The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
SANS Institute: 'Mac OS X is Not Entirely Free of Troubles'

SANS Institute: 'Mac OS X is Not Entirely Free of Troubles'

by , 2:55 PM EST, November 29th, 2005

The SANS Institute last week issued its list of the Top 20 vulnerabilities across all operating systems, including details of what it considers to be critical vulnerabilities in Mac OS X. The company wrote: "Although Mac OS X has security features implemented out of the box such as built-in personal firewall, un-necessary services turned off by default and easy ways to increase the OS security, the user still faces many vulnerabilities."

The SANS Institute also took Apple to task for not being more specific when issuing patches, thus keeping them from identifying which parts of the operating system are most vulnerable. The firm noted that the Safari Web browser contains "multiple vulnerabilities ... and in certain cases exploit code has also been posted publicly."

Rohit Dhamankar, who is the security architect for 3Com's TippingPoint and is the Top 20 list editor for SANS, told Robert Lemos of SecurityFocus: "There are some people that feel that, if they are running Mac OS X, then all is well. That is no longer true." As Mr. Lemos points out in his article, anti-virus software maker Symantec owns SecurityFocus.

Mr. Lemos wrote that "highlighting vulnerabilities in Mac OS X was intended as a wake up call" by SANS. While Mr. Dhamankar acknowledged that he was not "saying you have to worry about the entire operating system," he did want to make it clear that, in SANS' view, "Mac OS X is not entirely free of troubles."

While Mac OS X has yet to suffer from the widespread Trojan Horse, spyware and virus attacks seen in the Windows world, SecureMac.com CEO Nicholas Raba told Mr. Lemos: "Mac OS X is currently more secure than Linux or Windows only for the fact that the shares of users is smaller thus the (number of) researchers discovering the flaws is smaller."

Open Source Vulnerability Database content editor Brian Martin added that Microsoft has issued 89 OS patches so far in 2005, while Apple has released 81 such fixes. Mr. Martin said: "A lot of the people who do vulnerability research started with Unix, and a lot of hackers have moved to Apple Mac OS X because it is cool and they can do anything they could do on Unix."

The SANS Institute recommends keep Mac OS X's firewall on and running Software Update at least once a week to keep the system current. Its Top 20 list also features links to sources where users can obtain more information about Mac security.

Recent TMO Headlines - Updated April 21st

Fri, 6:47 PM
PSA: Apple Announces 13-inch MacBook Pro (non Touch Bar) Battery Replacement Program
Fri, 6:00 PM
Tim Cook Reminds Us Apple Is Making Earth Day Donations for Recycled Devices
Fri, 5:57 PM
When Artificial Intelligence Becomes Human Intelligence, Look Out
Fri, 5:25 PM
FRETX Smart Guitar Learning Device: $69.99
Fri, 2:11 PM
What's the Difference Between a Data Backup and an Archive?
Fri, 1:31 PM
The 2018 Earth Day Activity Challenge for Apple Watch Users is Here
Fri, 1:14 PM
No Unified Apple OS for You, Daisy iPhone Recycling Robot - TMO Daily Observations 2018-04-20
Fri, 11:59 AM
Play Holochess with ARKit on Your iPhone with Star Wars: Jedi Challenges
Fri, 10:58 AM
Greenpeace Slams Apple's iPhone Recycling Robot Daisy
Fri, 9:45 AM
BBC Just Released 16,016 Sound Effects for Free
Fri, 8:00 AM
Cybersecurity Tech Accord: 34 Tech Companies Just Promised a Bunch of Nothing
Thu, 5:38 PM
Tim Cook Insists That iOS and macOS Shall Remain Separate. He's Right
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!