Apple Snow Leopard Security Criticized

Mac users are getting new security features with the arrival of Apple's Mac OS X 10.6, but some security vendors say those enhancements are lightweight.
The release on Friday of Apple's Mac OS X 10.6, known as "Snow Leopard," has elicited criticism from security companies, which may have business to lose if Apple's latest operating system reduces interest in third-party security software.

Snow Leopard includes several security enhancements. According to Apple, Snow Leopard supports 64-bit applications, which the company claims are more secure than 32-bit applications because of the way the operating system handles function-passing. Mac OS X 10.6 also includes hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and antivirus capabilities.

Symantec, a leading maker of security software, says Snow Leopard's File Quarantine feature only offers basic malware protection. "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system," the company said in an e-mailed statement. "File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

Symantec also notes that Mac OS X's Software Update mechanism is not fully automatic and lacks a user interface to see which signatures have been downloaded.

Symantec also observes that Apple's security enhancements do not protect against unauthorized access to sensitive files or block the transmission of sensitive information, like Norton Internet Security for the Mac. The company also says that Mac OS X's firewall is turned off by default and isn't as configurable as its product.

Symantec adds that Apple's reliance on lists for phishing protection isn't wise because phishing site lists become out-of-date quickly.

Symantec's criticism of Apple's efforts stands in contrast to the response of AVG when Microsoft said it would offer free security software, Microsoft Security Essentials, with Windows. In June, J.R. Smith, CEO of AVG, said that Microsoft's offering would be good for consumers and good for the security market overall because it would raise awareness that security products are necessary.

Andrew Storms, director of security operations at nCircle Network Security, in an e-mail pointed out the irony of Snow Leopard's security enhancements in light of Apple's ongoing mud-slinging at Microsoft for all the viruses that affect Windows.

"It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo," he said. "So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats."

Paul O Baccas, a security researcher for Sophos, said in a blog post that the Mac OS X malware technology, which he calls XProtect, can help block certain malware accessed through Entourage, Safari, Mail, Firefox, Thunderbird, and other programs that use a routine called LSQuarantine. But malware accessed using programs that don't call LSQuarantine, such as Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- is not blocked, he said.

In an online video, he shows how an infected USB stick can slip past Apple's malware protection system. "They haven't really integrated an antivirus program," he explains in the video. "They've added something which can block some malware under some conditions."

Snow Leopard's security enhancements, he concludes, are better than nothing. "What we hope is that this will get stronger and stronger in the future and that Apple will work with the rest of the security industry to make everyone's life a little bit safer."

Apple did not respond to a request for comment.

Register for Interop New York and gain a complete understanding of the most important innovations in Interop's comprehensive conference and expo, where you'll see the full range of IT solutions to position your organization for growth. At the Jacob Javits Center, Nov. 16-20, 2009. Find out more and register.