Mac OS X Leopard Security Features

Neben meinen Windows-Laptops habe ich lange Zeit auch mit einer Reihe anderer Maschinen gearbeitet. Neben diversen Linuxdistributionen wären das zum Beispiel eine Ultra5 (Sun Solaris), eine SGI Indy (erst IRIX, später Debian Linux for MIPS) und auch ein Apple Powerbook. Daher interessiert mich neben unseren eigenen Technologien natürlich auch die Weiterentwicklung der Konkurrenz.

Apple hat nun die 300+ New Features ihres neuen Betriebsystems Mac OS X Leopard veröffentlicht. Wenn man sich den Security-Bereich anschaut, trifft man eine Reihe interessanter Technologien:

  • Tagging Downloaded Applications

    Protect yourself from potential threats. Any application downloaded to your Mac is tagged. Before it runs for the first time, the system asks for your consent — telling you when it was downloaded, what application was used to download it, and, if applicable, what URL it came from.

  • Signed Applications

    Feel safe with your applications. A digital signature on an application verifies its identity and ensures its integrity. All applications shipped with Leopard are signed by Apple, and third-party software developers can also sign their applications.

  • Application-Based Firewall

    Gain more control over the built-in firewall. Specify the behavior of specific applications to either allow or block incoming connections.

  • Stronger Encryption for Disk Images

    Give your data even more security. Disk Utility now allows you to create encrypted disk images using 256-bit AES encryption.

  • Sandboxing

    Enjoy a higher level of protection. Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what they’re intended to do. It restricts an application’s file access, network access, and ability to launch other applications. Many Leopard applications — such as Bonjour, Quick Look, and the Spotlight indexer — are sandboxed so hackers can’t exploit them.

  • Enhanced Smart Card Capabilities

    Let your smart card do more. Now you can use a smart card to unlock FileVault volumes and your keychain, and configure your Mac to lock the screen when a smart card is removed. Leopard supports the PIV standard for Federal employees and contractors.

  • Library Randomization

    Defend against attackers with no effort at all. One of the most common security breaches occurs when a hacker’s code calls a known memory address to have a system function execute malicious code. Leopard frustrates this plan by relocating system libraries to one of several thousand possible randomly assigned addresses.

  • Windows SMB Packet Signing

    Enjoy improved compatibility and security with Windows-based servers.

Geht es nur mir so oder kommt einem das aus der Windows-Welt nicht irgendwie vertraut vor? Man könnte fast auf die Idee kommen, zu fragen: "Who's got the photocopiers now?" ;-)