The safe move by Macintosh owners may be to decrypt any encrypted files before upgrading to Lion because of Apple's changes in the encryption mechanism in the latest edition of Mac OS X, according to a security specialist.
Apple has added a number of
new privacy and security features into the latest version of the Mac operating
system, expected by the end of July.
OS X Version 10.7,
code-named "Lion," has over 250 new features,
including more controls over user privacy and security capabilities to keep
users safe. The new operating system is expected in July, but no one knows the exact
Endpoint security vendor
Safend offers several kinds of security protection to data, including
encryption, controlling whom the file can be shared with and identifying user-access
rights. While developing their security tools for Mac OS X Lion, the Safend
team identified certain changes that could affect how people work with the new
operating system, Edy Almer, Safend vice president of marketing and business
development, told eWEEK.
Apple has revamped its
approach to encryption, so users should be careful when upgrading from "Snow
Leopard" to "Lion." If they have encrypted any files using File
vault or other encryption tools, they should first decrypt the file before
running the upgrade process, Almer advised. Once the operating system has finished
the upgrade process and the user has ensured everything was working correctly,
then it would "be safer" to re-encrypt the files, Almer said.
Apple made some changes to
the way it implemented encryption in Lion, according to Almer, but he didn't
know exactly what those changes were. He said there wasn't a lot of
documentation available at the moment on the way the new encryption scheme
"Whenever you aren't
sure what changed in an encryption product, it's safer to do the upgrade without
it running," Almer said.
In previous versions of the
Mac OS X, encryption was handled on a file-by-file basis. The operating system
did not offer a way to fully encrypt the disk. That hasn't changed in Lion,
according to Almer. However, under Lion, users would be able to encrypt their
Time Machine backups as well.
According to Apple, the ASLR
(address space layout randomization) has been improved for all applications so
that it would be harder for attackers to target the 64-bit applications.
"The kernel is
definitely 64-bit," Almer said. All the drivers now must be 64-bit or it
won't work on Lion, he said, calling this a "big change for anyone who
develops" for the Mac platform. Up until now, it was "optional"
to have 64-bit, but now it will be "mandatory," Almer said.
For privacy, Lion features a
new Privacy pane, a central location for enabling and disabling location
services and data collection as well as designating which applications have
access to the location information. An icon appears in the menu bar whenever
the application requests the information, making it easy for users to identify
what the app is doing.
Apple also has improved its
sandbox technology so Websites and applications are isolated from each other
and from the operating system. Malicious Websites and applications are automatically
trapped within the sandbox and unable to access the data stored elsewhere on
Apple is still very
consumer-focused and Lion reflects that, Almer said. The goal is to make
everything easier and more straightforward. To that end, Apple has moved a lot
of housekeeping and system tasks to automatically run in the background.
Editor's Note: This story
was updated to reflect the correct title of Safend executive Edy