{"id":2798,"date":"2014-10-31T15:00:02","date_gmt":"2014-10-31T15:00:02","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=2798"},"modified":"2020-02-26T10:57:00","modified_gmt":"2020-02-26T15:57:00","slug":"security-features-in-mac-os-x-yosemite","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/security-features-in-mac-os-x-yosemite\/2798\/","title":{"rendered":"Security features in Mac OS X Yosemite"},"content":{"rendered":"<p>Mac OS X Yosemite (10.10) has arrived, and it\u2019s time to look at what it\u2019s going to offer us from the security point of view. Apple has actually set up a <a href=\"http:\/\/www.apple.com\/osx\/what-is\/security\/\" target=\"_blank\" rel=\"noopener nofollow\">special page dedicated to security for Mac OS X<\/a> with lengthy text \u2013 there\u2019s a lot of it, but it\u2019s comprehensible and rather easy to read. However, it doesn\u2019t say a lot about what features are new.<\/p>\n<p>First of all, Apple states, security was \u201cthe first thought. Not an afterthought\u201d. This is something extremely welcomed these days. Actually, it always has been but not every developer has been thinking about building in security from the ground up. Apple does it right, or at least it says it does.<\/p>\n<p>Most of the security tools involved have a specific name \u2013\u00a0 Gatekeeper, FileVault. It\u2019s a marketing approach but it also helps to explain which does what.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>#Security features in #Mac OS X Yosemite<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fr44J&amp;text=%23Security+features+in+%23Mac+OS+X+Yosemite+\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>So, let\u2019s look at them.<\/p>\n<p><strong>Gatekeeper<\/strong><\/p>\n<p>It\u2019s an old (presented in Mac OS X Mountain Lion 10.8) feature protecting Mac from malware and \u201cmisbehaving apps downloaded from the internet\u201d.<\/p>\n<p>It\u2019s similar in its purpose and behavior to the Windows User Account Control (UAC). In a nutshell, Gatekeeper checks whether the app downloaded from other places rather than Mac App Store has the proper Developer ID. If it does not, it won\u2019t launch, unless setting are changed.<\/p>\n<p>By default (unlike OS X Lion v10.7.5, for instance) Gatekeeper allows users to download apps from the Mac App Store and those signed with a Developer ID. Otherwise it\u2019s blocked, but manual override is possible.<\/p>\n<p>Other options include \u201cAnywhere\u201d (the least safe) and \u201cMac App Store\u201d (nothing else; it\u2019s the high security setting).<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/11\/06042219\/wide11.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-2800\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/11\/06042219\/wide11.png\" alt=\"wide1\" width=\"640\" height=\"521\"><\/a><\/p>\n<p><strong>\u00a0FileVault 2<\/strong><\/p>\n<p>Yet another security tool, it encrypts the entire drive on Mac, protecting the data with XTS-AES 128 encryption. Apple says that initial encryption is fast and unobtrusive. It can also encrypt any removable drive, helping the user secure Time Machine backups or other external drives.<\/p>\n<p>FileVault 2 also allows users to wipe all the data on the drive, and it\u2019s done in two stages. First, it kills the encryption keys from the Mac, which is supposed to make the data \u201ccompletely inaccessible\u201d, according to Apple. Then it proceeds with a thorough wipe of all data from the disk. So those who would like to recover anything from that drive will have a lot of \u201cfun\u201d. As a way to secure the sensitive data from getting into the wrong hands, it\u2019s extremely useful. As is\u2026<\/p>\n<p><strong>Remote Wipe <\/strong><\/p>\n<p>This allows users to delete all your personal data and restore your Mac to its factory settings, if it has \u201cchanged the owner\u201d without your consent. The milder option is to set a passcode lock remotely.<\/p>\n<p>iCloud.com and Find My iPhone app on iOS devices allow users to locate their missing Mac on a map. And if it is offline, as soon as it makes a Wi-Fi connection you\u2019ll get a message. There is also an option to display a message on the screen with information about how to return the missing computer.<\/p>\n<p><strong>Passwords<\/strong><\/p>\n<p>The Safari Browser is equipped with Password Generator that creates strong passwords for your online accounts.<\/p>\n<p>There\u2019s also iCloud Keychain that stores your logins and passwords (as well as your credit card information) with 256-bit AES encryption. iCloud also allows users to sync all usernames and passwords between Apple-produced devices \u2013 Mac, iPhone, iPad and iPod touch.<\/p>\n<p>This autofill has just one setback: if someone unfriendly gets a chance to use your Mac in your absence, it may have ramifications. So it is strongly recommended that users apply the Disable Automatic Login in their Security &amp; Privacy settings.<\/p>\n<p><strong>Privacy controls<\/strong><\/p>\n<p>These options allow (or disallow) certain apps to request your location data, with an explanation on how Location Services may interfere with privacy.