AT&T Tech Support 360Security features expected within Mac OS X Leopard
In advance of Friday's general release of Apple Mac OS X Leopard, Apple has posted a variety of preview pages, one of which details new security features. In Apple's preview, the Cupertino vendor cites 11 specific enhancements that should make Leopard more secure than Tiger.
Library randomization: This is huge. The technology behind this, address space layout randomization (ASLR), randomly arranges the positions of key data areas. This prevents malware authors from predicting the targeted memory addresses for buffer overflows and malware exploitation. Windows Vista includes ASLR.
Sandboxing: Sandboxing allows applets to run without interfering with the overall system, then terminate when the application shuts down. Apple says "many Leopard applications--such as Bonjour, Quick Look, and the Spotlight indexer--are sandboxed so hackers can't exploit them." Missing from the list, however, is the Apple Internet browser, Safari, which, of all the applications listed, needs sandboxing most of all.
Tagging downloads: Before Leopard executes a download, it will ask for your consent first by telling you when a file was downloaded, what application was used to download it, and, if applicable, what URL it came from. Hopefully no more drive-by downloads.
Application-based firewall: This will allow users to specify the behavior of individual applications.
Stronger encryption for Disk images: With 256-bit AES encryption, Disk Utility will provide stronger encryption for Mac OS disk images.
Sharing and collaboration configuration: Leopard will make it easier to share and control who has access to your folders over a network.
Signed applications: All applications designed for Leopard will be signed by either Apple or third-party developers.
Enhanced VPN client compatibility: Leopard will support Cisco Group Filtering as well as DHCP over PPP.
Multiple user certificates: Leopard provides a digital certificate for encrypting e-mail messages.
Enhanced smart card capabilities: According to Apple, "now you can use a smart card to unlock FileVault volumes and your keychain, and configure your Mac to lock the screen when a smart card is removed."
Windows SMB packet signing: According to Apple, "enjoy improved compatibility and security with Windows-based servers."
- Tags:
-
security,
-
Apple,
-
Leopard,
-
encryption,
-
ASLR
- Bookmark:
- Digg
- Del.icio.us
Security HAS existed, and exists on OS X. It's nothing new. Countless reviews, white paper, and articles have been published about it. The record speak for itself.
The mentioned features are mainly for the benefit of the enterprise world "requirement list". Some boxes have to be ticked, just to be considered for specific bids and tenders. Even if there is no great need.
As for the little chicken and egg discussion going on about who brought features first, I would ask our writers to cut it out.
The ONLY item in your discussion that Microsoft invented was SMB. It is a de-facto standard because of NT and its descendants' place in the enterprise. None of the other 'security features' are either Microsoft's or Apple's.
Finally, I have Vista, XP, and uBuntu 7.10, all running on my Acer laptop, and I have Tiger running on my Media iMac.
Performance-wise, Vista is much faster than XP on networking, disk access, shutdown/restart. It is faster than uBuntu for shutdown/restart, but not for disk access where ReiserFS just leaves everyone in the dust.
But why oh why does one need to 'accept' so many things so many times a day, on Vista? In most cases it does not even make sense, because the system does not ask me for authentication (like uBuntu or OS X do).
At this point in time, Vista is not stable enough yet and is a no-go in our setup, where uBuntu seems to have done enough for the user to be a near 'natural' upgrade. Perhaps SP1 will change this perception?