Previous Page | 1 2 3 4 5 6 | Next Page

Introduction

In a recent tele­vi­sion com­mer­cial, two men are shown against a com­pletely white back­ground. The younger and ‘hipper’ man intro­duces him­self as Mac, while the more nerdy one wear­ing glasses and a suit intro­duces him­self as PC. PC barely makes it through his intro­duc­tion before begin­ning to cough and sneeze. When Mac asks what’s wrong, PC explains that he is coming down with the new virus that is going around. PC also politely tells Mac to stay away, to which Mac responds, “that’s okay, I’ll be fine.”

This ad, known as “Virus”, is from the “Get a Mac” adver­tis­ing cam­paign cre­ated by Apple. It high­lights the very intrigu­ing fact that, most viruses don’t affect the Mac OS X oper­at­ing system. This begs the ques­tion: is OS X really more secure? To fully answer this ques­tion, many more ques­tions have to first be examined.

There is no straight­for­ward answer as to why there haven’t been more suc­cess­ful attacks on OS X, but there are two pri­mary expla­na­tions. The first expla­na­tion is that OS X really is more secure and that attack­ers have had prob­lems fig­ur­ing out how to suc­cess­fully exploit the oper­at­ing system. The second expla­na­tion is that the market share of OS X is so low that attack­ers do not think it is worth­while to spend their time devel­op­ing exploits for it. While there are a fair range of esti­mates of the actual market share for OS X, almost all esti­mates put it well below 10%, and some­times even below 5%. It is rea­son­able that both of these expla­na­tions share some truth. One thing that is clear about the OS X market share is that it is grow­ing. As more and more people buy Macs, OS X will likely become more of a target for hack­ers. Ad cam­paigns like Apple’s “Get a Mac” cam­paign are also likely to trig­ger the curios­ity of hack­ers who are look­ing to make a name for them­selves by putting the first huge dent in OS X’s armor.

My goal in this paper is to exam­ine the main ques­tion of how secure OS X really is. I will exam­ine sev­eral key areas of the oper­at­ing system in rela­tion to secu­rity. First I will exam­ine the origin of the oper­at­ing system and its roots in UNIX. Second I will exam­ine the secu­rity record of OS X, a few of its vul­ner­a­bil­i­ties and the recent his­tory of mal­ware affect­ing it. Lastly I will take a look at the built-​in user level secu­rity set­tings with a focus on out of the box set­tings and simple hard­en­ing mea­sures. Once we’ve taken a closer look at these things, we will be better equipped to answer the ques­tion “is OS X really more secure?”

My pri­mary analy­sis in this paper is restricted to the client ver­sions of Mac OS X and Apple- spe­cific soft­ware. It is how­ever impor­tant to note that secu­rity is only as strong as its weak­est link. Because of its roots in UNIX and open source soft­ware, OS X employs many third-​party tools, such as Apache, Samba, and MySQL. Even though OS X itself has yet to become a seri­ous target of hack­ers, these third-​party tools are all widely used and have their own vul­ner­a­bil­i­ties. To gain a greater per­spec­tive on OS X secu­rity, these vul­ner­a­bil­i­ties must be exam­ined as well. That how­ever, is out of the scope of this paper.

Previous Page | 1 2 3 4 5 6 | Next Page