BH 2011: Macs in the age of the APT


Hello everyone, I have the privilege of being the only Naked Security writer attending this year’s Black Hat conference in sunny Las vegas.

Black Hat 2011 logo

This also means I have the honor of trying to provide you with the most interesting developments presented at the event.

This morning I attended an interesting presentation titled "Macs in the age of the APT" by Alex Stamos, Aaron Grattafiori and Tom Daniels. The presenters prepared a detailed comparison of current Windows and Mac technologies, defenses and tools available on both platforms.

OS X LionWhile my conclusion may not be an exact match to the researchers, what I heard suggested that attackers who are truly looking to make advanced intrusions into networks undetected would be foolish to focus all of their efforts on Windows.

While OS X Lion 10.7 makes a lot of improvements to technologies like ALSR and DEP, Apple is still playing catch-up to Microsoft on advanced defensive technologies.

There are many default services and technologies enabled by default on OS X that could make life easier for a determined attacker. OS X as a platform also has a lot less tools and security focused applications available that might detect an attack in progress, a topic touched on by the authors.

Network administrators who have Macs in their environments, which most of us do, need to start thinking about how to monitor and secure these computers so they do not become a perfect hiding place for spies and hackers.