Offhand Comments About Apple Security

September 4th, 2015

So Apple gets ragged on by the media at times for not taking security seriously enough. While that may seem a sensible argument to make when a potential security threat is discovered and Apple doesn’t respond within five minutes, it remains true that the impact from such threats has not been especially high.

Indeed, the only episode where any number of Macs were vulnerable dates back to 2011, where as many as 600,000 Macs were reportedly infected with a Java infection known as the Flashback Trojan and by several other names. It’s not that there seems to have been any particular harm due to its potential presence on a Mac, although there could have been. But, after failing to respond for months, Apple released a fix and disabled older versions of Java.

A lesson learned. If you stay away from Java, particularly the browser plug-in version, and Flash, which requires regular security updates, you might avoid the most serious problems.

With OS X El Capitan, Apple has taken even more steps to shore up security. The key feature is known as “System Integrity Protection,” and it limits the power of your Mac’s root account. So you will no longer have direct control over certain system files. Only installers and installer updates will be able to modify those files. This will reduce the possibilities for mischief, though anyone who gains direct control of your Mac could, in theory, cause harm if they are skilled at such skullduggery.

This “rootless” feature also means that apps that install kernel extensions, known as kexts, will not work unless they are properly signed by Apple or an Apple developer. So I very much expect that some will stop working until new versions are developed. Meantime, my experiences with the El Capitan betas have been extremely positive, and most things still work.

Both OS X and iOS support sandboxing, which limits how apps can interact with one another. Indeed, iOS apps that don’t obey the limits simply aren’t accepted. OS X apps can still do more than Apple allows, but they are not allowed in the Mac App Store; they have to be distributed separately. But the new capabilities of El Capitan clearly create a safer environment.

Long and short of it is that it does appear Apple has taken the necessary steps to make their platforms as secure as possible. Yes, software updates often include security fixes, but nothing is perfect when it comes to software, and changes need to be made from time to time to shut down newly-discovered security leaks. That’s a process that will never end.

Now I read an article recently suggested that the need for ongoing security fixes can be blamed on bad decisions made by developers early on. Security wasn’t an issue in the early days of the Internet and personal computers, and the need for frequent updates is the end result.

Obviously Apple’s platforms are based on Unix, which actually got its start in the 1960s. Whatever changes Microsoft has made with Windows, that OS dates back to the 1980s. But I am not a developer, and I wouldn’t feel comfortable making bad guesses.

In the meantime, there are still occasional warnings about potential security issues in iOS and OS X. They usually get fixed within short order.

The most recent iOS security problem, by the way, can only harm a jailbroken iPhone. Apple is often attacked, no doubt from Android adherents, for not allowing you to sideload an app, which means installing software outside of the App Store.

The only way to do that is to jailbreak your iOS device, which also opens the doors that Apple usually keeps shut for maximum security. So when you enter the wild wild west, it’s a sure thing that you need to know what you are doing, or be extremely careful, to stay out of trouble. Maybe people who use Android gear don’t mind taking risks of that sort. But people who want things to just work — or mostly just work — probably don’t want to deal that nonsense.

I recall when I spent a number of months using two Android smartphones, the Samsung Galaxy S3 and the Samsung Galaxy S4. Both were decent enough when it came to making and receiving phone calls. Less so in using the native mail app, and there were so many extra and often meaningless app and system settings, that I wondered how the average user would cope.

But the first thing I did when setting up those devices was to install security software. I didn’t want to take any chances, although nothing untoward happened. But software that’s constantly scanning for trouble is bound to have some level of impact on performance. This is true to some extent when you install antivirus software on a Mac, particularly the apps that do background scanning.

While I realize some companies insist on installing security software on both the Macs and PCs on their networks, that need hasn’t actually arisen yet on Apple’s platforms. Maybe it’ll come, and there are always claims that, as Macs become more popular, such apps will become essential. But the first official release of OS X arrived in 2001, after a public beta was available the previous year. The sky still isn’t falling.

| Print This Article Print This Article

One Response to “Offhand Comments About Apple Security”

  1. Viswakarma says:

    People use “Apple” in their posts etc. to attract attention to their drivel!!!

Leave Your Comment