DealsOnTheWeb Daily Deal: OneCall's Weekend Sale - 20 Great Items at Great Prices All Weekend Long
Editorial - Does the Mac Really Have Enterprise Security Issues?
by , 5:15 PM EDT, July 15th, 2008
On Tuesday, Computerworld published a story about so-called security flaws in Mac OS X that affect the enterprise. The six arguments actually amount to a collection of shibboleths.
Security Flaw #1: Apple Updates. The argument is that security updates pop up unannounced and insufficient information is provided to make a decision as to whether to roll out the update.
Reality: Experienced IT administrators who maintain Macs have access to information that helps them better understand the updates. With Apple Remote Desktop, they can lock down their clients and prevent individual users from installing updates while they evaluate the update themselves. Then they can roll it out when ready. The CW argument above draws from the experience of the desktop user, not the Mac IT administrator.
Security Flaw #2: Serious Flaws are slow to be fixed. "While the project running the software often patches such vulnerabilities in hours or days, Apple often lags in releasing such updates," the author noted.
Reality: I suspect, based on my experience, that Apple evaluates the impact of the vulnerability in the light of the system architecture. If there are no known exploits in the wild, as the author admitted, then Apple can take a wholistic approach that's better for system stability. Also, they have to take into account that the FreeBSD subsystem is open source maintained by committers. In contrast, Microsoft can roll out emergency patches that simply cause trickle down effects and result in the need for new patches on patches and reduce system stability.
Security Flaw #3: Administrator Mode. The argument here is somewhat incoherent and suggests that the distinction between administrator mode and an unprivileged user is a problem in the business world. The argument fails to take note of the tools Mac IT administrators have.
Reality: Corporate users of Mac OS X do not generally have Administrator privileges and IT Administrators lock down the Mac and dictate what can be done. Entire disk images ("spins") can be rolled out or specific updates installed. See Item #1 above. The CW article goes over the top when it suggests that Mac users with Admin privileges can all too easily access dangerous functions, which is not true in a managed corporate environment. "It's hard to enable those things on Windows," said a consultant who noted that "even when such settings are available in Windows, the settings are typically obscure or complicated enough to deter average users. By contrast, a single click might be enough in Mac OS X." The obscurity argument is hardly comforting and fails to take into account the fact that enterprise Mac users can be denied access to the the terminal or other configuration options.
Security Flaw #4: Naive Use of Back to My Mac. "Mac OS X includes one special service that sounds alarming at first glance -- and it can be a real security hole in unmanaged environments," according to the author.
Reality: Enterprise installations of Macs are managed environments. Back to My Mac is a toy for individuals who assume the entire risk. The article goes on to basically admit that.
Security Flaw #5: Complacency over Malware. The author goes on to say, "The fact is that the Mac has not been a malware target, and it is safer than Windows from such threats." The argument is then that that may not be true in the future.
Reality: The author negated his own headline and then added some speculation.
Security Flaw #6: Apple's security is half-baked. "Nothing in Leopard is completely implemented," according to a consultant cited by the author. "They finished enough to get their marketing bullet point, but not a real strong level of defense," was ascribed to another consultant. The solution suggested was to wait for Snow Leopard for serious Mac deployments when the users will "know precisely what security improvements Apple commits to for that release."
Reality: Quoting consultants who have an opinion doesn't make for quantitative truth. Any OS is an evolving ecosphere. No OS will ever be perfect, and suggesting that the entire security posture of Leopard won't be complete until Snow Leopard is like suggesting that 90 percent of corporate America completely delay the deployment of Vista until Windows 7 comes out. It's a pipe dream.
In my opinion, the article isn't really about security flaws in Mac OS X that affect the enterprise. It's really just a collection of quotes and differing opinions regarding Apple's business practices and technical approach.
Observer Comments
Tue Jul 15, 2008 6:42 pm Subject: Words
Tue Jul 15, 2008 8:14 pm Subject: I hope I got it there in time...
I hope no one, especially John Martellaro and the Mac Observer owners and staff oppose my posting of John's opinion as a comment on Computer World's website with that article. I have a nephew that works for NASA in Houston and he's in the internet security for the lack of the correct term, and he's always sending me outdated Mac FUD reports such as this. I believe this is a part of the M$ scheme of payback on the Get A Mac ad campaign since they said they were going to fire back.
Tue Jul 15, 2008 8:26 pm Subject: Posting at Computerworld
Recent Headlines - Updated Friday, July 18th, 2008
- Fri., 4:30 PM
- iPO Apple Store Spotlight - Bloomberg LP - Financial Information on Your iPhone
- 2:50 PM
- iPO Just a Thought - Seven Days (and Counting) Trying to Get an iPhone
- 2:15 PM
- AAPL Drops 3% in Afternoon Trading, Deferred Revenue Accounting Earning Attention
- 12:05 PM
- iPO Review - Jensen JiMS-525i
- 11:05 AM
- Apple in Art
- 10:40 AM
- iPO Free on iTunes - AtomTV, Black In America, Strange Days on Planet Earth, & More
- 9:15 AM
- TMO's DealsOnTheWeb.com - JBL On Stage II Speaker System w/RF Remote Control: $67.99 Delivered
- 8:20 AM
- StrangeCharm - Particle Debris and a New iPhone (2G)
- 7:30 AM
- TMO Quick Tip - Build Your Own Twitter Client
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- OWC: Mercury Elite FW800/FW400/USB2/eSATA up to 2.0TB TOP-RATED Solutions offer High Performance, Reliable storage for all your data storage needs. 500GB $159.99, 750GB $199.99, 1.0TB from $299.99
MacBook/MacBook Pro / MacMini / iMac Intel Core2 DUO DDR2 667Mhz 4GB Kit $84, 3GB Kit $60, 2GB Kit $40 1GB $20. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: MacBook 1Gig $39, 2Gig $78, 4Gig $195! Mac Pro 2Gig $115, 4Gig $189! 500G Seagate SATA II $139! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Apple 15-inch MacBook Battery: $75 
New iMac Intel Core 2 Duo 2.4GHz 20-inch Al with Wireless Kdd & Mouse: $1199 
Overstock.com: $1.00 SiteWide Shipping - This Weekend Only 
J&R ComputerWorld's Weekend Sale - Save on TVs, Digital Cameras, Games & Tons More 
OneCall's Weekend Sale - 20 Great Items at Great Prices All Weekend Long 
