Since the Leopard launch, much has been written about Mac OS X security. There’s new security features inside Leopard which users will never see.
On the other hand, Apple simplified access and usage to Leopard’s firewall, which may have actually loosened security for many Mac users.
Why Leopard provides fewer features to the firewall only Apple knows. Perhaps Apple believes the Mac is secure enough, even without using a firewall.
After all, the Mac’s record for security is impressive, especially when compared to what Windows users have suffered through for years. The Mac’s built-in firewall isn’t turned on by default, though most services that could open access to an unprotected Mac are turned off, too.
The key to the Mac’s security features, those we can see and use, vs. those Apple builds in to the OS that we can’t see, but are perhaps more useful, is to know what we expect of a secure Mac.
The Mac that does not live on a network, whether home or office or internet, has fewer security issues than a Mac that lives on a network. All it takes to get into a Mac to cause damage is a user name and password, and not even that if the Mac is left unattended.
What do we expect of our Mac’s security features? At a basic level, we don’t want anyone else that is not authorized by us, the Mac user, to make changes to our Macs. Of course, we authorize Apple to do so with Software Updates. The same goes for other software which we download and install. We authorize those changes, whatever they may be, right?
Also at that basic level, we don’t want something to destroy, or damage, or delete our files, whether they be music, photos, documents, or the system files that make the Mac doe its work for us. In other words, we want our Macs to be left alone unless we think a change or access to files on the Mac is warranted.
Mac OS X’s inherent permissions design goes a long way toward maintaining the Mac’s stellar record of security. No viruses, no worms, few trojans, few exploits. What’s not to like?
I did some inpromptu research this morning and called an even dozen of my known-Mac user friends, those I was sure had upgraded to OS X Leopard, and asked them if their Mac was secure? They all answered in the affirmative. Then I asked if their Mac’s firewall was turned on. 10 of the 12 didn’t know anything about the firewall. The other two said yes, because they turned it on after they set up Leopard.
Allow me to be somewhat brazen about the results of my own less-than-scientific research, and deduce that most Mac users don’t know much about security issues or exploits or vulnerabilities, or firewalls or other security features, and don’t care. They assume their Macs are more secure than Windows because they, as Mac users, don’t have the same security problems and maintenance issues that Windows users experience.
Most Mac users probably don’t know how to turn on root access. Most Mac users probably don’t share their user name and password with others, except for those they trust. Which reminds me of the How Safe Is Buying Online? question of a few years ago. It’s safer than handing a credit card to a waiter at a restaurant, and no one hesitates to do that.
If most Mac users don’t know much about Leopard’s security features or inherently secure design, why do they feel secure about using the Mac? Is it Mac OS X’s past history of minimal security issues that gives the Mac a better-than-Windows reputation?
Or, is it because we don’t really keep much secure data on our Macs, so why worry? I’m convinced that it is more of the former than the latter. Security hasn’t been much of an issue for Mac users, so why worry now? What we have on our Macs has been safe, therefore it will continue to be safe, therefore my Mac is secure as it needs to be.
I received a call from a close friend who had just installed Leopard this weekend and was worried about the “new Mac virus” that’s going around. Funny, I hadn’t heard about the virus because, well, it wasn’t a virus. See? Most people don’t know the differences between a virus and a trojan horse.
Who could blame the average Mac user with so much hype and hoopla going around. So-called security research Gadi Evron, quoted in Wired, says, “Apple’s day has finally come, and Apple users are going to get hit hard. OS X is the new Windows ‘98.” Uh oh. Unplug your Macs, folks.
Apparently, Gadi will need to continue his research on Mac OS X security issues before going from the 5th grade to the 6th grade, or stop reading Chicken Little stories in the dark. His Crying Wolf™ screeching was based on a trojan horse discovered just last week.
Visit the right porn site on the web while surfing with a Mac, respond to the pop up dialog box which says you need to install a new video codec to view porn properly, download it, give it your user name and password, install it, and, guess what? You have a trojan horse on your Mac which may cause some damage.
Somehow, that whole convoluted process was so attractive to Gadi that he told a friend, who gave him a wedgie in gym class and he took out his frustration by posing as a ‘security researcher’ and used his deepest adult sounding voice to impress Wired’s writers, who should know better, but know a good hit-generating headline when they see one.
You see, with a trojan horse like that, the security issue isn’t inherent in the Mac or Leopard, it’s inherent in the user who is foolish enough to walk through all the steps necessary to be exploited by said horse. The fact that the trojan horse must be installed by the user who must supply an administrator user name and password tells me that Mac OS X’s security is working better than the users.
And that’s the whole point. That’s how it should be. Apple can’t fix broken users. But they can make it difficult for someone to break into a Mac without help from the inside, so to speak. Do you value the security of your Mac, and the files on your Mac? Then learn about the many ways to lock down your Mac beyond what Apple provides. Otherwise, you end up as those poor porn traveling mules did—the owners of a Mac that has been compromised.
What do you do to keep your Mac secure? Talk Back to Mac360 in the Comments section below.