Windows vs Mac Security

sdhorne writes "There is a good technical discussion over at InfoWorld on the merits of launchd and what is lacking in a comparable Windows secure solution. It is a throw back to the UNIX vs Windows security discussion that has been hashed out for many years." From the article: "it always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners. Apple's taking a different approach: What users need is in the box: Anti-virus, anti-spam, encryption, image backup and restore, offsite safe storage through .Mac, and launchd. Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says 'launchd', and sits back down."

Well written, but

[MECC]

Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says 'launchd', and sits back down."

It seemed pretty wello written. That said, I which he would have said a little more about launchd, at least enough to explain why it gives OSX an advantage. It would have also been nice to have had some kind of side-by side comparing Windows and OSX, like how the windows System pseudo-user trumps the admin user, and how there is not way to trump the OSX root user.

Why this can't happen under OS X:

I don't know if I'd go that far. OSX isn't 100% immune - it just has more common sense.

Re:Well written, but

[alps]

http://developer.apple.com/macosx/launchd.html

Re:Well written, but

[ackthpt]

I don't know if I'd go that far. OSX isn't 100% immune - it just has more common sense.

In a nutshell, OS-X is built upon a known animal, whereas Windows is an animal which continues to be re-invented, like a leopard changing its spots to stripes, then plaid, then paisley, then something else. With such moving targets all the time it's small wonder they've got security issues. Some begin to be addressed with good programming practices (which Apple could certainly lapse at at any moment, and may well have and we haven't heard about) Another is to require tight control over interfaces between code from different departments. Microsoft going back to scratch time and again doesn't necessarily mean anything is getting better.

Re:Well written, but

[MECC]

whereas Windows is an animal which continues to be re-invented

I'm not sure that 're-invented' is how I'd describe windows, or their efforts at security.

Re:Well written, but

[ackthpt]

I'm not sure that 're-invented' is how I'd describe windows, or their efforts at security.

In the past Microsoft have commented that they have completely ditched the code Windows was written with and re-written from ground up, to try to address myriad flaws. That's pretty drastic. I've done it with small projects which simply grew too large and unwieldy because they were never expected to scale to newer demands* Microsoft is effectively doing this with Vista and yet... there still appear to be security flaws. Something wrong with that picture. Could be they're just a victim of their success and such a massive undertaking of code is approaching the event horizon just before the black hole.

*You know the type.. you develop some nifty little tool to summarise information for your own use and someone sees it and says, "Hey! That thing does in seconds what I spend a week doing! I need it, set me up with it!" Next thing you know your little tool has to be user friendly, go to printers, be in colour, etc. Continually piling in changes makes it fragile so you step back, figure what it all needs to do and how to achieve the goals and then recode, with an eye toward more scalibility and unforeseen features later.

Re:Well written, but

[fruitbane]

"I don't know if I'd go that far. OSX isn't 100% immune - it just has more common sense. "

This is, I think, the best summary I've ever read of OS X's inherent security advantage. No OS could really succeed and be 100% air-tight at the same time, IMO. And user- and developer-friendliness does often mean compromises that lead to security problems, but the article that this discussion refers to covers a lot of it well and MECC (parent) summarized succintly and effectively.

OS X, as an OS, has more common sense built-in.

Re:Well written, but

[macshome]

Pimping myself here a bit, but our article on launchd might be of more help to sysadmins. It later formed the basis for the wikipedia article and has thrilling Jordan Hubbard comments to boot!

Re:Well written, but

[93+Escort+Wagon]

"In a nutshell, OS-X is built upon a known animal, whereas Windows is an animal which continues to be re-invented, like a leopard changing its spots to stripes, then plaid, then paisley, then something else."

I am a Mac user, and I think it is an inherently safer platform design than Windows. But as was mentioned in a recent SANS newsletter, Apple has on occasion had problems with security issues that were resolved long ago on BSD proper and on Linux. So while it's true that OS X is "built upon a known animal", they haven't always been as consistent as I'd like with regard to learning from other groups' mistakes.

Re:Well written, but

[Mister+Whirly]

"whereas Windows is an animal which continues to be re-invented, like a leopard changing its spots to stripes, then plaid"

I think you are confused. Leopard, Tiger, and Jaguar are all Mac operating systems...

Re:Well written, but

[Buran]

But at the same time Apple gets applauded for rolling EVERY SINGLE LITTLE POSSIBLE THING into their OS?

Because they don't force you to use any of it. You can delete any of the utilities that you want. Don't want ichat? Trash it.

On the other hand, good luck getting rid of Windows Messenger. It's even hidden in Add/Remove Programs and fixing that requires a hack well beyond most users.

Don't want to use Safari? Make it go poof.

On the other hand, you CANNOT get rid of Internet Explorer. And that's bad. IE is full of security holes and you can't get rid of it. Safari is far safer, and you can get rid of it.

What hypocrisy was that, again? There's a damn good reason MS gets blasted and Apple doesn't. (Well, it does, but nowhere near as much, and I just explained why.)

Re:Well written, but

[IamTheRealMike]

From your article:

First of all launchd replaced init and xinetd with one process. This is a bit scary as we now basically have init listening in a bunch of different ways for something to tell it to start a job. The security implications of this aren't really known yet with launchd being as young as it is.

Secondly, and in the same vein, launchd is process 1 and it has the potential to take down the whole system. I've already seen unconfirmed reports of a ssh scan on a network causing launchd to freak out and make systems inaccessible. Having at least some sort of resource limit set on jobs might help here.

I guess I'm struggling to see how yet another way to launch things is a revolution in security, given that it's a brand new (and therefore untested) codebase and already has reports of it "freaking out".

The default in Windows is now to have no open ports as well due to the Firewall, so for any up to date installation of Windows the primary ways crap gets in is via browser exploits and malware. I am not seeing anything that Apple does fundamentally different here - Safari has already had several serious security problems, some of them near identical re-runs of problems Microsoft had before (eg help exploits). Malware is just a massively hard problem that nobody is really attacking right now, except maybe Microsoft with Vista, and there's certainly nothing in MacOS that would make it hard to write malware. Indeed there is very simple example code showing how to dump secure form information from Safari and you know how much marketeers would love that.

A lot of the points made in TFA aren't valid either, they are apparently the result of an extreme lack of thought or knowledge:

• The purpose of most of the DLLs in SYSTEM32 is documented, just look at the summary tab in Explorer, the problem is that with any complex operating system it's trivial to make up fake names that sound plausible. So it doesn't help as much as you might think. 3rd parties are "duty bound" to produce man pages? Please, how ridiculous. You could argue the same for Linux yet people routinely write new programs without man pages.

• Windows requires users to use Administrator to install software? No, buggy software requires that. Historically a few Mac programs have had the same requirements ... iTunes springs to mind. Anyway, the Apple solution to buggy software requiring elevated privileges is "you can't run that software" - not very helpful if you need it.

• "Microsoft made it easy for commercial applications to refuse a debugger's attempt to attach to a process or thread" ... no they didn't, there is no API to prevent yourself from being debugged. This is a total fantasy. Why should I believe this guy at all, when he is talking such nonsense? There are various tricks you can use to detect a debugger being attached but none of these are reliable and none have OS support. If you detect a debugger you cannot force it to detach, the best you can do is stop the program and put up a message box. I think he has seen these messages from copy protection software and assumed it's a flaw in Windows. Not so.

• "Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these" ... a feature that OS X has as well.

• "OS X's nearest equivalent to the Registry is Netinfo, but this requires authentication for modification. In later releases of OS X, it is fairly sparse" ... no it isn't, the "equivalent" is a mish-mash of Netinfo, XML plist files dotted around the filing system, UNIX style config files and proprietary datastores. I fail to see how this is an improvement.

I could go on, most of these points are either wrong or very biased. The article seems worthless as a serious security analysis. I suggest the author go research exactly what modern malware does and how it works.

Re:Well written, but

[Rob_Bryerton]

In the past Microsoft have commented that they have completely ditched the code Windows was written with and re-written from ground up, to try to address myriad flaws. That's pretty drastic.

Yeah, it's always new code; all new, better than ever. This time we REALLY mean it. Those of us who've been around the block a few times KNOW that they're full of crap. Always were, always will be.

The fact that Vista was vulnerable to the WMF exploit last year which dates back to Windows 3.x (I beleive) shows how much new code there is. But it will sell like hotcakes because, as mean and cynical as it sounds, people really are stupid and naive, and they actually beleive what a corporation tells them...

What, me bitter? No...well maybe a little

Re:Well written, but

[samkass]

If you remove things like IE

But IE is part of the OS... just ask Microsoft. Seriously, though, back when my previous company had to deal with IIS before moving to a more secure/sane server, one of the server bugs was fixed by upgrading IE on the server, so IE-is-fundamental-to-the-OS is frighteningly close to actual truth with Windows.

Also, I'd like to see the statistics you cite that say that Windows hasn't been hit statistically more than MacOS. There are no MacOS-specific worms or viruses "in the wild", so it's hard to come up with the sigmas for what would be "expected" for what a comparable OS should expect.

Re:Well written, but

[wrf3]

Windows is ... like a leopard changing its spots to stripes

But, but, but Mac OS X is going from Tiger to Leopard, so it's changing it's stripes to spots. Is that really any different?

/ducks
//running Tiger, eagerly waiting for Leopard
///oh, wait, this isn't Fark...

Re:Well written, but

[noidentity]

Wait a minute, I thought that Tiger was an online seller? Man, it's all so confusing!

Re:Well written, but

[curious.corn]

The go to the Desktop, open the nifty "My Computer" icon, clear the Address: field and type "http://www.slashdot.org", press enter. Boom! you're back to Internet Explorer.

simply removing a filthy icon from the QuickLaunch menu while leaving the whole pile of unsafe, vulnerable infrastructure INTACT, completely BETRAYS the meaning of the word UNINSTALL.

Sheesh... and people talk about Jobs's Reality Distortion Field

Re:Well written, but

[goofyspouse]

Sweet Jeebus, I hope you are joking here and are fully aware that all that does is remove the IE shortcuts from the Start Menu and Desktop. If not...wow.

Re:Well written, but

[Afrosheen]

I've always wondered what they're going to call the updates when they run out of big, dangerous cats. I suggest they move to something like poisonous frogs or deadly spiders.

