July 1, 2008

more access control

Filed under: apple,selinux — admin @ 12:54 am

Karl McMillan and Chad Sellers have both some nice blog entries [2] due to the recent OS X trojaner: They both sign the need of more restrictive and finer grained security controls for operating systems.

SELinux or the Sandbox for Apple, which comes from TrustedBSD a sister project of SELinux (circuit close!), both provide systems like these. As Redhat is now including and propagating the use of SELinux, as well the Fedora Community integrated some nice support into Fedora 9, it even looks like apple will more and more come with things like that. And they seem to have started to integrate it into CUPS.

Good way to proceed.

October 30, 2007

Leopard’s firewall, can you count on it?

Filed under: apple,firewall — admin @ 8:35 pm

Heise.de examined recently the firewall which comes with apple’s new OS X version “Leopard”. It looks like they really learned nothing from what other operating system developers had to learn in the past years. It’s hard to guess how Apple (or even just the people using it) wants still to claim that their system should be more secure than other after having a closer look on what they deliver as a so called firewall. Here the facts:

  • It’s not enabled by default. Microsoft have been blamed for that years ago, while releasing SP 2 for Win XP
  • If you have enabled it and upgrade to “Leopard”, it will get disabled. Microsoft had done this fault as well years ago.
  • If you enable it and request it to deny everything, so nothing else than to block anything which comes from outside to your computer, so called trustworthy services are still open and can be accessed. WTF? A firewall which is just useless?!
  • The only way you can really secure your firewall is to put hands on the firewall your self, without any “klick’n’bunti”. And this is certainly nothing that a so called Mac user wants to do, nor 99% percent of the people will understand or even just do it.

It certainly looks like Apple just released a firewall which is just useless for most of their users. And it looks like that usability (nice GUI’s as a top criteria!) have another time won over security. And it becomes again clear that you can’t have any security if you aren’t understanding what are you doing (while clicking).

So and what can you do as a Mac-User? You have to wait until Apple thinks that it is a security issue and will release an update. With FOSS anyone could release an update, and everyone could profit. Fortunately I’m not using anymore any closed systems. 🙂

Check out the whole story @ heise.de in German or in English.

Proudly powered by wordpress 4.7.5 - Theme by neuro