The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
SANS Institute: 'Mac OS X is Not Entirely Free of Troubles'

SANS Institute: 'Mac OS X is Not Entirely Free of Troubles'

by , 2:55 PM EST, November 29th, 2005

The SANS Institute last week issued its list of the Top 20 vulnerabilities across all operating systems, including details of what it considers to be critical vulnerabilities in Mac OS X. The company wrote: "Although Mac OS X has security features implemented out of the box such as built-in personal firewall, un-necessary services turned off by default and easy ways to increase the OS security, the user still faces many vulnerabilities."

The SANS Institute also took Apple to task for not being more specific when issuing patches, thus keeping them from identifying which parts of the operating system are most vulnerable. The firm noted that the Safari Web browser contains "multiple vulnerabilities ... and in certain cases exploit code has also been posted publicly."

Rohit Dhamankar, who is the security architect for 3Com's TippingPoint and is the Top 20 list editor for SANS, told Robert Lemos of SecurityFocus: "There are some people that feel that, if they are running Mac OS X, then all is well. That is no longer true." As Mr. Lemos points out in his article, anti-virus software maker Symantec owns SecurityFocus.

Mr. Lemos wrote that "highlighting vulnerabilities in Mac OS X was intended as a wake up call" by SANS. While Mr. Dhamankar acknowledged that he was not "saying you have to worry about the entire operating system," he did want to make it clear that, in SANS' view, "Mac OS X is not entirely free of troubles."

While Mac OS X has yet to suffer from the widespread Trojan Horse, spyware and virus attacks seen in the Windows world, SecureMac.com CEO Nicholas Raba told Mr. Lemos: "Mac OS X is currently more secure than Linux or Windows only for the fact that the shares of users is smaller thus the (number of) researchers discovering the flaws is smaller."

Open Source Vulnerability Database content editor Brian Martin added that Microsoft has issued 89 OS patches so far in 2005, while Apple has released 81 such fixes. Mr. Martin said: "A lot of the people who do vulnerability research started with Unix, and a lot of hackers have moved to Apple Mac OS X because it is cool and they can do anything they could do on Unix."

The SANS Institute recommends keep Mac OS X's firewall on and running Software Update at least once a week to keep the system current. Its Top 20 list also features links to sources where users can obtain more information about Mac security.

Recent TMO Headlines - Updated July 19th

Wed, 6:14 PM
Why We Hunger For the Latest Gizmo. Or iPhone
Wed, 5:49 PM
How to Interpret the 2018 MacBook Pro Thermal Issues Report
Wed, 5:47 PM
Apple Interface Consistency, Storage Permutations, Walmart Streaming Video - ACM 471
Wed, 5:20 PM
iOS App Discount: Reigns Her Majesty Down to $1.99
Wed, 5:15 PM
Syncwire UNBREAKcable, MFi-Certified Lightning Cable: $10.99
Wed, 5:13 PM
Switching From a MacBook Air to an iPad Pro
Wed, 5:04 PM
Online Retail Hackers Account for 90% of Login Attempts
Wed, 4:58 PM
A Baby's First Memory is Likely False
Wed, 4:49 PM
It Turns Out That Venmo Transactions are Public by Default
Wed, 4:31 PM
New Mophie Battery Packs Charge via Lightning Cable
Wed, 3:39 PM
Core i9 MacBook Pro Throttling, When to Buy a New Mac - TMO Daily Observations 2018-07-18
Wed, 2:33 PM
Pay Less for Your Next Apple Product
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!