Re:Well written, but

[skiflyer]

Ok, I agree with most of your post, but ...

The purpose of most of the DLLs in SYSTEM32 is documented, just look at the summary tab in Explorer, the problem is that with any complex operating system it's trivial to make up fake names that sound plausible

I just looked at the summary tab on a dozen random DLLs in my system32 directory (most from microsoft, some from 3rd parties), and there was no information in any of them. Why can't 3rd parties use a different location than MS... at least that would help a little (would help me anyway, if not the actual problem being discussed)

Windows requires users to use Administrator to install software? No, buggy software requires that. Historically a few Mac programs have had the same requirements ... iTunes springs to mind. Anyway, the Apple solution to buggy software requiring elevated privileges is "you can't run that software" - not very helpful if you need it.

"buggy" software? I think you mean to say legacy OR poorly coded... this is one of those side effects that windows carries from version to version (like the registry) because MS refuses to leave customers high and dry for old software. Back in the old days this was the right way to do things, store configs in programdirectory/conf... we didn't have an appdata directory like we do now. Same with registry hives, they weren't setup in the same way they are now where certain users could do certain things. Calling it buggy implies the software is behaving contrary to design, it's not, it's just that the target has moved and the software hasn't all moved with it.

Re:Well written, but

[isellmacs]

IE is an extension of windows explorer, which is a part of the OS.

Removing IE is definitly possible, but the core of windows explorer and internet explorer are one and the same, so to make IE a stand-alone product for windows, would mean re-writing the entire browser as a completely seperate program, and then making it look the same.

And he's right about the OS not being as much of a problem. How many windows problems can YOU name that aren't caused by a) an Insecure Webbrowser Exploit, b) an Insecure Email Client Exploit or c) Bad programming on a 3rd party application?

Really most of the problem isn't in Windows itself, it's in Windows users just clicking on the "install this virus for a free ring-tone!" or the "double click on the bigtittiedblondesvirus.jpg.vba" attachment in their email. OSX is less immune to these malware and viruses as it is incompatible to them.

Overall I personally feel OSX is more secure as an OS, but alot of people blow it out of proportion, and cite things that aren't a problem with windows itself. They problem may be via microsoft products (IE or Outlook) but those are seperate programs.

Re:Well written, but

[Sunrun]

- Windows requires users to use Administrator to install software? No, buggy software requires that. Historically a few Mac programs have had the same requirements ... iTunes springs to mind. Anyway, the Apple solution to buggy software requiring elevated privileges is "you can't run that software" - not very helpful if you need it.

From TFA:
"- Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage." [emphasis mine]

First, administrative privilege != the Administrator account.

Secondly, yes, Windows does in fact require admin privs to install most software. Try this some time... Start with a fresh WinXP install. Immediately after setup, create an account with only User privilege and log in with it. Then, try to install all the software you'd normally install (anti-virus/spyware-checker/firewall, ANY productivity software (MS-Office, OpenOffice.org)) and see just how far you get. I'll save you the time: you can't. This is exactly the reason that most users run under an account with membership in the Administrators group for every-day tasks -- they're lazy and don't want to be bothered by being constantly denied access to this function or that resource because the account they're using isn't an Admin. By the way, this goes double for people whose job is Windows Administrator, but not just because they're lazy.. Because they're arrogant in addition to being lazy. [And before you label me a whiner, I'll say that it takes a Windows Admin to know a Windows Admin.]

I further defy you to find a single piece of software for MacOS X that doesn't require Admin privs to install.

I conclude that you're missing the point. A system requiring privilege to install ANY software will be inherently less prone to malware since it requires a brain to be sitting in front of the screen having to make a decision based essentially on whether or not they did anything to provoke such a request from the OS. It makes sense in a business environment where you don't want users installing just anything, and it makes sense in a home environment where you don't want your kids installing just anything -- especially when you don't want it installed by accident, which is (or should be) always. I would also point out that there's a difference between "want" and "need". In the above cases (business and home) "need" becomes "demonstrated need".

/rant

Re:Well written, but

I further defy you to find a single piece of software for MacOS X that doesn't require Admin privs to install.

You only need admin privileges to install software in the system-wide /Applications folder. Most OS X apps will run happily from a user's home folder or from a disc image, so they don't need admin access.

Re:Well written, but

[drerwk]

"they basically abandoned their own collection of pre-security era software" Not sure I understand. I am able to run software I wrote still have from 1990 (OS 6) on my Mac today (OS X). No problem, except for the serial port...

Re:Well written, but

[squiggleslash]

The WMF flaw is a design flaw, not a coding flaw.

A lot of the "holes" in recent Windows have to do with design problems. The problem is it's one thing to go around and fix coding bugs, it's another to fix design issues because programs are built around designs.

That said, Vista isn't the rewrite it was originally intended to be.

Re:Well written, but

[macshome]

I guess I'm struggling to see how yet another way to launch things is a revolution in security, given that it's a brand new (and therefore untested) codebase and already has reports of it "freaking out".

Well, you need to take the timeframe in which I wrote that article into account. I started writing it back when launchd was brand new and had it share of issues. (FWIW, I think the reported SSH issues were due to a, now corrected, bug in lookupd.) My hesitant approach to it was due to a healthy dose of old fashioned administration by skepticism. For a while I was turning back to xinetd and cron, but now I use launchd where I can.

Since then it has matured nicely to the point I would consider it a 1.0 product. It still has a few annoying limitations for sysadmin level folks, but overall is incredibly flexible and useful.

If you want to look at the codebase you can. Apple has always released it under the ASPL, and as of WWDC has turned it out as an active OSS project under the Apache 2 license at http://www.macosforge.org./

Personally I thought TFA was pretty lame, the author shows misunderstandings of some very basic Mac OS X facts.

Re:Well written, but

[toddestan]

Don't want to use Safari? Make it go poof.

On the other hand, you CANNOT get rid of Internet Explorer. And that's bad. IE is full of security holes and you can't get rid of it. Safari is far safer, and you can get rid of it.

Deleting Safari on a Mac is about as effective as deleting iexplore.exe on a Windows PC as far as getting rid of the browser is concerned. Sure, you've just nuked the front end, but the backend still exists in the OS and is not easily removed. Have you ever heard of Webkit?

Re:Well written, but

[ThePhilips]

Why can't 3rd parties use a different location than MS... at least that would help a little (would help me anyway, if not the actual problem being discussed)

Because some DLLs are loaded in context of other applications. For example hooks: global keyboard shortcuts, creation of processes, creation of windows. This requirement from from M$ itself - so inevitably all the crap is landing in %SysDir%. Also, dynamic linker on M$Windows look for DLLs exclusively by %PATH% - and %WinDir%/%SysDir% are always there.

Mac OS X uses concept of frameworks (which are set of libraries) and no such problem exists. The core OS frameworks go to one folder - applications keep their frameworks in bundle or install copy to analogue of Unix /usr/lib (have no Mac at hand - can't name the folders, sorry). The dynamic linker is made to properly resolve such run-time dependencies. Sort of just like on Unix with difference that Mac OS linker also looks into application bundle, while Unix one looks only in standard prescribed directories (/lib:/usr/lib:... - see /etc/ld.conf).

"buggy" software? I think you mean to say legacy OR poorly coded... this is one of those side effects that windows carries from version to version (like the registry) because MS refuses to leave customers high and dry for old software. Back in the old days this was the right way to do things, store configs in programdirectory/conf... we didn't have an appdata directory like we do now. Same with registry hives, they weren't setup in the same way they are now where certain users could do certain things. Calling it buggy implies the software is behaving contrary to design, it's not, it's just that the target has moved and the software hasn't all moved with it.

+100. Quote again just to reread. Well said.

well,

[joe+155]

"Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says 'launchd', and sits back down"

I would have though "(almost) no viruses" would have done the trick since OSX came out...

Or, we don't effectively force everyone to run as super user all the time - if you prefer

Re:well,

[NatasRevol]

Hey, that helped!! Thanks!!

Re:well,

[cyber-vandal]

The very successful worms of the early 21st century were all about causing as much aggravation as possible. The creator of the ILOVEYOU virus didn't make any money from disrupting corporate email servers but he did get to cause a lot of aggravation. You think there are no virus writers wanting to stick it to smug Mac/Linux users? You think no-one would take the time and effort to annoy them? You don't understand human nature too well if you believe it's merely marketshare that's keeping malware away from OS X and Linux.

But what if Microsoft offered it all together?

[LinuxIsRetarded]

Apple's taking a different approach: What users need is in the box: Anti-virus, anti-spam, encryption, image backup and restore, offsite safe storage through.

Don't you think that if Microsoft offered this that everyone would cry monopoly? Actually, I've seen other people on Slashdot cry this before at the announcement of Microsoft's OneCare program, which isn't even bundled with the OS!

Re:But what if Microsoft offered it all together?

[planetmn]

Of course most on Slashdot would cry monopoly if they included all of the features in the OS. Around here MS is damned if they do, damned if they don't.

-dave

Re:But what if Microsoft offered it all together?

[nuzak]

So, what MS needs to do is licence their OS to sublicensors. They can include whatever extra security tools, browsers, media players and the like they want. Would probably work out for MS fairly well, and would definitely allow a properly integrated security system.

Psst. They're called OEMs. Try buying a PC from a big-box store these days without Mcafee or Norton on it.

Re:But what if Microsoft offered it all together?

[CastrTroy]

It depends on how they offered it. If they made it impossible to uninstall, then yes, we would yell monopoly. However, if they made these features able to be uninstalled (or never installed in the first place) and easily replaced by third party tools, then I don't think we would have anything to complain about. I don't have any problems with MS including IE with the operating system, I just wish it could be removed from the system.

Re:But what if Microsoft offered it all together?

[Gryffin]

Apple's taking a different approach: What users need is in the box: Anti-virus, anti-spam, encryption, image backup and restore, offsite safe storage through.

Don't you think that if Microsoft offered this that everyone would cry monopoly?

Microsoft has been declared a monopoly in Federal court, and found guilty of anti-trust offenses related to abusing that monopoly in violation of the Sherman Anti-Trust Act.

Apple, on the other hand, is not a monopoly, and hence it would be perfectly legal for them to bundle anything they damn well felt like bundling.

Why is this so difficult to understand? Microsoft, because of their market position, is held to a different legal standard. End of story.

Re:But what if Microsoft offered it all together?

