Apple + Security & Privacy

Dino Dai Zovi has written an article at ZDNet discussing last week’s discovery of a critical threat to Mac OS X, and another announcement of a Trojan horse exploiting this discovery. He suggests that Snow Leopard, or Mac OS X 10.6, should integrate more robust means of preventing malware attacks. Some of the suggestions he has include mandatory code-signing for kernel extensions (so only certified kernel extensions can run), sandbox policies for Safari, Mail, and third-party applications (so these applications cannot do anything to the system), and some lower-level changes, such as hardware-enforced Non-eXecutable memory and address space layout randomization.

While these are all good ideas, they don’t address one of the main problems: the user. The current ARDAgent vulnerability affects a Mac OS X system when a user launches a Trojan horse. Address space layout randomization won’t change this; users will always download and launch files. But ensuring that the system doesn’t allow such things to do damage without serious warnings would protect users from many possible dangers. Snow Leopard will clearly be addressing some of the more serious security issues in Mac OS X, as Apple is using this version of its operating system to attempt to gain a foothold in the enterprise market. (The presence of Microsoft Exchange support shows that Apple wants more enterprise presence.) But in the meantime, users need to be protected from malware, and need solid, reliable software such as Intego VirusBarrier to ensure that when they do launch a file they’ve downloaded, it won’t do damage.