Apple Submits Mac OS X For Security Evaluation

ranger8x writes "Apple has submitted Mac OS X and Mac OS X Server to the U.S. government's National Information Assurance Partnership to evaluate various security features. It seems Apple is looking for some respect by the government, and to 'get more exposure.'"

Not look for holes

[gbooker]

The testing doesn't look for holes in the operating system, but rather evaluates what security features are built into it.

I guess they needed this so that Windows could be used.

If that is the case, OS X should not have any trouble at all. Let's look at some of the security features:

• Root disabled by default
• SSH remote login
• Telnet not easy to turn on (should use SSH instead)
• Can disable auto login
• Any major system changes require authentication even if the current user is an admin
• Built in Firewall

I know this is a short list, but it demonstrates the point well. OS X has many security features that are inherant of a unix based OS. It will be nice to see OS X more accepted amoung the government.

Re:Not look for holes

[jellomizer]

There is also the fact that there is a Unix File system structor with file permissions.

Defaultly hidden Unix structure from the GUI

A real Multy User mode.

Re:Not look for holes

[TotallyUseless]

your work is done

A good move.

[jellomizer]

If apple gets good marks on its security audit. And MS dosent do as well. It is an other thing to stick in MS face. And a way to prove that their OS is better designed then MSes stuff. Of course if it fails (which I think is unlikly) then Apple could be in a lot of trouble.

Re:A good move.

[Saint+Fnordius]

According to what I saw, MS has put Windows 2000 up for EAL4 evaluation, with some funky exeptions. Apple is going for EAL3 evaluation first and probably did a lot of internal tests first.

Win2000 has been in the lab for a LONG time now, and still isn't certified. Is Microsoft playing the "submitted for" advertising game, hoping that it can run out the clock yet again?

gov't: a good market for apple

[larry+bagina]

The Gov't could be a good market for apple,
particularly now that they use OS X
Gov't workers are getting tired of code red, nimda, etc, which hilite how insecure Windows is when not properly configured.
Even though it would require new hardware, OS X has an advantage over linux due to native MS Office support, as well as more commercial applications.

Re:gov't: a good market for apple

[Alan+Partridge]

get a grip. Can you REALLY imagine a govt. dept. buying YOU a PC with a transparent keyboard? irrespective of how good it is, people ALWAYS see good design as frivolous. My IT mangler always goes for coal-black IBM shitstations whether they're appropriate or not. Ooh! a million quid for a rackmount case? certainly sir!

Re:gov't: a good market for apple

[dbrutus]

I would expect that as Apple's market shifts, its industrial design will shift too. Take a look at XServe, all brushed metal and easy to look at rack mount front plate and certainly no translucent plastic because it would be a negative for the market.

In fact, if there is any type of clone agreement that Steve Jobs might go for it would be a nice design shop that would simply design different cases in smaller runs than Apple would be comfortable doing. Imagine a 'Red Delicious, Inc.' that would simply design cases that have the same mount points as current models (and similar or superior cooling values) and put current model guts in them using channels that Apple is either uncomfortable using or is simply not feasible at the unit runs Apple would have to have.

Re:gov't: a good market for apple

[mumkin]

I don't know... I think that apple's pro line is moving in the right direction. The XServe and the TiBook look pretty gov-friendly already. Sure, you'd have a hard time slipping a flower power imac in, but Apple has left the candy colors behind it, and good riddance I say.

Imagine a flat panel imac with the entire case looking like its brushed metal underside instead of that cheap looking whiter-than-white plastic. I think those would fit in well in a government install. All net-booting Jaguar, too, for easy administration.

So yeah, while your IT mangler might not be inclined toward Apple, sometimes these decisions come from on high, with a bit of boot to back them up. Doncha think Tony Blair would just love to have some showpiece ministry completely kitted out with super-stylish yet oh-so practical imac workstations? Roll cameras, it's new labour, switching and thinking different.

Can it match up to Windows?

[Offwhite98]

Hah!

Well, I for one would prefer to run an enterprise system on top of a MacOS X Server with XServe than on top a Dell with Windows 2000. My day job has me on Windows all the time but on my own time I use an iBook with MacOS X and a FreeBSD server on a PC. From what I have seen with MacOS X security, I think Apple will get great marks.

And hopefully they will show they do not need some Palladium system to secure their OS. That is just silliness by Microsoft. They seem to be blaming the hardware for the OS being so insecure all this time.

Smart Move

[toupsie]

Apple has been really turning around its marketing in the last few months. More agressive. I think when Steve Jobs came back to Apple, he saw that he needed to cement his base customers like a politician does when they start a political campaign. Preach to the converted, assure them of their choice and then reach out to the rest. Apple first started giving historical Mac users something to crow about -- Mac OS X, Dual G4s (proud owner) and lately, the iPod. Now Apple is gunning for the Windows user in its switch campaign.

Now with this move, Jobs is deftly putting a thumb in the eye of Gates. Microsoft talks about 2006 for security, Apple says, "Hey, why not today?". Having a respected third party audit will ring loud against Microsoft's tight lipped security policy. Apple already exposes the base source code for Mac OS X called Darwin to anyone that wants to take the time to download it.

I had something else important to point out but the FedEx guy just showed up with Warcraft III. I am sure you will understand...

What OS X needs for better security

[EccentricAnomaly]

OS X has good security, but it has lots of room for improvement. It needs:

• longer than 8 character passwords
• checking for good passwords, password expiration, etc.
• let the user turn off the option where you can login with "John Doe" instead of your username
• let the user turn off the 'helpful' feature that puts the last user's name on the login screen
• put a checkbox in the installation process to install a system with maximum security options... stuff like no list of users on the login screen and no web server installed at all, etc.

Just a few ideas...

Re:What OS X needs for better security

[jeffy124]

excellent points, especially the username list & 8 char limit.

just a comment: the default install includes various servers, yet they're all disabled by default. only after a completed install can those services be enabled.

Re:What OS X needs for better security

[Zoop]

let the user turn off the 'helpful' feature that puts the last user's name on the login screen

You can do this:

System Preferences->Login->Login Window->Display Login Window as->Name and password entry fields

This displays a blank name field instead of the picture/name combo. I don't at work since the PC admin has an account on this box too, but then, he rarely has to mess with it so he's apt to forget it. ;-)

Re:What OS X needs for better security

[EccentricAnomaly]

yeah, but an organization might want to remove the web servers on their machines so that some user doesn't set up a web server or some other service and create a possible security hole.

I guess this wouldn't be a problem if users could get by without administrator access, but Mac vendors don't seem to understand that software installs should rarely require admin password. Why does internet explorer require an administrator password to install?

Re:What OS X needs for better security

[wka]

Even after showing name and password fields, the name of the last user who logged in is displayed by default in the username field. This tool from Apple allows you to turn this behavior off.

Re:What OS X needs for better security

[softsign]

What? I should hope that any install which adds or changes system-wide libraries requires an admin password. Applications that are a self-contained bundle (e.g. Mozilla) don't require any password (or even installer) because an admin user is in group 'admin' and is allowed to write to /Applications for example.

The reason IE requires a password to install is because it makes changes to directories that a regular user doesn't have permission to change . This is a good practice. Otherwise, what's to stop some dumbass from tearing out critical config files or libraries?

Re:What OS X needs for better security

[EccentricAnomaly]

But why does IE need to change system-wide libraries?? It's just a web browser! There's no good reason for a web browser to mess with my system libraries. Just look at Omniweb, it plays nice.

Good OS X apps put everything in their own ".app" directory so you can install and uninstall the app easily.

You don't even need to be in the admin group to install software on OS X... You can create an "~/Applications" directory in your user directory and install software there. Well written apps function just as well from ~/Applications as /Applications.

Re:What OS X needs for better security

[EccentricAnomaly]

I should clarify... I don't mean that installers should access these directories and file without asking for the administrator password, I mean that installers shouldn't access these directories at all. 90% of OS X installers that ask for an admin password shouldn't be doing whatever they are doing that needs the admin password.

If there's a danger of regular user mucking up some critical config file or library why should so many installers be messing with these config files and libraries??

Re:What OS X needs for better security

[softsign]

I agree 100%. A well-behaved OS X app should be self-contained, write its prefs to ~/Library/Preferences, etc, etc...

I think the reason IE doesn't do this is laziness on the part of the developers... It's an app ported (carbonized) from OS 9. OS 9 apps had free reign to run roughshod over the directory tree. It was (and is) bad practice, but there was nothing stopping you. They just haven't bothered to make it self-contained for whatever reason.

Re:What OS X needs for better security

[tbmaddux]

I don't like password expiration. I have a good unique password for each machine already, never been guessed, why change it unless my machine has been compromised? Password expiration is a bad idea that encourages people to make bad password choices since their new passwords are harder to remember.

Great point about removing the last-person-who-logged-in listing. When I logout, I'm almost never the next person to log back in! Why would I logout if I were? Get rid of that.

Web servers -- Apache is installed by default, but disabled, and only admins can turn it on (presumably admins can be trusted not to screw up, security-wise).

An improvement I'd like: MacOS X has ipfw built-in but disabled, and while apps like Brickhouse are out there to interface with it, I'd like to see a built in OS tool. Maybe in Jaguar? And where's my built in GPG/PGP with GUI? This is Apple, right? Gimme my GUI!

Re:What OS X needs for better security

[Alex+Thorpe]

Password expiration? Having to change each month, without reusing any passwords? Uh-uh, not on MY home machine! Perhaps as an option that's off by default.

Re:What OS X needs for better security

[dbrutus]

http://www.sente.ch/software/GPGMail/ is probably your best front end for GPG right now. Given the limitations of encryption in various countries, I would guess that GPG would not be available in the default install until a lot more countries get their act together and remove encryption restrictions.

