SANS Institute: 'Mac OS X is Not Entirely Free of Troubles'

The SANS Institute last week issued its list of the Top 20 vulnerabilities across all operating systems, including details of what it considers to be critical vulnerabilities in Mac OS X. The company wrote: "Although Mac OS X has security features implemented out of the box such as built-in personal firewall, un-necessary services turned off by default and easy ways to increase the OS security, the user still faces many vulnerabilities."

The SANS Institute also took Apple to task for not being more specific when issuing patches, thus keeping them from identifying which parts of the operating system are most vulnerable. The firm noted that the Safari Web browser contains "multiple vulnerabilities ... and in certain cases exploit code has also been posted publicly."

Rohit Dhamankar, who is the security architect for 3Comis TippingPoint and is the Top 20 list editor for SANS, told Robert Lemos of SecurityFocus: "There are some people that feel that, if they are running Mac OS X, then all is well. That is no longer true." As Mr. Lemos points out in his article, anti-virus software maker Symantec owns SecurityFocus.

Mr. Lemos wrote that "highlighting vulnerabilities in Mac OS X was intended as a wake up call" by SANS. While Mr. Dhamankar acknowledged that he was not "saying you have to worry about the entire operating system," he did want to make it clear that, in SANSi view, "Mac OS X is not entirely free of troubles."

While Mac OS X has yet to suffer from the widespread Trojan Horse, spyware and virus attacks seen in the Windows world, SecureMac.com CEO Nicholas Raba told Mr. Lemos: "Mac OS X is currently more secure than Linux or Windows only for the fact that the shares of users is smaller thus the (number of) researchers discovering the flaws is smaller."

Open Source Vulnerability Database content editor Brian Martin added that Microsoft has issued 89 OS patches so far in 2005, while Apple has released 81 such fixes. Mr. Martin said: "A lot of the people who do vulnerability research started with Unix, and a lot of hackers have moved to Apple Mac OS X because it is cool and they can do anything they could do on Unix."

The SANS Institute recommends keep Mac OS Xis firewall on and running Software Update at least once a week to keep the system current. Its Top 20 list also features links to sources where users can obtain more information about Mac security.