Macintosh security is built in, not added as an afterthought. The design of Mac’s OS X made security a top priority and achieved it in many different ways. Larry Loeb gives you an update on some of the ways security has been implemented for Inform IT.
“There are ways that OS X improves on UNIX’s standard security methods,” Larry Loeb writes for InformIT. Loeb explains how in his full article here.
Related MacDailyNews articles:
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
BusinessWeek’s Haddad gets it wrong; thinks low market share spares Macs from viruses – August 28, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Mac OS X has no viruses; what’s wrong with Windows? – February 11, 2004
Spyware, adware plague Windows users online; Mac OS X users surf freely – April 19, 2004
Gartner: Worms jack up the total cost of Microsoft Windows – May 07, 2004
Windows ‘Scob’ virus designed to steal financial data, passwords; Macintosh unaffected – June 26, 2004
Tired of patching patches to patch Windows patches? Writer suggests getting a Mac – August 03, 2004
Millions of Windows PC’s hijacked by hackers, turned into zombies; Macintosh unaffected – September 08, 2004
Go, Larry, go!!
This will be good to have to give to friends who are thinking of switching.
GREAT Article! I wonder how Windows would compare.
Great article. The sad part is that windows user now belive that due to Service Pack 2, that Windows is now more secure than other OS’s.
They believe that now because Windows has a security centre that warns people of threats and turns a firewall on, they are more secure.
What they fail to realise is that there are two stages of security.
1. How a system prevents compromise.
2. How a system responds once compromised. (That is what measures does a system take to prevent hackers doing damage)
Windows only adresses the first level, even though windows now prevents things such as buffer overflow and other internal weaknesses. The fact that windows allows access to *everything* is always going to be a weakness and insecurity.
Whereas OS X, Unix and Linux restrict there system with the root user. This is by design more secure.
Larry has hit the nail on the head.
�It has long been a principle of truly secure systems that they should not contain secrets because once the secrets are discovered by an adversary, the entire system will be compromised. Any truly secure method should function to keep security, even if the method is publicly known. Hence the reliance on open source, which can be inspected by anyone. If there is a vulnerability, it can be found and corrected by the review process that occurs within the community.�
Please, provide some examples, other than Apple, where this type of security has shown benefit.
And, yes, please describe how Microsoft�s method of security makes its OS more vulnerable, and provide some examples, other than MS, where this type of security has been problematical.
Great article, but silly summary.
mac zealot..
Im not sure if they still do it anymore or not, but there was this orginization, who, once a year, or so.. would place a Mac Server online,for a period of time .. publish its DNS, telnet, and other pertinent info online… The idea was a contest, of sorts…
If anyone could hack into the machine… and prove they did it, then {the hacker} would win the Server..
The last time, as I recall, they did this… the Mac Server had been running some flavor of Linux..
And, I dont remember ever reading someone actually winning the Server…
This would be a great discussion of computer security, for you, should someone more enlightened on the details than I, post here..
Hopefully, if this “contest” still goes on, someone would also mention it here, too..
SP2 has solved all MS ills. Anyone who says otherwise does not know XP Professional from their ass. PROFESSIONAL – what you macfags will never be because you are spoiled, tree-hugging, pay-too-much, SPJ ass smelling, throat sausage loving, butt munchers.
Security question:
Microsoft Office components in Office X open two ports to send data back and forth in an attempt to see if you are using MS Office with one license on more than one machine concurrently.
When any MS Office X component launches it opens these ports, broadcasts its existence and listens for a response. When all MS Office X components are closed the ports are still left open. Typically you have to manually close these ports, execute a script to close these ports for you, or restart.
Is this true of the new MS Office 2004? I have not checked it since I have not “upgraded” (if you can call it that) to MS Office 2004.
I would hope that the MS Business Unit would be more security aware than the rest of MS. But woefully this is often not true.
So what’s the case? Does MS Office 2004 open extra ports? Does it leave them open even after all MS Office 2004 compontents are closed?
“…..SP2 has solved all MS ills. Anyone who says otherwise does not know XP Professional from their ass. PROFESSIONAL….”
Is it just me …. or do others find the notion of referring to Micro$oft and PROFESSIONAL … in the same sentence .. just a tad hilarious ??
