A Simple Guide To Macintosh Security
- Sep 10, 2004
Security on the Macintosh is not a feature that has been bolted on to the OS; it's an integral design point of how the OS functions. OS X is based on the FreeBSD flavor of Unix, and is open source at its core. This means that the idea of security through obscurity (keeping your security methods secret) has been rejected by Apple. It has long been a principle of truly secure systems that they should not contain secrets because once the secrets are discovered by an adversary, the entire system will be compromised. Any truly secure method should function to keep security, even if the method is publicly known. Hence the reliance on open source, which can be inspected by anyone. If there is a vulnerability, it can be found and corrected by the review process that occurs within the community.
OS X Architecture
The system architecture of OS X is built on the Common Data Security model, as shown in the following figure. This infrastructure makes it simple for application developers to integrate security tools into their applications through system APIs.
There are ways that OS X improves on UNIX's standard security methods.
First, the root user of a classic UNIX system is by default not enabled. The same functionality is available to the administrator, who is the first user to sign on to the system after the software has been installed. The administrator sets the password (which can be long) that the system uses to authenticate any later action that can affect security. So any malware that attempts to install itself as root will fail.
Second, the system installs with all communication ports secured as the default action. Only those ports that are required for user-desired communications are opened; the others remain closed. It is much harder for an attacker to obtain entry via a port that the user may not be monitoring.
Security matters are handled primarily by the Security panel of the System Preferences mechanism (it looks like the following figure).