Previous Page | 1 2 3 4 5 6 | Next Page

Introduction

In a recent television commercial, two men are shown against a completely white background. The younger and ‘hipper’ man introduces himself as Mac, while the more nerdy one wearing glasses and a suit introduces himself as PC. PC barely makes it through his introduction before beginning to cough and sneeze. When Mac asks what’s wrong, PC explains that he is coming down with the new virus that is going around. PC also politely tells Mac to stay away, to which Mac responds, “that’s okay, I’ll be fine.”

This ad, known as “Virus”, is from the “Get a Mac” advertising campaign created by Apple. It highlights the very intriguing fact that, most viruses don’t affect the Mac OS X operating system. This begs the question: is OS X really more secure? To fully answer this question, many more questions have to first be examined.

There is no straightforward answer as to why there haven’t been more successful attacks on OS X, but there are two primary explanations. The first explanation is that OS X really is more secure and that attackers have had problems figuring out how to successfully exploit the operating system. The second explanation is that the market share of OS X is so low that attackers do not think it is worthwhile to spend their time developing exploits for it. While there are a fair range of estimates of the actual market share for OS X, almost all estimates put it well below 10%, and sometimes even below 5%. It is reasonable that both of these explanations share some truth. One thing that is clear about the OS X market share is that it is growing. As more and more people buy Macs, OS X will likely become more of a target for hackers. Ad campaigns like Apple’s “Get a Mac” campaign are also likely to trigger the curiosity of hackers who are looking to make a name for themselves by putting the first huge dent in OS X’s armor.

My goal in this paper is to examine the main question of how secure OS X really is. I will examine several key areas of the operating system in relation to security. First I will examine the origin of the operating system and its roots in UNIX. Second I will examine the security record of OS X, a few of its vulnerabilities and the recent history of malware affecting it. Lastly I will take a look at the built-in user level security settings with a focus on out of the box settings and simple hardening measures. Once we’ve taken a closer look at these things, we will be better equipped to answer the question “is OS X really more secure?”

My primary analysis in this paper is restricted to the client versions of Mac OS X and Apple- specific software. It is however important to note that security is only as strong as its weakest link. Because of its roots in UNIX and open source software, OS X employs many third-party tools, such as Apache, Samba, and MySQL. Even though OS X itself has yet to become a serious target of hackers, these third-party tools are all widely used and have their own vulnerabilities. To gain a greater perspective on OS X security, these vulnerabilities must be examined as well. That however, is out of the scope of this paper.

Previous Page | 1 2 3 4 5 6 | Next Page