Researchers give Leopard security low marks
"Almost all plug-ins abuse input managers," said Ptacek, who agreed with Mogull and tagged Leopard's lock-down as a smart move. "They've been used by the good guys, but they could also be a really bad way for attackers to backdoor a Mac. Fortunately, Leopard's made it a lot harder to install them."
Other moves by Apple on security, said Ptacek, include Leopard's new sandboxing, which let the company's developers restrict applications' actions, such as what network access they're allowed or what other programs they can communicate with. While applauding the effort -- "sandboxes are better in some ways than what Vista provides," he said -- Apple's follow-through was dismal. "Almost nothing you care about is sandboxed," Ptacek argued, pointing out that Safari, iChat and Mail, the three applications most often exposed to malware, or used as an attack vector, are not sandboxed.
Nor has Apple documented the feature. "You can't officially use this API to secure your own code [and] we can't read their code or specifications to test whether it's secure," Ptacek said.
Mogull, meanwhile, pegged an application not even on Leopard's list as the best thing in the new operating system for security. "The most material to security is Time Machine," he said, talking about Leopard's new automated backup and restore software. "IT security always talks about confidentiality, integrity and availability [of data]. Time Machines really makes backup, the availability part of that, accessible to any user, even my mom."
But those few bright spots are overwhelmed by features Mogull and Ptacek called "a mess" or "easily breakable."