[jank1887]

If a user wants Anti-virus, anti-spam, encryption, image backup and restore then it is the users responsibility to install said software.

Or, as stated before, the OEM's job to put all these together for the user. And the OEM should be free to bundle/unbundle as he sees fit, according to user demand, without ANY input from the OS supplier.

Re:But what if Microsoft offered it all together?

[Fordiman]

Actually, they're damned if they do something else entirely too.

They're just damned.

Damned Microsoft.

Re:But what if Microsoft offered it all together?

[KillerDeathRobot]

Why is this so difficult to understand? Microsoft, because of their market position, is held to a different legal standard. End of story.

It's not difficult to understand; it's annoying because it's the wrong argument, and it really muddies the debate. We don't need to hold Microsoft and Apple to different standards to show that one is better than the other. There is nothing wrong with MS bundling software with their OS. What was wrong was that they were forcing companies like Dell NOT to include competing software (such as Netscape).

It's a moot point any way though, because in this case we aren't even talking about the right thing. As someone else mentioned, we're talking about a system that is built to resist viruses and such, not virus scanning software bundled with the OS.

Re:But what if Microsoft offered it all together?

[Overly+Critical+Guy]

I haven't seen anyone cry "monopoly" over that. I've just seen people cry that Microsoft is selling services to fix problems in its own OS, like with OneCare, instead of fixing the problems in Windows to begin with. And guess what, despite Vista's security enhancements, it's still based on Win32, still based on a registry, and is basically just a bunch of new APIs and rewritten subsystems on top of the same old code.

Also, there's a difference since in the Apple world, there isn't an antivirus or antispyware market, but in the Windows world, there is a huge market that's been around for over a decade, so it's a big deal when Microsoft starts bundling its own versions of these services.

For the record, OS X ships with no antivirus software. Not needed.

Re:But what if Microsoft offered it all together?

[99BottlesOfBeerInMyF]

It's not difficult to understand; it's annoying because it's the wrong argument, and it really muddies the debate. We don't need to hold Microsoft and Apple to different standards to show that one is better than the other. There is nothing wrong with MS bundling software with their OS.

I 100% disagree with this. It is illegal for MS to bundle any software with their OS, for which their is a separate market (like antivirus). Anyone who understands the economic models of monopolies should understand why. We are holding MS and Apple to the same standard. Neither can bundle products they have for which there is an existing market, with a product they have that is a monopoly in a market. It is illegal for MS to bundle antivirus software with Windows. It is not illegal for them to bundle antivirus with their mice or MS Office. It is legal for Apple to bundle antivirus with their OS. If Apple is ever ruled to have a monopoly on iPods it will be illegal for them to bundle antivirus with iPods (They are around 70% of the market now and some courts have already begun investigating the possibility).

Re:But what if Microsoft offered it all together?

[DesireCampbell]

Yeah... that's exactly the same thing [/sarcasm]

Apple isn't including third-party software with their Macs, they're putting their own programs into System Software.

Microsoft can't put good security into Windows. They aren't allowed. They would be "investigated" and sued... again. Every time Microsoft puts some new, useful app into Windows someone cries "monopoly".

Re:But what if Microsoft offered it all together?

[LWATCDR]

The guy that wrote the article didn't get it.
It has nothing to do with Microsoft not offering anti-virus, anti-spam, encryption....
The problem has everything to do with Microsoft having to keep backwards compatibility!
Windows wasn't designed to be used on a totally open network. It was meant to be a single user OS that ended up being used as a server and then being hung on an insecure network we call the Internet.
Running windows with less than administrator rights is a pain.
Installing software without administrator rights is impossible.

The problem with Windows security is the same problem that Microsoft has with IE7 not following standards.
They refuse to give up on backwards compatibility to fix fundamental flaws.

The reason that people keep using Windows is because their old software works. That is Microsoft's big advantage in the market place. They are not going to loose that to fix security issues.

Re:But what if Microsoft offered it all together?

[Mister+Whirly]

As I recall (but IANAL) the agreement said Microsoft could not use it's clout with OEM companies to force them to not package comptetitor's software with systems sold. Microsoft itself doest "package" the software that comes on cookie-cutter systems. That is up to the OEM company like Dell, HP, Gateway etc.

By your rationale, Microsoft's Notepad and Wordpad, and Apple's Text Edit would all violate the law because they are bundled with the OS and there are definitely existing markets for word processing.

Having a large market share of a product is not the same as having a monopoly. If Apple starting buying up other companies and disolving them, or put pressure on retailers of the iPod to not sell competing brands, that would be illegal. Making a product that sells insanely well is not illegal, it is good production and marketing (a.k.a. "The American Dream").

Re:But what if Microsoft offered it all together?

[soft_guy]

How many times has this happened? Once. And as soon as Bush got in, he ordered DOJ to fall on their sword and they did. Microsoft can get away with pretty much anything they want.

Re:But what if Microsoft offered it all together?

[DesireCampbell]

That's because Microsoft is a convicted monopolist while Apple is not

Arrgghhh! I hate it when people say that. That exact line: "Microsoft is a convicted monopoly". You can't be "convicted" of being a monopoly, being a monopoly isn't a crime. Using that monopoly to unfairly gain more market share and profits is a crime.

And it's not as simple as a monopoly being held to "higher standards", they're held to "completely different standards". This is a prime example, bundled security applications. Apple can bundle whatever they want with their OS - Microsoft can't. Microsoft can't even improve the damned search function without an investigation.

Apple holds more power over their products than Microsoft has over theirs. Apple sells their software with their hardware. Microsoft just sells software. No one says anything bad about Apple forcing its customers to have their proprietary security software bundled withe the OS. Microsoft, on the other hand, is forced by the EU to provide versions of Windows without IE and Media Player. Apple puts in Spotlight, and people laud it. Microsoft tries to put the same function into Vista, and they get investigated.

The bottom line is this: If you laud Apple for including more and more useful apps in System Software, then you can't turn around and troll Microsoft for doing the same thing. You can't complain about Windows being worse than OSX and then complain when they try to make it better than OSX.

Re:But what if Microsoft offered it all together?

[noidentity]

Funny how when it comes to Microsoft, the question is always one of how the anti-malware add-on software is included, always with the assumption that Microsoft couldn't render it unnecessary. Last time I checked my Mac OS X installation I didn't find any anti-malware software, just a system designed so that such a thing is entirely unnecessary. Why can't Microsoft simply render the architecture itself incapable of being penetrated in the first place, by design? Not one that includes extra modules to block attempts, but one in which penetration has no definition?

Re:But what if Microsoft offered it all together?

[99BottlesOfBeerInMyF]

The issue is persuading other companies who sell your product not to sell a competitors product.

The issue is, quite simply, doing anything that provides your product an advantage over another product, because you have a monopoly on a different product. It does not matter if it is coercion, bundling, or tying. Here's the test. Look at two products in the market, like IE and Firefox. Does IE gain an advantage in the market because MS bundles it and thus all developers know users will have it available? Yes. Are they able to do this because of their Windows OS monopoly? Yes? Without having a monopoly, can the Firefox team make sure every Windows box has a copy of Firefox on them, without costing them any money? No. Thus it is a violation.

Do you have cites for your claims MS has settled with several companies over Wordpad?

I don't have citations, just something I think I recall from and article in passing. MS has settled a lot of these lawsuits, most of them with the inclusion of a nondisclosure clause. It would take a lot of digging to find any given specifics, if it is even possible.

And while having 70% marketshare may have potential for monopoly influence, it doesn't mean you are imposing your will on vendors - it means you probably have enough clout to do so. I mean, anyone has the potential to be a murderer, but we aren't all murderers now, are we?

Here is where you are making a false analogy. Being a murderer is illegal, by definition because it means you have committed murder, which is a crime. Being a monopolist is not illegal because gaining a monopoly is not illegal. Abusing a monopoly is illegal. Thus a more proper analogy would be Monopolists are like people who have baseball bats. They both have the power to commit a crime. If a baseball bat owner beats someone to death or if a monopolist bundles another product with their monopoly product, then they have committed a crime.

In the case of Apple, the courts aren't ruling if Apple has beaten someone. We know Apple is bundling. The courts are ruling if Apple has a baseball bat and is thus guilty of armed assault instead of simple assault. They are measuring the size and weight of the stick Apple has to see if it is legally a weapon. (To be a more perfect analogy, beatings would have to not be a crime unless committed with a weapon as bundling is not a crime unless the involve a monopoly product.)

Re:But what if Microsoft offered it all together?

[amliebsch]

It's been discussed, but I've never seen anybody substantiate this claim.

Obligatory apple joke (security related)

[FerretFrottage]

What's worse than finding a worm in your Apple?

Finding half a worm in your Apple.

Microsoft is just too nice?

[Shimmer]

It always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners

So if they bundled everything you list (anti-virus, anti-spam, encryption, etc.) into the operating system, you don't think they'd be accused of illegally leveraging their monopoly advantage? Just look what happened when they integrated a web browser into the OS a few years ago.

Re:Microsoft is just too nice?

[n2art2]

The difference is. . . . Try and get rid of explorer. It is one thing to offer/install/bundle an option for those services, that can be deleted if the user decides to use another service. It's another to integrate it so far into the OS that you are forced to use it. (Think beyond websurfing.)

Re:Microsoft is just too nice?

[aaronots]

Exactly. Not to say that Microsoft would do it right if they bundled all that functionality with the OS, but Apple has a competitive advantage by strictly controlling the hardware and being able to include anything it wants in an OS without the threat of an Anti-trust case. Microsoft could never do the stuff Apple does. Just look at iTunes; if Microsoft had a proprietary compression format that only they could use, and had 90% of the market i think it would be viewed as anti-competitive.

Re:Microsoft is just too nice?

[2nd+Post!]

Sigh. The issue isn't bundling. Read. Please read! The issue was illegally leveraging their OS monopoly to abuse/obstruct competitors.

Bundling is fine if OEMs, such as HP, Dell, and Compaq, can UNBUNDLE IE and install Firefox, for example. What happened was that Microsoft threatened Compaq with withholding OS licenses if they installed Netscape Navigator as the default web browser. Had they ONLY bundled, nothing would have been brought up against Microsoft.

Re:Microsoft is just too nice?

[2nd+Post!]

