Corporate users of Mac OS X do not generally have Administrator privileges and IT Administrators lock down the Mac and dictate what can be done. Entire disk images ("spins") can be rolled out or specific updates installed. See Item #1 above. The CW article goes over the top when it suggests that Mac users with Admin privileges can all too easily access dangerous functions, which is not true in a managed corporate environment. "It's hard to enable those things on Windows," said a consultant who noted that "even when such settings are available in Windows, the settings are typically obscure or complicated enough to deter average users. By contrast, a single click might be enough in Mac OS X." The obscurity argument is hardly comforting and fails to take into account the fact that enterprise Mac users can be denied access to the the terminal or other configuration options.
Security Flaw #4: Naive Use of Back to My Mac. "Mac OS X includes one special service that sounds alarming at first glance -- and it can be a real security hole in unmanaged environments," according to the author.
Reality: Enterprise installations of Macs are managed environments. Back to My Mac is a toy for individuals who assume the entire risk. The article goes on to basically admit that.
Security Flaw #5: Complacency over Malware. The author goes on to say, "The fact is that the Mac has not been a malware target, and it is safer than Windows from such threats." The argument is then that that may not be true in the future.
Reality: The author negated his own headline and then added some speculation.
Security Flaw #6: Apple's security is half-baked. "Nothing in Leopard is completely implemented," according to a consultant cited by the author. "They finished enough to get their marketing bullet point, but not a real strong level of defense," was ascribed to another consultant. The solution suggested was to wait for Snow Leopard for serious Mac deployments when the users will "know precisely what security improvements Apple commits to for that release."
Reality: Quoting consultants who have an opinion doesn't make for quantitative truth. Any OS is an evolving ecosphere. No OS will ever be perfect, and suggesting that the entire security posture of Leopard won't be complete until Snow Leopard is like suggesting that 90 percent of corporate America completely delay the deployment of Vista until Windows 7 comes out. It's a pipe dream.
In my opinion, the article isn't really about security flaws in Mac OS X that affect the enterprise. It's really just a collection of quotes and differing opinions regarding Apple's business practices and technical approach.
Observer Comments
Tue Jul 15, 2008 8:14 pm Subject: I hope I got it there in time...
I hope no one, especially John Martellaro and the Mac Observer owners and staff oppose my posting of John's opinion as a comment on Computer World's website with that article. I have a nephew that works for NASA in Houston and he's in the internet security for the lack of the correct term, and he's always sending me outdated Mac FUD reports such as this. I believe this is a part of the M$ scheme of payback on the Get A Mac ad campaign since they said they were going to fire back.
Tue Jul 15, 2008 8:26 pm Subject: Posting at Computerworld
Wow, I've never heard such a collection of B.S. when it comes to OSX's security.
I especially take note of the last comment about OSX's security being half-baked.
It is to laugh!!!! When Steve Jobs and Apple went forward with OSX, SECURITY was the NUMBER 1 on there list. To date how many Macs have been compromised over a network? None, zero, nada, zilch, no where, no how, never happened. You get the picture. I'm not talking about those supposed security contests where everyone has admin access already. These guys were talking to the naive IT folks on the Windows side to spread FUD!!! If I were to go into a list of how many times Windows was compromised and companies lost money because of Windows LACK of security it would look like the Webster dictionary, about 500 pages long!
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 22nd
- Fri, 7:07 PM
- Games - Soccer Sim Championship Manager 2010 Released for Mac
- 6:47 PM
- Games - EA Publishes Original Monopoly for iPhone
- 6:15 PM
- News - Original Apple I on Ebay for $50K, w/Letter from Steve Jobs
- 6:11 PM
- Games - New iPhone Games: Secret of the Lost Cavern Ep 1, New DJ Nights, More
- 5:47 PM
- Games - Star Trek D-A-C Game Headed to the Mac Next Month
- 4:57 PM
- Product News - TidBITS Releases “Take Control of Syncing Data in Snow Leopard”
- 4:26 PM
- John Martellaro's Blog - Particle Debris (week ending 11/20) Stationery Pads Go Poof
- 2:59 PM
- Free on iTunes - Musée du Louvre, Art Lite, SketchBook Mobile X and More.
- 1:50 PM
- Deal Brothers - Acer P215H bmid 21.5” Widescreen LCD Monitor: $139.99
- 11:24 AM
- TMO Appearances - Jeff Gamet Shares More Holiday Gift Ideas on MacJury
- 10:43 AM
- Product News - Cocktail 4.5 for Leopard Adds QuickLook Cache Clearing
- 10:06 AM
- News - Hack Enables Mac OS X 10.6.2 on Netbooks
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
OWC: Get the Right Memory / Ram for your Mac. Top Quality, Competitive Prices, Lifetime Warranty. Expert Support and Video Installation Guidies too! 4.0GB Matched Sets from $87.99, Options up to 32GB. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
