Previous Page | 1 2 3 4 5 6 | Next Page

OS X Background

Apple released the first public beta of its client ver­sion of OS X in Sep­tem­ber of 2000. Since this ini­tial release of the beta ver­sion, there have been six major upgrades(PDF): Chee­tah (10.0), Puma (10.1), Jaguar (10.2), Pan­ther (10.3), Tiger (10.4) and most recently, Leop­ard (10.5) in Octo­ber of 2007. From this release sched­ule, it is clear that Apple has been upgrad­ing their system at an unprece­dented pace. For com­par­i­son, Microsoft Win­dows XP was released in Octo­ber of 2001. The only major upgrade to the system was Ser­vice Pack 2, which was released in 2004. The next client ver­sion of Win­dows, Vista, was released in the end of 2006. Each OS X upgrade has included sub­stan­tial fea­ture addi­tions and changes in secu­rity, show­ing a clear com­mit­ment on the behalf of Apple towards bet­ter­ing its product.

Much of the suc­cess in terms of secu­rity in OS X can be traced back to its roots in UNIX, from which it was based. OS X was designed from the start to be a multi­user system and bor­rows heav­ily from time-​tested UNIX tra­di­tions. The core of the OS X system is built on a com­bi­na­tion of Berke­ley Soft­ware Dis­tri­b­u­tion (BSD) UNIX and the Mach kernel. Many of the most impor­tant under­ly­ing secu­rity fea­tures, like the file system secu­rity policy, net­work­ing ser­vices, and memory man­age­ment are based on these two things. On top of BSD and Mach, OS X also imple­ments a layer of the Common Data Secu­rity Archi­tec­ture (CDSA), to which Apple has devel­oped its own secu­rity API’s to better inte­grate with the rest of the tech­nol­ogy. Apple doc­u­men­ta­tion explains that CDSA pro­vides a “wider array of secu­rity ser­vices, includ­ing finer- grained access per­mis­sions, authen­ti­ca­tion of users’ iden­ti­ties, encryp­tion, and secure data storage.” This under­ly­ing archi­tec­ture of OS X is key to its secu­rity prowess.

As described above, the core of the OS X system is UNIX. In fact, the most recent iter­a­tion of OS X (Leop­ard) has been offi­cially cer­ti­fied as a UNIX system for the first time. In addi­tion to its UNIX back­ground, OS X has also bor­rowed heav­ily from the tra­di­tion of open source soft­ware. This allows Apple to use ser­vices that have proven secu­rity over a longer course of time through open public scrutiny. In the company’s Leop­ard secu­rity tech­nol­ogy brief, Apple makes a point of men­tion­ing(PDF) the ben­e­fits of this approach:

Apple built the foun­da­tion of Mac OS X and many of its inte­grated ser­vices with open source software…that has been made secure through years of public scrutiny by devel­op­ers and secu­rity experts around the world. Strong secu­rity is a ben­e­fit of open source soft­ware because anyone can freely inspect the source code, iden­tify the­o­ret­i­cal vul­ner­a­bil­i­ties, and take steps to strengthen the software.

A poten­tial weak­ness in using open source soft­ware is that it can arguably open an oper­at­ing system up to secu­rity vul­ner­a­bil­i­ties, since the source code is freely avail­able. While this may be true, it is also true that by allow­ing more people, secu­rity researchers in spe­cific, access to source code also pro­vides better secu­rity in the end.

In Mac OS X, Apple enjoys a fea­ture that almost no other cur­rent major oper­at­ing sys­tems can claim. It’s new. Apple com­pletely expunged its pre­vi­ous oper­at­ing system, OS 9, in favor of start­ing over with OS X. This puts OS X in the unique van­tage point of not having to rework an oper­at­ing system that was designed and widely dis­trib­uted before com­puter secu­rity became a common con­cern. This is a clear ben­e­fit when com­pared with the mas­sive amount of effort that Microsoft has had to put into devel­op­ing Win­dows Vista, all while attempt­ing to main­tain its com­pat­i­bil­ity with older appli­ca­tions and hard­ware. Many of the secu­rity fea­tures imple­mented in Vista, such as User Account Con­trol, are fea­tures that UNIX, and by exten­sion OS X, have had some form of for years and are built into the foun­da­tion of the oper­at­ing system. The rel­a­tively short his­tory of OS X has allowed the system’s devel­op­ment cycle to be quite agile, and adding new secu­rity fea­tures and respond­ing new vul­ner­a­bil­i­ties at a rapid pace.

Previous Page | 1 2 3 4 5 6 | Next Page