The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
SANS Institute: 'Mac OS X is Not Entirely Free of Troubles'

SANS Institute: 'Mac OS X is Not Entirely Free of Troubles'

by , 2:55 PM EST, November 29th, 2005

The SANS Institute last week issued its list of the Top 20 vulnerabilities across all operating systems, including details of what it considers to be critical vulnerabilities in Mac OS X. The company wrote: "Although Mac OS X has security features implemented out of the box such as built-in personal firewall, un-necessary services turned off by default and easy ways to increase the OS security, the user still faces many vulnerabilities."

The SANS Institute also took Apple to task for not being more specific when issuing patches, thus keeping them from identifying which parts of the operating system are most vulnerable. The firm noted that the Safari Web browser contains "multiple vulnerabilities ... and in certain cases exploit code has also been posted publicly."

Rohit Dhamankar, who is the security architect for 3Com's TippingPoint and is the Top 20 list editor for SANS, told Robert Lemos of SecurityFocus: "There are some people that feel that, if they are running Mac OS X, then all is well. That is no longer true." As Mr. Lemos points out in his article, anti-virus software maker Symantec owns SecurityFocus.

Mr. Lemos wrote that "highlighting vulnerabilities in Mac OS X was intended as a wake up call" by SANS. While Mr. Dhamankar acknowledged that he was not "saying you have to worry about the entire operating system," he did want to make it clear that, in SANS' view, "Mac OS X is not entirely free of troubles."

While Mac OS X has yet to suffer from the widespread Trojan Horse, spyware and virus attacks seen in the Windows world, SecureMac.com CEO Nicholas Raba told Mr. Lemos: "Mac OS X is currently more secure than Linux or Windows only for the fact that the shares of users is smaller thus the (number of) researchers discovering the flaws is smaller."

Open Source Vulnerability Database content editor Brian Martin added that Microsoft has issued 89 OS patches so far in 2005, while Apple has released 81 such fixes. Mr. Martin said: "A lot of the people who do vulnerability research started with Unix, and a lot of hackers have moved to Apple Mac OS X because it is cool and they can do anything they could do on Unix."

The SANS Institute recommends keep Mac OS X's firewall on and running Software Update at least once a week to keep the system current. Its Top 20 list also features links to sources where users can obtain more information about Mac security.

Recent TMO Headlines - Updated October 16th

Mon, 6:14 PM
A Tutorial: High Dynamic Range (HDR) for 4K TVs
Mon, 5:18 PM
TMO Background Mode Interview with Planetary Scientist Dr. Pascal Lee
Mon, 3:14 PM
BusyMac's BusyContacts: $19.99
Mon, 2:37 PM
Apple Releases iOS 12.1 Developer Beta 4
Mon, 2:33 PM
Graduate Student Solves Quantum Verification Problem
Mon, 2:14 PM
Apple Donates Apple Watches to Binge Eating Study
Mon, 1:58 PM
Developers Aren't Satisfied With Mac App Store Update
Mon, 1:56 PM
This Tool Lets You Install macOS Mojave on Unsupported Macs
Mon, 1:53 PM
PlayStation Vue Support For Apple's TV App is Here
Mon, 1:34 PM
Photoshop CC for iPad, Third-party Apple Watch Faces - TMO Daily Observations 2018-10-15
Mon, 1:26 PM
The Sims FreePlay Adds AR Features to iOS
Mon, 1:13 PM
iOS: How to Hide iOS Folder Names
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!