<\/p>\n<p>There are also certain \u201cAccessibility\u201d tabs, which allow users to permit certain apps to \u201ccontrol your computer\u201d (an obvious counterpart to Windows \u2013 some applications, especially legacy ones, request a \u201cRun as an Administrator\u201d setting to get going). It\u2019s up to a user to decide what apps will have these privileges. While it is not necessary affecting privacy on its own, as an extra security feature it is definitely worth mentioning.<\/p>\n<p>Actually Apple could have done more with privacy: it appears that Spotlight on Yosemite by default reports user\u2019s current location (at the city level) and all their search queries to Apple and third parties. To get rid of it, Spotlight Suggestions and Bing Web Searches should be disabled in System Preferences &gt; Spotlight &gt; Search Results. Spotlight Suggestions also require disabling separately in Safari settings.<\/p>\n<p><strong>Antiphishing<\/strong><\/p>\n<p>The tool (actually introduced quite some time ago) is in place. An increasingly common problem, phishing requires special countermeasures, and it\u2019s a good thing that Apple gives them.<\/p>\n<p><strong>Firewall<\/strong><\/p>\n<p>It\u2019s a basic tool that allows users to accept or deny incoming connections to your Mac by application.<\/p>\n<p>It does not, however, provide outbound firewall protection, so it would be reasonable to install something more robust.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Apple shows the right direction for improving #security of Mac OS X.<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fr44J&amp;text=Apple+shows+the+right+direction+for+improving+%23security+of+Mac+OS+X.\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Sandboxing and Core-level Protection<\/strong><\/p>\n<p>Here we have App Sandbox, a feature introduced in Mac OS X Lion 10.7; an isolated environment for the apps that may turn harmful to the system. Interestingly, OS X delivers sandboxing protection in Safari by sandboxing the built-in PDF viewer and plug-ins such as Adobe Flash Player, Silverlight, QuickTime, and Oracle Java \u2013 exactly the software that is among the most vulnerable and exploited.<\/p>\n<p>But also OS X sandboxes apps like the Mac App Store, Messages, Calendar, Contacts, Dictionary, Font Book, Photo Booth, Quick Look Previews, Notes, Reminders, Game Center, Mail, and FaceTime, so that nothing potentially malicious creeps in.<\/p>\n<p>Here we also have run time protection at the core level: built into the processor XD (execute disable) feature that \u201ccreates a strong wall between memory used for data and memory used for executable instructions\u201d. According to Apple\u2019s description, this protects against malware that attempts to trick the Mac into treating data the same way it treats a program in order to compromise your system.<\/p>\n<p>Also Address Space Layout Randomization (ASLR) is used both for the memory used by the kernel, randomly arranging the positions of key data areas of every program. This technique protects from certain attacks (such as buffer overflow) by making it more difficult for an attacker to predict target addresses.<\/p>\n<p>Apple introduced randomization for system libraries with Mac OS X Leopard 10.5, and expanded it to the entire system with Mountain Lion 10.8 in July 2012. So it is there for the time being.<\/p>\n<p>Judging by the features listed above Apple made an effort to make Mac OS X secure, and apparently will keep doing so. It shows Apple is moving in the right direction by addressing cybersecurity problems and diminishing the possible attack surface by various means and tools, both basic and advanced.<\/p>\n<p>It doesn\u2019t, however, mean that it is an \u201cabsolutely\u201d protected operating system \u2013 there are no such systems , unfortunately. Moreover, the number of threats targeting Mac OS X, specifically, is <a href=\"https:\/\/www.kaspersky.com\/blog\/threats-mac-ig\/\" target=\"_blank\" rel=\"noopener nofollow\">growing<\/a> as does the number of Mac users. This certainly has drawn the attention of criminals, who are looking into vulnerabilities and occasionally finding them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We&#8217;re taking a look at the security features in the new version of Mac OS X &#8211; Yosemite. Apple makes a decent effort.<\/p>\n","protected":false},"author":209,"featured_media":15887,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[1946,97,2212],"class_list":{"0":"post-2798","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-macos","10":"tag-security-2","11":"tag-security-features"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/security-features-in-mac-os-x-yosemite\/2798\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/security-features-in-mac-os-x-yosemite\/2798\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/security-features-in-mac-os-x-yosemite\/2798\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/macos\/","name":"macOS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2798"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2798\/revisions"}],"predecessor-version":[{"id":33364,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2798\/revisions\/33364"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15887"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}