p2pnet news | Security:- Apple’s vaunted Leopard O/S wasn’t only seven months late, it’s also much more than a dollar short in terms of security, say some security analysts.

“Security features that Apple Inc. added to Leopard look great on paper, but in practice most are half-baked or useless, experts said today,” and, “none of those features, good or bad, will make a whit of difference in how safe Mac users are when they hit the Internet”.

So says Computerworld, going on to quote security consultant Rich Mogull as saying Apple didn’t finish the job: “There’s a lot of room for improvement here.”

“Apple touts more than a dozen new security features and tools in Leopard, from anti-exploit memory randomization and an application defense dubbed sandboxing, to a guest account for shared machines and tighter control over input managers, long-abused operating system components that could be used by hackers to jack Macs,” says Computerworld.

But, “with an exception here and maybe there, any crowing by users that Mac OS X 10.5 is more secure is premature”.

However, Mogull also had severak distinctly positive comments, including praise for new restrictions on input managers”.
“The changes in input manager are huge,” the story has him saying..

“It shows that Apple is willing to reduce functionality to increase security. It’s never done that before.”

Meanwhile, “A test of Leopard revealed that installing it led to the firewall on a Mac being turned off and its default setting changed to leave it disabled,” says the BBC, adding:

Leopard, the newest version of OS X, was launched on 26 October and since then Apple claims to have sold or delivered more than two million copies of the software.

But a test of Leopard by Heise Security security expert Jurgen Schmidt found that the firewall in the updated software was set to off and allowed any and every incoming net connection.

Mr Schmidt also found that installing the software as an upgrade to a machine on which the firewall was turned on would lead to this protective software being turned off when that computer was re-started.

He also found that even when the firewall was re-activated it did not let users know about all the potentially vulnerable processes running on that machine.
Apple has yet to comment about the security shortcomings in Leopard, says the BBC.

Hmmm. Maybe it wouldn’t be such a good idea to try the Leopard PC hack after all

Slashdot it!

Also See:

Computerworld - Researchers give Leopard security low marks, October 31, 2007
BBC - Leopard upgrade hits Mac firewall, October 31, 2007
Leopard PC hack - Apple Leopard hacked for PCs, October 30, 2007

---

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for the download, and here for details. Click here or here to learn how to by-pass censorship in your area.

This entry was posted on Wednesday, October 31st, 2007 at 2:38 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 5788 times