And Apple could never do the things Microsoft does:
1) Threaten Compaq with withholding OS licenses if Compaq installed Netscape Navigator as the default browser
2) Threaten IBM with increased OS license fees if IBM did not drop OS/2

Those were the lynchpins of the antitrust lawsuit. If Microsoft had ONLY bundled, they would not face monopoly abuse charges. Then HP could have UNBUNDLED IE and installed Firefox, or IBM could have unbundled Windows and installed OS/2.

Apple's bundles can be unbundled. That is the critical difference. Drag Safari, Mail, Virex, Appleworks, iCal, and Quicktime to the trash, and the OS still works.

slashdot this

[RichMan]

Anyone notice the link at the bottom of the article?

Links to slashdot submit article. http://slashdot.org/submit.pl

Cute.

in fairness to microsoft

[P3NIS_CLEAVER]

I wonder if they would have been slapped with an antitrust lawsuit if they incorporated antivirus in the OS. It certainly would of had a big impact on the antivirus companies.
Maybe with apple incorporating it they have the green light to go ahead with it.

Re:in fairness to microsoft

[hawks5999]

What you and others are missing is that there is not an anti-virus product in OS X. OS X is just naturally more resistant to viruses because of its security model and design. The green light is there and has been there for a long time for Microsoft to incorporate a sane security model. They have just demonstrated over and over their unwillingness to do so.

Re:in fairness to microsoft

[MECC]

Maybe with apple incorporating it they have the green light to go ahead with it.

Apple doesn't incorporate anti-virus/anti-malware into their OS. They incorporated good security, and made good use of it.

MS could easily do the same even more with their more featurefull security model, if they wanted to, without incorporating any anti-virus/anti-malware into their operating system. Odd that instead of fixing their security problems, they just opted to compete with anti-virus/anti-malware vendors.

All I know is ...

[boxlight]

I'm no network admin, but all I know is since I switched to Mac I have no Norton or Symantec software running and there's no signs of threats anywhere. boxlight

Re:All I know is ...

[NatasRevol]

Why?

Why not just put the AV on the Windows box?

You're just wasting your time & CPU cycles putting it on a box that has no need for it.

Anti-virus?

If you don't count a trojan as a virus, then you don't need an anti-virus if your OS is secure. Apple can work on securing its OS or on an anti-trojan, but any effort spent on an anti-virus is wasted.

What's launchd?

[peterdaly]

Was I the only Mac user who didn't know what launchd was off the top of my head?

In Mac OS X v10.4 Tiger, Apple introduced a new system startup program called launchd. The launchd daemon takes over many tasks from cron, xinetd, mach_init, and init, which are UNIX programs that traditionally have handled system initialization, called systems scripts, run startup items, and generally prepared the system for the user. And they still exist on Mac OS X Tiger, but launchd has superseded them in many instances. These venerable programs are widely used by system administrators, open source developers, managers of web services, even consumers who want to use cron to manage iCal scheduling, and they can still be called with launchd.

The launchd daemon also provides a big performance boost to your system. At any given time, only those daemons that are actually used are launched; combined with the fact that daemons can shut themselves down and be relaunched as needed means that you can reduce the average memory footprint of the system.

http://developer.apple.com/macosx/launchd.html

Re:What's launchd?

[Kadin2048]

It's not really a wrapper as much as it's a replacement.

The story I heard was that a bunch of Apple engineers got tasked with improving OS X boot times, and the problem they kept running into was the way that init worked. In order to create a good way of launching stuff simultaneously (when possible) and generally making everything boot quickly, they ended up just writing a new system for launching services, and the result was launchd. It also minimizes the number of running daemons at any one time, saving memory and processor cycles, and can start and stop them as-needed. Apparently you can also do some neat stuff like actually feed programs commands rather than just start/stop, but I've never used that.

I think Apple's hope was that other UNIX-ish systems might like the launchd concept and replace init with it, but I'm not sure that the faster boot times will really be worth the retraining costs for systems that aren't booted up often.

The things I dislike about launchd, aside from the traditional UNIX objection to anything which is New And Therefore Bad, is that its config files are XML instead of flat text, which I find obnoxious, and that it makes it marginally more difficult to see what services are running on a given system. You can be running a local mailserver but not have a daemon active, because launchctl will bring up postfix as needed. If you're not looking for it, you can miss the fact that postfix is set up. (However you can program it to bring up particular services and leave them -- in fact you can use init and cron normally, if you like.)

I still use cron for scheduled tasks as well, because I've never wanted to figure out how to replicate cron with Apple's stuff, but I'm told it can do that, too.

Overall I think it's pretty neat, and for a desktop-UNIX system it's a major step forward. For a server or non-desktop environment, I think the benefits are more mixed.

Re:What's launchd?

[bnenning]

launchd is open source; it even uses the Apache license instead of the APSL.

Re:What's launchd?

[n8_f]

You can be running a local mailserver but not have a daemon active, because launchctl will bring up postfix as needed.

Launchd will bring postfix up as needed. But, launchctl is what you want to use to see what launchd has loaded. And that is loaded, not necessarily running. The command you want to use is "sudo launchctl list". For example, mine shows org.postfix.master and com.openssh.sshd, which aren't actually running but will be activated when there is traffic on the specified ports. Of course, you'll also notice org.xinetd.xinetd. Nothing by default runs under xinetd, but if you've added a server, it could be in /etc/xinetd.d rather than in the launchctl list.

The XML vs. flat file debate has been fought all over the web, so I won't rehash it here, but I think the benefits of machine-parseability are worth it and it uses Apple's standard plist format, so it is consistent the rest of the OS.

Overall, launchd is a huge step forward. Apple has open-sourced it and it would be interesting to see it implemented in other systems. Perhaps Solaris can use it in exchange for giving us ZFS (10.5).

UNIX and viruses

[rice_burners_suck]

Viruses are definitely part of the umbrella concept we often call "security." I've heard it mentioned many times that Macs do not suffer from viruses because they have a smaller market share, and virus authors invest their time into attacking more dominant systems. People who say this generally go on to say that as the Mac gains a larger market share, the number of viruses available for it will grow. I think this is of little consequence.

Macs are based on UNIX. It's not faked to appear like UNIX, it is actually UNIX. The permissions system means that a common virus could damage a user's home directory, but the system for the most part would remain unaffected, including other users. It is still possible to write root-kit style viruses that take advantages of subtle bugs in the operating system and other software to gain control of the system, but this is significantly more complicated to do, and IIRC it was Theo from the OpenBSD project who said that attacks like this require many steps that often must take advantage of many vulnerabilities to elevate priviledges, and by fixing even one bug, a whole category of vulnerabilities (even if other bugs remain) becomes inaccessible to a would-be attacker. This, in addition to much of the code underlying OS X being available for hacking up by anybody, in addition to other projects actually hacking on this code (improvements from projects like Samba, Apache, GCC, FreeBSD, even various Linux projects, make it into Darwin and OS X.... and most of all the fact that users don't run as administrators, all of these reasons make it much less likely that viruses could be as damaging as on Windows.

Re:UNIX and viruses

[140Mandak262Jamuna]

I've heard it mentioned many times that Macs do not suffer from viruses because they have a smaller market share,

When people say something like that, hold them by hand and take them over to netcraft.com and show them the market share of Web servers. Apache has been owning >60% of it for a long long time compared with ~20% share for IIS. And point out that almost all the worms attack IIS and not Apache. The reason why Windows/IIS remain vulnerable is because MS wrote them, not becuase of their high/low market share.

Re:UNIX and viruses

[wfberg]

[..]say that as the Mac gains a larger market share, the number of viruses available for it will grow. I think this is of little consequence.[..] The permissions system means that a common virus could damage a user's home directory, but the system for the most part would remain unaffected, including other users [..] and most of all the fact that users don't run as administrators, all of these reasons make it much less likely that viruses could be as damaging as on Windows

I think this is thinking too much from the perspective of old-school "format c:" destructive virusses.

Today's malware isn't purely destructive anymore; in fact, little incentive exists to create a virus that merely destroys stuff.

Today we're seeing worms that are used to send spam or perform DDOS attacks, and ransomware that encrypts your files and will only unlock them after you pay up.

Access to a user's home directory is perfectly adequate for ransomware. Access to networkresources is sufficient to turn your computer into a zombie. Privileged system access is not the holy grail; access to specific resources are.

User-based security offers no protection against this. Instead people often install programs to limit access to, for example, network resources - a software firewall that will inspect a process to see if it's legit before letting it use the network. Likewise we will need a security subsystem that prevent programs to write to files not created by them. For example; firefox should be able to upload a word document (read permissions) perhaps, but surely only word or openoffice should be permitted to (over)write it.

This is more along the lines of capabilities, but it could be grafted onto user-based security systems (just run processes as different users and give those users permissions only to write to their own files and/or read from their own directories, with some exceptions (e.g. the filemanager)).

Todays programs are so flexible and scriptable, not to mention just plain big and unverifiable, let alone complex and exploitable, that simply saying 'these programs have been deemed safe by an administrator, so they can access all your files if you run them' is no longer an adequate means of making sure applications stay within bounds. We really need to make programs stay on their own turf. Not just files; how about that registry? Why the hell should every program be able to read all of it, and write almost all of it, even keys that belong to a different program?

It's not just windows; MacOS lacks such stuff at the moment too (though it will undoubtedly be much easier to integrate into it than into Windows). Really only SE Linux is set up to handle this sort of thing.

Re:UNIX and viruses

[Laur]

The permissions system means that a common virus could damage a user's home directory, but the system for the most part would remain unaffected, including other users.

In reality, this is not an important distinction for home users. I don't know about you, but I don't care a whole lot about by system, I can re-install everything without too much trouble. Replacing years of digital family photograghs, financial records, etc. in my home directory? Impossible. This is why I backup my home directly regularly, but don't bother with the system.

Re:UNIX and viruses

[j-turkey]

Viruses are definitely part of the umbrella concept we often call "security." I've heard it mentioned many times that Macs do not suffer from viruses because they have a smaller market share, and virus authors invest their time into attacking more dominant systems. People who say this generally go on to say that as the Mac gains a larger market share, the number of viruses available for it will grow. I think this is of little consequence.