Then again, I'd be much more interested in a Fink GUI (which would get me GPG et al) first.

Re:What OS X needs for better security

[usr122122121]

Then again, I'd be much more interested in a Fink GUI (which would get me GPG et al) first.

Check out FinkCommander, It has gotten rave reviews.

No affiliation, just observation.

Re:What OS X needs for better security

[Johnny+Mnemonic]

* let the user turn off the option where you can login with "John Doe" instead of your username
--Not sure what your talking about here, unless you mean the Other User option. Which I find very helpful on machines where root access needs to be enabled for one reason or another. Also, this is off by default, but can be turned on in the Prefs.

I'm pretty sure that he means disabling the use of "Steve Jobs" as a login, instead of the Unix-y name "sjobs". I don't particularly see this as a useful security feature; I suppose it gives you one less chance to guess the right answer--you may know your targets full name, but you may not know if they've chosen 'stevej' or 'sjobs'. Whatever.

* let the user turn off the 'helpful' feature that puts the last user's name on the login screen --This can be turned off via the shell, but an administrator tool to do this would be nice.

Noted above by others, but I'll note it again since I also dislike it: there's a utility to do just this located in kBase 106691. Basically just a script to flip a bit you can also access from the term.

* put a checkbox in the installation process to install a system with maximum security options... stuff like no list of users on the login screen and no web server installed at all, etc

Finally, you can be quite a bit more secure by installing without the BSD tools installed. I dunno if this installs Apache, but it would disable all command line tools. I'm only speculating about that, actually, as I have never done an install like that--as a matter of fact, I rush right out to install the dev tools as soon as possible. But the security minded may want to try it.

Re:What OS X needs for better security

[foniksonik]

You also have the option of declining an install. Any app that requests admin auth can be declined by virtue of the process.

Don't like IE?... use Mozilla! which so far has got to be the best user experience in a browser I've ever had (flash performance or lack thereof not being a big issue... try Chimera's latest builds if you want to see Windows speed flash on OS X).

Re:What OS X needs for better security

[stripes]

Finally, you can be quite a bit more secure by installing without the BSD tools installed. I dunno if this installs Apache, but it would disable all command line tools. I'm only speculating about that, actually, as I have never done an install like that--as a matter of fact, I rush right out to install the dev tools as soon as possible. But the security minded may want to try it.

I assume you mean stuff like the shell, cp, and mv? You can't really not have those. Some of the GUI stuff could in theory depend on it...and in particular one does.

The apple "package" installer (which is actually pretty good!) will look for several "scripts" during the install, and run them. They are almost always shell scripts, and need the fileutils. Go look at your package reciepts and poke around, you can see some examples. I don't know if any use perl or not, but...

The normal boot process may well also need them.

Re:What OS X needs for better security

[EccentricAnomaly]

put a checkbox in the installation process to install a system with maximum security options... stuff like no list of users on the login screen and no web server installed at all, etc.

I should clarify here... I mean give the guy administering a group of machines a simple little checkbox that doesn't even install Apache rather than just disabling it. This is so that a user with administrator password doesn't turn on the web server by clicking the "enable web sharing" box but has to do a little bit of extra work so as to ensure that the user really knows what they are doing.

And I'd like to be able to set a checkbox at instillation time that locks down all of the little things that you have to remember to lock down after the install, like disabling the list of the users on a system.

Perhaps, the best way to do this stuff is just have the sysadmins burn their own CD with their own custom OS X install.

Also, i'm not talking about security options for the average home user. I think Apple has great security for home users. I'm talking about stuff that you want for macs running at atomicsecrets.gov.

Re:What OS X needs for better security

[crooksm]

Even 'mere' 8 character passwords are beyond the current ability of a brute force attack. Assuming the user keeps to upper/lower case characters (no special characters) there are still 52*52*52*etc, 53,459,728,531,456 possible combinations.

Re:Government Security

[dbrutus]

Actually, they're testing to verify that if your admin knows what he's doing its securable as the OS is not inherently insecure by design (think Win9x for a broke by design example).

Re:Apple security will be hurt by lazy users

[ScottKin]

Well - since OS X is built on Darwin...which is built from FreeBSD...every FreeBSD liability is automatically included FOR FREE (as in "no-cost-to-the-consumer") by Apple!!

How nice of them to do that for you - but of course, no *nix-lover ever wants any of the "unwashed & unblessed" Windows users to think that *nix is not secure by default - it's their "digital playtime" to patch their *nix OS; in fact, it's almost a game for them to keep up-to-date with the latest patches on top of providing *nix SysAdmins with job security.

Purely Amazing!

ScottKin

Apple and the upgrade exploit

[theolein]

If Apple wants their computer and OS to pass the testing I think they should get the upgrade vulnerability patched pretty soon.