SANS Institute: 'Mac OS X is Not Entirely Free of Troubles' | News

SANS Institute: ‘Mac OS X is Not Entirely Free of Troubles’

November 28th, 2005 at 2:00 PM - News by Brad Cook

The SANS Institute last week issued its list of the Top 20 vulnerabilities across all operating systems, including details of what it considers to be critical vulnerabilities in Mac OS X. The company wrote: "Although Mac OS X has security features implemented out of the box such as built-in personal firewall, un-necessary services turned off by default and easy ways to increase the OS security, the user still faces many vulnerabilities."

The SANS Institute also took Apple to task for not being more specific when issuing patches, thus keeping them from identifying which parts of the operating system are most vulnerable. The firm noted that the Safari Web browser contains "multiple vulnerabilities ... and in certain cases exploit code has also been posted publicly."

Rohit Dhamankar, who is the security architect for 3Comis TippingPoint and is the Top 20 list editor for SANS, told Robert Lemos of SecurityFocus: "There are some people that feel that, if they are running Mac OS X, then all is well. That is no longer true." As Mr. Lemos points out in his article, anti-virus software maker Symantec owns SecurityFocus.

Mr. Lemos wrote that "highlighting vulnerabilities in Mac OS X was intended as a wake up call" by SANS. While Mr. Dhamankar acknowledged that he was not "saying you have to worry about the entire operating system," he did want to make it clear that, in SANSi view, "Mac OS X is not entirely free of troubles."

While Mac OS X has yet to suffer from the widespread Trojan Horse, spyware and virus attacks seen in the Windows world, SecureMac.com CEO Nicholas Raba told Mr. Lemos: "Mac OS X is currently more secure than Linux or Windows only for the fact that the shares of users is smaller thus the (number of) researchers discovering the flaws is smaller."

Open Source Vulnerability Database content editor Brian Martin added that Microsoft has issued 89 OS patches so far in 2005, while Apple has released 81 such fixes. Mr. Martin said: "A lot of the people who do vulnerability research started with Unix, and a lot of hackers have moved to Apple Mac OS X because it is cool and they can do anything they could do on Unix."

The SANS Institute recommends keep Mac OS Xis firewall on and running Software Update at least once a week to keep the system current. Its Top 20 list also features links to sources where users can obtain more information about Mac security.

Commenting is not available in this section entry.

Recent Headlines - Updated November 10th

Mon, 7:20 PM: Rumor - Apple May Update iPod touch in December
6:45 PM: Product News - MacUpdate Desktop Updated to 5.0.1 with New Features, Bug Fixes
5:16 PM: Apple Releases Mac OS X 10.6.2 - Guest Account Bug Fixed, Much More
4:12 PM: Games - New For iPhone: Star Rangers, Air Force Supremacy, Blood Beach, More
2:51 PM: Apple Stock Watch - Radio Shack Jumps 14% on iPhone Deal, Apple Up 3%
2:25 PM: Games - EA Scoops Up Social Games Publisher Playfish
1:51 PM: Deal Brothers - Western Digital 1TB SATA Intellipower Hard Drive: $84.99
10:58 AM: News - StarHub Signs Singapore iPhone Deal
10:36 AM: Hot Forum Topic - Reader Speculation: What’s in Apple’s Tablet?
10:08 AM: News - Apple Kicks Off New Credit Program
9:26 AM: News - Apple Launches Reserve and Pick Up Program
8:49 AM: News - ikee Worm Rickrolls Jailbroken iPhones

The Mac Observer Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Get the Right Memory / Ram for your Mac. Top Quality, Competitive Prices, Lifetime Warranty. Expert Support and Video Installation Guidies too! 4.0GB Matched Sets from $87.99, Options up to 32GB. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.

Apple Stock Quote

AAPL: $201.46. Change: 0.00.
(Prices delayed up to 20 minutes.)
Discuss in our Apple Finance Board

Hot Topics

What's the buzz? These articles have TMO readers talking.

Psystar to Court: Just Say We’re Legit - 27 Comments
Apple Magic Mouse is no Magic Bullet - 18 Comments
AT&T Sues Verizon Alleging Misleading “There’s A Map For That” Ads - 18 Comments
CNET Dubs iPhone the Worst Phone in the World - 17 Comments
Fortune CEO of the Decade: Steve Jobs - 14 Comments
Adobe: Flash-free iPhone is All Apple’s Fault - 12 Comments

TMO Express

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday. Find out more!

Top Deals From DealBrothers.com

Recent Features

Get the latest installments of TMO Columns, Podcasts, & Blogs.

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.