Previous Page | 1 2 3 4 5 6 | Next Page

OS X Background

Apple released the first public beta of its client version of OS X in September of 2000. Since this initial release of the beta version, there have been six major upgrades(PDF): Cheetah (10.0), Puma (10.1), Jaguar (10.2), Panther (10.3), Tiger (10.4) and most recently, Leopard (10.5) in October of 2007. From this release schedule, it is clear that Apple has been upgrading their system at an unprecedented pace. For comparison, Microsoft Windows XP was released in October of 2001. The only major upgrade to the system was Service Pack 2, which was released in 2004. The next client version of Windows, Vista, was released in the end of 2006. Each OS X upgrade has included substantial feature additions and changes in security, showing a clear commitment on the behalf of Apple towards bettering its product.

Much of the success in terms of security in OS X can be traced back to its roots in UNIX, from which it was based. OS X was designed from the start to be a multiuser system and borrows heavily from time-tested UNIX traditions. The core of the OS X system is built on a combination of Berkeley Software Distribution (BSD) UNIX and the Mach kernel. Many of the most important underlying security features, like the file system security policy, networking services, and memory management are based on these two things. On top of BSD and Mach, OS X also implements a layer of the Common Data Security Architecture (CDSA), to which Apple has developed its own security API’s to better integrate with the rest of the technology. Apple documentation explains that CDSA provides a “wider array of security services, including finer- grained access permissions, authentication of users’ identities, encryption, and secure data storage.” This underlying architecture of OS X is key to its security prowess.

As described above, the core of the OS X system is UNIX. In fact, the most recent iteration of OS X (Leopard) has been officially certified as a UNIX system for the first time. In addition to its UNIX background, OS X has also borrowed heavily from the tradition of open source software. This allows Apple to use services that have proven security over a longer course of time through open public scrutiny. In the company’s Leopard security technology brief, Apple makes a point of mentioning(PDF) the benefits of this approach:

Apple built the foundation of Mac OS X and many of its integrated services with open source software…that has been made secure through years of public scrutiny by developers and security experts around the world. Strong security is a benefit of open source software because anyone can freely inspect the source code, identify theoretical vulnerabilities, and take steps to strengthen the software.

A potential weakness in using open source software is that it can arguably open an operating system up to security vulnerabilities, since the source code is freely available. While this may be true, it is also true that by allowing more people, security researchers in specific, access to source code also provides better security in the end.

In Mac OS X, Apple enjoys a feature that almost no other current major operating systems can claim. It’s new. Apple completely expunged its previous operating system, OS 9, in favor of starting over with OS X. This puts OS X in the unique vantage point of not having to rework an operating system that was designed and widely distributed before computer security became a common concern. This is a clear benefit when compared with the massive amount of effort that Microsoft has had to put into developing Windows Vista, all while attempting to maintain its compatibility with older applications and hardware. Many of the security features implemented in Vista, such as User Account Control, are features that UNIX, and by extension OS X, have had some form of for years and are built into the foundation of the operating system. The relatively short history of OS X has allowed the system’s development cycle to be quite agile, and adding new security features and responding new vulnerabilities at a rapid pace.

Previous Page | 1 2 3 4 5 6 | Next Page