Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Releases Mac OS X Leopard Security Guide

Posted by timothy on from the to-prevent-worms dept.

Wormfan writes to share ZDNet's brief mention of and a link to "Apple's release of a ~250 page PDF of security best-practices and tips to protect Mac OS X Leopard clients. The guide is aimed at experienced users, Apple says, familiar with the Terminal application and its command-line interface."

4 of 61 comments (clear)

  1. argh: all my passwords contain a capital "U" by peterpan79 · · Score: 5, Interesting

    citing page 52:

    In the Password and Verify fields, enter a new Open Firmware or EFI password, and click OK.

    This password can be up to eight characters. Do not use the capital letter "U" in an Open Firmware password.

    If you do, your password will not be recognized during the startup process.

    ;)

  2. Re:They lied! by ushering05401 · · Score: 4, Interesting

    On a less sarcastic note...

    Documents like this will encourage people like me to at least look at Apple when considering purchases.

    I have never trusted the 'so safe you don't need protection' argument about any product, much less one as important as a computer operating system. Let's not even dig into the can 'o worms of trusting a publically traded, and therefore profit driven company, to maintain the highest production standards indefinitely.

    Security vulnerabilities just take time to evolve, they will find everyone sooner or later.

  3. What happened to 'Secure by Default?' by TheRaven64 · · Score: 5, Interesting
    If you need to:
    1. Be an experienced user familiar with the terminal, and
    2. Read a 250 page PDF
    then I wonder a little about Leopard's security.

    Having skimmed the document, I'm a little bit less sceptical. In a lot of places it explains why the default configuration is secure (e.g. mDNSResponder uses the MAC framework to run in a sandbox, which is why the recent security hole did not apply to Leopard, while it did to Tiger, Windows and Linux). It also told me about a few features I was completely ignorant of, such as the ability to use a smartcard to unlock File Vault images and the keychain rather than a password (would be a bit more useful if Macs included a JavaCard reader). It also covers things like completely disabling WiFi and Bluetooth, which are likely only to be required by people working in the defence industry or suffering from extreme paranoia (but I repeat myself). Sadly, although it mentions the MAC framework, it doesn't give any hints about actually using it.

    It also includes one thing that made me groan slightly:

    Mac OS X v10.5 supports the Mac OS X v10.4 sparse disk image format created using AES-128 encryption. In my experience, this only applies to the first boot of a Leopard system. After mounting and unmounting a Tiger File Vault disk image, you will find that it is only mountable in Tiger. I wasted many hours fixing this problem after upgrading.
    --
    I am TheRaven on Soylent News
  4. Framemaker 6 by 99BottlesOfBeerInMyF · · Score: 5, Interesting

    This is sort of off topic, but the PDF metadata claims it was made using Adobe Framemaker 6.0 and a Macintosh version of Adobe Distiller. That strongly implies this guide to securing the latest and greatest version of OS X, was actually put together and created using a PPC Mac running classic. I wonder what Apple plans to do in this regard going forward, since none of their currently offered systems can run this software and their are really not many alternatives for said niche. Maybe Adobe will face one more Apple product as a competitor in the next year or so, if Apple decides to bring an OS X native program to market as they have in other cases like this.