Security Oriented and Mac OS X Part1

Posted: March 18, 2011 in Security Related

If you are wondering about the FAN BOY WAR you hear here and there every day and every moment on the planet, then you should realize that nothing is real.

User experience, ease of use and much more functionalities are the major factors any user. but what about the hidden things!!!

Security of the platform you are using, is a fatal factor, not even important regardless you cannot touch it, play with it .. etc. actually, this topic is one of the hottest we find OS fans talking about, the fact is, most of the discussions I personally engaged in proofed for me most of FAN BOYS are repeating wrong information they received from …. WOW …. from another FAN BOYS!

“False Advertising”, this is the major headline about marketing OS.

One of the Headed IT Companies in advertisement is Apple. honestly, Apple is one of the best companies I ever find in advertising side. but False Advertising is a key in what I keep hearing about OS X like “Most Advanced OS” … “Secure OS” … “No Viruses” … “You don’t even need antivirus on Mac OS X” …. etc

Is this a joke?? ok let us move ahead and find out how much Mac OS X is secure. before I begin I must pointed out what is the meaning of Mac OS X.

Mac OS X is an OS relies on FreeBSD‘s and NetBSD‘s … so, there is no actual OS core “Kernel” built by Apple. Apple relies on (Mach kernel). this kernel developed at Carnegie Mellon University to support operating system research, primarily distributed and parallel computation.

Regardless the fact that Mac OS X developed by Apple is a GNU OS, Apple managed to build a great GUI experience on the GNU Kernel.

Let us talk business. Every OS by time will be part of security breaches attempts by hackers community world wide. and from there, hackers will focus on finding vulnerabilities in these OSes and try to develop an exploit to take advantage of the discovered vulnerability. it is very important here to point out that vulnerability doesn’t indeed means an exploit must happen. but the vulnerability itself is backdoor open for whoever able to realize how to reach it.

It will be silly to find someone fight or defend the fact of vulnerabilities because no OS, Application or any software is 100% un vulnerable. the main idea is, how to keep improving and securing your application/software to avoid the expected exploits of these vulnerabilities. so the management cycle of security is very important to follow.

Management Cycle of Vulnerabilities is the weakest part in Mac OS X. I don’t ant to point out any certain vulnerability yet, but pointing the UN PATCHED vulnerability what does matter.

A Framework of security management is a key in any security oriented model. This framework should include for example:

  • Monitoring discovered vulnerability in a certain cycles.
  • Assess discovered vulnerabilities against all possible exploits through it.
  • Work on patching these vulnerabilities, to be moved from unpatched to patched.
  • Release patches in well managed timing for users (this for moderate and low vulnerabilities)  and immediate patches for critical/fatal ones.

Apple doesn’t have any Security Newsletter advisory on Mac OS X, and there is actual alerting system to the users about any vulnerabilities. The worst is the absence of the security focus mechanism. a good aspect about this mess is the released updates for Mac OS X, there is no periodical updates, instead, you will find between time to time a patches with huge size. and you will find no actual information about what this update do.

Some sources mentioned about the absence of a Security Engineering section in Apple, still I cannot confirm this information, but it is most likely could be true based on the facts mentioned above, and the later completion of this article in its further parts.

  1. Xacker says:

    He came. He saw. He lagged out.

    I just want to say congratulations on your new blog 🙂
    Keep it up.. I mean it, UP.


  2. Xacker says:

    I’m… well, let’s put it this way… “connected” 😀

  3. […] Security Oriented and Mac OS X Part1 Email Subscription […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s