“Apple has been awarded a patent for a computer system architecture designed to fend off exploits and malware by isolating network interface programs from a computer’s main memory storage — an idea that’s not new, but could offer a native alternative to existing resource and memory isolation tools,” Liam Tung reports for ZDNet. “Apple was awarded patent No. RE 43,987 on 5 February based on an application it filed in 2011.”
“Distinguishing its idea from existing technologies, the patent highlights what Apple sees as the limitations of ‘state of the art’ hardware and software-based malware blockers, sweepers and firewalls from companies like Symantec, Lavasoft, Spy Sweeper, Webroot, and Javacool,” Tung reports. “Its vision is to constrain network interface programs by giving them ‘access to a separate, protected memory area, while being unable to initiate access to the main computer’s memory storage area,’ which would prevent malware from automatically being able to corrupt system and user files on the main memory storage area.”
Tung reports, “Rapid7 security researcher Claudio Guarnieri told ZDNet… ‘Apple’s segmentation approach is to have slices of memory inaccessible from a context to another, in order to contain a potential compromise within the originating slice, protecting the whole system and the other applications from being affected too. To achieve the same goal, Qubes OS instead uses full virtualization to allocate separated resources for each domain. Theoretically, resource isolation is a new concept, but being able to implement it natively in the operating system would be a great step forward for Apple products’ security.'”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Judge Bork” for the heads up.]