Mac (in)security: How to secure Macs in business
Heads out of the sand, Mac folk -- it's time
InfoWorld - Macs are immune from security threats, right? It's Windows we have to worry about. That water-cooler wisdom needs to be flipped on its head, security experts and IT managers warn. Microsoft Corp. has gotten its security act together with Vista and its current security-response program. Meanwhile, Apple Inc. is fast becoming the company most in need of getting its security mojo going.
Many IT and security managers who have focused on securing Windows need to turn their attention to the Mac OS, as these six Mac security flaws attest. And with Macs increasingly making their way into the enterprise, they shouldn't wait: According to a recent Yankee Group Research Inc. study, 80% of senior managers at 700 companies had Macs in-house, with 21% boasting 50 or more Macs in use.
A few security holes in Mac OS X are already known, such as the unpatched ARDAgent vulnerability. But that's not where the principal Mac security threat lies. From interviews with security experts and corporate IT managers, it's clear that security concerns and potential risks are much more quotidian -- exactly the kind of bread-and-butter stuff that is especially easy to ignore with Macs, where IT's familiarity with the Mac is slight because users have typically managed the computers themselves.
It's time for IT to figure out where the Mac's security holes are so that you can plug them before your corporate knowledge starts bubbling out. Here are the six main flaws on which you should focus:
Security flaw No. 1: Update management
Across the board, IT and security folks peg patch and update management as Apple's biggest lacuna. The problem is not that Apple doesn't release security patches, bug fixes and functionality upgrades on a continuous basis. Instead, the issue is with four flaws in Apple's update process: 1) Unlike Microsoft's Patch Tuesday, Apple offers no predictable schedule on which critical updates are released; 2) there's no simple rollback or uninstall provision; 3) many updates don't fully document the set of changes involved, and 4) Apple doesn't provide hooks for third-party software to assist in managing patch installation or rollbacks, although such software does exist. (Apple does allow configuration so that software updates are downloaded from an intranet server, however.)
"Apple just goes ahead and issues an update without anyone knowing it's coming, and no one knows what's inside it," says Rich Mogull, an independent security consultant, formerly of Gartner Inc.
This demonstrates Apple's newness to the enterprise environment with Mac OS X, despite the operating system's many years on the market and its growing adoption rate. For single users and midsize offices, these patch policies raise few eyebrows. But for large corporations, they're insufficient.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts