- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Radicati Market Quadrant 2008 on Corporate Web Security
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Mobile Solutions Deliver Improved Efficiency to Star Track Express
Did you GET the memo? Getting you from Web 1.0 to Web 2.0 Security
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
Dude! You Say I Need an Application-Layer Firewall?!
Wireless LANs: Is my enterprise at risk?
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
As Apple continues to grow its worldwide market share and the company's products find their way into more business environments, attackers are certain to follow and create greater volumes of exploits aimed at vulnerabilities in the company's software, security experts contend.
According to industry analyst firm Gartner, Apple shipped just over 1 million Mac OS X-based computers during the fourth quarter of 2007, a gain of 227,000 over the fourth quarter of 2006. The analyst firm reported that Apple's U.S. market share for 2007 jumped by 28 percent compared to 2006, rising to just over 6 percent.
And with Apple CEO Steve Jobs stating at last week's Macworld Expo and Conference that the company has already sold 4 million iPhones and 5 million copies ofLeopard (Mac OS X 10.5), its latest OS, since launching the products last year, the company's prospects look stronger than ever.
However, malware researchers and industry analysts warn that as the sheer number of Apple end-point devices in use worldwide rise, so will the security concerns tied to the company's products.
"It's hard to get around market share. At the end of the day, malware writers don't care what operating system you are using; it's about whether or not you have valuable information on your machine and whether there is an opportunity to take advantage of it," said David Marcus, security research manager for McAfee's Avert Labs group.
"Microsoft Windows has been targeted so aggressively because it has a much broader deployment than the Mac OS," he said. "But the malware authors watch trends just like everyone else, and they know more people are considering a move to Apple, including government institutions and businesses; if it makes financial sense to go after that opportunity at some point, they will move in that direction."
The Mac's vulnerabilities
In some cases, attackers will seek to exploit vulnerabilities such as currently unpatched flaws in Apple's QuickTime multimedia player application. In other cases, malware writers will use threats based more on social engineering, such as with the MacSweeper rogue cleanup tool that appeared during Macworld Expo, the researcher said.
MacSweeper serves as evidence that developers -- both credible and not -- have already begin to turn more of their attention to Apple platforms, anticipating Mac users' security fears, Marcus said. Although MacSweeper is pitched by its creators as a utility for cleaning malware programs and other unwanted software off of Mac OS computers, it has proven to do almost nothing of the sort, despite its US$40 asking price.
David Maynor, chief technology officer of research and consulting firm Errata Security, said that one area where attackers may seek to assail the Mac OS is via flaws found in some of the older open source libraries of software code used in the platform.
Apple also typically lags in patching issues found in those code libraries, such as with the Samba networking protocol used in the company's Mac OS X.
Even when the Samba open source community has created a fix for a known security issue, it often takes Apple three to four months to introduce a related patch for its products, giving any attackers looking to subvert Mac systems a lengthy window of opportunity to do so, Maynor maintained.
"If someone has a list of these open source security issues in the projects included in Mac OS, they could use that against OS X users," said Maynor. "Samba is a perfect example, as there is generally a large window there."
A rise in underground malware activityMaynor said that he observed an increase in Apple-related activity in the underground malware research community last year around several previous QuickTime vulnerabilities.
"It's not that the number of Mac vulnerabilities is rising. If you look at their own security archives, you'll see that there were always a lot that were reported, but no one cared in the past," Maynor said. "One of the problems is that a lot of users buy into the misconception that Mac OS is more secure because of Apple's development process, but that's not really the case. Some people also feel that they are protected by Apple's smaller market share, but with more of these computers out there, more attention is being paid to it."
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Web 2.0 applications are all the rage, offering us tremendous value when it comes to collaboration and communication. They also open us up to new kinds of attacks however, and can cause problems in keeping systems and data secure. Read on to learn about the new attack methods and how you can defend yourself and your business.