Almost as funny as saying Micro$oft and SECURITY in the same sentence…
stalin …. these are called “oxymorons” …. you know… like .. jumbo shrimp… military intellegence… and Micro$oft Works !!
LOL …
Check out a new Mac … and be amazed
XP Professional and SP2 …
LOL, at the lab the IT department – which swear by MS and dream MS daily – HAVE BLOCKED SP2 because it does not protect really and creates more problems. Not a single XP professional here has SP2 installed and will ever. Rumors of an SP3 are already spreading.
It seems that only those who use Windows for their daily FPS orgasms swear by SP2.
Even on M$ pages there is a link for ADMINISTRATOR STEPS TO BLOCK SP2 INSTALLATION
Stalin, wonder why?
PS
Is Genome research, Hight Energy Physics, Plasma Physics research and Nuclear reactions simulations enough professional for you?
Or do you equate professional as when Enderle group vomit their nonsense? I bet you swear by those idiots. It shows.
PPS
Keep trolling
My first post here.
Have to chime in with Seahawk: being OS X essentially Unix it is used in the same field and – often – with same applications as in Unix.
Sorry stalin, but you can’t beat Unix as nothing deserves more a “professional” qualification than that.
This is no more the 90s. OS X is Unix. Windows apologists have to find new targets to talk down on Apple. Old rhymes do not apply anymore: not even “Microsoft has more sw”. With OS X you have at hand all Unix applications – easily ported – in addition to what Apple touts. Beats Microsoft hands down.
PS
I do not care much ’bout OS wars: we do support Unix – various flavors -, Linux, Windows NT, 2000, XP and now OS X as well.
What amazes me is the sheer amount of friendly, open people who happily give away their software for the benefit of the OS X community. One fine example is the AMAZING freeware app called Fugu – this little fella has saved my life on more than one occasion, and it’s FREE! I can just imagine Micro$**t charging $300 for an app like this, and you can just imagine how well it would work…
P.S. stalin, using the words Microsoft & Professional is as funny as Dell saying “Dell recommends Micro$**t XP Professional for mobile computing.”
I am so happy OS X is a secure, wonderful environment to work in, and I reckon that even if Apple went bust tomorrow (highly unlikely seeing as they have the best products, bar none) OS X would remain for decades to come.
@shadowself
I use Office 2004. When Word, Excel, Powerpoint and Entourage start, ports 3904, 3898, 3822 and 3813 are opened and stay open.
Quit the programs and the ports are closed.
I used a portscan on my iMac to check it.
Wyodor: pretty normal. Practically all MS applications phone home. You will have to instruct the firewall to block outgoing connections on all ports. You may attempt to block those ports entirely but often MS tries to open nearby ones.
It turns any computer in a gruyere full of holes (security wise)
With ports blocked MS applications complain but work the same.
PS
I do entirely without MS and keep ports monitored. No one in no one out without me knowing and explicitly allowing transmission.
I use Little Snitch and it has never reported a Micro$**t app trying to phone home. There are no rules applied to allow them to, so what’s the deal?
Smithy: Norton Personal Firewall shows that any Office application tries to open connection at launch time and at Quit time. Consistently.
Do you have full log and warnings on from Little Snitch on incoming and outgoing connections (both allowed and denied)?
Seahawk,
Weird, Little Snitch is a deamon that launches upon login and if any app tries to connect it will pop up with an alert. There is no log, but a list of rules in the preference pane that are created (say, for instance ‘Always block Word from Port 80).
Do you trust NPF? I bought it but uninstalled it cause it kept leaving ports open… I just use the OS X built in firewall.
I personally use IPFW – or the built-in but have colleagues with Norton PFW. Seems to be working and ports are closed. During the peak of MSBlaster we simply configured the relative port as closed and it warned about some 5 denied attempts per day.
From what I could see NPF does not leave ports open. You may set rules to leave ALL doors closed in/out and then allow in and/or out connection to specified ports. Have not seen allowed activities on ports which were deemed to be closed.
Smithy: maybe since you have the builtin on as well Little Snitch does not see any activity in that already blocked by OS X firewall. This last does not warn of denied access.