Apple Snow Leopard Security Criticized
Mac users are getting new security features with the arrival of Apple’s Mac OS X 10.6, but some security vendors say those enhancements are lightweight.
The release on Friday of Apple’s Mac OS X 10.6, known as “Snow Leopard,” has elicited criticism from security companies, which may have business to lose if Apple’s latest operating system reduces interest in third-party security software.
Snow Leopard includes several security enhancements. According to Apple, Snow Leopard supports 64-bit applications, which the company claims are more secure than 32-bit applications because of the way the operating system handles function-passing. Mac OS X 10.6 also includes hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and antivirus capabilities.
Symantec, a leading maker of security software, says Snow Leopard’s File Quarantine feature only offers basic malware protection. “It is not a full-featured antivirus solution and does not have the ability to remove malware from the system,” the company said in an e-mailed statement. “File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates.”
Symantec also notes that Mac OS X’s Software Update mechanism is not fully automatic and lacks a user interface to see which signatures have been downloaded.
Symantec also observes that Apple’s security enhancements do not protect against unauthorized access to sensitive files or block the transmission of sensitive information, like Norton Internet Security for the Mac. The company also says that Mac OS X’s firewall is turned off by default and isn’t as configurable as its product.
Symantec adds that Apple’s reliance on lists for phishing protection isn’t wise because phishing site lists become out-of-date quickly.
Symantec’s criticism of Apple’s efforts stands in contrast to the response of AVG when Microsoft said it would offer free security software, Microsoft Security Essentials, with Windows. In June, J.R. Smith, CEO of AVG, said that Microsoft’s offering would be good for consumers and good for the security market overall because it would raise awareness that security products are necessary.