Apple's Mac OS X Lion Takes a Bite Out of Malware
Mac OS X 10.7 Lion's Launchpad application viewer.
With the recent release of its latest operating system, Mac OS X 10.7 Lion, Apple has made some significant security improvements to its 10-year-old platform. The question consumers now face: Is it time for an upgrade?
The touch-oriented, iPad-styled changes to OS X have garnered some critical accolades from reviewers, but there's more to Lion than a new coat of fur. With this iteration of the operating system, Apple is clearly acknowledging the growing threat hackers and malware pose to Macs , and it has made a couple of major improvements to protect owners.
"No platform has no security problems," warned Kevin Mahaffey, chief technology officer and co-founder of San Francisco's Lookout Mobile Security. "Phishing attacks don't discriminate [among operating systems]."
But Mahaffey said he thinks Apple has taken some solid steps forward in security with Lion.
The first change is the drastic expansion of a feature called address space layout randomization, or ASLR. Basically, it's a technique that continually changes the memory location the physical spot on the RAM chips of active system and application software.
The idea is to foil attacks aimed at gaining access to a computer via specific software components. If a hacker doesn't know where particular parts of the running operating system or applications are, he can't hijack them.
ASLR was first introduced with Mac OS X 10.5 Leopard in late 2007, but only for parts of the operating system. Mac OS X 10.6 Snow Leopard made it possible for newer 64-bit applications (which is to say, not many) to use ASLR.
Apple states that in Lion, ASLR "is now available for 32-bit apps (as are heap memory protections), making 64-bit and 32-bit applications more resistant to attack."
"It is definitely improved over Snow Leopard (the previous version of the Mac OS)," said Chester Wisniewski, senior security advisor at Sophos Inc., which makes a free anti-virus program for Macs. "The ASLR changes are quite important and significant."
However, Apple is very much playing a catch-up game. ASLR has been widely implemented in Windows since Vista was introduced in early 2007. On the other hand, as Wisniewski pointed out, Mac OS X is a much smaller target for malware writers, with few viruses or Trojans created to attack it.
Lock it up
The second major improvement in Mac OS X 10.7 Lion is the FileVault 2 full-disk encryption option (the previous version encrypted only selected directories). Completely rewritten, FileVault now allows Mac users to encrypt all their important files easily.
Such encryption programs have been available for other platforms for years, but installing and using them has always been awkward and unwieldy for everyone except the most paranoid users. Lion now makes it simple to encrypt an entire hard drive.
"I'm excited about the acceleration of full-disk encryption," said Mahaffey, "so if you're using a system with the latest Intel processor, there's very little speed impact because it does it all in memory."
Owners of older Macs, however, may experience a performance slowdown using FileVault 2.
"Apple's FileVault 2 appears to be a solid, secure implementation," said Wisniewski. "I think security is critical and am using FV2 on my Mac."
Hold that roar
But Wisniewski acknowledges that the security features alone probably aren't enough to recommend upgrading to Lion. While it only costs $29.99 to make the change, longtime Mac users may not prefer the new, iPad-like interface and more importantly may find that some of their applications, such as those written for the older PowerPC-based Macs, don't work with the new OS.
Furthermore, security experts still stress that the biggest danger for Mac owners is complacency.
"We are still seeing malware writers taking advantage of the fact that most Mac users think they are immune to threats," said Wisniewski.
That means that Web-based attacks that trick consumers into divulging personal financial information and passwords phishing scams and other forms of "social engineering" are still a problem. And as Mac OS X slowly gains market share, more malware, such as the recent Mac Defender Trojan , will be written specifically for it.
The best defense, then, may not lie in a more robust operating system, but in a more robust awareness among Mac users that every computer, no matter who makes it, is vulnerable.