Plugging Holes

I’ve always thought it was an act of hubris for Macintosh fans to brag too loudly about the allegedly more secure construction of Mac OS X, but I secretly enjoyed it, too. Compared to the onslaught of malicious forces consistently threatening the Windows platform, managing a Mac OS X system is like living in a gated community. I rarely have to worry about viruses, worms or exploits, and that has been a huge part in making the user experience so much consistently better than Windows.

This past week, though, saw the revelation of some pretty serious securities holes in the operating system’s help, disks and telnet protocols. It seems like the real deal, and I have taken the appropriate steps to protect my system: I’ve installed Security Update 2004-05-24, to begin with. I’ve also followed the advice of John Gruber and disabled the ‘disk:’, ‘disks:’, ‘help:’ and ‘telnet: protocols using RCDefaultApp, available free from Rubicode. It’s a pretty simple process.

Of course, this shatters the whole illusion that the Macintosh is somehow exempt from the ugly nature of today’s security threats, even if these exploits have yet to have been discovered in ‘the wild.’ The ideal model of a system that truly requires no user management of security issues is probably something that, while not being impossible, is a long way off. I still say though that the Macintosh is the closest we have.