We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

The six biggest Mac security flaws

Why IT should be worried about Mac security

Generally Macs have been considered more secure than PCs using the Windows OS. However, it's not the case anymore. We've rounded up the six biggest security threats to Macs and looked at how they can be overcome

In both cases, it's critical to note that neither Apache nor Ruby is used by default in Mac OS X. Apache must be enabled either through the Sharing preference pane's web sharing service check box or at the command line. Ruby isn't used for any native Apple products, and it must be wired in at the command line or through third-party packages.

Locking down this sort of access would prevent the most likely security flaws from being exposed, but that's problematic with the current OS. Configuration management software does exist to help such a lockdown, but again, Mac support may not exist in the software you're running companywide.

That should change. "We are starting to see early signs that some vendors are supporting Mac as a platform for those configuration management systems", Mogull says.

Solution:

Consider limited deployment of third-party software to restrict configuration by administrative users if your current solution doesn't include Mac support.

Security flaw No. 3: Everybody's an administrator (or not)

Apple has a binary attitude when it comes to modifying system settings, gaining access at the command line to its Unix underpinnings, and installing software: You're either an administrator or you're not.

For home users and small businesses, the distinction is probably enough. An unprivileged or normal user can be restricted via parental controls and typically can't create user accounts, enable file-sharing services, or install certain kinds of software. For that, an administrative-flagged account is needed.

But with administrator privilege set, a user can turn on features through switches in System Preferences, such as enabling Samba.

"The Mac version is typically three to six months out of date," Mogull says. Alternatively, using the Terminal application to activate any of the thousands of Unix daemons and servers that ship as part of a stock Mac OS X system.

"It's hard to enable those things on Windows," says Thomas Ptacek, a principal consultant at security firm Matasano Chargen, noting that even when such settings are available in Windows, the settings are typically obscure or complicated enough to deter average users. By contrast, a single click might be enough in Mac OS X.

Solution

Limit administrative accounts to users that require them.

NEXT PAGE: Why naïve use of Back to My Mac is a problem

  1. Why IT should be worried about Mac security
  2. Serious third-party security flaws are slow to be fixed
  3. The solution to slow to be fixed third party security flaws
  4. Why naïve use of Back to My Mac is a problem
  5. The solution to complacency over malware
  6. Why naïve use of Back to My Mac is a problem

IDG UK Sites

iPad mini 3 vs iPad mini 2 comparison: New iPad mini 3 isn't worth £80 more

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should I upgrade from Mavericks to OS X 10.10 Yosemite? What you need to know before updating to...