IMO, this is a tired argument, especially considering what many modern worms actually do. I say this as a Unix systems administrator, so I'm not defending Windows inherent lack of security as a Windows user. I'm more trying to kill an argument from lazy Unix admins that just doesn't make much sense when considering the latest trends in malware. The reason why malware is so scary is that there is a real commercial interest in using remote computer resources on a massive level. It can be spam zombies, or a spyware'd box with amazon commission redirects. Even massive ddos'es can be staged from owned user accounts. All that's necessary is a socket. The fact is that the user versus superuser argument completely ignores modern trends. It's also a convenient argument for Mac users who love to spout how their systems are Unix and therefore impervious to attack (and they're actually not Unix, but this is really just a trademark issue and little more). I'll explain my position on security a little further below.

First of all, how many Windows desktops in the workplace actually have more than one user? What about MacOS desktops? I'd bet that it's actually a pretty small number. Own the user account, and you control most of what that system is used for.

Modern malware tends to only require a user account anyway. Need to create a spam zombie? Why would you need to root a box when a regular user acccount can spew email all day long (unless /usr/bin/sendmail is executable by root only, but nobody does that)? Further, as things utilities like sudo become commonplace, one can run a keystroke logger in the userland shell to own the user account and thus the box. Need to create an IRC bot? Why would one need a superuser-level account in order to do this? Furthermore, even without sudo access, if one really wants to own a box, a userland account is a great way to evaluate and expolit a box to escalate priveleges. Many of these are things that can be done with a simple trojan -- even a shell script can begin the process. A user just needs to be tricked into using this. After working in an office with many basic users, this is really easy to do -- regardless of the system.

Many of the anti-Windows arguments come from default permissions which can easily be closed by most admins (even those who are only partially competent). No system is better than the person (or people) running it. A perfect example is the author of the article. He took a Windows system and just dropped it on the public internet, then acted surprised that his system was rooted. I wouldn't do that with any of my Unix systems. Was there any reason why his 'Server' service was accepting traffic from the public internet? Why wasn't it firewalled at the border *and* on the system? Could I call a Mac inherently insecure if a user configures their system with plaintext auth (an FTP server, let's say) and passwords are sniffed from another owned box on the LAN?

Further, you haven't really addressed the most basic issue of social engineering. Are Mac users somehow more savvy and less click-happy? In my experience, OsX machines have a great way to install applications in kernel space. Just type your password, and the system automagically runs sudo and installs the app as root. The Windows run-as doesn't always work quite as well. Basic users aren't as vigilant as seasoned admins. They'll do or type anything that an installer tells them in order to get that cool fishie screensaver that their coworker in the next c

But it still has the rootkit fallacy

[Ed+Avis]

He seems to argue that Windows is less secure than OS X partly because if your Windows system gets infected, you can't trace the source of the problem, but with OS X you have a better chance of doing so. However I think this is the wrong thing to emphasize. If a piece of malware gets true root access on a system then it can do what it likes, including loading new kernel modules to hide files in the filesystem and so on. It's only lack of skill by some rootkit authors that make them detectable (so in effect, it's security by obscurity; there's a good argument that operating systems should make it as easy as possible to do such nasty things once you get root, so nobody will be tempted to think 'such things are only theoretical').

Now he does mention that most services on OS X don't run with unrestricted privileges, so there is much less chance of malware getting root *in the first place*. This is the important thing to emphasize - not what to hopelessly fiddle with once you are already 0wned.

I guess by root I don't necessarily mean what OS X or BSD or even Linux call root, but the classical Unix notion of the Almighty user who can do anything. Many BSDs have securelevel settings meaning that even root is restricted from doing certain things.

Re:But it still has the rootkit fallacy

[Onan]

A minor point of clarification, but macosx does indeed have a root account by default, and many system processes run as it.

There is, by default, no valid password for this account, and the gui does not volunteer information about it as an account for people to log into. But the account very much exists, and is used.

This is MS-FUD no doubt

>[...]it always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners.[...]

What bizarro-universe is the writer living in to write something so patently false?

Microsoft's Standard Operational Procedure is to wait-and-see which niche is picking up enough importance (and we all agree security is a major one this decade, right?) and then cutting off that vendor(s) oxygen by coming up with their own "superior" (guffaw) solution which MS gives away for free, next to nothing or by marrying it to some essential O.S. component.

Another piece of Microsoft-propaganda no doubt.

Sell it elsewhere, chum. I'm not interested in reading anything else you've written if this quote is representative of the drivel you are putting forth. Thank you.

Unfortunately his reasoning is flawed.

[mellon]

I think the conclusion that he draws is probably correct, but he doesn't really seem to explain why. The reason that systems like OS X and Linux are safer than Windows is not that launchd runs a shell, but that both Linux and OS X tend to run processes that don't need privileges as root.

This is a substantial win. However, if you manage to compromise a process that is running as root, you do have full control of the machine, and you can install your own privileged software on the machine without an authentication prompt appearing on the console.

Also, most of the man pages on OS X are woefully out of date, so giving the existence of these as a reason for why security is better on OS X is unfortunately a cruel joke. Third party apps from the Open Source community do often have better documentation, but the basic man pages from OS X are often years out of date - this is one of my pet peeves about OS X, I will admit.

It sounds like the hack he's describing occurred because he'd installed third-party software that ran as a service with an open port, as SYSTEM (i.e., with full privileges) and that took over his machine. The reason this is less likely (not impossible, just less likely) is because if you are running a third party server process on OS X, it's probably a piece of open source software like Apache, which has been vetted to within an inch of its life, because it is open source, and the many people who care that it is secure have the freedom to check that it is secure. And it probably doesn't run with full privileges, as the author says.

Anyway, like I said, he's right, but his reasoning is a little foggy. And it's important to be aware of the ways in which it's foggy, because this is your best chance of avoiding having your machine hacked.

Concept Versus Implementation

[99BottlesOfBeerInMyF]

Conceptually, I agree that LaunchD is a really slick idea and I really hope Linux and the BSDs take a good hard look at this code and the possibility of adopting it. That said, it is not a security panacea by any means, just one more clean, sensible implementation that leaves less room for a vulnerability. The thing that makes me hesitate to laud this feature, however, is the implementation. Apple has a lot of smart people working for them and a lot of old school UNIX geeks to whom secure programming is as natural as breathing. They also have a lot of coders and managers who realize that OS X is not a primarily security minded OS. Sure, it is better than Windows and on par with a desktop Linux distro, but it isn't a locked down OpenBSD install or a super secure Linux distro. They don't focus their efforts on security and it shows sometimes when they introduce new code. LaunchD replaces a number of time tested bits of code and while it is (IMHO) a much cleaner, nicer design I haven't a clue about how well written and tested it is, especially from a security perspective. I'd feel a lot better about claiming it as a security feature if I knew some white hats had pounded on it for a while and exposed anything Apple did not bother to think of. I'd feel a lot better if the OSS community in general jumped on it and adopted it, thus helping with this security testing and adding more eyes.

I like LaunchD. I like OS X as a desktop. Lets just not get carried away here with random claims about security. OS X is inherently more secure than Windows, but that really isn't saying a lot. I'm not willing to just assume LaunchD is secure in and of itself, let alone that it will play a big part in securing the OS as a whole.

Re:Concept Versus Implementation

[93+Escort+Wagon]

"Conceptually, I agree that LaunchD is a really slick idea and I really hope Linux and the BSDs take a good hard look at this code and the possibility of adopting it."

Up until a few weeks ago, people in the *nix world didn't want to look at launchd because of "contamination concerns" regarding Apple's open source license. However at the recent WWDC, Apple announced that launchd (among other things) is being relicensed under the Apache License - so hopefully that will do the trick for the open source crowd.

I realize that there are always going to be some GNU fanboys that won't touch anything unlesss it's under the GPL, of course.

Re:Concept Versus Implementation

[99BottlesOfBeerInMyF]

Um, if you are worried about holes in launchd, why not audit the source code yourself?

Because I don't have the time and because I don't trust myself to find any and all potential problems. I'd much rather Apple had a team of experts attack it on their dime and/or that the OSS community as a whole spent some time banging on it. They, collectively, can do a much more thorough job. I know some people are already looking at it, including some OpenBSD guys. In fact, I've heard rumors of potential DoS attacks that could take down the box if SSH is enabled on OS X 10.4 systems. We'll see if they pan out.

the article may have some good points, but...

I have to take it with a large rock of salt when I see

OS X has no user account with privileges exceeding root.

being offered as a "reason why OS X is more secure than Windows."

The article claims that Administrator on Windows is equivalent to root; and that SYSTEM is more powerful than Administrator (and by implication more powerful than root). This is nonsense.

Administrator is indeed less powerful than SYSTEM. However, Administrator is equivalent to a user on the sudoers list and/or with group write access to system directories. SYSTEM is the correct equivalent to root.

We may quibble about how well Administrator accounts are protected from trojans; or whether non-Administrator accounts on Windows are of much use; those are valid arguments. However, claiming that, somehow, SYSTEM on Windows is magically more capable than root is ridiculous.

If anything, Windows has a somewhat better design in that it is possible to set up privileged accounts with a specific power that only root has on UNIX, yet not have any of the other root powers. However, this capability is quite underutilized, and in many ways is undermined by other (unfortunate) decisions that Microsoft made.

Re:the article may have some good points, but...

[99BottlesOfBeerInMyF]

If anything, Windows has a somewhat better design in that it is possible to set up privileged accounts with a specific power that only root has on UNIX, yet not have any of the other root powers.

I don't want to quibble about nomenclature and real differences between security layers or accounts or whatever between platforms, but I think you're a little mistaken here. One of the reasons LaunchD is being applauded in this article is because it allows you to run a given process with very specific permissions without going to hassle of trying to create a special user account and while also integrating the scheduling and resource allocation in one, nice, neat, hopefully secure package. It obviates the need for straining the "user" metaphor as is so common. I don't exactly think it is really appropriate to claim it as the security benefactor, however, when what we're really talking about is that services aren't written to require unneeded permissions as much as on Windows.

Re:the article may have some good points, but...

[jcouvret]

And you forget one of the author's more significant points, which is SYSTEM has no password, no login script, no shell and no environment, an therefore offers an untrackable security risk.

Anti-virus software in the box?

[sjonke]

What users need is in the box: Anti-virus[....]

If it is, it's hidden pretty well. Macs don't come with anti-virus software.

Re:Anti-virus software in the box?

[kalidasa]

He's talking about OS X Server, not OS X. He doesn't distinguish between them himself, but if you look at the whole article, you'll see that he's comparing Windows Server to OS X Server; and OS X Server does have anti-virus and anti-spam services built-in as part of its mail services.

114,000 known viruses. Really?

[phatvw]

"...it always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners."

Since when has this been a "policy"?

With the DOD recommending that folks update their Windows PC's in the interest of National security, I don't think the same Government would launch an anti-trust campaign against Microsoft for including security tools in-the-box. If that were the case, Windows Vista with its built-in anti virus/anti-phishing/anti-spam/encryption/backup and a slew of other tools would be in real trouble and would ship late...

Oh wait...

In any case, I reckon the reason MS did not do security work until recently was simple economics. Folks bought the software anyway, so there was no incentive to spend up to 20% more on engineering costs with little return on investment. As security becomes a more mainstream topic, consumers and businesses are taking notice. Many corporations, including Microsoft, realize that there is money to be made in security.

Interoperability is a threat

[140Mandak262Jamuna]

When you own 90% of the market, not being interoperable with others is a commercial advantage. Yes, security is compromised, but it (MS) has trained corporations and individuals it is THEIR (I mean user's) responsibility to install and update "critical" security updates and install firewalls and antivirus software and keep them up to date. Now MS is going to sell anti-virus products. It is going to profit from the shoddiness of its own product. It is a great scam if you can get into it.

As long as corporations confuse interoperability with "windows compatibility" the scam will go on. Only when the commercial user who forks over billions of dollars to MS every year demand true interoperability and injects real competition, it will end. There is no advantage in being the first among the users pushing for it. Pepsi will not care as long as Coke is also spending relatively the same amount of money for similar services. But someday somewhere some corp will bite the bullet and spend what it takes to break the vendor-lock in, and only after that the security situation will improve.

Re:I might be missing something, but....

[great+om]

.mac comes with a subscription to virex.

Re:Market Share

[n2art2]

to be honest I would go after OS X. Why? Because no one else is. Those who get known are those who, "think different."

Microsoft's Intentionally Insecure?

[mpapet]

maintaining gaps in Windows security to avoid competing with 3rd party vendors

Whoever dreamed up this rationalization is gifted.

The holes are there by design. As in security wasn't a part of the overall design. I would argue that it still isn't.

Like all the versions that have come before, "It's more secure" for about a week after launch and then I'm back to cleaning out infected PC's. This works out great for me because it's my job. Personally, the people that take my advice to switch -always- thank me later for making a switch.

.Mac is not "safe".

offsite safe storage through .Mac

dot Mac is not in any way secure / "safe storage". Unfortunately I bought a subscription before I realised how dangerously unsecure it is. When I started to configure Backup, I thought I'd do some digging first to see what was going on. It turns out that credentials are sent in plaintext. Communication between the user and mac.com is not encrypted. Storage on iDrive is also not encrypted. Backup archives have no encryption.

It's completely wide-open to snooping attacks, and nobody should trust anything to it besides their weekly grocery list or other documents that they don't mind any snoopers (wireless interceptors or Apple employees) from freely browsing. I expect a major security breach is inevitable.. it's just a matter of time. It would take one person with a wireless snooper at Macworld, gathering hundreds of juicy high-profile targets to mess with - and dot Mac will be destroyed by a torrent of negative publicity.

Of the entire Apple product range, dot Mac is the one that is most stuck in the early 90's. It works.. but is a severely inadequate solution.

Re:Both are unusable

Lets see a goofy bar at the bottom of your screen that acts as a terrible task manager (OSX). I mach kernel and freebsd kernel combined to give extra slow performance(OSX)

Mac OS X's Dock is not meant to be a task manager: it's mean to be a collection of one-click shortcuts to your most commonly used applications, folders, and documents. That it also shows running applications to also easily switch between them is just a bonus, and does not make it into a task manager. If you want to see a list of running threads and processes, (force) quit processes, and graphs of CPU, Memory, and Disk usage, as well as Disk and Network activity, use Activity Monitor (/Applications/Utilities). It's all about the right tool for the right job.

You're dead-on with the performance issues of XNU, though.

Re:Security doesn't stop at the OS

[hoggoth]

I felt a great disturbance in the force, as if millions of spelling nazis and grammar nazis suddenly cried out in terror...

> Good artical
> realtivly
> the point is mute
> equaly
> becaomes
> less then
> secruity

Re:Market Share

[99BottlesOfBeerInMyF]

If OSX had that kind of a market share, youd bet your ass that everyone would be breaking down its walls, in exactly the same way.

Most people keep their money in their mattress. If most people had home safes, everyone would be breaking into safes and taking their money in exactly the same way.

Do you see how this analogy exposes the flaw in your logic? To show a classic example, IIS has a much smaller market share than Apache, but is compromised more often. If OS X had an equal market share as Windows, OS X would still be compromised less often for the following reasons:

• It has fewer exposed services
• It has more secure default settings, and most people don't change defaults.
• Normal users don't have permission to break things as easily
• Apple does not ignore local escalations, so there are a lot fewer of them
• Most services don't run with lots of unneeded permissions and complete access to root the box.
• On OS X software that needs you to be a privileged user is rare, unlike Windows.
• Not having a monopoly, Apple actually responds to security concerns and fixes them and will adapt to keep users happy. MS has people locked in and doesn't care.

Would you rather it effect Apples measly market share, or Microsofts dominant machine?

It depends upon my motivation. Ideally, it would run on both. The thing is, there is plenty of motivation for crackers to write malware for OS X, simply to gain publicity and respect in the community or to shut up smug mac users. It hasn't happened yet because there are a lot of barriers besides market share.

Most mac users are just as dumb as most windows users, they just tend to have some sort of superiority complex.

I'm not sure this is true. There are plenty of dumb users on both systems, but a lot of the security industry has moved to macs, providing a greater likelihood a mac malware will end up on the machine of someone with a clue. More importantly, however, mac users can be dumb, and because they have a more secure system by default, they are still not exploited as often.

neither is really better than the other, from a sheer 'does this work' standpoint.

I strongly disagree as do most users I know that have actually run OS X and Windows as their regular machine. From both a security perspective and a general use perspective, OS X is a more usable desktop machine for most people. Just because OS X is not perfect for security, does not mean it is as bad as the abysmal mess that is a standard Windows installation.

I think he has some points there

[guruevi]

Apparently this guy had the experience switching from Mac -> Windows and see what happens. A lot of people say it has to do with market penetration (Thanks to the M$ FUD) but nothing is less true. There are far more hosts running on any flavor of Unix or using the GNU tools or somewhat compatible tools for that matter than Windows hosts connected to the Internet.

The biggest flaw in Windows is stuff running as SYSTEM. Try this in Windows: schedule a command in a terminal to run cmd.exe the next minute using the "at" command. As you will notice, you will get your cmd.exe... running as SYSTEM. You don't even have to be a very privileged user to do that, kill your own explorer.exe and start explorer.exe in that cmd.exe you have and guess what: you're running your system as SYSTEM. This would be like running Bash, KDE or Gnome as root, although possible, you can't elevate root out of standard user rights. Same thing for hooks into IIS (.NET) or any other application, they can all elevate to SYSTEM without too much trouble. Would be like suggesting to run Bind or Apache as root, and as any Unix guru would say: Blasphemy! Blasphemy! and you would feel the vibration of Rich Stevens (http://en.wikipedia.org/wiki/W._Richard_Stevens) spinning in his grave at the speed of the fan running in the server.

Fixed in "Next" version

[Dareth]

Some of the criticisms in the article are perfectly valid, but many of them are (supposedly) going to be fixed in Windows 95 (whenever that gets out..) Is that out yet?

Some of the criticisms in the article are perfectly valid, but many of them are (supposedly) going to be fixed in Windows 98 (whenever that gets out..) Is that out yet?

Some of the criticisms in the article are perfectly valid, but many of them are (supposedly) going to be fixed in Windows 2000 (whenever that gets out..) Is that out yet?

Some of the criticisms in the article are perfectly valid, but many of them are (supposedly) going to be fixed in Windows ME (whenever that gets out..) Is that out yet?

Some of the criticisms in the article are perfectly valid, but many of them are (supposedly) going to be fixed in Windows XP (whenever that gets out..) Is that out yet?

Sorry to be redundant, have you heard this joke before already?

A few points

[Foolhardy]

The LanManServer service (aka Server) is mostly implemented in kernel mode in srv.sys, so most of the user-mode tirade is irrelevant.
[From the article]

SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX's root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore
The activity of SYSTEM is next to impossible to control or log.

SYSTEM doesn't trump Administrator(s): since either can control the kernel, they both represent full control. SYSTEM can't magically bypass security descriptors any more than administrators can; both have but indirect end runs available. SYSTEM's profile has the global system environment. In Win32, shells have considerably less importance, but SYSTEM processes can still have them. SYSTEM's actions can certainly be audited, so I'm not sure what they meant by impossible to log.

Most of the code running on any Windows system at a given time is related to services, most or all of which run with SYSTEM privileges, therefore [...]

There are lots of services running as low privilege LOCAL SERVICE and NETWORK SERVICE. Perhaps there could be more. Note that a single svchost can represent several services.

Windows will notify you on an attempt to overwrite one of its own system files stored here, but does not try to protect privileged software.

The binaries that implement system services are protected by system file protection. SFP isn't a security feature; it's there to work around buggy installer behavior.

Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage.

This isn't true on a domain where the admin has designated installable packages, and RunAs works fine for installation programs that are written properly.

Microsoft made it easy for commercial applications to refuse a debugger's attempt to attach to a process or thread.

I'm not sure what's meant by this, but if your kernel is owned on any OS, a rootkit can be installed to evade any kind of debugging.

Access to the massive, arcane, nearly unstructured, non-human-readable Windows Registry, which was to be obsolete by now, remains the only resource a Windows attacker needs to analyze and control a Windows system.

Non-human-readable? Never used the registry editor? The key and value names seem to be in English... It's like saying that a filesystem isn't human-readable because you need ls. There are no plans to make the registry obsolete for system configuration. In fact, the new boot loader's config database is a registry hive. As for owning the computer throught the registry, every key is protected by an ACL. There's nothing inherant in the registry that allows an attack, privilege escilation or otherwise.

