Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Save Mac OS X From Malware

Posted by timothy on from the endangered-species dept.

eXchange writes "Well-known hacker Dino Dai Zovi has written an article at ZDNet discussing last week's discovery of a critical threat to Mac OS X, and another announcement of a Trojan horse exploiting this discovery. He suggests that Snow Leopard, or Mac OS X 10.6, should integrate more robust means of preventing malware attacks. Some of the suggestions he has include mandatory code-signing for kernel extensions (so only certified kernel extensions can run), sandbox policies for Safari, Mail, and third-party applications (so these applications cannot do anything to the system), and some lower-level changes, such as hardware-enforced Non-eXecutable memory and address space layout randomization."

1 of 222 comments (clear)

  1. Address space layout randomization by owsla · · Score: 5, Informative

    Apple already does address space layout randomization in Leopard (Mac OS X 10.5)

    See "Library Randomization" on
    http://www.apple.com/macosx/features/300.html#security

    Notice that the new security features list also includes code signing and sandboxing. The technology is there, it's just not setup throughout the system.