A Closer Look At Apple Leopard Security

Last week we discussed some of the security features coming in Leopard. This article goes into more depth on OS X 10.5 security — probably as much technical detail as we're going to get until the folks who know come out from under their NDAs on Friday. The writer argues that Apple's new Time Machine automatic backup should be considered a security feature. "Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X — perhaps in the history of Apple — from a security standpoint. It marks a shift from basing Macintosh security on hard outside walls to building more resiliency and survivability into the core operating system."

Re:WTF???

[99BottlesOfBeerInMyF]

Time machine is a security hole from hell. Just suppose you record some pr0n of yourself using the built in iSight, then think better of it and delete the files. Now anyone can casually sit at your desktop and retrieve all the compromising files.

Apple just made it easier to recover deleted files, if you're using backups. If you're not using backups, there is no problem. OS X has also long had a "secure delete" option that not only deletes the file, but writes over it with random data multiple times, ala DoD requirements. I'd be willing to bet that also does the same on your time machine backups.

Re:Leopard Screenshots and Tutorials

[NtroP]

Your sig as it stands makes it sound like Apple would base an OS on Windows for some reason, which is obviously ridiculous... Actually, when Apple was looking around for a replacement kernel for their new operating system they briefly considered the NT4 kernel before rejecting it and BeOS for NeXT.

Re:Code randomization a bad idea

[puetzk]

I can't say for sure that Apple did this, but do note that randomizing it once per computer (e.g. ramdomize it *while* prebinding) is very nearly as effective as randomizing it every time. It still means someone can't write exploit shellcode that works on all (or even a significant fraction) of machines. This is the approach glibc's prelink uses.

Re:Significance

[uncleFester]

Maybe in the history of Mac OS X, but definitely not the history of Apple itself. I'd say that would be, oh, the shift to Unix.

myself, i would consider the shift in architechure a greater historical shakeup. it's still amazing to me apple has shifted their core processor/architechure setup twice, including an emulation layer (each time) to ease transition. i had (and still own) a Motorola Mac (SE/30, Moto 68030 CPU) and remember the titanic shift it was migrating to the PowerPC. And, more recently, shifting from the Power/RISC platform to Intel. I think Apple's continued demonstrated ability to shift its underpinnings with damn near nary a disruption is scary impressive. :)

-r

The Classic interface

[Kadin2048]

I was never into Macs back in the day so I can't comment on old vs. new Finder or spring loaded folders, etc., but I find it telling that the only people who seem to seriously dislike the new Finder are the ones who seriously loved the old one. To everyone else it's pretty spiffy and a reasonably good model of how such things are supposed to work. That is, I'm not at all convinced that the old Finder was actually superior; it's just that people liked it that way, darnit, and anything different is inferior by definition. As someone who used the old (oops, "Classic") Mac OS from versions 6-9, while I do think there was a certain level of curmudgeonness among the people who swore they wouldn't switch, there were very legitimate concerns about the OS X Finder and GUI, which I'm not sure have really been resolved.

Don't get me wrong, I still think OS X is better overall, because of its underlying architecture and a functional CLI, but the Classic Mac GUI had been honed incrementally over almost two decades before Steve just decided to bin the whole thing and reinvent the wheel. It was that interface which made the crappiness of OS 9 worth dealing with, despite the fact that you could hang the whole system by holding down the mouse button, and had to manually allocate memory, and everything else. It was the Mac's saving grace -- perhaps its only saving grace -- throughout the 'lean years' of the platform. And that's why a lot of users just never got over its elimination; it was, for many people, the only reason why they'd stuck around for so long.

There was no real reason to change it when the old codebase was dropped for NeXT's: even if none of the code needed to be kept, the interface guidelines that had evolved as best practices, arrived at by painstaking trial-and-error by generations of Mac programmers, could have been retained. What I think happened is that Steve Jobs wanted more eye candy, and wanted to make the entire desktop reflect the OS's "newness." It was a sales tactic, and although I don't think there's any debate that it worked, it was a pretty huge cost.

OS 9 was an operating system with a great GUI and a terrible backend; OS X had a great backend, but a GUI that was almost unusable at first, and which has only very recently come back on par with the Classic OS circa System 7.5 or so. (They just recently snuck the option-click-to-close-all-Finder-windows trick back in, which I believe originated on the IIgs, and was definitely missing for a while in early OS X versions...)

(Incidentally, the interface scizophrenia isn't limited just to the Mac OS; you also see this behavior in some of the major Apple apps [e.g. iTunes] -- every time there's a whole-number version increase, some part of the interface gets changed, apparently for the sake of changing it. It's as if they realize that some people won't believe that anything is different unless the widgets change, so they scramble everything around periodically, just to keep everyone on their toes.)