Researchers give Leopard security low marks

01.11.2007

Start with the memory randomization feature Apple dubs Library Randomization, both said. Although in theory it can block or at least hinder many of the current exploits -- because hackers need to know exactly where to inject their code to corrupt memory or get their exploit to run -- Apple's implementation is weak at best. Ptacek tagged it as the Leopard security feature that's most hype and least helpful. "This first incarnation is easily breakable," he said. "It might as well not even be there. But it let Apple tick off the feature when it's compared to Vista."

Mogull dismissed Leopard's memory randomization as well, but saved his best shot for the new operating system's firewall. "It's a mess," he said, rattling off a slew of problems. By default, Leopard installs with the firewall disabled, a practice that leaves users unprotected. It's also a step back from Tiger's firewall, he said, because it's both less flexible and more confusing. And after some preliminary testing, Mogull remains unconvinced it even works like it's supposed to.

"I set up file sharing but selected 'deny all' in the firewall, but my other Mac still saw the computer sharing over Bonjour -- even though it should have been denying everything," said Mogull.

For all Leopard's lousy security tools, in the end they just don't matter, said Ptacek. That's because the Mac's single most important security feature remains intact: its small market share.

"None of these additions [to Leopard] will make a difference. The best security feature is that the Mac's too small of a target for attackers," Ptacek said. In fact, if Apple had done nothing to beef up Leopard's security, it wouldn't have mattered. "SecuritySecurity people sometimes get irritated that Apple has had a huge free ride [on security] in the last five years, and that they haven't done anything to earn that free ride. And that free ride will continue as long as the Mac has a smaller share." Alles zu Security auf CIO.de

Zur Startseite