Mac (insecurity): How to secure Macs in business

As Macs make their way into the enterprise, IT needs to address these six security flaws before disaster strikes

Security flaw No. 5: Complacency over malware

The recent appearance of a kit that lets malicious parties install Trojan horses in legitimate software to, in turn, obtain root access to a Mac seems to run counter to the widely held view that Macs are immune from many of the exploits that once plagued Windows (and that Vista has ameliorated).

But that Trojan horse doesn't meet the smell test: Like a few other "concept attacks," the exploit requires that someone download and install software, although no password is required for the malware to run. (The exploit relies on the escalated privileges available for the Apple Remote Desktop agent, or ARDAgent, even when it's turned off. An AppleScript command can be sent to the agent, which is handed off as a root-level shell command.) A survey of security experts and the buzz among the Mac enterprise management community shows that this threat is a nonstarter.

The fact is that the Mac has not been a malware target, and it is safer than Windows from such threats. And that's where the risk lies: The Mac is safer from malware today, and there's very little concern about the Mac being a gateway to infecting Windows users.

But that may not be true in the future, and there is some concern that IT won't be ready to protect Macs from malware when that day comes.

Today most of those who follow Mac security closely seem to abjure anti-virus software. "It's not unreasonable to use anti-virus in an enterprise, especially if compliance is an issue," says Mogull -- but "I wouldn't necessarily recommend that for a consumer," he adds, because today's anti-virus apps don't address Mac OS X's actual risk profile today. "Anti-virus is an industry failure," Ptacek says. Because of this, he can't recommend that companies install anti-virus software at all.

Dino Dai Zovi, an independent security researcher, is concerned about acceleration in this area. "Because there is still very little malware in the wild targeting Apple, it is still a safe platform, and it is in a lot of ways safer than the Windows equivalent. But I think that that time is rapidly changing," he says.

Mogull cautioned that the worst could be yet to come. "It isn't that the Mac is immune or even more resistant to these attacks, there just hasn't been very much interest in them," he says, a sentiment echoed by security experts and IT managers. With more Macs in the enterprise, it's likely that attacks designed to extract information or take over Macs to use them as zombies will hit the wild.

While the Mac OS itself is fairly safe, at least for now, from malware, the Mac OS X's default Safari browser is not. "We've long since moved into this place where it's about the browser and about JavaScript," Ptacek says.

Even security experts unconcerned over OS-level malware threats are worried about browser-based threats. The fears center on as-yet-undiscovered flaws in the Safari browser and on Apple's use of the Webkit, a browser engine that's both employed throughout OS X and available to third-party developers. The concerns are not theoretical: A flaw in Safari on the iPhone found in a TIFF library module lets an iPhone forfeit root control just by visiting a Web page. (This was briefly a popular way of jailbreaking iPhones to install third-party software.)

Solutions: Keep abreast of security updates and security news related to Macs. Make sure the same outgoing firewall monitoring tools cover Macs as other platforms to identify hallmarks of hijacked systems.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Glenn Fleishman

InfoWorld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?