Generally Macs have been considered more secure than PCs using the Windows OS. However, it's not the case anymore. We've rounded up the six biggest security threats to Macs and looked at how they can be overcome
In both cases, it's critical to note that neither Apache nor Ruby is used by default in Mac OS X. Apache must be enabled either through the Sharing preference pane's web sharing service check box or at the command line. Ruby isn't used for any native Apple products, and it must be wired in at the command line or through third-party packages.
Locking down this sort of access would prevent the most likely security flaws from being exposed, but that's problematic with the current OS. Configuration management software does exist to help such a lockdown, but again, Mac support may not exist in the software you're running companywide.
That should change. "We are starting to see early signs that some vendors are supporting Mac as a platform for those configuration management systems", Mogull says.
Consider limited deployment of third-party software to restrict configuration by administrative users if your current solution doesn't include Mac support.
Security flaw No. 3: Everybody's an administrator (or not)
Apple has a binary attitude when it comes to modifying system settings, gaining access at the command line to its Unix underpinnings, and installing software: You're either an administrator or you're not.
For home users and small businesses, the distinction is probably enough. An unprivileged or normal user can be restricted via parental controls and typically can't create user accounts, enable file-sharing services, or install certain kinds of software. For that, an administrative-flagged account is needed.
But with administrator privilege set, a user can turn on features through switches in System Preferences, such as enabling Samba.
"The Mac version is typically three to six months out of date," Mogull says. Alternatively, using the Terminal application to activate any of the thousands of Unix daemons and servers that ship as part of a stock Mac OS X system.
"It's hard to enable those things on Windows," says Thomas Ptacek, a principal consultant at security firm Matasano Chargen, noting that even when such settings are available in Windows, the settings are typically obscure or complicated enough to deter average users. By contrast, a single click might be enough in Mac OS X.
Limit administrative accounts to users that require them.
NEXT PAGE: Why naïve use of Back to My Mac is a problem