{"id":5032,"date":"2014-11-10T12:19:11","date_gmt":"2014-11-10T17:19:11","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5032"},"modified":"2020-02-26T15:10:35","modified_gmt":"2020-02-26T15:10:35","slug":"security-features-in-apple-os-x-yosemite","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/security-features-in-apple-os-x-yosemite\/5032\/","title":{"rendered":"Security features in Apple OS X Yosemite"},"content":{"rendered":"

Apple\u00a0OS X Yosemite (10.10) has arrived, and it\u2019s time to look at what it\u2019s going to offer us from a security point of view. Apple has actually set up a\u00a0special page dedicated to security for OS X<\/a>\u00a0with a lengthy amount of text \u2013 there\u2019s a lot of it, but it\u2019s comprehensible and rather easy to read. Unfortunately, it doesn\u2019t say a lot about what features are new.<\/p>\n

First of all, Apple states, security was \u201cthe first thought. Not an afterthought.\u201d This is something that is extremely welcomed these days. Actually, it always has been, but not every developer has been thinking about building in security from the ground level. Apple does it right, or at least it says it does.<\/p>\n

Most of the security tools involved are given specific names \u2013 Gatekeeper, FileVault, etc. It\u2019s a marketing approach but it also helps to explain which tool does what. So, let\u2019s look at them.<\/p>\n

Gatekeeper<\/strong><\/p>\n

It\u2019s an old feature (presented in OS X Mountain Lion 10.8) that protects a Mac from malware and \u201cmisbehaving apps downloaded from the internet.\u201d It\u2019s similar in its purpose and behavior to the Windows User Account Control (UAC). In a nutshell, Gatekeeper checks whether the app, downloaded from other places rather than the Mac App Store, has the proper Developer ID. If it does not, it will not launch, unless the settings are changed. \"wide11\"<\/a> By default, Gatekeeper allows users to download apps from the Mac App Store as well as those with a Developer ID. Otherwise, they are blocked, but a manual override is possible. Other options include \u201cAnywhere\u201d (the least safe) and \u201cMac App Store\u201d (nowhere else; it\u2019s the highest security setting).<\/p>\n

FileVault 2<\/strong><\/p>\n

This\u00a0security tool encrypts the entire drive on a Mac, protecting the data with XTS-AES 128 encryption. Apple says that the initial encryption is fast and unobtrusive. It can also encrypt any removable drive, helping the user secure Time Machine backups or other external drives.<\/p>\n

RT @threatpost<\/a>: Mobile Device Encryption Could Lead to a \u2018Very, Very Dark Place\u2019 FBI Dir. Says http:\/\/t.co\/8aqN4R4IXc<\/a> #Crypto<\/a> #Surveillance<\/a><\/p>\n

\u2014 Kaspersky Lab (@kaspersky) 16 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2014<\/a><\/p><\/blockquote>\n

FileVault 2 also allows users to wipe all the data on the drive, and it is done in two stages. First, it kills the encryption keys from the Mac, which is supposed to make the data \u201ccompletely inaccessible,\u201d according to Apple. Then it proceeds with a thorough wipe of all data from the disk. So, those who would like to recover anything from that drive will have a lot of \u201cfun.\u201d As a way to secure sensitive data and keep it from getting into the wrong hands, it\u2019s extremely useful. As is next tool called\u2026<\/p>\n

Remote Wipe<\/strong><\/p>\n

This tool allows users to delete all of their\u00a0personal data and restore their\u00a0Mac\u2019s to the factory settings, if it has \u201cchanged the owner\u201d without the user\u2019s\u00a0consent. A milder option is to set a passcode lock remotely.<\/p>\n

#Security features in #Apple OS X #Yosemite<\/p>Tweet<\/a><\/blockquote>\n

iCloud.com and the Find My iPhone app on iOS devices, allow users to locate their missing Mac\u2019s on a map. If it is offline, then as soon as it makes a Wi-Fi connection, the user will get a message. There is also an option to display a message on the screen with information about how to return the missing computer.<\/p>\n

Passwords<\/strong><\/p>\n

The Safari Browser is equipped with Password Generator, which creates strong passwords for your online accounts. There\u2019s also iCloud Keychain that stores your logins and passwords (as well as your credit card information) with 256-bit AES encryption. iCloud also allows users to sync all usernames and passwords between Apple devices \u2013 Mac, iPhone, iPad and iPod touch.<\/p>\n

Privacy criticism hits OSX Yosemite over location data https:\/\/t.co\/UmOsSXHT8H<\/a> pic.twitter.com\/zB4rExnEYb<\/a><\/p>\n

\u2014 Eugene Kaspersky (@e_kaspersky) 20 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2014<\/a><\/p><\/blockquote>\n

This autofill option has just one setback: if someone unfriendly gets a chance to use your Mac in your absence, there may be\u00a0ramifications. Therefore, it is strongly recommended that users apply the Disable Automatic Login in their Security & Privacy settings.<\/p>\n

Privacy controls<\/strong><\/p>\n

These options allow (or disallow) certain apps to request your location data, with an explanation on how Location Services may interfere with privacy. There are also certain \u201cAccessibility\u201d tabs, which allow users to permit certain apps to \u201ccontrol your computer\u201d (an obvious counterpart to Windows \u2013 some applications, especially legacy ones, request a \u201cRun as an Administrator\u201d setting to get going). It\u2019s up to the user to decide what apps will have these privileges. While it is not necessarily affecting privacy on its own, it is certainly worth mentioning as an extra security feature.<\/p>\n

