Interesting. Actual guides are located here:
http://www.apple.com/support/security/guides/
CB
David Poehlman wrote:
Apple has released a security guide for its Mac OS X 10.5 Leopard operating
system, with more than 200 pages of details and a focus on advanced users or
system administrators.
The guide, released on Monday, arrives at a time when OS X is coming to the
attention of a wider user base. This in turn has spurred increased interest
in the security aspects of the software, according to industry analysts.
The guide, available from Apple's website in PDF form, is aimed at advanced
users familiar with the Terminal command-line interface, Apple warned, but
also includes general security tips.
"Some instructions in this guide are complex, and deviation could cause
serious adverse effects on the computer and its security," Apple said in the
guide's introduction. "These instructions should only be used by experienced
Mac OS X users, and should be followed by thorough testing."
Topics covered include securing the system administrator account, using Open
Directory, using strong authentication, secure installation, services
configuration and security in a number of popular applications, as well as
more esoteric topics such as Xgrid Sharing, library randomization, and the
use of smart cards to protect encrypted storage devices.
According to Apple, Leopard includes a number of significant security
improvements, including a feature that marks downloaded applications to
protect against Trojan horses, stronger runtime security, simplified network
security, and improved support for secure connections such as virtual
private networks.
In the guide Apple also called attention to the fact that its approach to
security alerts has taken exactly the opposite path to that of Windows Vista
with its notorious User Account Control feature.
"Mac OS X v10.5 minimizes the number of security alerts that you see, so
when you do see one, it gets your attention," Apple said in the guide.
Last week Apple released a large update including nearly 70 stability,
compatibility, and security improvements and fixes. Apple also tucked eight
fixes for iCal, its personal scheduling program, into the update, but did
not patch the three security vulnerabilities disclosed a week ago by Core
Security Technologies.
The three iCal bugs, which were reported to Apple in January 2008, were
revealed last Wednesday by Core after it had repeatedly been asked by Apple
to delay publishing its findings. Core decided to unveil the vulnerabilities
after Apple again postponed its patches.
The large update and the increased attention from organizations such as Core
shows that Apple has become a more significant presence in the PC market, in
part because of its iPhone smart phone, which also runs Mac OS X.
"The fact that OS X is now on the radar of both the security vendors and the
bad guys indicates that the OS has become a 'worthy' target," said Ovum
analyst Mike Davis in a bulletin published this week.
__________________________________________________________
