Security flaw No. 3: Everybody's an administrator (or not)
Apple has a binary attitude when it comes to modifying system settings, gaining access at the command line to its Unix underpinnings, and installing software: You're either an administrator -- or you're not.
For home users and small businesses, the distinction is probably enough. An unprivileged or normal user can be restricted via parental controls and typically can't create user accounts, enable file-sharing services, or install certain kinds of software. For that, an administrative-flagged account is needed.
But with administrator privilege set, a user can turn on features through switches in System Preferences, such as enabling Samba -- "the Mac version is typically three to six months out of date," Mogull says -- or using the Terminal application to activate any of the thousands of Unix daemons and servers that ship as part of a stock Mac OS X system.
"It's hard to enable those things on Windows," says Thomas Ptacek, a principal consultant at security firm Matasano Chargen, noting that even when such settings are available in Windows, the settings are typically obscure or complicated enough to deter average users. By contrast, a single click might be enough in Mac OS X.
Solution: Limit administrative accounts to users that require them.
Security flaw No. 4: Naive use of Back to My Mac
Mac OS X includes one special service that sounds alarming at first glance -- and can be a real security hole in unmanaged environments. Back to My Mac, a remote access system built into Mac OS X 10.5, requires both a MobileMe account (formerly .Mac) from Apple and administrator privileges. Back to My Mac operates like the GoToMyPC familiar to Windows administrators, although it's less insistent about working around intentional blockades.
While Apple uses IPv6 tunnels, IPsec encryption, and Kerberos tickets to secure connections, starting up such a connection from anywhere on the Internet requires just the password to someone's MobileMe account. With that password, all computers with Back to My Mac enabled can have their files examined or screens remotely controlled.
In a managed enterprise, security experts don't believe that Back to My Mac creates any real risk, despite its feature set. "No enterprise is going to allow something like Back to My Mac unless it's running through a VPN tunnel," Mogull says, at which point it would conform to the enterprise's policy. If users are running Back to My Mac on their own, "it would mean that [IT] royally screwed up" the firewall, he adds.
Matasano Chargen's Ptacek says that Back to My Mac will eventually fall under the category of services that businesses ban their employees from using in the office. "Enterprise users are not allowed to use Gmail or Yahoo Mail," he notes, and Back to My Mac should be treated the same.
Solution: Confirm that Back to My Mac won't work in your environment. Establish a policy that bans its use.