Another trick that attackers learned from Microsoft is that Registry entries can be made read-only even to the Administrator, so you can find an exploit and be blocked from disarming it.

So then the admin takes ownership of the keys in question, forcibly with the SeTakeOwnershipPrivilege, and since the owner of an object can always set the DACL, the admin returns himself full control. Either that or use the SeRestorePrivilege to overwrite the key directly.

One of the strongest tools that Microsoft has to protect users from malware is Access Control Lists (ACLs), but standard tools make ACLs difficult to employ, so most opt for NTFS's inadequate standard access rights.

What's wrong with the shell's ACL editor? What's wrong with the default permissions?

OS X has no user account with privileges exceeding root.

Since root can ignore security, this isn't saying anything. In Windows, only the kernel can bypasss security.

Un

Behavioral flaws, not just technical

[Kadin2048]

What I thought was interesting in the article was how many of his complaints were probably due not to bad design per se, but to poor practices -- things like documentation, structural transparency, consistent use of system policies, etc.

What struck me is that there are definitely seeming flaws in Windows that make it insecure as-is, but that it doesn't have to be this way; Microsoft has chosen and continues to choose to operate in such a way that exacerbates rather than minimizes the effect of many of the inherent weaknesses of the platform. A similarly designed system, managed and documented differently, would probably be less problematic.

Re:Market Share

[Bartman_279]

If OSX had that kind of a market share, youd bet your ass that everyone would be breaking down its walls, in exactly the same way.

There are PLENTY of hackers out there, of every level, who would absolutely love to be able to point to themselves as the first "l33t hax0r" to write a real world OS X virus and "wipe that stupid little grin off their [Mac user's] smug little faces."

And in the six years OS X has been out, not one, NOT ONE, has succeeded.

Microsoft wouldn't need to offer it all together

[BearRanger]

...if Windows were designed securely in the first place. This isn't a troll, just an observation.

In a sense everyone is trying to argue that Microsoft can't include additional security tools because they'd be accused of leveraging their monopoly. The enitire antivirus industry likely wouldn't exist, and this would be a moot point, if Windows were designed securely from the start.

What we seem to have now is pressure on Microsoft not to make things *too* much better because they would wipe out a lucrative business niche occupied by third parties. Microsoft is a slave to backwards compatibility, so they won't scrap everything and start from scratch. But they can't win because if they offer an antivirus solution they're leveraging their monopoly unfairly. Or they're an extortionist because they failed to secure Windows properly, but are getting more money from customers by forcing them to purchase their anti-malware solution.

OSX is better than Windows in terms of security. But Microsoft only have themselves to blame. They should break with backwards compatibility, buy themselves and Linux distro and layer the Windows GUI and APIs on top of it. Do it right and their security problems will be a thing of the past.

The way I see it

[JoeCommodore]

Windows systems have been, are, and probably will be getting hacked - a lot - on all levels in the forseeable future, they talk up security but there is still the current (well publicized) vulnerabilities.

Other systems (Mac/Linux) aren't having such major issues - they tout security, and are blasted because 'they are obscure'. There is a lot of 'talk' of possible vulnerabilities, and there are speculations there may be vulnerabilities. But they are STILL more secure now and have a good track record.

What part of this would make me trust Windows more?

Windows Firewall Device?

[thewils]

I'm just wondering if anyone has ever built a firewall device from a Windows box. When I search for "windows firewall" all I get are references to the application that runs on windows, not any kind of firewall device.

You could build (and Linksys, SMC, DLink etc have built) a firewall device from Linux, *BSD, maybe OSX of which I have no experience, but who could or would build a firewall device from Windows?

Would you really have to be off your gourd to trust one?

Re:Windows Firewall Device?

[99BottlesOfBeerInMyF]

I'm just wondering if anyone has ever built a firewall device from a Windows box.

Please shut up right now before you give some braindead manager an idea. We have a projector some creep built on Windows and we can't even keep it from crashing all the time. Do you know how much of an idiot you look like when you're giving a presentation and your projector crashes, you have to pull the plug and listen to the Windows start-up chime? Its like telling people your monitor crashed. They look at you like your brains just dribbled out of your ears.

Re:Market Share

[memoryhole]

Your argument can be easily demonstrated to be false. In particular: Apache is currently (and has been for a while) the most popular web server on the market. It has something approaching 70-80% market share. However it does not suffer from 70-80% of the vulnerabilities and exploits that are out there. What web server *does* suffer from 70-80% of the exploits? Microsoft IIS. For some reason, it's more exploited despite having significantly less market share. Thus: arguing that Microsoft's problem is simply one of exposure is a totally bogus argument.

Secure principles

[blakestah]

Mac is not dramatically more secure through launchd...

It is simple really. Six years into OS X, growing market share, and no viruses in the wild.

First principle. No ports open by default. Macs ship with a closed box. Plug it into the Internet, wait, and your machine will never get infected simply because it is not listening on any port, and no attacker has any foothold to get into the box. Over the years Windows has shipped with a wide variety of open ports, whether they be for netbios, smbd, messenger, IIS (on NT), or others. Many of these have been launching pads for viruses and worms.

Second principle. Design the OS from the ground up to support privilege descalation. That is, make it so that every action on the machine is executed with User privileges or less, unless you really need more privilege. Launchd is a part of this. On Windows, you still have ActiveX with escalatable privilege, and people get infected from web surfing or opening email.

That is really all it takes. Make it so a user cannot compromise the OS trivially, and there are no open ports, and you made a box as secure as a Mac. Once you start opening ports, you need to know what you are doing or you will be 0wn3d by some script kiddy. Make it secure by default, and force the user to take positive action to do anything that is a potential security problem (like installing executables from random places on the internet).

My Response (I know you want to read it!)

[scovetta]

Interesting read. I agree with most of his points, with comments on the following:

Microsoft does not sign or document the name and purpose of the files it places in SYSTEM32
Most, if not all of the files can be identified through a simple Google search. It doesn't get Microsoft off the hook -- they should provide proper documentation, but such information is available.

Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage.
Not all software. User-level installations should be possibly to non-restricted directories.

Windows requires extraordinary effort to extract the path to, and the files and TCP/UDP ports opened by, running services, and to certify that they are valid.
TCPView. Now you have it. And since Microsoft now owns Sysinternals, I guess they have it too.

Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these.
This is not really Microsoft's problem. If no one can remember the features of the OS, it's their fault when they overlook them.

Apple's daemons have man pages, and third parties are duty-bound to provide the same. Admins also expect to be able to run daemons, with verbose reporting, in a shell for testing.
Duty-bound? Sure, they probably all provide them because that's what everyone else does, but most Windows applications include a help file too.

Launchd can tripwire directories so that if they're altered unexpectedly, launchd triggers a response.
I believe TripWire exists for Windows too.

The UNIX/POSIX API, standard command-line tools and open source tools leave malware unable to hide from a competent OS X administrator. It takes a new UNIX programmer longer to choose an editor than it does to write a console app that walks the process tree listing privileged processes. Finding the owners of open TCP/UDP ports or open files is similarly trivial. The "system" is not opaque.
I may be wrong here, but aren't their other ways of injecting malware into a system than setting it up as a detectable process? I know on Windows machines there are a number of ways to get around a process walk -- does the same thing exist in *nix?

Total crap

[jiushao]

It is not that hard to argue for OSX security over Windows security due to the track-records, but this article is total crap. A few of the points:

• All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services.: Right, just like how OSX daemons are launched by launchd, what is the point here?

• By default, Windows launches all services with SYSTEM-level privileges: This is plain false, you have to give a user account that the service should run as, and at that point the extremely comprehensive NT security model kicks in.

• SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX's root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore the activity of SYSTEM is next to impossible to control or log: Right. I don't see the problem. This is akin to the classic "you should not always run as root", it is counter-intuitive to people used to the UNIX security model of course, but it is not by any means a bad idea. There is no reason to have ridicolously powerful login accounts when such priviliges are better brokered by daemons. If needed you can of course still elevate the permissions though, but it should not be needed.

• Windows buries most privileged software, service executables and configuration files in a single, unstructured massive directory (SYSTEM32) that is frequently used by third parties. Windows will notify you on an attempt to overwrite one of its own system files stored here, but does not try to protect privileged software: This is an odd complaint, of course the NT security model applies to system32, set any permissions you feel like. Massive usntructured directory? In comparison to the fine old let's-dump-it-in-/usr UNIX tradition? :)

• Microsoft does not sign or document the name and purpose of the files it places in SYSTEM32: Right click on any dll/exe in system32, click properties, click version and you get a short description of what the file is for.

• Windows requires extraordinary effort to extract the path to, and the files and TCP/UDP ports opened by, running services, and to certify that they are valid: Granted the builtin stuff is weak, which is why every sane Windows user quickly downloads Process Explorer (recently bought by Microsoft actually, keep your fingers crossed that it becomes standard). At any rate, pretending that this is an inherent property of the operating system is plain wrong.

• Access to the massive, arcane, nearly unstructured, non-human-readable Windows Registry, which was to be obsolete by now, remains the only resource a Windows attacker needs to analyze and control a Windows system: Massive sure. "Arcane"? How so? Seems quite similar to Mac plists actually. "Nearly unstructured"? This is just bullshit, it is extremely well-structured. "non-human-readable"? Well, use regedit, not unlike needing a utility to read binary property lists on Mac. The core of the complain appears to be "if we hide settings all over the place they'll be hard to find for the bad people!" which is the worst attempt at security-through-obscurity I have ever heard.

• Another trick that attackers learned from Microsoft is that Registry entries can be made read-only even to the Administrator, so you can find an exploit and be blocked from disarming it and Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these: "Once executed with administrator priviliges exploits can do hard-to-recover harm to your system, the horror!". These are idiotic complaints.

With all that said I can easily see people going to OSX to improve security, that does not make that article anything but deeply flawed however.

Re:Total crap

[pboulang]

I think a lot of your responses are tripe, kneejerk, and not well thought through. Let's look at a few:

"Microsoft does not sign or document the name and purpose of the files it places in SYSTEM32:" Right click on any dll/exe in system32, click properties, click version and you get a short description of what the file is for.

