Researchers give Leopard security low marks

01. November 2007
Security features that Apple Inc. added to Leopard look great on paper, but in practice most are half-baked or useless, experts said Wednesday. And none of those features, good or bad, will make a whit of difference in how safe Mac users are when they hit the Internet.

"I do think that this is the most significant update in the OS X line when it comes to security," said Rich Mogull, a security consultant and former Gartner Inc. analyst. "But AppleApple didn't finish the job. There's a lot of room for improvement here." Alles zu Apple auf

Apple touts more than a dozen new security features and tools in Leopard, from anti-exploit memory randomization and an application defense dubbed sandboxing, to a guest account for shared machines and tighter control over input managers, long-abused operating system components that could be used by hackers to jack Macs. But with an exception here and maybe there, any crowing by users that Mac OS X 10.5 is more secure is premature.

For the most part, Mogull sees the new features as laying the groundwork for serious work down the road. He gave only a few -- such as the new restrictions on input managers -- rave reviews. "The changes in input manager are huge," said Mogull. "It shows that Apple is willing to reduce functionality to increase security. It's never done that before.

"Great, great move," he said.

Input managers, code originally intended to provide accessibility and internationalization functionality to Mac programs, have morphed into plug-ins created by scores of third-party developers. And they're a straight street to the operating system that hackers could drive as easily as legitimate programmers, said Thomas Ptacek, a researcher at Matasano.

Zur Startseite