There has been a fair amount of chat about Mac security recently, especially the suggestion that some time in the near future the Mac is going to become more vulnerable than it currently is, because hackers will start to target it more frequently. Imho, it is worth saying a few things about Mac security (in Q & A format):

Q 1: Can hackers do clever things to penetrate the Mac?

A: Yes. Any computer can be penetrated if the exploit is clever enough.

Q 2: How does Mac security work?

A: Mostly it’s simply the Unix permissions system logically applied. It denies the right to execute most of the dangerous things, unless you go in at the root (as administrator with command line access). That permission system is similar to the permissions systems that control most secure OSes. It’s all permissions and passwords.

Q 3: Can viruses “per se” endanger a Mac.

A: Right now, it’s very hard to pull off and not very rewarding for the virus writer. Getting a simple executable planted on the Mac is tough because the Mac uses “Unix permissions” to control executables and file access. It warns you every time you are about to run an executable that you’ve not run before. It also warns you when any executable asks to use the keychain (of passwords) for the first time. These are red flags that would alert you to any security threat. So a virus is a poor vehicle. A user might be fooled into letting one in, but getting a run-away virus explosion is tough to achieve on the Mac population. The probability of a big virus outbreak on the Mac is zero. If viruses don’t spread fast then they are of much less use to hackers.

Q 4: Does the Mac have as many security vulnerabilities as Windows?

A: Who’s to know. The general industry figure is that you’ll get one vulnerability for every 10,000 lines of code. So OS X probably has quite a few vulnerabilities that have not been discovered. The reality is that Apple releases patches and reports vulnerabilities regularly. So far there’s no record of any exploits on these. If hackers paid more attention to the Mac we would probably see reports of exploits. But the Mac update process is good, rarely intrusive and I always take the updates when they’re offered. For me, the vulnerability window for each exploit would be small.

Q 5: Is there a whitelisting capability on the Mac?

A: The iPhone uses whitelisting (software authentication), but there is no whitelisting on the Mac. Whitelisting would kill all possible infection stone dead. If a whitelisting program became available for the Mac I’d buy it at once and load it.

« 1 2 or View All »