http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/
Researchers: Apple’s Mac OS X Lion is the king of security
“With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say,” Dan Goodin reports for The Register.
“The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features,” Goodin reports. “‘It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,’ said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. ‘I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.’”
“With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser,” Goodin reports. “‘Now, you end up inside this restricted process that only does the web parsing, and you can’t do other things you might want to do as an attacker, such as write files or read a person’s documents,’ Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook, explained. ‘Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.’”
------------------------------------------------------
That's quite an endorsement.
Yet another reason to get Lion, folks.
Researchers: Apple’s Mac OS X Lion is the king of security
“With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say,” Dan Goodin reports for The Register.
“The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features,” Goodin reports. “‘It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,’ said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. ‘I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.’”
“With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser,” Goodin reports. “‘Now, you end up inside this restricted process that only does the web parsing, and you can’t do other things you might want to do as an attacker, such as write files or read a person’s documents,’ Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook, explained. ‘Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.’”
------------------------------------------------------
That's quite an endorsement.
Yet another reason to get Lion, folks.
