Mac OS X comes with an application called Software Update that automatically contacts Apple over the Internet to check if there are new versions of any of the Apple-supplied software. These can be as minor as a new version of a program like iTunes, or as major as a new version of Mac OS X itself. One of Software Update's key uses is to maintain the security of your Mac. Apple has been very good about quickly getting new versions of software into its update system when a security problem is discovered .
Because Software Update deals only with Apple-supplied software, you must keep yourself informed of security issues with any other software you install, especially servers. See "Security news and announcements," below.
If you are running an Internet-connected Mac, you should be using Software Update.
If your machine has an "always-on" connection to the Internet, you can have Software Update check for updates automatically. If you connect to the Internet intermittently, you can manually request an update check when you are connected.
The GUI Software Update tool is available under the Apple menu. Here's how to run it from the command line:
To run Software Update from the command line:
| | softwareupdate list
You will see a list of packages available for update ( Figure 12.9
Figure 12.9. Output from the softwareupdate list command showing a list of available updates.
localhost:~ vanilla$ softwareupdate list Software Update Tool Copyright 2002 Apple Computer, Inc. Software Update found the following new or updated software: - SecurityUpd2002-08-02 Security Update 2002-08-02 (1.0), 5300K - restart required - iPod iPod Software Updater (1.1), 2140K To install an update, run this tool with the item name as an argument. e.g. 'softwareupdate <item> ...' localhost:~ vanilla$
Pick a package to install: sudo softwareupdate package
Enter your password if prompted for it.
For example, sudo softwareupdate iCal-2.0.2
as shown in Figure 12.10
Figure 12.10. Output from selecting a package to update using softwareupdate at the command line. Your output will differ .
[View full width]
localhost:~ vanilla$ sudo softwareupdate install SecurityUpd2002-08-02 Password: Software Update Tool Copyright 2002 Apple Computer, Inc. Downloading "Security Update 2002-08-02"... 10% 20% 30% 40% 50%2002-08-06 22:59:07.143 softwareupdate File to verify: /var/root/Library/Caches/a1028.g.akamai.net/5/1028/3093/1 /1a1a1a88ff63d249b72392f35785e656c63297c528 97043397067deb57c6278bfe2d82d504346a9bc8f8295a91c03867cb337bf3478cf055960b71c5fd74a51258c53f99/ SecurityUpd2002-08-02.tar 2002-08-06 22:59:09.583 softwareupdate File verification succeeded 2002-08-06 22:59:09.585 softwareupdate Verified file now to install: /tmp/SecurityUpd2002-08-02.pkg.tar 2002-08-06 22:59:09.586 softwareupdate Returning 1 from VerifyFile Unarchiving "Security Update 2002-08-02"... 50% Installing "Security Update 2002-08-02"... 67% 71% 80% 90% Installing "Security Update 2002-08-02"... 67% 71% 80% 90% 100% done. You have installed one or more updates that requires that you restart your computer. Please restart immediately. localhost:~ vanilla$
You can turn on automatic checking with the schedule option:
sudo softwareupdate schedule on
See man softwareupdate for more.
You can manage the list of ignored updates with the ignored option. See man softwareupdate for more.
To configure automatic Software Update via the GUI:
Launch Software Update (found in the Software Update pane of System Preferences).
Select the update frequency you desire ( Figure 12.11
Figure 12.11. You can configure Software Update in the Software Update pane of System Preferences.
It can check automatically on a daily, weekly, or monthly basis. You may also choose to download "important" updates in the background, which means they get downloaded (but not installed) without asking you.
In either case, you may request an immediate check for aailable updates by clicking Update Now.
The actual download and installation process will take anywhere from a few minutes to over an hour depending on the size of the update and the speed of your Internet connection.
When Software Update finds that a new version of software is available, it asks if you wish to install it. Sometimes a restart is required when installing new software.
Security news and announcements
Staying up-to-date on security matters involves more than simply running Software Update. It means keeping abreast of the latest news about Mac OS X security issues and the solutions available.
The following online resources are all good places to visit regularly for Mac OS X security news:
Apple Security Updates page (www.apple.com/support/security/security_updates.html).
The official Apple source of security news for Mac OS X.
Mac-specific Security sites:
An Introduction to Mac OS X Security for Web Developers (http://developer.apple.com/internet/security/securityintro.html).
US-CERT (United States Computer Emergency Readiness Team, part of the Department of Homeland Security) maintains four e-mail lists for U.S. cyber-security issues (www.us-cert.gov/cas).
CERT advisories are a major central source of Internet security notifications. If you run a busy Internet site or are simply interested in seeing the latest Internet security issues, you should subscribe to one of the CERT e-mail lists.
The Australian version of CERT, AusCERT, has created a Unix Security Checklist (www.cert.org/tech_tips/usc20_essentials.html).
The BugTraq mailing list (http://online.securityfocus.com/archive/1).
"BugTraq is a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them." (From the BugTraq Web site.)
The Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org/cve).
Maintained by Mitre (a nonprofit corporation that provides engineering support to the U.S. government), the CVE list is a dictionary of security issues that seeks to present standardized descriptions of security problems.
Books on Unix Security
These two books are intended for experienced Unix users. Both were written by people who have many years of experience in the Unix and Internet security fields. Their authors are well known in the Unix and Internet communities.
Practical UNIX and Internet Security , 2nd Edition, by Simson Garfinkel and Gene Spafford (O'Reilly; www.oreilly.com/catalog/puis).
Building Internet Firewalls , 2nd Edition, by Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman (O'Reilly; www.oreilly.com/catalog/fire2).