Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Windows vs. Mac OS: Who’s Better Protected Against APTs?

APTs on Macs

The specter of advanced persistent threats (APTs) hangs over a growing number of conversations these days about enterprise security, and has prompted businesses to take a closer look at how they can make their environments less vulnerable.

APTs on Macs

The specter of advanced persistent threats (APTs) hangs over a growing number of conversations these days about enterprise security, and has prompted businesses to take a closer look at how they can make their environments less vulnerable.

For some, this has reignited discussions about how the security of Apple’s Mac OS X stacks up against Microsoft Windows. Mac computers have, after all, traditionally been relatively free of malware when compared to Windows-based PCs. But a presentation today at the Black Hat security conference in Las Vegas made it clear the answer to the question is not clear cut.

Mac. Vs. Windows - Enterprise SecurityBoth platforms have their pros and cons, explained Alex Stamos, co-founder of IT security consultancy iSEC Partners, but when it comes to APT, the Mac’s defenses are weak at a key phase of these types of cyber-assaults. Once attackers are on the network, they can take advantage of weak authentication schemes used by many of Apple’s server protocols to escalate privileges and wreak havoc, he argued.

Network privilege escalation is at the heart of APT, Stamos said, particularly because any organization with thousands of people has at least one employee “dumb enough” to be duped into running malware. As recent the breach at EMC’s RSA security division showed, all it takes is a piece of malicious software and the right amount of social engineering to successfully execute an attack.

The step – where attackers on the network seek to obtain higher privileges – is the step that “you can monitor; the step you can harden,” Stamos said. “But unfortunately on Mac, it’s also the step that’s pretty much trivial for attackers.”

Apple did not respond to a request for comment about the presentation. However, Stamos and fellow iSEC presenters Paul Youn and William “B.J.” Orvis pointed out that Apple has made some efforts to bolster protections for its operating system in recent years. Among them, the introduction of data execution prevention (DEP) in 2006 as well as the improved implementation of address space layout randomization (ASLR) in Mac OS X 10.7. When it comes to these features, as well as technologies meant to prevent local privilege escalation, Mac OS X 10.7 is on par with Windows 7 in the fight against APTs, Stamos contended.

Some of the challenges facing Mac users however may be less technical and more psychological. For example, Apple users have been conditioned to think of themselves as safe, and are therefore less likely to run antivirus and more likely to run applications that are unsigned, argued Youn, senior security consultant with iSEC.

In addition, attackers in an APT scenario are “looking for a user who doesn’t have the strongest appreciation for security,” Youn said.

The trio’s presentations comes on the heels of a new report from RSA, contending APTs are now targeting a broad range of private sector organizations to steal intellectual property and other proprietary data.

Advertisement. Scroll to continue reading.

“Cyber criminals have aggressively shifted their targets and tactics,” said Art Coviello, executive chairman of RSA, in a statement announcing the release of the report earlier this week. “In the never-ending war for control of the network, the battle must be fought on many different fronts. All organizations are part of the greater ecosystem of information exchange and it is everyone’s responsibility to build and protect that exchange.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...