2008 - The Year of Mac Security…..

January 19th, 2008 Drazen Drazic Posted in Bad Stuff, MAC Security, Vulnerability Management, cyber crime |

The signs look bad for Mac in 2008 in regards to security, in my opinion. As 2007 came to an end, you could see throughout the year that Mac security issues were growing in terms of mainstream reporting (though numbers did not increase that much from 2006: http://secunia.com/product/96/?task=statistics_2007).

The expectation is that it’s only a matter of time before Mac users start to face issues that PC users have been for many years. The concern is; will Mac users be ready? Are they educated enough? To be honest, most probably are not….making them a prime target.

From The Register; Mac lambs line up for slaughter, discusses this. Well worth a read.

Many, or rather I should say, most Mac people still believe that they are immune to the security problems that PCs face. Salesmen tell them that this is the case. They’ve never had a need for anti-virus and other anti-badware software. Apple updates magically do things and most would not know if an update is fixing a security issue. Between updates, the systems lie open to compromise as little, aside from the standard firewall is implemented on the system (maybe!).

My Mac ran a bit weird a month or so ago. It slowed down and started to behave like a PC - ie; unpredictable in terms of response times. (Now that doesn’t happen to a Mac unless there’s some serious hardware faults generally). I installed the latest security patch and bang, it was back to normal! So what happened to my machine? Who really knows given I did not have any anti-badware on it to tell me. What was affected? I could vaguely guess by reading the description for the update but nothing confirmed (unless I wanted to throw it to the team to pull apart and diagnose).

So Mac users are probably not ready! The big “anti” vendors must be champing at the bit. The Mac loses it’s innocence…….oh please no! I want to have a system that behaves like I expect. I know…..the team will move me to a variant of Linux. :-)

3 Responses to “2008 - The Year of Mac Security…..”

  1. Drazen Drazic Says:
    January 19th, 2008 at 12:19 pm

    Sorry. Lost a couple of comments here. My bad editing.

  2. Big Galoot Says:
    January 21st, 2008 at 9:03 am

    I hate Macs !

    http://blogs.computerworld.com/node/6373

    :-)

  3. D2 Says:
    January 21st, 2008 at 12:06 pm

    Part of my IPFW config:

    02050 deny udp from any to any dst-port 5353 via en1
    02051 deny udp from any to any dst-port 1900 via en1
    02053 deny udp from any to any dst-port 5353 via en0
    02054 deny udp from any to any dst-port 1900 via en0

    Info:
    http://www.kernelthread.com/publications/osxkernel/osxkernel.swf

    I am not denying 0days….

Leave a Reply