In advance of Friday's general release of Apple Mac OS X Leopard, Apple has posted details of 11 new security features in the new operating system intended to make Leopard more secure than Tiger.
Library randomisation: The technology behind this, address space layout randomisation (ASLR), randomly arranges the positions of key data areas. This prevents malware authors from predicting the targeted memory addresses for buffer overflows and malware exploitation. Windows Vista includes ASLR.
Sandboxing: Sandboxing allows applets to run without interfering with the overall system, then terminate when the application shuts down. Apple says "many Leopard applications--such as Bonjour, Quick Look, and the Spotlight indexer--are sandboxed so hackers can't exploit them." Missing from the list, however, is the Apple Internet browser, Safari.
Tagging downloads: Before Leopard executes a download, it will ask for your consent first by telling you when a file was downloaded, what application was used to download it, and, if applicable, what URL it came from.
Application-based firewall: This will allow users to specify the behavior of individual applications.
Stronger encryption for Disk images: With 256-bit AES encryption, Disk Utility will provide stronger encryption for Mac OS disk images.
Sharing and collaboration configuration: Leopard will make it easier to share and control who has access to your folders over a network.
Signed applications: All applications designed for Leopard will be signed by either Apple or third-party developers.
Enhanced VPN client compatibility: Leopard will support Cisco Group Filtering as well as DHCP over PPP.
Multiple user certificates: Leopard provides a digital certificate for encrypting e-mail messages.
Enhanced smart card capabilities: According to Apple, "now you can use a smart card to unlock FileVault volumes and your keychain, and configure your Mac to lock the screen when a smart card is removed."
Windows SMB packet signing: According to Apple, "enjoy improved compatibility and security with Windows-based servers."