I see a file. I click on it. There is a desciption. ok... so how can I tell if that file is supplied by microsoft or is it droppings from malware? Part of the article you ignore in this instance is that there is a MASSIVE number of files in %winnt%\system32 and you just can't look up every file every day.. heck, even once. Even dll's are a pain in the butt to look up in the registry.. if I register it multiple times there are multiple entries (each under the GUID, not in English) and it is DIFFICULT to determine which one is "real"

"By default, Windows launches all services with SYSTEM-level privileges:" This is plain false, you have to give a user account that the service should run as, and at that point the extremely comprehensive NT security model kicks in.

*sigh*, install windows. Now install IIS, heck at least 2003 doesn't install stuff automatically anymore. Reboot, yada yada.. Got to port 80 on your webserver.. is it running? It IS?? BUT BUT BUT YOU didn't specify what user to run as?!?!? Seems that somehow IIS is running as SYSTEM BY DEFAULT

"Another trick that attackers learned from Microsoft is that Registry entries can be made read-only even to the Administrator, so you can find an exploit and be blocked from disarming it and Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these:" Once executed with administrator priviliges exploits can do hard-to-recover harm to your system, the horror!. These are idiotic complaints.

Think about what the complaint is about, even if not well written: NTFS allows secondary streams, and the only programs that use them for the most part are Malicious. The complaint is that the OS allowing access to these streams is YET ANOTHER point of contention. It is not an exploitable hole (in the hacker sense), but it is exploitable by hackers (in the making Windows hard as hell to keep secure). Simple to close that up.., yet Microsoft just seems completely unconcerned.

"All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services.:" Right, just like how OSX daemons are launched by launchd, what is the point here?

Launchd allows you to specify rights. You get a lot more control of the order processes are started. Launchd, like xinit, allows you to start processes on demand. Launchd can control who/what is allowed to start processes, unlike the "net start" command, "oh it's set to automatic, great, I'll start it" mentality.

Overall, I give you 4 MEH's out of 5.

Re:Total crap

[Foolhardy]

There is a desciption. ok... so how can I tell if that file is supplied by microsoft or is it droppings from malware?

System binaries have digital signatures. Five seconds on Google turned up To verify that system files have a digital signature. Process Explorer can also verify the signatures of loaded binaries. In any case, the system directories are trusted and can only be modified by highly privileged accounts (i.e. admins); if malware can put files in here, the machine is already compromised.

Even dll's are a pain in the butt to look up in the registry.. if I register it multiple times there are multiple entries (each under the GUID, not in English) and it is DIFFICULT to determine which one is "real"

Only COM libraries have GUIDs. The registry is not a dictionary of all libraries. Besides, if the machine registry has been altered by malware, that malware already had admin privileges and might as well have already installed a rootkit by now.

Think about what the complaint is about, even if not well written: NTFS allows secondary streams, and the only programs that use them for the most part are Malicious. The complaint is that the OS allowing access to these streams is YET ANOTHER point of contention. It is not an exploitable hole (in the hacker sense), but it is exploitable by hackers (in the making Windows hard as hell to keep secure). Simple to close that up.., yet Microsoft just seems completely unconcerned.

There are many legitimate uses for alternate data streams. For example, they're used by the summary information in the shell's dialog for file properties. This data is also used by the indexing service. Since the interfaces have been published and supported for a long time, disabling them could break a lot of software for something that admittedly isn't a vulnerability. If you've let malware create files at arbitrary locations on your disk, you've already got a bigger problem. Otherwise, use streams to locate exting alternate streams.

Launchd allows you to specify rights. You get a lot more control of the order processes are started. Launchd, like xinit, allows you to start processes on demand. Launchd can control who/what is allowed to start processes, unlike the "net start" command, "oh it's set to automatic, great, I'll start it" mentality.

The SCM allows you to specify an any account (that has the "log on a service" privilege) you have the password for to run the service as. SYSTEM and the low privilege LOCAL SERVICE and NETWORK SERVICE accounts are also available. Services can be started, stopped, and paused on demand via services.msc or sc.exe or the related API functions. Every service can have a list of dependencies. You can see these with services.msc or sc.exe enumdepend. These dependencies are always started before the service in question starts and must be stopped after the service stops. See About Services.

There are a lot of services that run as SYSTEM, but remember that Win32 doesn't have setuid binaries. Instead, NT uses privileged services accessible only on the local machine that listen for requests. Compare the entire list of setuid binaries plus daemons that run as root (and any dependent libs) on a UNIX to all the processes on NT that have the SYSTEM token (and any dependenent libs)-- these are the comprehensive lists of system trusted user mode binaries for the two platforms.

Re:Total crap

[Senjaz]

Windows requires extraordinary effort to extract the path to, and the files and TCP/UDP ports opened by, running services, and to certify that they are valid: Granted the builtin stuff is weak, which is why every sane Windows user quickly downloads Process Explorer (recently bought by Microsoft actually, keep your fingers crossed that it becomes standard). At any rate, pretending that this is an inherent property of the operating system is plain wrong.

I can only hope you are right, but past experience with MS buying out other companies is that very few actually last. Most just wither and die from lack of maintainance. Process Explorer is comparable to Activity Monitor on OS X and is so much better than Window's default task manager. When we heard that MS bought it there was a collective "Oh no" from our office.

Re:OS X is better,but...

[TeknoHog]

I'm sure OS X is more secure then windows but give me a real unix operating system,os x is so hacked up and different it doesent even feel like a real unix operating system.You cant even mount ext2/3 in os x,whats up with that?

On the other hand, OS X doesn't have all the legacy cruft of ye olde unix. I think one of the main strengths of Apple systems is that they do a clean start every now and then. Quite contrary to the Windows style of supporting everything since the DOS days.

Personally I prefer Linux for the sheer amount of control. But the Apple way might have some benefits compared to more traditional unices. In any case I believe it's much more secure and sane than any Windows. I've recently convinced a friend to get a Macbook, since it's pretty much the only way to get a real OS preinstalled.

Windows Firewall?????

[GlL]

"The default in Windows is now to have no open ports as well due to the Firewall,"

The Windows Firewall is worthless, and does very little against any kind of attack. See the results of http://www.firewallleaktester.com/. The windows firewall in reality is more "security blanket" than Security. The point of many complaints that you wil see here is that there are so many backdoors to the core components of MS operating systems that security is a nightmare. Personally I agree with your analysis of the state of anti-malware. I just think that there is too much financial incentive for a completely secure end-user OS to not be designed. Just my cynicism speaking.

Clearly the Fanboi's Are

[cyberbian]

Getting extra mod points these days. Rather than informing themselves by actually reading the specifications and informing themselves on the issue at hand, they mod real problems down, preventing other users from the opportunity to inform themselves as well.

I thought that this was news for nerds, and stuff that matters. Well, if it doesn't matter that there are no protections in place for owners of TPM enabled equipment to Slashdot, I guess they're already cashing their cheques from Apple. In light of the consistent pro-Apple slant to this site, I will refrain from recommending this site to new tech-people as one of the 'go-to' sites for stuff that matters.

Frankly I'm disgusted by your incredulity, as any self-respecting tech would first inform themselves as to the issue, and then make their decision, rather than mod down a story that is a) on topic (if we're actually discussing Windows v. Apple security) b) relevant as software runs on hardware c) not an attempt to troll for (un)favourable responses, but rather an attempt to elucidate a very clear and present issue facing computer users today.

In closing, to whoever modded me down: 'Bite Me Fanboy' to quote the Main Man.

legacy compat: implement unionfs

[pikine]

I find your excuse of legacy software annoying.

The subject line is a short summary of the solution that Microsoft should have implemented a long time ago---to implement a union of file systems so some files are drawn from a read-only file systems and others from a read-write file system.

See http://en.wikipedia.org/wiki/UnionFS.

Basically, the program folder has only read access to users, but unionfs of the program folder and a user folder in "Documents and Settings" would allow each user to modify content of that program folder independently. Users do not see each other's changes, and the main copy is left intact. You also don't need to be a privileged user to run that program.

Mac OS X also has it. See http://www.kernelthread.com/mac/osx/arch_fs.html.

I apologize in advance if Microsoft has already included that feature, but I would get even further irritated because there is absolutely no excuse now to make everyone administrators.

Virus model

[david.emery]

It's important to fully consider the virus model. There are two -completely separable- parts to an infection, regardless of whether it's computer or biological:

1. there has to be a vulnerability

2. there has to be a vector

Now market share has substantial impact on -vectors-, but has -no impact- on the core vulnerability. This is the point so many people miss when they claim that the only reason MacOS X is not infected is because of market share. This is not my original thought, but I'm very sorry I do not remember who first pointed this out to me. (If you read /., please stand up and take a bow!)

For a long time (I don't know if this is still true), the Army corporate Intranet, Army Knowledge Online (AKO,) was run on top of a whole ton of Macs. This was after the Nth infection of their previous Win NT baseline, and the 3-star said "Fix it." It's my understanding from about 5 years ago from a friend who worked on that project that there were a few first-stage penetrations/DoS attacks, but NO (zero, nada, zilch) successful infections of the Macs, even when they were running WebStar on OS9, and then none when they moved to OS X. (He provided no details for security reasons, and I didn't ask. But having known this guy for 12 years at that point, I take him at his word.)

So to those who claim that "there's no reason for a hacker to infect a Mac-based system," I'd point to both the big-time hacker glory that people in that culture would get for screwing up www.us.army.mil, and to the much more serious impact of a deliberate cyber-attack (e.g. Al Queda, Hezbollah, Chinese espionage, etc - all of which I believe are documented as attacking US military web sites, and unfortunately with some success for sites other than AKO.) Most well-run websites can detect a penetration, even without a change to the home page.

Anyway, my point is that the lack of infections has to be attributed primarily to lack of vulnerability, and in evidence I offer the big headlines that come out whenever someone thinks they've found a vulnerability in OS X. But so far, to the best of my knowledge, there's been no successful infection "in the wild", and certainly NOTHING to resemble the Windoze viruses that seem to spread across the 'Net about every year or so. This canNOT be attributed only to "lack of market share".

          dave

WebKit != Explorer

[tgv]

WebKit isn't Explorer. The Windows equivalent of the Finder, the Explorer, shares (many) DLLs with Internet Explorer; it even seems to share resources at run-time with it. The OSX Finder doesn't use WebKit (at least not up until now). The only thing you will damage by removing the WebKit framework is applications that use it to display HTML or provide other simple browsing functionality, not any system application. Under Windows though, you would take away the entire interface.