In advance of Friday's general release of Apple Mac OS X Leopard, Apple has posted a variety of preview pages, one of which details new security features.
In Apple's preview, the Cupertino vendor cites 11 specific enhancements that should make Leopard more secure than Tiger.
Library randomization: This is huge. The technology behind this, address space layout randomization (ASLR), randomly arranges the positions of key data areas. This prevents malware authors from predicting the targeted memory addresses for buffer overflows and malware exploitation. Windows Vista includes ASLR.
Sandboxing: Sandboxing allows applets to run without interfering with the overall system, then terminate when the application shuts down. Apple says "many Leopard applications--such as Bonjour, Quick Look, and the Spotlight indexer--are sandboxed so hackers can't exploit them." Missing from the list, however, is the Apple Internet browser, Safari, which, of all the applications listed, needs sandboxing most of all.
Tagging downloads: Before Leopard executes a download, it will ask for your consent first by telling you when a file was downloaded, what application was used to download it, and, if applicable, what URL it came from. Hopefully no more drive-by downloads.
Application-based firewall: This will allow users to specify the behavior of individual applications.
Stronger encryption for Disk images: With 256-bit AES encryption, Disk Utility will provide stronger encryption for Mac OS disk images.
Sharing and collaboration configuration: Leopard will make it easier to share and control who has access to your folders over a network.
Signed applications: All applications designed for Leopard will be signed by either Apple or third-party developers.
Enhanced VPN client compatibility: Leopard will support Cisco Group Filtering as well as DHCP over PPP.
Multiple user certificates: Leopard provides a digital certificate for encrypting e-mail messages.
Enhanced smart card capabilities: According to Apple, "now you can use a smart card to unlock FileVault volumes and your keychain, and configure your Mac to lock the screen when a smart card is removed."
Windows SMB packet signing: According to Apple, "enjoy improved compatibility and security with Windows-based servers."
This article was originally a blog post on CNET News.com.
Play video
There are currently no comments for this post.