BH 2011: Macs in the age of the APT

Filed Under: Apple, OS X

Hello everyone, I have the privilege of being the only Naked Security writer attending this year's Black Hat conference in sunny Las vegas.

Black Hat 2011 logo

This also means I have the honor of trying to provide you with the most interesting developments presented at the event.

This morning I attended an interesting presentation titled "Macs in the age of the APT" by Alex Stamos, Aaron Grattafiori and Tom Daniels. The presenters prepared a detailed comparison of current Windows and Mac technologies, defenses and tools available on both platforms.

OS X LionWhile my conclusion may not be an exact match to the researchers, what I heard suggested that attackers who are truly looking to make advanced intrusions into networks undetected would be foolish to focus all of their efforts on Windows.

While OS X Lion 10.7 makes a lot of improvements to technologies like ALSR and DEP, Apple is still playing catch-up to Microsoft on advanced defensive technologies.

There are many default services and technologies enabled by default on OS X that could make life easier for a determined attacker. OS X as a platform also has a lot less tools and security focused applications available that might detect an attack in progress, a topic touched on by the authors.

Network administrators who have Macs in their environments, which most of us do, need to start thinking about how to monitor and secure these computers so they do not become a perfect hiding place for spies and hackers.

, , , ,

You might like

3 Responses to BH 2011: Macs in the age of the APT

  1. Saphira · 1527 days ago

    A little more detail on what these vulnerabilities are would be really helpful for those of us who own Macs (at home) and can't get to the conference!

  2. Ste · 1526 days ago

    ALSR = ASLR?

  3. artfrankmiami · 1526 days ago

    I don't understand why all browsers and systems have alerts pop-up as a default that strange things are happening in the background.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on as Chester, Chester Wisniewski on Google Plus or send him an email at