Apple to ramp up security in OS X 10.7 Lion?
Apple is releasing beta builds of OS X 10.7 Lion to select individuals, including some notable security experts and critics, suggesting the company is focusing on security in the next OS.
As part of the latest round of hardware updates and announcements from Apple, the company has released a beta preview version of OS X 10.7 Lion to a number of Mac users. The distribution to various Mac users seems to be rather random, with some new switchers receiving invitations in addition to those who have used OS X for a while. Despite this, Apple does seems to be targeting a few sources that may help them develop the system in specified areas, including its security components by inviting some notable security experts who have criticized OS X's security shortcomings in the past.
It appears that as OS X develops and becomes more popular, Apple is showing an increasing effort to keeping the system secure. While the correlation of popularity and the potential for increased malware and attacks on a system has been a source of argument, it is one train of thought. As OS X becomes implemented into corporate structure and homes, the platform will be a larger target for malware developers who wish to exploit its bugs and vulnerabilities. To combat any potential threats from this or other reasons for attacks, Apple seems to be taking a proactive stance to beef up the security of the OS.
In past versions of OS X Apple implemented software firewalls, virtual memory encryption, and personal data security options (encrypted disk images and home directories). In more recent versions, Apple began experimenting with more active malware detection and blocking options such as incorporating Google's Safe Browsing into Safari, and including the XProtect feature in Snow Leopard which appeared to be the start of an in-house malware scanner by Apple, which so far has only been used to check downloaded disk images.
As part of the ongoing security implementations in OS X, Apple is expected to incorporate more memory address randomization, which stores active processes in random locations in memory and making it harder for exploits (especially common ones like buffer overflows) to successfully run. Currently this is done for system components, but it may be implemented for third-party applications and tools that users install and run. In addition, Apple has advertised process sandboxing as a major part of OS X's security options, and we expect that a greater degree of it will show up in OS X 10.7.
In terms of the foreground security options that users can interact with, Apple may surprise us with new features, but even without any new changes there will at least be tweaks to the built-in firewall, Filevault, and log-in session limitations that we currently see in OS X Snow Leopard.
Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.