Apple Changing Its Tune on Mac Security

Apple, which faced harsh criticism of its response to the massive Flashback exploit earlier this spring, appears to be changing its approach to security at a time when its Mac OS X operating system is getting more attention from cyber-criminals.

Some of it is in Apple’s messaging–the company recently quietly changed the pitch it had for Macs on its Website, saying now they are built to be safe and no longer that they are virus-free while in other ways it s more practical. For example, Apple reportedly is putting a new feature into its upcoming OS X 10.8 Mountain Lion operating system that will automatically update Macs with the latest security patches and protections.

In addition, at its Worldwide Developer Conference in June, Apple officials also talked about a new feature for their laptops called PowerNap, that will allow security updates to be downloaded even while the systems are in sleep mode.

Features such as these are getting some good responses from security experts, some of whom in the past have been critical of Apple’s somewhat tepid response to security.

This PowerNap feature , alongside the removal of requiring the user to give permission for a security patch to be installed, should ensure that more Macs are kept more up-to-date, Graham Cluley, senior technology consultant at security firm Sophos, said in a June 28 blog post. Anything which makes that attack window smaller has to be good news for Mac users. So, well done, Apple.

Security researchers have warned that with the popularity of Apple Internet-connected systems rising, the company can expect to see more interest from hackers and scammers. Even before the Flashback malware, there had been a rise in the number of attacks on Apple systems over the previous year, from Tsunami to the Mac Defender fake antivirus program.

However, it was the Flashback malware, which infected more than 600,000 Macs worldwide, that put the company and its security practices in the spotlight. The exploit targeted a vulnerability in Java that Oracle had patched for PCs in February, but that Apple didn’t patch until April, after many of those Macs already were infected.

To read the original eWeek article, click here: Apple Changing Posture on Security and Macs