Apple shows the right direction for improving #security of OS X.<\/p>Tweet<\/a><\/blockquote>\n

Actually, Apple could have done even more with privacy: it appears as though Spotlight on Yosemite reports a user\u2019s current location (at the city level) and all of their search queries, by default, to Apple and third parties. To get rid of this, Spotlight Suggestions and Bing Web Searches should be disabled in System Preferences > Spotlight > Search Results. Spotlight Suggestions also require separate disabling\u00a0in Safari settings.<\/p>\n

Antiphishing<\/strong><\/p>\n

The tool (actually introduced quite some time ago) is in place. An increasingly common problem, phishing requires special countermeasures, and it\u2019s a good thing that Apple provides them.<\/p>\n

#Spam<\/a> in September: Financial #Phishing<\/a> Accounts for Highest Percent of Detections http:\/\/t.co\/vpLfxTUoKN<\/a> pic.twitter.com\/JoB7d8qPFd<\/a><\/p>\n

\u2014 Kaspersky Lab (@kaspersky) 23 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2014<\/a><\/p><\/blockquote>\n

Firewall<\/strong><\/p>\n

It\u2019s a basic tool that allows users to accept or deny incoming connections to your Mac by application. However, it doesn\u2019t provide outbound firewall protection, so it would be reasonable to install something more robust.<\/p>\n

Sandboxing and Core-level Protection<\/strong><\/p>\n

Here we have App Sandbox, a feature introduced in Mac OS X Lion 10.7; it is an isolated environment for the apps that could become harmful to the system. Interestingly, OS X delivers sandboxing protection in Safari by sandboxing the built-in PDF viewer and plug-ins such as: Adobe Flash Player, Silverlight, QuickTime, and Oracle Java \u2013 exactly the software that is among the most vulnerable and exploited.<\/p>\n

But also, OS X sandboxes apps like the the Mac App Store, Messages, Calendar, Contacts, Dictionary, Font Book, Photo Booth, Quick Look Previews, Notes, Reminders, Game Center, Mail, and FaceTime, so that nothing potentially malicious creeps in.<\/p>\n

A few simple tips for keeping your #Mac<\/a> secure and maintaining its hygiene http:\/\/t.co\/upPQ1sBfz5<\/a> via @e_Kaspersky<\/a><\/p>\n

\u2014 Kaspersky Lab (@kaspersky) 29 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2014<\/a><\/p><\/blockquote>\n

Here we also have run time protection at the core level: it is built into the processor XD (execute disable) feature that \u201ccreates a strong wall between memory used for data and memory used for executable instructions.\u201d According to Apple\u2019s description, this protects against malware that attempts to trick the Mac into treating data the same way it treats a program in order to compromise your system.<\/p>\n

Also, Address Space Layout Randomization (ASLR) is used for the memory used by the kernel, randomly arranging the positions of key data areas of every program. This technique protects from certain attacks (such as buffer overflows) by making it more difficult for an attacker to predict target addresses. Apple introduced randomization for system libraries with Mac OS X Leopard 10.5, and expanded it to the entire system with Mountain Lion 10.8 in July 2012. So it is there for the time being.<\/p>\n

WireLurker is no more. #WireLurker<\/a> is gone: https:\/\/t.co\/yjdK4xgX06<\/a> pic.twitter.com\/gSGd2tSELf<\/a><\/p>\n

\u2014 Eugene Kaspersky (@e_kaspersky) 7 \u043d\u043e\u044f\u0431\u0440\u044f 2014<\/a><\/p><\/blockquote>\n

Judging by the features listed above Apple made an effort to make OS X more secure, and apparently will keep doing so. This shows that Apple is moving in the right direction by addressing cybersecurity problems and diminishing the possible attack surfaces through various means and tools, both basic and advanced. It doesn\u2019t, however, mean that it is an \u201cabsolutely\u201d protected operating system \u2013 unfortunately, there are no such systems. Moreover, the number of threats targeting OS X, specifically, is growing<\/a> as is the number of Mac users. This certainly has drawn the attention of criminals, who are looking into vulnerabilities and occasionally finding them.<\/p>\n","protected":false},"excerpt":{"rendered":"

Let’s take a look at the security features in the new version of Mac OS X – Yosemite. Apple certainly makes a decent effort. <\/p>\n","protected":false},"author":40,"featured_media":5033,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2026],"tags":[14,804,34,221,114,187,76,97,827],"class_list":{"0":"post-5032","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-apple","9":"tag-apple-security","10":"tag-mac","11":"tag-mac-security","12":"tag-os-x","13":"tag-passwords","14":"tag-phishing","15":"tag-security-2","16":"tag-yosemite"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/security-features-in-apple-os-x-yosemite\/5032\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/security-features-in-apple-os-x-yosemite\/4340\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/security-features-in-apple-os-x-yosemite\/4269\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/security-features-in-apple-os-x-yosemite\/4795\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/security-features-in-apple-os-x-yosemite\/6074\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/security-features-in-apple-os-x-yosemite\/6598\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/security-features-in-apple-os-x-yosemite\/5441\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/security-features-in-apple-os-x-yosemite\/6074\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/security-features-in-apple-os-x-yosemite\/6598\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/security-features-in-apple-os-x-yosemite\/6598\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/apple\/","name":"apple"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5032"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5032\/revisions"}],"predecessor-version":[{"id":19152,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5032\/revisions\/19152"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/5033"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}