Submission + - Inside MacOS X Lion's Security & Privacy Featu (securityweek.com)
wiredmikey writes: Following yesterday's announcement of record quarterly revenue of $28.57 billion and record quarterly profit of $7.31 billion, Apple today launched Mac OS X Lion, the eighth major release of its operating system.
While OS X Lion flaunts more than 250 new features, I thought it would be appropriate to run through them and highlight some of the security and privacy related features that would be of interest to a security-minded Mac users.
Some of the security and privacy related features in Mac OS X Lion that stand out most:
Enhanced runtime protection — Apple has improved Address space layout randomization (ASLR) for all applications and made it available for 32-bit apps (as are heap memory protections), making 64-bit and 32-bit applications more resistant to attack.
Application sandboxing — Sandboxing protects the system by limiting the kinds of operations an application can perform, such as opening documents or accessing the network. Sandboxing makes it more difficult for a security threat to take advantage of an issue in a specific application to affect the greater system.
Revamped FileVault Technology: FileVault 2 new provides Full Disk Encryption, Instant wipe and External Drive Support: Built in (but not activated by default) FileVault now allows users to encrypt the entire drive on a Mac, helping to keep data more and uses XTS-AES 128 encryption to secure data. With FileVault 2, an “instant wipe” feature removes the encryption key from the system instantaneously, making the data completely inaccessible.
Apple ID authentication for file sharing — An Apple ID can now be used to log in to a remote Mac for file sharing. If others need to access a folder on a Mac, users don’t have to create separate user accounts and only need to add their Apple IDs to the list of authorized users, allowing them to log in with their credentials.
File Sharing Privacy — When users share a document — through email, iChat, or AirDrop, for instance — only the current version is sent; all other versions remain on the system. This should be obvious functionality and not really considered a feature!
Encrypted Backups — Time Machine backups can be encrypted with FileVault 2.
Observe Only mode in Screen Sharing — A new “Observe Only” mode lets you watch a remote computer without controlling the mouse or trackpad movements so users don’t have to hand over full control of a system when collaborating on a project or demonstrating something to another user.
Removing all Web Site Data — Safari makes it simple to remove cookies and Flash plug-in data, as well as information from databases, local storage, and the application cache.
Private AutoFill in Safari — Designed to help users fill out forms quickly while keeping personal information private. This is great feature, but will it be able to fight off carefully crafted XSS attacks?
While OS X Lion flaunts more than 250 new features, I thought it would be appropriate to run through them and highlight some of the security and privacy related features that would be of interest to a security-minded Mac users.
Some of the security and privacy related features in Mac OS X Lion that stand out most:
Enhanced runtime protection — Apple has improved Address space layout randomization (ASLR) for all applications and made it available for 32-bit apps (as are heap memory protections), making 64-bit and 32-bit applications more resistant to attack.
Application sandboxing — Sandboxing protects the system by limiting the kinds of operations an application can perform, such as opening documents or accessing the network. Sandboxing makes it more difficult for a security threat to take advantage of an issue in a specific application to affect the greater system.
Revamped FileVault Technology: FileVault 2 new provides Full Disk Encryption, Instant wipe and External Drive Support: Built in (but not activated by default) FileVault now allows users to encrypt the entire drive on a Mac, helping to keep data more and uses XTS-AES 128 encryption to secure data. With FileVault 2, an “instant wipe” feature removes the encryption key from the system instantaneously, making the data completely inaccessible.
Apple ID authentication for file sharing — An Apple ID can now be used to log in to a remote Mac for file sharing. If others need to access a folder on a Mac, users don’t have to create separate user accounts and only need to add their Apple IDs to the list of authorized users, allowing them to log in with their credentials.
File Sharing Privacy — When users share a document — through email, iChat, or AirDrop, for instance — only the current version is sent; all other versions remain on the system. This should be obvious functionality and not really considered a feature!
Encrypted Backups — Time Machine backups can be encrypted with FileVault 2.
Observe Only mode in Screen Sharing — A new “Observe Only” mode lets you watch a remote computer without controlling the mouse or trackpad movements so users don’t have to hand over full control of a system when collaborating on a project or demonstrating something to another user.
Removing all Web Site Data — Safari makes it simple to remove cookies and Flash plug-in data, as well as information from databases, local storage, and the application cache.
Private AutoFill in Safari — Designed to help users fill out forms quickly while keeping personal information private. This is great feature, but will it be able to fight off carefully crafted XSS attacks?
