Mac OS X system security is a complex subject. The issue is made more complex by the contrast between a relatively benign and trusted home network and corporate use. This multi-part series will examine a broad range of Mac security issues for both environments.
There are many ways a Mac can be compromised. While the open source BSD underpinnings of Mac OS X (called Darwin) affords peer review and that review has been going in for decades, new techniques are constantly being discovered or invented by the bad guys. As one weakness becomes managed, others open up thanks to new technologies that reside on top of Darwin. In addition, Mac OS X is complicated enough to generate some system administration issues as Apple markets the OS to both individuals and business.
Here are just some of the ways a Mac can be compromised or harmed:
- Attacks against ports and daemons.
- Denial of service against a port.
- Malicious Web pages that send back malware via Port 80.
- General system administration weaknesses or questionable defaults.
- Weak system configuration in a corporate setting.
- Network DNS spoofing and password eavesdropping.
- Physical access to the computer.
As a result, it's not sufficient to simply point to the dearth of viruses on a Mac; one has to have a broad understanding of many different security principles.
One of the mistakes people make is trying to extend strong principles of corporate security to home use -- where some kinds of threats just don't exist. Then they become overwhelmed and do nothing or do things that are inconvenient, then abandoned. For example, setting a password for the screen saver is essential in corporate environments but just doesn't make sense for a home user with no children. Another mistake consists of ignoring or dismissing some corporate techniques as overkill without a good understanding the basics. Yet another mistake is that threats against OS security are underestimated because of a tendency by some to interpret statements by Apple's marketing department that OS security is excellent as a statement that it is perfect. Or that no user action or education is necessary.
High Security or Ease of Use?
Mac OS X is based on an underlying UNIX core, Darwin, and that means there are lots of configuration options. Apple keeps those simple, both to preserve the appearance of a friendly OS but also to keep users from fiddling with settings they may not understand and which could invite security problems.
One way this works against home users is as follows. Apple could, at installation or first boot out of the box, propose highly secure, locked down settings or alternatively more relaxed settings for a savvy user in a benign environment. However, that would diminish the idea that Mac OS X is intrinsically secure. So the very action that would enhance security is something Apple cannot do for the sake of marketing and ease of use.
One example of this is the setting of the root password. (The root user is the ultimate UNIX super user, accessed on the command line, who can go anywhere and access any file. That user has even more power than the standard Admin user we are accustomed to.) UNIX policies force Apple to leave the root password blank until it is set. But the process of dealing with root, via NetInfo (Tiger) or the Directory Utility (Leopard) is so alarming to some, that Apple just disables root and leaves the password blank. If pressed, Apple says to just leave it that way.
To first order, enabling root, setting a good password for it, then disabling is probably a better practice, but, again, that's not a path Apple wants to drag novice users down. Don't forget, UNIX OSes are complex and Apple is into simple.
Another example is the Guest account. By default, Apple disables the local Guest account, (System Preferences -> Accounts) but leaves external Guest access open to shared folders. If you don't want guests on other computers rummaging around in your Mac, it's necessary to change the default setting. See the screen shots below. Not everyone is aware of this seemingly innocent setting.
Guests cannot log on locally, but external guests can connect to shared folders.
A third example is the default setting in Safari for launching downloaded files. Safari -> Preferences -> General. By default, it is on. (See the screen shot below.)
Users should de-select "Open 'safe' files..." for best security
While Mac OS X marks downloaded files and warns the user of their origin, it's safer not to rush into an automatic launch of downloaded files. A few seconds of consideration and navigation to the Downloads folder will give a novice user just the additional time necessary to reflect on whether that file should be launched. Unfortunately, the default setting is not the optimum for best security, rather it's set for best ease of use.
Finally, Mac OS X has a facility for showing a password hint at login. That seems innocent enough until you forget about it during travel. A low end hacker who steals your Mac, and doesn't know about more exotic techniques, would probably find the password hint most helpful. Apple advises corporate users to use that hint to point to an administrator contact or a separate location where the password is well protected. Again, Apple has chosen not to complicate a home user's life by explaining how they shouldn't really use the hint feature in the manner implied.
These are four examples of Apple making delicate decisions about system administration options that can affect system security, independent of overall architecture considerations compared to, say, Windows. Those choices don't always take the path of maximum system security.
In future articles, I'll look at more issues that affect Mac OS X security. What's important to remember is that any computer connected to the Internet or any notebook computer that travels is a target. The bad guys try to access your computer for a living, and so they're are always more aggressive than the average Mac user. Having a broad understanding of what's critical and putting it all in perspective is wiser than just assuming, out of the box, the Mac is 100 percent impervious.