Apple takes wraps off Leopard security guide

Apple takes wraps off Leopard security guide

Macs face an increasing security challenge

Article comments

Apple has released a security guide for its Mac OS X 10.5 "Leopard" operating system, with more than 200 pages of details and a focus on advanced users or system administrators.

The guide, released on Monday, arrives at a time when OS X is coming to the attention of a wider user base. This in turn has spurred increased interest in the security aspects of the software, according to industry analysts.

The guide, available from Apple's website in PDF form, is aimed at advanced users familiar with the Terminal command-line interface, Apple warned, but also includes general security tips.

"Some instructions in this guide are complex, and deviation could cause serious adverse effects on the computer and its security," Apple said in the guide's introduction. "These instructions should only be used by experienced Mac OS X users, and should be followed by thorough testing."

Topics covered include securing the system administrator account, using Open Directory, using strong authentication, secure installation, services configuration and security in a number of popular applications, as well as more esoteric topics such as Xgrid Sharing, library randomisation and the use of smart cards to protect encrypted storage devices.

According to Apple, Leopard includes a number of significant security improvements, including a feature that marks downloaded applications to protect against Trojan horses, stronger runtime security, simplified network security and improved support for secure connections such as virtual private networks.

In the guide Apple also called attention to the fact that its approach to security alerts has taken exactly the opposite path to that of Windows Vista with its notorious User Account Control (UAC) feature.

"Mac OS X v10.5 minimizes the number of security alerts that you see, so when you do see one, it gets your attention," Apple said in the guide.

Last week Apple released a large update including nearly 70 stability, compatibility and security improvements and fixes. Apple also tucked eight fixes for iCal, its personal scheduling program, into the update, but did not patch the three security vulnerabilities disclosed a week ago by Core Security Technologies.

The three iCal bugs, which were reported to Apple in January 2008, were revealed last Wednesday by Core after it had repeatedly been asked by Apple to delay publishing its findings. Core decided to unveil the vulnerabilities after Apple again postponed its patches.

The large update and the increased attention from organisations such as Core shows that Apple has become a more significant presence in the PC market, in part because of its iPhone smart phone, which also runs Mac OS X.

"The fact that OS X is now on the radar of both the security vendors and the bad guys indicates that the OS has become a 'worthy' target," said Ovum analyst Mike Davis in a bulletin published this week.

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *