Foundations of Mac OS X Leopard Security

jsuda writes "At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable." Read below for the rest of Jsuda's review. Foundations of Mac OS X Leopard Security author Charles S. Edge, Jr., William Barker, and Zack Smith pages 455 publisher Apress rating 9 reviewer jsuda ISBN 978-1-59059-989-1 summary Best book on Mac Security Many of the security issues raised in the book are theoretical or deal with added elements of the Mac software install that contain non-Apple components — Apache Web server and Perl and PHP scripting packages, for example. Many of the items of concern deal with generic problem areas of computer usage in general, both software and hardware, which affect the Mac as well as any other computers and networks. While the perspective of the book is on the Mac, much of the security review will apply to any type of computer or network.

Messieurs Edge, Barker, and Smith are seasoned Mac and security professionals who point out in a very systematic and comprehensive way the potential problems of running the Mac both in single use and networked environments. The focus is primarily on Mac OS X Leopard and the other software which comes with any new Mac computer, although there is some discussion of earlier OS X versions and earlier generations of Apple applications like Airport.

The book has five main parts covering general security matters, essential security fundamentals, networking, sharing, and workplace security issues. There are four very short appendices of modest value.

The initial first three chapters deal with general security and security fundamentals is basic stuff discussing how technical computer security issues are entwined with practical realities of using computers in a business or home, and that compromises between security and practicality generally must be made. There is discussion of types of security attacks, how the Windows booting programs, Parallels and Boot Camp, implicate Windows security issues on the Mac, and how the UNIX underpinnings of the Mac OS X allow for more sophisticated techniques and tools in securing the Mac computer and networks. Chapter 1 is a useful "quick start" guide of items which can be addressed readily by nearly any level of user to safeguard the Mac from many security concerns. Apple has provided a lot of built-in security features and services which can be adjusted by individual users to his or her own needs, like FileVault, Secure Trash, Keychain, permissions, and others. Higher-level users and maybe experienced security professionals not used to the Mac may be bored with the first part of the book.

Part two deals with protecting the Mac from malware and exploitable services in the OS and major applications like the Safari browser and Mail applications. It explains how malware can affect the Mac through script viruses, social engineering techniques, and other exploits. The book lists a number of available software tools which can help solve some of the potential problems. The section on reviewing and configuring monitoring processes and logs is especially interesting.

Securing networks, using and configuring firewalls, and wireless networking make up the bulk of part three. The content in chapters 7 through 9 is quite technical covering types of networks; routers, hubs and switches;proxy, DMZ, and other servers and hardware setups, advanced firewall configuration using both GUI and command line interfaces; filtering; traffic throttling; and more. The sections describing testing of firewalls and hacking wireless networks using tools like Kismac and iStumbler are especially useful.

Chapter 11, in part four, dealing with website security when utilizing the built-in Apple web services, includes a checklist of at least a dozen items to be dealt with in locking down a site. Security for remote conductivity is addressed also, with particular emphasis given to VPN, secure shell, and the use of network administration tools like Timbuktu and DAVE. Attention is given to both the standard Mac OS X installation as well as to OS X Server. The most complex discussions involve using Open Directory in a security plan. My favorite sections were in chapters 14 on network scanning, monitoring, and intrusion prevention tools. The book describes how to understand your own machine/network security status by learning how to attack other networks. And how to use techniques like white/black box testing, fingerprinting, enumeration, port and TCP/UDP scans, ping sweeps, and more.

The book describes how intrusion detection is accomplished. Guidance is provided on software tools like Tripwire, snort, Checkmate, and others. The last chapter concerns forensics and how to handle attempted or successful intrusions to both understand security weaknesses and to preserve evidence for civil or criminal proceedings, CSI-like.

Nearly all of the presentations cover two levels of interactivity using either GUI-based tools or the command line. Except for a handful of sections, the presentations are useful even for higher-end users, including those dealing with medium to large networks.

The writing is workmanlike and without style or wit, but carefully organized and expressed. There are plenty of (grayscale) screenshots of relevant software application configurations, and sidebar Notes and Tips on many topics. Anyone who has a serious interest in Mac OS X security will benefit from this book as its main virtue is its systematic and comprehensive approach to the issues. It is designed to inform users of all levels how and why to think about OS X security. Geeks who want or need to know Mac OS X security will get a nicely organized book sufficiently filled with useful content. This is not a book intended to raise all security issues or to provide all the answers. It does answer many problems, and will point nearly all users in the right direction for their specific needs.

You can purchase Foundations of Mac OS X Leopard Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

A good start to the discussion

[jeiler]

OSX is intrinsically far more secure than Windows, but all systems have their vulnerabilities. For Mac pros to acknowledge that "far more secure" does not equal "completely secure" is a good step in the right direction. Thanks for the review, jsuda.

Re:A good start to the discussion

[negRo_slim]

OSX is intrinsically more secure than Windows There fixed that for you. Let us not forget Windows also faces much more exposure due to it's market share. But then again anything that's not locked in a room with no network access is going to be vulnerable to one degree or another.

Re:A good start to the discussion

OS X has a solid architecture, but all the evidence indicates that Apple has not taken security seriously as a process issue to the same extent that Microsoft has.

Some of the recent bugs with Safari remind me of the stuff MS was doing 10 years ago, where junior programers hacked together E-Z features without any consideration for the security implications.

The other issue is that QuickTime is a huge smelly bug-filled legacy turd, but thankfully Apple has announced that they are rewriting a replacement.

Re:A good start to the discussion

[neil-ngc]

It's hard to write much about security holes when there isn't much of a history of attacks. Can we say "OSX is intrinsically more secure?" Maybe, certainly a lot of its default configuration tend to be more secure than Windows' defaults.

But what's made, and perpetuated, the notion that Macs are immune to viruses and other attacks is that there just aren't very many of them out there. Even with Mac's quickly growing market share, it's still far more lucrative to target mass market windows machines.

Re:A good start to the discussion

[The+Ultimate+Fartkno]

but all systems have their vulnerabilities. *shocked gasp!*

villager: Look, Slashdot, look! A heretic!

*rumblerumblerumble*

unix mob: BIND HIM TO A SERVER RACK WITH CAT-5 AND BURN HIM!

dissenter #1: We can't!

unix mob: Why not?

dissenter #2: Halon fire suppression system in the room!

*natternatternatter*

unix mob: Make him use Windows...

jeiler: Do your worst!

unix mob: ...VISTA!

jeiler: NOOOOOOOOOOOOOOOO!!

Re:A good start to the discussion

[prockcore]

as long as the Applications folder is writable by the primary user by default, OSX is intrinsically insecure.

OSX is vulnerable to the oldest of viruses.. the kind that attaches to an executable and then spreads to all your other executables.

It doesn't need you to type your password in order to infect Safari or iTunes.

Re:A good start to the discussion

[palegray.net]

Some of the recent bugs with Safari remind me of the stuff MS was doing 10 years ago, where junior programers hacked together E-Z features without any consideration for the security implications. As opposed to now, where junior programmers are assigned to security-related tasks? I'm not sure it's much better...

Re:A good start to the discussion

[peragrin]

actually if things continue as they are I wouldn't be surprised if Snow Leopard requires signed binaries like he iPhone does. The iPhone does run a stripped down version of OS X so it is very possible that apple will due the DRM MSFt has only dreamed about.

Re:A good start to the discussion

Bullshit. As I recall, Mac OS X was the first to fall to a remote exploit compared to Windows Vista and Linux.

What about that recent AppleScript root escalation exploit? What about the hundreds of other exploits we've heard about, but the cult of Mac has dismissed and quietly buried?

Re:A good start to the discussion

[jeiler]

OSX is intrinsically more secure than Windows There fixed that for you. Let us not forget Windows also faces much more exposure due to it's market share.

I'm aware that Window's market share makes them the "low-hanging fruit," but even without considering market share, OSX has fewer security holes than Windows.

Most of the difference seems (to me, YMMV) to be remnants of OSX's background in BSD, and the security practices in the BSD world--it seems that Apple has added far more functionality to BSD, but at a cost of lowered security.

But then again anything that's not locked in a room with no network access is going to be vulnerable to one degree or another.

Don't forget to unplug it, too! :D

Re:A good start to the discussion

[jeiler]

Eek! I've been Vista-ed. :D

Re:A good start to the discussion

[negRo_slim]

OSX has fewer security holes than Windows. How can you say that with any certaintity when you don't have the worlds underground hammering at your door every day for years on years? I believe the mac is simply a less valuable target to those to seek to circumvent your computers security. If the rewards were there, the security problems would be too.

Re:A good start to the discussion

[jeiler]

Anecdotal evidence (and one-off incidents that rely on the browser) do not a successful argument make. One must look at the entire dataset, not simply the data you prefer.

Oh, but you're an AC. Either grow a pair and post with your username, or stop exciting electrons for no purpose.

AC = Electron Tease. :D

Re:A good start to the discussion

[aristotle-dude]

OS X has a solid architecture, but all the evidence indicates that Apple has not taken security seriously as a process issue to the same extent that Microsoft has.

Please. Do you think it wise behavior for IE to load any dll placed on the desktop? IE should not just load any DLL placed in the default path but rather should only load from a well defined directory tree built specifically for add-ons and plugins.

The recent "carpet bomb" issue with Safari on windows brought to centre stage this very issue.

MSFT is is still creating junior level mistakes with their flagship software.

Re:A good start to the discussion

[aristotle-dude]

Bullshit. As I recall, Mac OS X was the first to fall to a remote exploit compared to Windows Vista and Linux.

What about that recent AppleScript root escalation exploit? What about the hundreds of other exploits we've heard about, but the cult of Mac has dismissed and quietly buried?

Over here, we call those carefully crafted "web pages" and "social engineering". There was no remote exploit for OS X in that contests. What was required was a user navigating to a specially crafted web page after having enabled remote login daemons disabled by default and creating basic accounts for the "hackers" to use to exploit the privilege escalation.

Re:A good start to the discussion

[Divebus]

I like the way a couple of vulnerabilities makes OS X just as insecure as Windows. There's a difference between a smart hacker who's found a bug to exploit and the 140,000 or so viruses that regularly devastate Windows, mostly written by 14 year old script kiddies.

I'll also draw a line at exploits where you need to be sitting at the keyboard with the administrator password.

Re:A good start to the discussion

[jeiler]

How can you say that with any certaintity when you don't have the worlds underground hammering at your door every day for years on years?

By comparing the structure and functionality. If we had to wait until a system has been attacked to see how vulnerable it was, we'd all be in REAL trouble.

One basic factor is default user account privileges: Microsoft has all new users default to Admin privileges (a practice that may have stopped with Vista), while Apple (like Linux) has new users default as limited accounts that must be escalated to have Admin. Microsoft's way is more handy (in that even an inexperienced computer owner can set up an account that can do anything), but insecure (because only an inexperienced computer owner would WANT all users to have accounts that can do anything).

There are plenty of vulnerabilities on both sides, but from everything I've seen in 20+ years of working with both Microsoft and Apple products, Apple is in the lead for security. Of course, that may change without notice, if Microsoft tightens up their practices, or Apple adds more vulnerabilities.

Re:A good start to the discussion

[clbyjack81]

unix mob: BIND HIM TO A SERVER RACK WITH CAT-5 AND BURN HIM!

Are fires bad for the ecosystem? Ballmer might not be too happy about that...

Re:A good start to the discussion

[jeiler]

OS X has a solid architecture, but all the evidence indicates that Apple has not taken security seriously as a process issue to the same extent that Microsoft has.

I normally don't respond to ACs, but this comment is dead on target.

Re:A good start to the discussion

[The+Ultimate+Fartkno]

At least you got the joke. The dogma patrol is already after me. Your sig is quite apt today. ;)

Re:A good start to the discussion

[jedidiah]

Bullshit.

If you build it, they will come.

If nothing else they will do it to claim bragging rights.

This notion that small marketshare saves you or large marketshare dooms you is just nonsense spouted by people that haven't been around long enough to have used anything else (besides Windows).

Re:A good start to the discussion

[jeiler]

Heh. Let's hope the metamods catch that one--I thought it was hilarious!

Re:A good start to the discussion

Bingo.

Mac died first in the race to destruction match (oh but it wasn't a Mac core software element), has for-free privilege escalation (I was at an Apple store in California yesterday and rm -rf / a macbook before asking a salesman why safari wouldn't open--he spent ten minutes sweating all over the computer before switching me to a new one), had that drive-by safari fubar, the MOAB shit from a year or two back, and a perverted end-user security culture which tries very had to reduce or dismiss the implications of these events in any and all venues.

I can not and would not claim that MacOS is inferior to Windows with regard to security because I do not know--I do know that MacOS isn't a target like either Windows or production *nix OSs. The point is, I suppose, that the Mac security culture is inferior.

Re:A good start to the discussion

[Darkness404]

I normally don't respond to ACs, but this comment is dead on target.

The thing though is, Apple doesn't have to do anything about them and they will still have a more secure system then MS. The first reason is that unless Apple gives users root access by default, they can't screw up most of Unix. The second part is, Apple has been and always will be the underdog, giving MS the majority of the targets. The third part is, an open source core, so if people complain about security holes, Apple can give them the source and tell them to fix it yourself. Basically, it doesn't matter what Apple does, OS X will always be more secure then Windows in the number of exploited flaws. Because if they aren't exploited, then they don't really matter.

Re:A good start to the discussion

[Mister+Whirly]

"Over here, we call those carefully crafted "web pages" and "social engineering". There was no remote exploit for OS X in that contests. What was required was a user navigating to a specially crafted web page after having enabled remote login daemons disabled by default and creating basic accounts for the "hackers" to use to exploit the privilege escalation."

Which was the same thing they tried on the Vista and Linux systems, but those didn't get compromised. So what was the point again?

Re:A good start to the discussion

The fifth part was that they broke all legacy compatibility and forced everyone to rewrite their applications. ("Classic" was actually humongous setuid root security hole). Not that MS hasn't made some huge mistakes, but the biggest anchor around their necks is the legacy compat issues which their market position demands they keep.

Re:A good start to the discussion

[dr_turgeon]

How can you say that with any certaintity when you don't have the worlds underground hammering at your door every day for years on years? I believe the mac is simply.... You may be partially right, but that line of reasoning is entirely relative to market-share -- which is one variable. If you ignore the other parameters, you have a compelling argument.

To illustrate, consider this text-book style fallacy: Juan claims metal baseball bats are just as likely to break as wood ones. "Because metal baseball bats aren't used as often* they only seem to be stronger. Believe me, if guys used metal enough, you'd be breaking bats all the time. So stick with wood."

You can now be certain metal bats are as weak as wood?

* disclaimer: I know very little about baseball or bats!

Re:A good start to the discussion

MacOS has no user account privilege seperation. See the AppleScript for-free root privilege escalation story two days ago. You can also ask a certain Apple Store in California for confirmation.

Re:A good start to the discussion

[stewbacca]

As I recall, Mac OS X was the first to fall to a remote exploit compared to Windows Vista and Linux. Context my friend, context. It was the first attacked, thus, the first to fall. It's not like there was a race going on, especially since the guy who took it down came with a canned script prepared the night before.

Re:A good start to the discussion

[egomaniac]

So... one particular avenue of attack succeeded on one system and failed on the others, so it must be less secure overall? That's great logic there, buckaroo.

Re:A good start to the discussion

I modded you Flamebait, but since you're obviously a whiner I'll post and nullify the mod. Your parent post was insightful (though redundant, but I didn't ding him for that). Given that most of the visible posts above yours are all essentially saying the same thing, and not saying "OMG APPLEROXORZZZ GET OUT TEH CAT5", makes your post flamebait. Asshat.

Re:A good start to the discussion

[Mister+Whirly]

Whatever you need to tell yourself to sleep at night...
I was commenting because there was in implication that the Mac was subject to conditions that the other systems weren't. I was refuting that, plain and simple. Buckaroo.

Re:A good start to the discussion

[prockcore]

What, intrinsically, makes OSX immune to spyware?

OSX cannot stop you from running software that is inherently evil.

The fact that there isn't spyware on OSX proves that small marketshare is indeed a huge factor in lack of exploits in OSX... because there is absolutely no technical reason for spyware not to work on OSX.

Re:A good start to the discussion

[MobyTurbo]

OSX is intrinsically far more secure than Windows, but all systems have their vulnerabilities. For Mac pros to acknowledge that "far more secure" does not equal "completely secure" is a good step in the right direction. Thanks for the review, jsuda. Yep, it's about time. Really OS X offers a lot of good security features, slightly beyond those standard in a non-security-hardened distro of Linux even. The main problem is getting Apple to patch both their operating system and its third party applications in a reasonable period of time. Apple needs to pay a lot more attention to issues like this, and others, in order to be ready for the enterprise. ("Is Linux ready for the desktop?" is sort of the reverse of what you ask about OS X "Is it ready for the enterprise?" Security is just one failing of Apple in this regard. Theoretically good OS, neglectful company that focuses on consumer hardware. I suspect, that as Apple tries to get the iPhone into the enterprise, they will do the same eventually for Macs; along hopefully with more of a security focus among other things.

Re:A good start to the discussion

The author started with a strawman argument: there is a misconception that the Macintosh computer is immune from security problems. How many people really belief that Macs are immune, 100% resistant to attacks and 100% bug free? Really, I don't know such person, so there is no such misconception. What's there is:

1. a misconception by Windows apologists that Mca OS X has less attacks due to market share.
2. a belief of Mac users that Macs are more secure than Windows and not without a reason either. The authors' finding also support that notion:
   The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows. Given the state of Windows, practically every non-Windows OS is more secure.

This made up misconception is just an argument used to promote the book. Really, if there is such misconception, the opposite actually should be true. The book market should be flooded with books trying to cash in by debunking the security myth.

Re:A good start to the discussion

It took them 5 minutes to compromise the Mac and then they spent the entire rest of the day attempting to compromise the Linux and Windows machines under the same rules. In the end, the Mac was compromised and the others weren't.

Re:A good start to the discussion

I don't need your pity, you humorless douche. *I'm* a whiner? Yeah, that's it. Go ahead, polish up your Slashdot Patrol badge, and mod me down again. I can take it.

Oh, and go fuck your mother.

See? *That's* flamebait.

Re:A good start to the discussion

[Darth]

If i recall the requirements of that contest correctly, contestants were required to use an unknown vulnerability to compromise the machine. All of the windows vulnerabilities that were being exploited in the wild or had been published by security researchers were not allowed to be used. In that case, the frequency of exploits and their discovery by researchers and bad guys alike probably actually worked to make it harder to win against the windows box.

I'm not taking a position one way or the other on the overall quality of security of any of the operating systems involved in the contest; i'm just saying the rules for the contest seem like they make it not terribly useful in determining the overall security of an operating system.

Re:A good start to the discussion

[cmacb]

And remove, and shred the hard drive.

Re:A good start to the discussion

[david.emery]

I bare my registry at you!

I portscan in your full IP subnet range!

Your father was an Atari, and your GUI smells of X Windows!

No go away or I will CERT you a Second Time, you silly Mac Person You!

dave

Re:A good start to the discussion

[SuperKendall]

But that is one bug, probably soon fixed - and doesn't even work if the user is logged in (meaning it doesn't work on most OS X servers).

By default OS X has all the account separation of any other UNIX system, privilege escalation through elevated processes is nothing new at all.

Re:A good start to the discussion

Oops. Modded you redundant by accident. I hearby step out of this thread...

Re:A good start to the discussion

[jcgf]

Given that they are a unix mob, I don't think that they care what Ballmer thinks.

Re:A good start to the discussion

Right now there is no privilege seperation. It works whenever a user is logged in--for free any non-root user is a root-user. This means OSX is not safe for any multiuser environment until patched. It's been like this since it came out. Do you see what I mean? This isn't even an exploit, it's built that way. Offices, schools, and administered Mac computers have no privilege seperation and haven't since day one. All those 'exploits' and 'viruses' that weren't exploits or viruses because a user would have to have already been root are in fact exploits and viruses and have been since day one.

I distinctly recall "exploits" on slashdot which 1) didn't require user intervention to execute with user-level privileges. User level privileges are and have always been root level. Do you see yet?

Re:A good start to the discussion

[Free+the+Cowards]

OSX is intrinsically more secure than Windows There fixed that for you. Was there some event I missed where it was decided that you no longer look like a total asshole when you change someone's quote and reply with "fixed that for you"?

Re:A good start to the discussion

[jeiler]

Dear Sir or Madam:

There is this little invention called "humor"....

Re:A good start to the discussion

[jeiler]

How many people really belief that Macs are immune, 100% resistant to attacks and 100% bug free?

Anecdotal evidence does not make for a good argument, but back when I was working for Apple, I knew a heck of a lot. (Disclaimer: this was back in the days of OS 9.)

a misconception by Windows apologists that Mca OS X has less attacks due to market share.

That's not so much a misconception as it is "taking an argument too far." Yes, Macs have less market share, and yes, there are less attacks. Macs also have less vulnerabilities to attack, and are more difficult to write attack code for (especially if one is attempting to pwn the actual OS, rather than escalate privileges or some other attack).

Re:A good start to the discussion

[jeiler]

The thing though is, Apple doesn't have to do anything about them and they will still have a more secure system then MS.

Not for long. Like Microsoft or hate them, they patch bugs. Sometimes the patch is worse than the bug, admittedly, but they're trying.

Basically, it doesn't matter what Apple does, OS X will always be more secure then Windows in the number of exploited flaws. Because if they aren't exploited, then they don't really matter.

And this is just sheer foolishness. Yes, non-exploited flaws do matter. No, OS X will not necessarily "always be more secure then Windows." Microsoft has proven that they can learn from their mistakes sometimes, and Apple has proven that they can make mistakes--and even completely fuck things up.

And no, fanboi-isms like the ones in your post above really don't make you look cool, no matter what the kool-aid-induced voices keep saying.

Re:A good start to the discussion

This behavior comes from 4chan. I see more and more posts here that look like ones there. That's why.

Re:A good start to the discussion

[jeiler]

Theoretically good OS, neglectful company that focuses on consumer hardware.

Well, that brings up an interesting observation. The argument over whether or not Apple is primarily a hardware company or a software company has been going on for years, and it's not one that's going to be solved on Slashdot. However, Jobs evidently thinks of Apple as primarily a software company--it would seem to me that if this is the case, then maybe the neglect is one reason for the lack of market share.

Re:A good start to the discussion

[geekoid]

You poise a logical fallacy.

"Let us not forget Windows also faces much more exposure due to it's market share. "

I order for that to be a factor worth considering, the OSes must be designed with the same architecture, management, coder skill, etc. . . .

The MAc has not been in a locked room with no network, there are many groups of people trying to find remote flaws all the time, with almost no success. And the success they did had relied on 3rd party hardware and drivers.

While I understand it's not perfect, it is far better then Windows by design, and it is reflected in the many tests groups outside of Apple do every day.

Insightful my ass.

Re:A good start to the discussion

[bad_sheep]

The huge difference between Apple and MS is simply that Apple started from a known basis : Unix. Unix had numbers of flaws from the start but all those flaws where fixed in all flavours of Unix.

On the other side, MS started from scratch and instead of relying on the errors of past, they introduced their DOS legacy (such as . in the $PATH) and added dumb features.

When adding new features, it is not always obvious to point the possible security issues. Max OS X introduced fewer features (I mean, from scratch, they invented less), thus, it is quite logical to have fewer flaws. MS is the victim of the not invented here syndrom.

Re:A good start to the discussion

[grcumb]

OSX has fewer security holes than Windows. How can you say that with any certaintity when you don't have the worlds underground hammering at your door every day for years on years? I believe the mac is simply a less valuable target to those to seek to circumvent your computers security. If the rewards were there, the security problems would be too.

Others have already replied about Apple's intrinsically superior security based on its BSD roots and more sensible user permissions. There's no need to go into that agaiin.

But there's an additional by-product that good design gets you: If people believe that cracking your system is harder, they won't be as inclined to try.

Case in point: All Debian-based SSL encryption was fundamentally broken for over a year, and yet (as far as we know) it didn't occur to sysadmins and developers to actually test the security of their certs etc. More interestingly, it doesn't seem to have occurred to crackers to even probe Debian's SSL implementation for vulnerabilities.

I wrote a quick run-down on this phenomenon (with a few caveats) on my website. In hindsight, it's nothing short of astounding that nobody caught this error. Considering that the payoff for a computer criminal would be potentially huge, I can only attribute the failure to comprehensively exploit the vulnerability to a folk-wisdom phenomenon, which is that if your software is generally considered safer, rightly or wrongly, people will tend to treat it as if it were, and leave it alone.

The converse, of course, is that if your software (e.g. Windows) is generally considered insecure, people will go to great lengths to exploit it. When you look at the cleverness of some of the hacks used to infiltrate a Windows system and compare the level of knowledge and skill required to simply brute-forcing Debian's broken SSL, you'll see what I mean.

Re:A good start to the discussion

User level privileges are _NOT_ root level. It just so happens that ARDAgent.app is a setuid binary owned by root, so that it will run with root privileges when execute by a normal user. That is very, very different.

Re:A good start to the discussion

The ARDAgent.app can be made to do anything however by a normal user--ergo, the normal user can do anything root can do.

Re:A good start to the discussion

[TheNetAvenger]

I'm aware that Window's market share makes them the "low-hanging fruit," but even without considering market share, OSX has fewer security holes than Windows

Really? Compare Vista to OS X... Heck even compare 10.5 to Vista...

When you get back from your research, please post a retraction to your clueless assertion.

Most of the difference seems (to me, YMMV) to be remnants of OSX's background in BSD

Do you even understand what you are trying to state? BSD is not a 'secure' end all OS design. One, I repeat one BSD variant is very secure because of the detail that it is given. When you get outside of this variant/distribution like FreeBSD or OS X the security of BSD from the secure variant has no relevance.

Go look up what BSD is and stop with the insane (Because it uses BSD it is JUST more secure) crap...

People have no freaking clue what BSD is, other than the reputation of ONE BSD variant, and even it has ran into a few holes in the past few years (Google: University Records stolen California) for an example...

Re:A good start to the discussion

[jeiler]

Un-huh. And no doubt the lurkers agree with you via email.

I've done the research. I stand by my statements--phrased perhaps a bit too informally for your taste, but I stand by them nonetheless. Perhaps one day you'll realize that flinging insults does nothing to actually refute an argument.

Re:A good start to the discussion

[TheNetAvenger]

OSX is intrinsically far more secure than Windows, but all systems have their vulnerabilities.

Really? Shall we have a kernel design discussion here, so the fanbois will FINALLY stop with the OS X uses BSD so it is just more secure by design?

This is repeating myth and fanboi crap, and needs to stop at some point.

So how about today? Lay out how OS X is 'intrinsically' more secure than NT.

(When you get back from Wiki, make sure you also read some whitepapers on NT that are far more detailed than Wiki or even find a copy of Inside NT. If you do this, and understand what you are reading, you won't be so quick to say NT is an insecure design, in fact in theory it is one of the most secure OS architecture designs in consumer OS history.)

PS Here are a few clues for you to check out if you want to really debate this:
1) Read about the reasonings behind the NT design model and why UNIX file/device I/O was thrown out due to its restrictions and inherent insecurity.
2) Check out how NT's security model was designed and works, especially the parts about its object/token based design.
3) Next read up on the granlarity of the token based security system in NT, and how even kernel level processes must obtain permissions each time they process/run. See how this contrasts with most UNIX variants, specifically Linux, BSD, OS X, etc...

---

Truly this 'inherent' insecure myth of Windows really needs to die. Bitch about Win9X all you want(as it had no security in the OS at all), or even heck bitch about Win32 and Microsoft not 'enforcing' NT security in the XP Win32 subsystem all you want. Then remind yourself these are 2002/2003 at best arguments, and in 2008 are borderline insane rants carried over for far too many years.

Re:A good start to the discussion

[jeiler]

Really? Shall we have a kernel design discussion here, so the fanbois will FINALLY stop with the OS X uses BSD so it is just more secure by design?

So why don't you read what I actually WROTE, instead of chiding me for arguments I'm not making?

I've placed a few examples in the thread. Follow them up for yourself.

Re:A good start to the discussion

[TheNetAvenger]

I've done the research.

So you really think that because it uses a BSD like kernel interface API, it is just more secure then?

How about if I throw you this little fact:
Windows XP and Vista have a full BSD subsystem (SUA), does this automatically make Vista and XP even 'more more more more' secure by design? (Or at least software running in the Vista/XP BSD subsystem 'super duper' secure?)

Here is the answer to the trick:
What you are saying just re-establishes that you have no idea even what BSD is, and your 'assessment' of OS X and security based on your understanding of its BSD underpinnings don't even make sense, let alone establish any foundation to your argument.

---

And did you Google the security holes in Vista vs OS X yet? Truly go even with OS X 10.5 which is almost a year newer than Vista even. Hint: Not only has 10.5 OS X had more security holes/problems but it also has had several that are far more severe...

I won't do your research for you, but just in case you think I'm trolling here is something from 2007 to wet your whistle:
http://software.silicon.com/os/0,39024651,39169503,00.htm
"While Mac OS X had 234 highly critical vulnerabilities reported in 2007, Vista and XP combined had 23, Ou wrote"

(Just guess what happens to even the staggering 10 to 1 ratio when you take XP out of the equation?)

Happy researching...

Re:A good start to the discussion

[TheNetAvenger]

So why don't you read what I actually WROTE, instead of chiding me for arguments I'm not making?

So you didn't write something silly like: OSX is intrinsically far more secure than Windows ?

This is what I brought contention with and asked for you to explore further if you really believed this...

(I won't bag on you if you want to leave it here. So far you seem to be a bit more honest and respectful than I anticipated, even though you caught my attention by perpetuating some standard SlashDot accepted statements that just don't reflect reality or a real understanding of OS architecture, but are usually classified as ok here because they are anti-MS based.)

Take Care...

Re:A good start to the discussion

[jeiler]

So you really think that because it uses a BSD like kernel interface API, it is just more secure then?

No. OS X is more secure because it keeps proper privilege separation, adheres more closer to certain industry standards and "best practices," and uses sandboxing for suspect apps (among other things). The actual parentage of the kernel has nothing to do with the security, nor did I claim it did--though the proper priviledge separation and sandboxing came to Apple from the BSD community.

Now, once again, if you wish to actually respond to something I wrote rather than to what your prejudices choose to project upon me, you might want to start with my posting history. You'll see i'm not a fanboi of any particular operating system: all of them that I have used have had features I liked, and features I disliked. I am only a "fanboi" of whatever tool it takes to get the job done, and if that tool comes from Richmond, Cupertino, or Helsinki makes not one bit of difference to me.

Re:A good start to the discussion

[KDR_11k]

However it's also wrong to assume that metal automatically means it's more durable, if it was built shoddily it might very well break before a good wooden bat would. It's likely that the metal bat is more durable than the wooden bat but it is not guaranteed.

Re:A good start to the discussion

[KDR_11k]

If you think of Halon as an obstacle to getting rid of unwanted people you haven't read enough BOfH.

Re:A good start to the discussion

[IamTheRealMike]

Others have already replied about Apple's intrinsically superior security based on its BSD roots and more sensible user permissions. There's no need to go into that agaiin.

No, UNIX style security cannot ever work on the desktop. It's a system that is doomed to fail by design because it has insufficient layering and a confusing setup for the end user. Do I really need to point you at the usability studies done on user-based DAC security? Or will you take it on my word that the vast majority of users will type in their root password whenever they are asked to?

There are much more robust designs for desktop security systems around. Read the security paper for Singularity (a Microsoft OS, in fact) - that's how it should be done. BitFrost is another interesting design.

One thing we do know, though, is that the UNIX design doesn't work. How long has MacOS X had this 1-line ARD privilege escalation vulnerability in it? You realise that one vulnerability like that wipes out the entire security system permenantly, until you reinstall it, because you never know if a program you ran used it to rootkit your kernel?

it doesn't seem to have occurred to crackers to even probe Debian's SSL implementation for vulnerabilities.

How do you know? The nature of such vulnerabilities is that they're worth a lot of money, and are traded on the black market. The details of the vulnerabilities are kept closely guarded because when they are known publically, the exploit becomes much less commercially valuable. That's why there was such an uproar about it - people could have been silently getting owned for months or even over a year ... and they'd never have known.

Re:A good start to the discussion

[jonbryce]

Apache has much more market share than IIS.

IIS's security track record is much better than it used to be, but it still accounts for a more security problems than Apache.

Re:A good start to the discussion

[LO0G]

I'm not aware of any flaws in recent memory (except for the ARDAgent flaw mentioned above, which IS a fundamental flaw in all *nix based operating systems) that attacked the basic security infrastructure in the OS. The vast majority of the security fixes I've seen have been related to coding defects

So lets look at the idea that security vulnerabilities are related to OS popularity... What happens if how about you compare the reported vulns in OSX with the reported vulns in Linux? Admittedly reported vulnerabilities are a relatively weak metric, but given that OSX and Linux share security models and a great deal of code, it's likely that pretty close to an apples-to-apples model.

Let's go to Jeff Jones blog (he works for MSFT but he's been reporting his research on vuln counts for a couple of years) and see what we find.

Here's a recent example. In Q1 2008, Red Hat had 13 "High" severity vulns that they patched (he only counts announced vuln fixes, silent patches aren't counted). Ubuntu had 17 "High" vulns that they patched, which is a comparable number.

OSX Leopard patched 28 "High" vulnerabilities in the same time period. OSX Tiger patched 25 "High" vulnerabilities in the first quarter of this year.

Given that OSX is more popular than Linux, it appears that there is a good corrolation between the popularity of the OS and the number of fixed vulnerabilities in the OS.

On the other hand, what happens if you include Windows XP and Vista to the mix?

Hmm... Vista has had 9 "High" severity vulnerabilities patched in the first quarter. And Windows XP? 11.

This discrepancy means one of three things:
        1) The premise that OS popularity is related to the number of reported vulnerabilities is false or
        2) Windows is inherently more secure than OSX or Linux or
        3) The premise is true and the low reported vuln count in Windows is because Windows popularity has forced Microsoft developers to learn how to secure their operating system against the hackers but the folks who write software for OSX and Linux haven't yet.

Personally I suspect it's #3.

Re:A good start to the discussion

[peawee03]

So... one particular avenue of attack succeeded on one system and failed on the others, so it must be less secure overall? That's great logic there, buckaroo.

-- ZFS: because love is never having to say fsck

ZFS: Because you're fscked when you actually do need to fsck.

Re:A good start to the discussion

[Crazyswedishguy]

apples-to-apples No pun intended? :P

Re:A good start to the discussion

The fact that there isn't spyware on OSX proves that small marketshare is indeed a huge factor in lack of exploits in OSX... because there is absolutely no technical reason for spyware not to work on OSX.

While your conclusion may be correct, your argument isn't logically sound. The fact that there isn't spyware on OSX may be a sufficient cause to think that marketshare makes a difference, but it is not a necessary cause. Other reasons can describe the same outcome, so the absence of spyware does not "prove" anything in this regard.

Re:A good start to the discussion

[MobyTurbo]

Theoretically good OS, neglectful company that focuses on consumer hardware.

Well, that brings up an interesting observation. The argument over whether or not Apple is primarily a hardware company or a software company has been going on for years, and it's not one that's going to be solved on Slashdot. However, Jobs evidently thinks of Apple as primarily a software company--it would seem to me that if this is the case, then maybe the neglect is one reason for the lack of market share.

Microsoft has historically been just as bad at security, if not worse, and they don't lack in market share. I wouldn't blame Apple's market share on a sudden cluefullness of upper management when it comes to security and reliability, unless their cluefullness is selective. Maybe you're right and Jobs views Apple as a software company (I suspect the "OS X in your phone and computer" is a marketing gimmick) however, if he does, he perhaps doesn't view it as a business software company; and definitely not as a server software company.

Re:A good start to the discussion

"the cult of Mac has dismissed and quietly buried"

Point proven. You Mac morons will say anything to elevate the image of Mac OS even if it's untrue. Mac OS had a security hole, one that Vista and Linux didn't have, so how is Mac OS "intrinsically far more secure" again?

Oh and registering a random account on a random web forum using some random free email provider is hardly less anonymous than posting as AC. I have been reading Slashdot for over 10 years, I just don't see the point having an account here.

Re:A good start to the discussion

[stewbacca]

In the end, the guy who hacked the Mac had a pre-written script that was known to work before the competition started. It doesn't really matter if the others weren't hacked or not, because he never bothered trying. So what if others failed to hack the Win box...they also failed to hack the Mac. The point is not that any one system is better than the other, only that the contest is hardly a legitimate reference source in determining which system is most secure.

Re:A good start to the discussion

So what you are saying is he was the only person there who was capable of hacking any of the machines and chose not to hack the others and give up $20,000?

And who cares if it was a pre-written exploit? Everyone was using pre-written stuff for all of the machines. One of the other guys spent all day trying to hack the Vista box, even going back to his home for something he thought might help him. It didn't.

The bottom line, the Mac got hacked and the others didn't. It didn't even require any unusual action by the computer operator. He visited a web site and BAM, owned.

no mac viruses

In spite of all this theory, nobody has been able to write a succesful mac os X virus or even spyware.

Re:no mac viruses

[Gewalt]

Thats not true at all.

Re:no mac viruses

[dark+whole]

or, no one has BOTHERED to. wait until market share tops 15-20 %

Re:no mac viruses

[joeytmann]

Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share. Hackers for hire use the ideal of "most bang for the buck" style so....windows it is. Turn the tides on market share and I bet you'd see a ton more viruses for OSX than you do now and it probably would be the Windows users saying....looks at all those viruses for OSX...their security sucks.

Re:no mac viruses

I recall there being a few viruses not long ago. They were posted here on slashdot.
Yes, I am an anonymous coward :(

Steve J.

Re:no mac viruses

[corsec67]

For "bang for the buck", would attacking servers be more useful, since they tend to have much better internet connections?

Re:no mac viruses

[joeytmann]

Good question. But since servers tend to be protected a bit more than your average home users computer its a bit easier to get 100K of those than 1000 servers. But on very rare occasions a hacker figures out how to have his cake and eat it too.....

Re:no mac viruses

[CODiNE]

Link please? I only ask because often the Mac viruses that people point to turn out to be trojans, such as the Leap-A "worm" that requires a user to open a file that downloaded as a tgz, unzip it, then run the executable inside.

Re:no mac viruses

Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share. I'd rather write viruses to hack the growing crowd of wealthier Mac users than all the unwashed Wal-Mart shopping, Oprah watching windows luzers.

Re:no mac viruses

If someone could write a worm or a virus for th mac, they would have done so. MacOS is 100% immune to viruses, worms, remote exploits, and drive by website infections that the Linux and Windows users have to deal with daily.

Re:no mac viruses

[cmacb]

Moderators: I think the above was meant to be funny. At least I found it so.

Coincidentally I had only just heard about a new trend of sending people e-mail messages with subjects such as "cmacb you sure are ugly in this photo" and with an executable as an attachment.

I rarely look in my spam folder because Gmail does such a good job that there are almost never any false positives, but I looked and there were several such messages as described. But they clearly showed up as executables of the form "whatever.exe" and I can't imaging, even as a former Windows user that I would ever click on such a thing. Do modern version of Windows still just haul off and run such an attachment? Or do you still have to bog down your system with protective software to keep you from being a retard?

Seriously, why aren't people at Microsoft in jail over this sort of nonsense? Maybe when the octogenarians in Congress finally get replaced there will be some retroactive law-making and retro-active punishments dished out as was the case with the tobacco companies (Constitution be damned). I can only hope so. (Well, no, I don't hope we damn the Constitution, but since we are routinely doing that anyway, might as well get some good out of it.)

Re:no mac viruses

[edschurr]

The proof-of-concept MachoMan by roy g biv. Google: machoman "roy g biv". It may be the only one.

Re:no mac viruses

APPLE ROOT ESCALATION PRIVELEGE ON MacOS X, dated 06/18/2008:

http://it.slashdot.org/article.pl?sid=08/06/18/1919224

----

There's your link!

----

And, as to "Windows being insecure", which is the "big F.U.D." that "Pro-*NIX" folks @ /. (this site) like to spread around (total b.s.)?

NEWFLASH - ALL OS' are, outta the box/oem stock, pretty damned insecure!

That is, until you security harden then, thus (examples from Linux &/or Windows on that page below):

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun to do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=3546c7ae707f5ab5a641ae7cf14b9d41&showtopic=2662

----

AND, it works (PLUS, the CIS Tool is MULTIPLATFORM (e.g.-> Sun Solaris, BSD variants (sorry, no MacOS X one yet), Linux variants, & Windows NT-based OS variants too)!

APK

P.S.=> Everyone likes to say "HOW SECURE LINUX IS" vs. Windows, yet they BOTH nail around 46.xxx/100 scores on CIS Tool outta the box, simply illustrating they have a LOT of room for improvement, by end users, in terms of 'security-hardening', period... apk

Come on now

[Flaystus]

Can we get a dug tag added to this? I mean who really thinks OSX has perfect security?

Re:Come on now

[techwizrd]

who really thinks OSX has perfect security? Apple fanbois? My either use Linux or Macintosh. When I talk to my Macintosh friends about Operating Systems, they sit there and talk for hours about how much more secure it is than {any other Operating System}. When I talk to my Linux friends about computers, we talk about security problems and how to fix them, rather than marvel at the seeming invincibility. I may be wrong, but much of OSX's security is upstream. Apple fanbois tend to take everything for granted...

Re:Come on now

[Flaystus]

Well maybe you are just around stupid Macintosh using friends. Anyone who know crap about computers should know better. I don't personally know a single mac user who would say such a thing and when I did get that from customers (when I used to do mac support) I would correct them.

Re:Come on now

[NMerriam]

When I talk to my Linux friends about computers, we talk about security problems and how to fix them

The it sounds like you aren't comparing Apple users with Linux users, you're comparing computer users to computer programmers. Anyone with the ability to fix a security problem of course isn't going to take security for granted, the same way an OB/GYN doesn't take successful delivery of a baby for granted. But most users of any OS simply take it for granted that their system will function the way it is supposed to.

I don't know many Linux programmers who worry about prepress technology, but I talk about prepress all the time with Apple users -- does that mean Linux programmers never print anything? Does it mean Linux doesn't support printing at all?

Re:OMG WTF

[bb5ch39t]

Mac OSX is not based on Linux. It is based on Darwin, which is a *BSD derivative. I don't know which particular *BSD.

Fanboi! SIC!

[Jeremiah+Cornelius]

Take 'em all down, Fanboi! Good dog!

Re:Fanboi! SIC!

[negRo_slim]

Yup, funny that... Enjoying a product that 'just works' (for me at least, I've seen plenty of horrible configs), supports all the latest hardware and has tons of software. Especially the kick-ass fighting games with action missiles!

But I digress I'm sure the windows larger market share plays absolutely no part in it's struggle with securing the platform. I'm sure having more mass appeal ensures only the best and brightest will use your OS, right? right?

Re:Fanboi! SIC!

[jellomizer]

I'm sure the windows larger market share plays absolutely no part in it's struggle with securing the platform.

I wouldn't say that. A lot of the time Mac Volnerabilities come out in these "Hacking Contests" Either a Buffer Overflow in Quicktime or what not. However they only come up when people are seriously trying to break in... Most Hackers who do it "Professionally" or "Habitually" will just work on windows systems. As if you find a problem you have the most impact with windows. vs. Macs or Linux. While Macs my be more secure then Windows by design however if Macs were the dominate platform I am sure you will see viruses and hacks far more common then there is now and if winodows only had 5% of the market there wouldn't be that many hacks. Get yourself a Prime Mainframe set it up with TCP/IP and put it unprotected on the internet and see how long will it take to get hacked into. Probably a long time. The OS isn't that secure. It is security is if you know the password or not. So even if a password cracker ran once it got in it wouldn't know what to do.

Re:OMG WTF

Mac OSX is not based on Linux. It is based on Darwin, which is a *BSD derivative. I don't know which particular *BSD. It's Mach microkernel with a lot of code from the FreeBSD project.

Re:OMG WTF

[99BottlesOfBeerInMyF]

FreeBSD is their reference platform for compatibility. They all share a lot of code in common.

The reason is UNIX, not Mac

[SuperKendall]

That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac.

I would think the reason is more that almost any book on UNIX security gets you 99% of what you need to know, and there are online sources to cover the rest.

Not that a book is not a good thing to see, but to my mind among admins or more serious users of OS X, the misconception that OS X is totally secure is in itself a misconception. OS X know systems will have vulnerabilities, but we also know there have been basically no attacks in the wild and that by default many things which might leave un-noticed holes (like web servers) are off by default - and that helps a lot, for the eventuality of real attacks coming someday.

To my mind, another aspect stopping attacks is actually the switch to Intel. That reset the counter for when we might see OS X attacks since buffer overflow stuff can't rely on which architecture it might hit. That and a more friendly update model (than Windows) that people actually apply when updates come.

Look at how they are attacked.

[khasim]

But what's made, and perpetuated, the notion that Macs are immune to viruses and other attacks is that there just aren't very many of them out there.

No. With the Internet, attacks can be automated.

Put an unpatched WinXP on the Internet and watch how quickly it is cracked by an automated process randomly scanning IP blocks.

Even with Mac's quickly growing market share, it's still far more lucrative to target mass market windows machines.

So you'd turn down $5 million for a chance at a portion of $90 million?

No. If they were easy to crack, they would be cracked. Automatically. By a zombie scanning IP blocks.

Can we say "OSX is intrinsically more secure?" Maybe, certainly a lot of its default configuration tend to be more secure than Windows' defaults.

The real issue is that Macs are very secure ON THEIR OWN. Not in relation to anything else.

Today, most boxes are cracked via worms, browser exploits and email attachments.

Removing entire avenues of attack is possible with a Mac. Remove an avenue of attack and you've increased your security.

Then, as long as the DIS-INFECTION rate is HIGHER than the INFECTION rate, those systems will be "secure". At least, they will not be cracked by worms, browser exploits or email attachments.

Re:Look at how they are attacked.

[neil-ngc]

Gah.

No. If they were easy to crack, they would be cracked. Automatically. By a zombie scanning IP blocks.

A zombie can scan IPs for known security holes, but the programmer still has to design a virus, worm, etc. specifically for the Mac that will exploit that hole. The viruses that attack windows won't work on Mac...you have experiment and find different avenues of attack...identify the security hole to exploit. I maintain that few security holes have been identified because fewer people are looking for them, not because there are fewer of them.

The real issue is that Macs are very secure ON THEIR OWN. Not in relation to anything else.

Remind me again what makes the Mac very secure in an absolute sense? How do you measure it. Because the some of the well known vulnerabilities in other systems don't exist in the Mac?

Today, most boxes are cracked via worms, browser exploits and email attachments.

Are you saying the Mac doesn't receive email attachments, has a 100% secure browser, and isn't suseptible to worms?

Removing entire avenues of attack is possible with a Mac. Remove an avenue of attack and you've increased your security.

Removing avenues increases security, but it doesn't mean that a completely different system doesn't have different avenues of attack that don't exist in the competition. If you have an existing product, and close up one avenue of attack, odds are good that it hasn't opened up a new one, and the newer version will be more secure. When you build a different product, you can look at the mistakes made elsewhere and correct for them, but it's a pretty good bet that you've had the oversight or mistake elsewhere in your own design.

And it still seems like you're implying that the people at Apple have somehow come up with a brilliant way of stopping all attacks by worms, email attachements and browser exploits.

All I'm saying is that Mac's current security is due to market share, not intrinsic to design. Look, I'm a Mac user, too, but don't blind yourself or fool yourself into thinking that somehow those folks at Apple are geniuses who've made the perfect impenetrable system, while the dunces in Redmond couldn't figure out how to lock a door.

Re:Look at how they are attacked.

[Sparks23]

Well...

Mac OS X has some advantages in security. But I can't really say those advantages are due to Apple being somehow inherently 'better' coders than Microsoft or having made some kind of perfect system.

In my opinion, Mac OS X is less vulnerable than Windows in many areas is due to Apple being willing to go 'okay, this particular technology is dead, move along.' Microsoft relies on backwards compatibility for large market share; break backwards compatibility, and people do not upgrade. (Case in point: Vista.)

Apple has a smaller market share (and speaking as a Mac user and developer, we tend to sort of go, 'yes please, whatever you say' when they want to change things). We might bitch about it periodically (whither thou, 64-bit Carbon?), but this gives them the freedom to throw out legacy code and simplifies the code maintenance.

Or, in short: Apple's coders are not inherently better, but they end up with less old cruft to support and try to be aware of.

As a case in point, I'll note that the worst offender in terms of security on Mac OS X has, historically, been Quicktime. Quicktime is perhaps the oldest, most legacy-laden bit of crud in Apple's library. (The Quicktime APIs are darn near prehistoric, especially compared to things like CoreImage et al.) One would assume this means that Quicktime, more than almost anything else, has chunks of code that predate most of the programmers working on it, and which no one remembers or thinks about.

And in my experience, that's often where those kind of bugs come from... you change something, add a new bit of code that passing something into a function somewhere, completely unaware that four levels deeper there's some function which assumes the buffer is only 4k long. The old programmers knew there was an implicit limit down in this ancient routine, but no one now knows of that limit, and so -- unaware of this lurking nightmare 5 levels deeper in the stack -- they pass in a 6k buffer. Boom, security issue.

Windows has this problem in almost every corner of the OS. Worse, they cannot readily get around it... you can't just rewrite things from scratch, or you break legacy support! But as a result, there often are quite a few lurking behaviors that newer coders aren't aware of somewhere deeper in the system, things that never got documented, and which will eventually reach out to bite them.

Sure, there's situations which are just plain dumb (the carpet-bombing attack, for instance, is inexcusable behavior on IE's part), but most of those seem to be the minority.

So, yeah, Mac OS X has some advantage, as they have less legacy stuff to deal with. But even with that sort of advantage, no operating system -- not even Linux! -- is completely free of all flaws. We as users need to accept as a given that almost nothing is completely secure (at least, not and still be usable). This is especially true when many viruses and trojans rely on social engineering.

Even if Mac OS X prompts the user before allowing a program to elevate privileges, does that matter if users just click without looking? After all, lots of programs prompt for such things in order to install some shared framework they use at the installation or first-run stage. I know a lot of Mac users who just click on that warning blindly. And the warning doesn't matter if the user doesn't really pay attention.

So, yeah. Mac OS X may have less tangled, jungle-like legacy code for scary security holes to lurk in, but that does not mean it is invulnerable. Certainly not immune even to automated bugs, and especially not immune from social engineering.

Because the biggest security hole -- on ANY operating system -- is often user behavior.

There's my $0.02, anyway. :)

Re:Look at how they are attacked.

If they were easy to crack, they would be cracked.

http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-picture Day 2 like 2 minutes into the day. That seems to qualify as pretty easy to crack to me. Note the Vista notebook was still standing at the end of the day though it did fall the next day via an adobe exploit.

Now trust me I am not a windows fan (I'll stick with Ubuntu) and I can appreciate what you are saying in that Macs haven't been exploited as much but I don't think blind fanboyism does anyone any good. A certain group of people need to turn down the reality distortion field for a second and start realizing the truth of things. Is Vista the end all of security? Definitely not but it is a step in the right direction. For example running IE as a limited user is a very good idea. Firefox and Safari should both follow suit.
Is the Mac this great bastion of security that everyone seems to think it is, definitely not. If I were to pick the single greatest security asset that Apple does have though I would say it is their users. I would say the average Apple user is probably more tech savvy then the average PC user. When its all said and done its the user that determines the security and it always will be. There is no amount of annoying pop up boxes or security measures that Microsoft or anyone else can implement that will keep people from clicking on and running anything that blinks, flashes, or pops up.

Re:Look at how they are attacked.

[v1]

Even if Mac OS X prompts the user before allowing a program to elevate privileges, does that matter if users just click without looking? After all, lots of programs prompt for such things in order to install some shared framework they use at the installation or first-run stage

I think in this area apple has an advantage that often goes overlooked. The number of warnings and popups a windows system presents the user with is a magnitude greater than what an OS X user sees. My god, plug in a flash drive. Can you escape with fewer than three popups? There's a reason windows users have the "click the button in the new window that just opened without reading it" mentality. Windows has gone from just letting programs do as they please, to popping up dialogs every 25 seconds. This is not an improvement, it just conditions the user to ignore the message and click the button to get on with it.

So although the windows and the mac user base will both have a degree of "make the interrupting box go away" mentality, a lot more os x users stop and read the box when it pops up, because they're not used to being harassed constantly by it and have an actual interest in seeing what it's about.

My other unrelated point is developer assumptions. I have, to date, ran into three pieces of OS X software that REQUIRE you to be logged in as an admin to either install, or to run, their software. In all other cases, they will either install or run if you provide an administrator's login and password.

And the grand majority of software for OS X does not require installation to run, you can drag it to your desktop and kick it off. Again the and also the grand majority of software for OS X, particularly that which your "average user" would want to use, does not require any authentication to run because it can function from within a basic user's privileges.

Compare that with windows. It's very hard to find a single app that will run without installing, and neigh impossible to find an app that a non admin can install. Once installed, about 8% of the programs won't run at all or won't run properly if you are not an admin user. Numerous programs will only run if you are the specific (admin) user that installed them.

Some of this is windows' fault, and some of it is programmers' fault. The programmers have come to expect all users to be admins because that's been the default. And it's easier that way, there's so much less you have to deal with if you can assume the user is an admin. So they take the short way and simply demand you be an admin to install it.

This perpetuates the problem, because now everyone wants to be an admin because they can't install software or run some software etc without logging out and back in as the admin, so for pure convenience they use an admin account.

There is a third point this just reminded me of. Assumed administrator rights. There is a group "admin" on OS X, that DOES give you write permission to certain folders that an unprivileged user does not have. But the scope is very small. On windows, merely logging in as an admin gives you a whole basket full of extra powers. This is probably why the programmers want the users to simply be admins, because it makes their jobs (particularly on installing) soooo much simpler. Instead of dealing with a dozen different permissions, you can either say are you an admin or not and be done with it. If you are, go do whatever you like. Otherwise, take a hike.

This again perpetuates windows wanting to default to admin, users wanting to default to admin, and developers wanting to default to admin. That throws a pretty daunting wrench into the works when trying to secure a system by default.

Re:Look at how they are attacked.

Honestly, if you look at the history of OS X, it's really not their routine abandonment of old code that got them where they are security-wise, but their almost wholesale abandonment of OS 9's codebase for OS X's. They did what Microsoft has been unwilling to do for one reason or another.

Oh, and anyone who enters their password into a dialogue box that pops up on their screen without at least doing a quick mental "hey, what's this from?" really shouldn't be allowed to put anything they don't want to have stolen on a computer.

Maybe we can train them like dogs. Periodically pop up a dialogue at a random time for no particular reason and upon entering a password a little person is prompted to leap from the closet and flip kick them?

Alessandro

Re:Look at how they are attacked.

[NitroWolf]

So although the windows and the mac user base will both have a degree of "make the interrupting box go away" mentality, a lot more os x users stop and read the box when it pops up, because they're not used to being harassed constantly by it and have an actual interest in seeing what it's about.

I have found this to be completely false. In fact, I was rather surprised at the amount of pop-up permission elevation boxes that have popped up after installing and using Leopard for the first time.

I have recently (within the last 3 weeks) started using OSX. To give it a fair shot, I have replaced my primary machine with a Mac running Leopard and use it on a daily basis. So far, it's been just as annoying as Vista with the amount of popups required. Dinging Vista for the UAC box while Leopard simultaneously has at least 85% as many pop-up's as Vista does is ludicrous and hypocritical.

My other unrelated point is developer assumptions. I have, to date, ran into three pieces of OS X software that REQUIRE you to be logged in as an admin to either install, or to run, their software. In all other cases, they will either install or run if you provide an administrator's login and password.

If this statement is true, it's pretty clear you are an average "I want to browse the web and look at my email" type of user, and not a user that actually does real computing with your Mac. This isn't surprising, because it's becoming more and more clear that the Mac is designed for just that kind of user. When you start trying to use the OS for real computing, it gets just as annoying as Windows in many, many areas... but has the drawback of legacy design methodologies that simply don't work in modern computing. (A perfect example of this is the menu bar being stuck on the primary monitor, regardless of which monitor the application is running in. When you have two (or three) 24 or 28" monitors attached to a system and your primary monitor is the far right monitor and the window is on the far left monitor, it makes working with that application almost impossible unless you know the hotkeys). This methodology is antique and hostile towards multi-display environments. If you look at the history of MacOS, you can immediately understand where it's coming from and why it's there... but if you look at it in the context of modern computers and modern computing, it's clear that the functionality is absolutely broke and hostile to the user. This is just one example.)

The rest of your comment(s) are fairly accurate. I am no windows Fanboi nor am I even apologetic to it. But after using OSX for almost three weeks now, going into it wanting to like Leopard, I am finding the limitations and design "features" of Leopard to be lacking and/or just as annoying as Windows in many cases - it's just annoying in a different way. From all the hype I had heard, I expected a LOT more from OSX, but what I'm getting is just a brand of "same old, same old... except you do it THIS way instead of THAT way." From a usability standpoint, OSX is no more or less usable than Windows except for the fact that hardware and software generally work and are compatible with Windows, whereas a lot of hardware is not compatible with OSX.

I am going to continue to use OSX for at least 6 months as my primary machine, possibly longer if I don't feel that I've fully explored it after that amount of time. But right now, 3 weeks into it, I don't see any compelling reason to choose a Mac over Windows from a usability standpoint unless all you do is email and web browsing. However, that said, my next big foray is going to be into the video editing realm, where I expect the Mac to excel, so my attitude towards is may shift dramatically. However, I was and am pleased with Adobe Premier Pro for Windows - we'll see if Final Cut 2 or Adobe Premier for Mac is any better. If it's not significantly better, then one of the major "advantages" of the Mac will also be shown to be a lot of PR and fluff with little substance, which is what I've found so far.

Re:Look at how they are attacked.

[v1]

I am going to continue to use OSX for at least 6 months as my primary machine, possibly longer if I don't feel that I've fully explored it after that amount of time. But right now, 3 weeks into it, I don't see any compelling reason to choose a Mac over Windows from a usability standpoint unless all you do is email and web browsing.

The general rule of thumb I try to hand out to people is, "you're going to hate it. For the first three weeks everything is going to drive you crazy, you won't know how to do things you had all figured out, and things won't be where you expect them to be". At about the 3 month point you will have figured out most of the adjustments you have to make to do your usual things. At this point the usability of the systems appears roughly equal for most users. (this is the point where my phone stops ringing several times a day)

During the next three months you will begin to learn the additional shortcuts and features that make the mac easier to use. At the end of that time period you'll regard the systems as roughly equal, or that the mac may have a slight advantage.

Then the fun part. Step back onto a pc for a few days, or try to use someone else's PC to get something done. It then becomes clear what the differences really are, all the things that you now again have to worry about, the inconveniences you have to deal with, what you can't do on the PC that you were pleased to find on the mac, etc.

I realize this isn't a guaranteed experience, but for the novice to approaching intermediate computer user, I see this pretty much verbatim. For intermediate to experienced users, mileage varies. In some of those cases I believe the user has already matched up with the correct platform for what it is they do. Any clown that says "mac is better!" or "windows is better!" should be ignored. It depends on the user, and what the user needs to do.

So it's my opinion that novice users approach 85% best suited to macs. As the user's level increases, it moves closer to 50/50. I've seen a number of advanced users try mac and like it, and a nearly equal number try it and go back. I have yet to see a single novice switch back to windows. I have seen several mac novices try a pc, and none of them have been happy with the change. (though not all have returned to mac despite this)

I suppose you could summarize that by saying that macs are better in general for people that don't have specific needs. (getting back to the tired catchphrase "it just works") Users that have specific needs, need a specific computer, based on their needs. I gave up long ago trying to second-guess people as to what their computer needs are. Even people I thought I knew well surprised me when I asked probing questions about their computer use, their likes and dislikes, etc. Things that bother you will be of no consequence to someone else. Things you consider totally trivial will be their pet peeve. Anyone that answers "what computer should I get?" without asking at least 1/2 dozen questions before answering is selling you on the computer they think is best for them.

Re:Look at how they are attacked.

[NitroWolf]

Thanks for the well thought out response. I am determined to give Leopard a fair shake and give it at least 6 months of daily usage before I declare it fit or unfit for my style of computing. I know it can take a long time to get use to a different way of doing things.

However, I'm glad you brought up the "It just works" catch phrase and it's something I sort of hinted at, but meant to be more explicit about.

So far, the "It just works" mentality is absolutely, completely, 100% bogus. It's a steaming pile of bullshit. I have had more trouble with the Mac in terms of software and hardware failing to run than I have with Windows XP (I don't use Vista on a regular basis, so I won't compare it to that. After using Vista for awhile, I went back to XP, since Vista offered me nothing advantageous over XP.)

Just some examples of "It just doesn't work" with the Mac:

Samba - 100% broken in OSX when trying to share out files to a Windows box with User level security. You can access public stuff, but whoa unto you if you try to access private data with a username and password. It's acknowledged as broken, it "Just doesn't work."

ITunes - You can't sort a playlist arbitrarily. You have to sort it by a field. I can't click and drag songs into specific a specific order - "It just doesn't work."

Printer - Can't use my Epson CX3810 with the Mac. I realize Epson doesn't provide the driver and there's a third party driver, but it doesn't seem to work quite right, especially if it's over the network (where it doesn't work at all) - So while the ultimate fault lies with Epson, it still "Just doesn't work."

Safari - No effective, free adblock software that I can find. Switching to Firefox obviously solves this, but for the Mac and their homebrew application, it "Just doesn't work."

iDVD - This is by far the best example of things not working. I can't even figure out what this program is for, since it doesn't appear to do anything useful. I tried to make a simple DVD with it. I dragged my video files into the tree, it showed them there. Clicking preview gave me a black screen with the stock theme audio playing, but no menu. So I tried to burn the disc... the little burn iris opened up, it beeped once and then shut again. There was no error message, nothing at all to indicate why it didn't/wouldn't/couldn't burn the disc. There's no information on why I can't preview the video, etc... The program "Just doesn't work." It's crazy that there's not even an error dialog that pops up when something isn't done correctly.

I actually have been keeping a list of the things I think "Just don't work." in OSX and things that I find exceedingly annoying. There are many examples of common things that "Just don't work" in OSX, but work just fine on Windows... whereas I have yet to find anything that Just Doesn't Work on Windows, but yet works on the Mac. This is probably because Windows is catered to more than the Mac, so that's not necessarily a fair comparison, but none the less it's reality.

My Leopard install has locked up a couple times requiring a hard reboot... I wasn't doing anything strange or unusual, just installing some software or something... I don't recall what. I've had similar things happen in Windows on occasion on other machines... but again, the Mac is suppose to be more robust than that... but it's just as robust as a Windows install. I have yet to hard lock any of my Linux machines, necessitating a hard reboot. However, I admittedly don't put as much of a GUI demand on my Linux machines as I do on my Windows and Mac machines, so it's entirely possible I'd run into the same problems on Linux if I were to use it as a daily workhorse.

Anyway, my point is, everything that's been said about the Mac in terms of stability, compatibility, etc... has been complete hype. There's nothing to back it up from my empirical evidence. While I understand my single datapoint may not be representative, I don't think I've asked the machine or software to do too much an

Re:Look at how they are attacked.

[v1]

Just a followup on a few of your points. Some you are dead on the money, but a few have some additional information you haven't ran into yet.

Samba - 100% broken in OSX when trying to share out files to a Windows box with User level security. You can access public stuff, but whoa unto you if you try to access private data with a username and password. It's acknowledged as broken, it "Just doesn't work."

The only problem I've ran into lately is with a specific implementation of network security. Windows got the brilliant idea to digitally sign packets on the LAN. Turn that off and a great many things UNbreak. Mac is supposed to have added support for this but it doesn't appear to work.

ITunes - You can't sort a playlist arbitrarily. You have to sort it by a field. I can't click and drag songs into specific a specific order - "It just doesn't work."

I don't think "it just works" is meant to apply to the presence of features, but instead to core functionality. If I say it differently it may make more sense. I can't say a car doesn't Just Work because it lacks ABS or power windows.

Although that I would admit is a glaring obvious omission in iTunes, most users are very pleased with all the ease of use and features that iTiunes has in it. The built-in store is very well-done. Synchronizing with an iPod is effortless. I would add to that feature request that I would like to be able to add a song to a playlist more than once, to increase its frequency in playback.

Printer - Can't use my Epson CX3810 with the Mac. I realize Epson doesn't provide the driver and there's a third party driver, but it doesn't seem to work quite right, especially if it's over the network (where it doesn't work at all) - So while the ultimate fault lies with Epson, it still "Just doesn't work."

Actually with Leopard there's a very exciting new twist to this. Now this doesn't apply to everything of course, but pretty close and maybe for your printer too. Mac OS X doesn't ship with tons and tons of drivers, they just ship with the common ones. Plug in your printer and turn it on. If you added a hacked driver you found somewhere for it, go into print management and delete the printer. (not the driver) Now run software update. There is a good chance it will find drivers for it on Apple's web site, via software update. This is a new feature in Leopard, that tries to eliminate the need to track down drivers for hardware. You just need to have it plugged in and not working properly when you run software update. I don't know what the odds are of it working for you. To be honest, probably not good right now if it's a new model. But after epson codes drivers for that printer, it will probably be on Apple's software update and upgrade your system automatically. It will automatically add the printer when you reboot following the update even.

I just looked, and good lord there's a lot of bundled supported printers in Leopard. (over 3,000) I see yours is supported with Gutenprint which I believe is a generic open source driver?

Safari - No effective, free adblock software that I can find. Switching to Firefox obviously solves this, but for the Mac and their homebrew application, it "Just doesn't work."

I wouldn't browse without wearing my PithHelmet. Be sure to grab from the link on the right for the new Safari 3.1. Sorry SlashDot you're not getting anywhere near the ad revenue from me, but those shockwave animated ads PISS ME OFF TO NO END. I do wish there were more options available, but PithHelmet does everything I want it to do.

iDVD - This is by far the best example of things not working. I can't even figure out what this program is for, since it doesn't appear to do anything useful. I tried to make a simple DVD with it.

I'd actually classify that as a problem, not that it doesn't work

Macs can have funny exploits

[Idimmu+Xul]

I was amused today when I read this article about a local Mac exploit due to a SUID binary.

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

All my Mac using friends reported they were vulnerable and I think they're all using the latest Leopard. I'm no Apple hater, don't get me wrong, but it does seem the little things can slip past Apple too, not just Linux (people where I work are *still* affected by the Ubuntu key issue of last month :o)!

--
Free Playstation 3, XBox 360 and Nintendo Wii

Re:Macs can have funny exploits

This does not work in tiger. Apparently ARDAgent 'is' Error 609 Connection Invalid, as oppossed to 'r00t'. I haven't tested it on a Leopard machine. I've seen a similar problem with iPhones running Cydia installer, there's a SUID called godmode which bus errors with no stdin, but can take commands after it and execute them. Stupid design.

Re:Macs can have funny exploits

[UnknowingFool]

No system is completely secure. The exploit that you mention however does require physical access and for you to be logged into as a user. It's not a remote exploit.

Re:Macs can have funny exploits

[0100010001010011]

You do need to be logged in as a user but you do NOT have to be remote. I just did this over ssh:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
root

Re:Macs can have funny exploits

[prockcore]

It can piggyback on a safari exploit and boom, it becomes a remote exploit.

Re:Macs can have funny exploits

How the fuck are they still affected by the Ubuntu key issue when the fix was made available by Debian like thirty seconds after the exploit was reported?

Re:Macs can have funny exploits

Is there a reason you feel the need to spam all of slashdot everytime you post?

Re:Macs can have funny exploits

[Moridineas]

That's not true at all. I sshed to my laptop and remotely triggered the exploit.

The user currently has to be logged in graphically, but the exploit can certainly be pulled off remotely. Compromised account, you're good to go.

Re:Macs can have funny exploits

[Watson+Ladd]

You have heard of OpenBSD? Two remote holes in 10 years in the default install. I found 105 Secunia advisories for all versions. It's not completely secure, but its close. If I had to make a very secure system it would be my starting point.

Wrong reason

[MBCook]

That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac.

I don't think that's it at all. It's there is very little market for OS X security books at this point. Most people don't care. Let me explain.

On the home end of things, Macs are great and relatively secure. They do fine. That said, how many people buy books on Windows Security for those home computers? I'm going to say very few. Most people don't care or don't know they should do something to increase security.

The other front is businesses. Most businesses don't use Macs, by a large margin. Macs have a smaller enterprise market share than overall market share. If you are asked to secure a server or desktop, chances are it will be Windows or Linux.

These kind of books are, for the most part, targeted at administrators, businesses, etc. Since that market (administrators of Macs) is so small (compared to administrators of Windows boxes) there are very few books written.

This is compounded by the most important boxes to secure: web facing boxes (like servers). OS X Server's market share is very tiny compared Windows and Linux.

The books aren't there because the demand for them isn't very big, not because Mac users are think they are invulnerable from arrogance.

Spare a talent for an old ex leper?

[spun]

Oh, wait, that's OS X Leopard. Sorry, my bad. That parrot story gave me Python on the brain.

Re:OMG WTF

[bhima]

It is not a Mach Microkernel.

Total bullshit

[SuperKendall]

Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share

There are now tens of millions of macs being used now. That's active use, not just purchased...

Now you tell me how in this day and age where viruses are all about building up botnets which are then sold, that a fairly homogenous systems with MILLIONS of systems to be had, is not a juicy target?

Marketshare alone is meaningless as a reason not to write viruses when you get to those kinds of numbers.

Re:Total bullshit

[joeytmann]

Tens of millions is still way less than the 100's of millions of Windows computer....

Re:Total bullshit

[abigor]

And it's still way more than the largest botnet. So it's still a good target. But it's never been exploited - I wonder why?

Re:Total bullshit

[geekoid]

Plus the black hat groups that have been trying to do this for years, and failed.

Re:Total bullshit

[IamTheRealMike]

Because:

• A lot of them are laptops, which don't make good botnet nodes due to connectivity flaps, battery life, wifi bandwidth
• There is a pool of experienced blackhat coders who know the insides of Windows very well, and are willing to write crapware for $$$. There is a much smaller pool of people like that for MacOS. In particular a lot of it comes out of Russia, China, Eastern Europe ... all places where Apple doesn't have a good hold in the market. This is just a time/market thing. If Macs became more popular, especially in these regions, the number of people willing to hack it for profit would increase.
• Growing a botnet relies on spamming huge numbers of people with a potential exploit and then hoping that some fraction of them work. For drive-by downloads that's especially important because you typically have limited time until you are discovered and kicked off the websites you hijacked. The bigger and more complicated your exploit code is, the more likely it is to be discovered. Why would anybody significantly increase their costs for a very small return? Fact is, market share is an issue.

The Fullest Measure

[SuperKendall]

Take 'em all down, Fanboi! Good dog!

And with that message, your contentless response to a well-written message puts on display the fullest measure of your intelligence.

Re:The Fullest Measure

Even trolls have standards.

Foundations of Mac OS X Leopard Security

osascript

Proofs but nothing in the wild

[SuperKendall]

There have been proofs of concepts but nothing in the wild.

Even the fabled "thirty days of Mac exploits" came up with one or two middling system weaknesses, the rest were bugs in third party programs - many of which did not even ship with the OS!

Re:OMG WTF

Yes, it's not Mach, it's XNU :

XNU is the computer operating system kernel that Apple Inc. acquired and developed for use in the Mac OS X operating system and released as free and open source software as part of the Darwin operating system. XNU is an acronym for X is Not Unix

See here : http://developer.apple.com/documentation/Porting/Conceptual/PortingUnix/glossary/chapter_998_section_1.html#//apple_ref/doc/uid/TP40002859-DontLinkElementID_38

But greater than zero

[SuperKendall]

If you had a chance at a few million dollars, why would you let that lie fallow?

Don't forget the Windows market is far more mined out at this point, in theory OS X would be a less hardened target since people are not looking out for stuff as much.

You way underestimate the allure of money to the criminal element who are responsible for viruses/spyware we see today.

Re:OMG WTF

[UnknowingFool]

From wikipedia:

Mac OS X is based on the Mach kernel and is derived from the Berkeley Software Distribution (BSD) implementation of Unix in Nextstep.

So the kernel is not Mach but based on it. Specifically the kernel is a hybrid kernel called XNU that was developed by Next. The other parts are based on Nextstep's BSD.

Wait

[Quiet_Desperation]

I thought the misconception was that anyone actually thinks Mac OS X is totally immune.

Re:Wait

[Jasonjk74]

I thought the misconception was that anyone actually thinks Mac OS X is totally immune. Sadly, there are plenty of Mac hipsters out there who do think that it is totally immune.

Re:Wait

[Jerry+Rivers]

"Sadly, there are plenty of Mac hipsters out there who do think that it is totally immune."

Are there? Show me a quote or two where somebody has actually written that. NOBODY actually believes Mac OS is totally immune, not even the most fervent of hipsters.

Re:Wait

[Jasonjk74]

"Sadly, there are plenty of Mac hipsters out there who do think that it is totally immune."

Are there? Show me a quote or two where somebody has actually written that. NOBODY actually believes Mac OS is totally immune, not even the most fervent of hipsters.

I DON'T HAVE A QUOTE TO SHOW YOU, I DIDN'T THINK TO DOCUMENT THE NUMEROUS TIMES I'VE ENCOUNTERED MAC HIPSTERS AND THE INVULNERABILITY O' THE MAC THAT THEY ESPOUSE. SEE, I CAN TYPE IN CAPS TOO. HAVE A NICE DAY.

Not market share...

[argent]

its just not a very useful platform to write viruses for since they have such a tiny market share.

Back in the '80s Macs had a tiny market share, but were a major virus breeding ground. WHy? BIG surface area exposed to attack: auto-execution of floppies, resource forks, CDEVs and INITs, etc etc etc...

Now it's Windows that's hanging on to things like auto-execute, and letting random websites download and execute code if the user responds to "Internet Explorer wants to gibberish incomprehensible stuff here, open or panic?" dialogs the wrong way, and depending on firewalls to close access to essential services rather than using local sockets or named pipes, and having the default eceution path for the browser go through the download directory...

Turn the tides in market share and you'd be back in the '80s, and you'd still have a huge viral load on Windows because Windows basically hangs around in the bad part of town asking viruses if they'd like a good time.

Re:Not market share...

Back in the '80s Macs had a tiny market share, but were a major virus breeding ground. Disinfectant had definitions for like 20 viruses and half of them were Hypercard-related not MacOS.

Compared to the thousands of viruses on PC/DOS or the hundreds on the Amiga that was hardly very major.

And most malware nowdays is written for profit rather than e-cred.

Re:Not market share...

[argent]

Disinfectant had definitions for like 20 viruses and half of them were Hypercard-related not MacOS.

When was this? I'm talking about the '80s, when all you needed to do to infect a Mac was to slot a floppy.

After Apple stopped using autorun the number of new viruses dropped significantly, and the switch to the Power PC stopped pretty much all the old ones from working. I've looked at the list you're talking about, and all the viruses are post-1992. It's not even listing the ones from the '80s.

The Amiga is also a good example, it was an even smaller market than the Mac. By the "market share" logic it should have had fewer viruses, not more.

Looking the other way, the PC virus explosion happened after 1997. What happened in 1997? A sudden huge increase in market share for Windows? No, the introduction of Internet Explorer and ActiveX, and all the viruses piggybacking on email worms.

Market share isn't entirely irrelevant, no, but it's secondary to system design.

Do not read

[m.ducharme]

Posting to clear a mod.

You're wrong.

[khasim]

The viruses that attack windows won't work on Mac...you have experiment and find different avenues of attack...identify the security hole to exploit.

The avenues of attack are the same. Those are CLASSES of attacks.

A zombie can scan IPs for known security holes, but the programmer still has to design a virus, worm, etc. specifically for the Mac that will exploit that hole.

And with about 5 million Macs out there, why wouldn't said programmer do so?

All I'm saying is that Mac's current security is due to market share, not intrinsic to design.

And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited.

And it still seems like you're implying that the people at Apple have somehow come up with a brilliant way of stopping all attacks by worms, email attachements and browser exploits.

Look up the word "security".

There is nothing "brilliant" about following basic security practices in the design of the system.

That's all there is. Nothing magical. And it won't change if Macs suddenly become the dominant platform.

All Apple does is follow basic security practices.

Re:You're wrong.

[xaxa]

And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited. We have proof of that: just look at the unpatched Linux servers (running crappy forum software which has been exploited) controlling botnets etc (chosen because they have good network connections and aren't often turned off).

Re:You're wrong.

[You+are+not+listenin]

You need to stop and think about what you're saying a bit more. Targetting unpatched linux servers is not the same thing as targetting OSX. The people searching for vulnerabilities aren't looking for vulnerabilities in 'unpached linux servers'. If you're looking for a NEW vulnerability it's not going to have a patch for it, so patched or not makes no difference. The security professionals and hackers that look for exploits in linux find them in the most up to date linux servers. The problem is only unpatched servers end up getting hit by these exploits. Why? Because the exploit gets published and a patch is made to prevent it. Only the 'unpatched linux servers' remain vulnerable. Why is this different from OSX? Because people have much more of an incentive to hack linux than even Windows, this is so unlike OSX that one would rather draw comparisons with Windows' situation rather than OSX's. Linux dominates the server market (just like windows dominates the server market), and as far as value is concerned, servers tend to contain much more information of value than desktops. Hackers have more of an incentive to hit Linux than even Windows. The reason linux stay's secure is because of the open source mentality which eases identification of vulnerabilities by security professionals (and others) and results in speady patches. Actually, the 'unpatched linux servers' argument is actually an argument against you. Linux is generally accepted to be the most secure OS. Why? Because all known vulnerabilities get patched as soon as they're found. But yet these vulnerabilities are still exploited and black-hats still target it looking for futher vulnerabilities despite it's alleged 'security'. Why does this happen? Market share. The same or much worse would probably happen to OSX if had a dominant market share.

Re:You're wrong.

[You+are+not+listenin]

Accidentally hit submit rather than edit, for the above post so there are a number of typo's, the only significant one being: *Linux dominates the server market (just like windows dominates the DESKTOP market) Sorry.

Re:You're wrong.

[grcumb]

And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited. We have proof of that: just look at the unpatched Linux servers (running crappy forum software which has been exploited) controlling botnets etc (chosen because they have good network connections and aren't often turned off).

And my counterpoint would be Debian's borked SSL implementation, which (apparently) went undiscovered by crackers for over a year, despite the ease with which it could be exploited and the immense payoff that would come from exploiting it.

See my previous comment above for details

Re:You're wrong.

[dasmoo]

Sorry, but I look after a fairly large network of linux machines and if you leave PHP configured by default and put some customer's crappy PHP code on there that noone else knows of on a half popular web site, people get into the machine.

It's not that the code is available enough that there's exploits out there for it, it's not that there's unpatched security problems in php, it's the fact that by default PHP has no functions disabled (functions that allow you to download a perl script from somewhere else and run it on the command line[i love the way the crackers use perl though]) has weak programmers due to it's perceived ease of learning. This machine will usually be owned within about 3 months (I test these things). If there's a way to get in, people will get in, even if it's only one machine.

Re:No, you're wrong

[neil-ngc]

And with about 5 million Macs out there, why wouldn't said programmer do so?

Because the same amount of time invested opens up a lot more victims.

And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited.

First off, there are mac exploits, just not a lot. Second off, if the same amount of invested effort would give you a pool of potential victims that is orders of magnitude larger, why would you waste your time. But more than that, just because somebody is looking for a hole, and a hole exists, doesn't mean that a small number of people are going to find it. Small number of people working on the...ummm...well let's call it a problem, means that the problem is less likely to be solved. Large number of people working on it greatly increases the odds of success. If you're going to argue that even a significant fraction of the number of criminals working on windows holes are working on Mac holes because, hey 5 million is a lot of machines, then I'm clearly not going to dissuade you. But you're wrong.

And it won't change if Macs suddenly become the dominant platform.

I'm sorry, but there's no gentle way to respond to this. If you think that it would make no difference if OS X was the dominant platform worldwide, then you're living in a fan-boy fantasy.

Did anyone pick up on the posters nym?

[oDDmON+oUT]

That jsuda is an anagram of Judas?

Seems suspicious to me.

Re:Rooting a Mac under 1 minute

[matrixownsyou]

you're an ass

Vista? Why not ME?

[antdude]

ME is worse than Vista IMO. :)

Re:Vista? Why not ME?

[jeiler]

ME is worse that having one's pecker nailed to a struggling jellyfish. But not by much.

Re:Vista? Why not ME?

[The+Ultimate+Fartkno]

Why thank you. Thank you so *very* much for a mental image that's going to haunt me to the very end of my days.

*ick*

Re:Vista? Why not ME?

[jeiler]

I have to admit, I sort-of expected a new /. mod category: "-1: Too mentally disturbing to contemplate."

Actually, there are other advantages...

[SuperKendall]

Mac OS X has some advantages in security. But I can't really say those advantages are due to Apple being somehow inherently 'better' coders than Microsoft or having made some kind of perfect system.

I slightly disagree with that statement.

Most programming done on other systems for higher level OS and application stuff, is C or C++.

In OS X, it is Objective C.

SImply because of the message passing nature and the way the frameworks are built, I would say that generally any application written in Objective C would have many fewer problems with things like buffer overruns. Also possible, is that the very dynamic nature of Objective C makes it more likely code will be checking inputs from other modules for sanity.

This would also agree with your assessment that Quicktime seems to show more problems than other areas of code - because more of it is at a very low level that is more pure C and uses the frameworks less.

But I do agree with your assessment that Apple being willing to break from legacy code makes a difference too.

Re:Actually, there are other advantages...

[Sparks23]

ObjC is my language of choice to develop in when possible, and I grant you that some of the nature of ObjC makes it easier to avoid some of the 'stock' security pitfalls. But not all of the system is in ObjC -- most of the daemons and so on are in C, after all.

Beyond that, the very adoption of ObjC as the primary language of the system is, itself, a break with legacy code (Mac OS 9 and earlier did not have ObjC, after all, much less have anything written in it). ;)

Re:Actually, there are other advantages...

It's silly to say that "most programming" on the Mac is done in Objective C.

The most important apps on OS X: Finder, Safari, iTunes, QuickTime, MS Office, Adobe Suite, and so on are written primarily in C++

Re:Actually, there are other advantages...

[Moridineas]

Most programming done on other systems for higher level OS and application stuff, is C or C++.

In OS X, it is Objective C.

Ach, enough with the blatant fanboism! Yes, Cocoa/Objective C is ONE way of programming for OSX, and indeed Apple's stated preferred method. But...

Looking at a couple of my currently running programs..Firefox. Photoshop. Microsoft Word. Azureus. None are written in Objective C, none use Cocoa.

Ok, admittedly, those are non-Apple applications. Let's take a look at some Apple applications--that come with the OS even. iTunes--uses Carbon. Quicktime--Carbon. Safari--partially Carbon. Mail.app -- all carbon. Finder, added some cocoa features in Leopard, but is primarily carbon.

Finder..iTunes...Quicktime...Mail...Safari. All use that horribly unsafe C/C++ and Carbon "legacy" API. Good job buying into the hype though...

Re:Actually, there are other advantages...

[Moridineas]

btw, replying again, if you want to check out which frameworks Mac programs use, open a command line (thats in Applications/Utilities) and cd to the application direction. For instance:

% cd /Applications/Mail.app/

Then go to the binary--

% cd /Applications/Mail.app/Contents/MacOS

and run the otool command:

% otool -L Mail

Re:Actually, there are other advantages...

[tcoady]

apologies for mistaken off-topic mod - appears undoable without this reply

Re:Actually, there are other advantages...

[SuperKendall]

But of those, the greatest entry vector into the system for malware or viruses (the context of the discussion) would be Safari. As you note, it's partially carbon - but not wholly so.

I think I noted in my main post already that Quicktime was more dangerous and had been the cause of issues in the past, but then that is why Apple is taking steps to make a simplified version...

It's not hype I spread but simply a note that using Objective C helps as it's a little less prone to those kinds of errors. I fully acknowledge it's not used everywhere, but should no area have greater security applied if it can only be partly applied? I think not, security is not a measure of whole efforts but of smaller ones, all overlapping.

I also do not see why you say Mail.app is wholly carbon, it makes use after all of CoreData and Quartz2D and QTKit and a few other things like that. I think you may be misreading the library use to some extent.

Re:Actually, there are other advantages...

[Moridineas]

I also do not see why you say Mail.app is wholly carbon, it makes use after all of CoreData and Quartz2D and QTKit and a few other things like that. I think you may be misreading the library use to some extent. You're entirely correct about this--I misremembered about Mail.app.

Re:Actually, there are other advantages...

[Paladeen]

Just because an application links to a given framework, it doesn't mean that the application uses it all that much.

As a Mac developer, I often need just 1 or 2 Carbon functions that aren't available in Cocoa, and thus link to Carbon, even though an overwhelming majority of my application's code is Objective C Cocoa.

The examples you cite are the worst of the lot, esp. the Finder and QuickTime. The Safari GUI shell is written in Cocoa, WebKit is written in C++. Mail is largely a Cocoa app.

While it is true that the message-passing kind of development of Objective C is much less liable to buffer overruns etc., and is thus in a sense "safer", this is not the reason why Mac OS X is a more secure operating system.

Re:Actually, there are other advantages...

[Moridineas]

Mail is largely a Cocoa app. Yeah, I was dead wrong about Mail--it is Cocoa.

Thanks for the reply and the info re: Cocoa/Carbon in application development. I've unfortunately only dabbled in Objective C.

That's not remote

[SuperKendall]

That's not true at all. I sshed to my laptop and remotely triggered the exploit.

No, you ran the exploit locally on that system - that you were connected to remotely.

You did not INITIATE the exploit remotely. And on top of that, by default SSH is not even enabled on a Mac. Which is why the exploit is not as bad as you might think, because you could take a Mac out of the box and hook it to the internet and after several years no-one would have managed to trigger that exploit. THAT is what remote means, that you can initiate it from scratch, without being logged into the system. It's a big hole to be sure but at least there is a strong layer of defense in front of it for most people.

Re:That's not remote

[Moridineas]

What you say is all well and good (and I agree with your definition of remote exploit), but that is by no means fits the definition of "physical access" which was what I replied to, so I'm not really sure what the point of your post was?

Physical access means ... physical access by the attacker (this is how I've always seen and used the term at the very least...). Physical access is not to be confused with local access (is that what you meant?)

Shell access, malicious webpage, malicious attachment, random buffer overrun, samba security hole (unpatched afaik)--any exploit that can run a process, start a script, etc, just got a lot more dangerous.

Don't understand why you and others are so quick to defend Apple here--an easily exploitable suid binary? Msft would be (righlty) chastised for this...

Wonder how remote apple events would work for this.

Re:That's not remote

[SuperKendall]

In practical terms it requires physical access because the user must be logged in on a server (where SSH would likely be running), whereas a home system simply would would almost never have SSH or other means of access into the box enabled for an attack to be carried out unless you were present.

I'm not exactly defending Apple in this, it's a very silly hole to leave open. I am noting that the whole which appears terrible at first, is in fact rather hard to actually exploit - but I do hope they close it soon.

Re:That's not remote

osascript -e 'tell app "ARDAgent" to do shell script "id"'

or klist instead of id or kinit -RfA ... and you have network credentials.

or if you prefer you can see that

osascript -e 'tell app "ARDAgent" to do shell script "touch /tmp/xxx"'

creates a file owned by root, and you can extrapolate to editing /etc/authorization...

This is a spooky bug. You're right that it can only be performed as a trojan attack, but it's an awfully cheap way to escalate privileges, steal credentials, and do all sorts of naughty stuff.

I expect a fast fix and people worried about what 3rd party stuff got installed trustingly, with the expectation that privilege escalation to require a trip through the authorization framework, or at least a somewhat devious attack.

Most fun of all:

ARDAgent [9655]: ********ARDAgent Launched********
com.apple.launchd[227] ([0x0-0x171171].com.apple.RemoteDesktopAgent[9655]): Check-in of Mach service failed. PID 9655 is not privileged: com.apple.RemoteDesktop.agent
ARDAgent [9655]: ********ARDAgent Ready********

is what's in the log. So the authorization code complains, but the request is done anyway.

Mac Security is PERFECT, according to the press?

At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. A little searching can go a long way.

There have been no fewer than 57 Slashdot stories on Mac OS X security in the past 12 months.

There are been hundreds of newspaper articles on Mac OS X security in the past 12 months. I can easily count over 500.

I think the authors are confusing the phrase "immune from" with "much less likely to experience". I don't know any IT person who thinks that any platform is immune from security issues.

The two OSes are products of different ages

[ChrisA90278]

Back when Windows was first designed Microsoft assumed there was only one user on the computers and there was not way to get at the computer other than via the keyboard/mouse.

Unix was designed from the first to be used on a shared computer. The idea was that computers were so expensive that you could only afford one for an entire department, so you hooked up a bunch of terminals and let lots of peopleuse the machine at the same time. The "prime directive" of OS design was "it should not be possable for one user to screw up an others users work."

Unix was designed to run on very expensive shared computers while Windows was designed to run on cheap in-expensive personal computers that were owned and used by just one person. Mac OS X is based in Unix and ha very stong abillty to pertition users from each other. Untill recent years Windows did not even have to concept that there might be more then one user

The attitude of Mac users is what worries me

[theolein]

I own four macs and am a sysadmin to a company running about 45 macs. I really like Mac OSX as an OS, as it is generally very robust and flexible, and, in my experience, the OS contains many features that make it both more productive and secure than Windows.

That, however, is a generalisation. Windows has made strides to improve its security record and Vista is much better in this respect than XP was (even if one does get the feeling that a lot of Vista functionality was "bolted on" after the fact). I would be wary of making wild claims about Vista being less secure than OSX, but I think, in general, Apple's use of ACLs in 10.5, coupled with other security features do give it a slight edge.

That said, the exploit this week about the Applescript ARDAgent vulnerability, and above all, the general reaction of Mac users to this vulnerability, and again as expressed in this slashdot comments section, coupled with my experiences with my users at work shows me a few things:

Mac users in general, tend to hold on to myths and marketing claims put out by Apple's PR more that users of other platforms do. I honestly think that the Mac vs. PC ads do Mac users a disservice because so many belive the claims without even asking any questions about them. An example: PC is frustrated because Mac now has Office 2008 which can do all that Office 2007 can. This is simply false. Office 2008 lacks VBA for one thing, lacks conditional formatting in Excel for another, and is so slow, it is barely usable on a new Mac Pro tower. Our older Office version, Office v.X runs faster in Rosetta emulation.

Another example. Coincidentally, I discovered this week that Apple Mail will run a Mac application thta has been attached to an email directly out of Mail. It will warn you, twice, about this, but Windows warns you about new apps as well that hasn't stopped millions of clueless end users ignoring the warnings and just clicking away. I did a few tests on users at work and they *all* opened the app. An app, combined with the applescript ARDAgent exploit would be an excellent way for an attacker to install a trojan for phishing or zombie purposes.

The atttude of Mac users that the platform is magically secure than Windows (it is more secure than XP, but not much more than Vista if at all) in the same way that Mac users were still crowing about Win98 BSODs the same way Windows users were crowing about OS9 crashing all over the place, years after neither one was used very much any more, is indicative of the problems that we, the Mac using community will face when malware exploits start to gather pace on the Mac.

I honestly believe that the Mac has been mostly protected by its small marketshare up until now. Most exploits come out of China and Russia, and most malware authors there do not have Macs. That will eventually change.

I say that Mac users should be less confident in the platform and more aware of security. I suspect that in 5 years, Anti-Virus software will also be a mainstay on OSX.

Re:The attitude of Mac users is what worries me

[aaronfaby]

People mindlessly clicking OK dialog boxes, even if they are warned twice, says more about user behavior then OS security. The problem with computer security is that computers are operated by human beings, which we all know means that many (if not the majority) of those human beings can and will be tricked to do things they shouldn't do. This is a fact of life. If the OS warns the user TWICE, and they still click OK, then I fail to see how this is a security flaw in the software. Are you sure attached apps are run automatically? You don't have to click on anything at all?

Re:The attitude of Mac users is what worries me

[k8to]

Why should the operating system prompt you to do something stupid? How about not doing the stupid thing?

Re:The attitude of Mac users is what worries me

[IamTheRealMike]

The point is, it's much easier to change software than peoples perceptions. Blaming people rather than the OS is a cheap and useless shot. It doesn't achieve anything. Research into secure desktops is at an early stage but it does exist. We know we can do significantly better than the MacOS/Windows security models. We just aren't doing it in mainstream operating systems because it's hard.

Consider the guys test. He sent people a mail that said "please open this app". The mail looked like it came from him. The Apple ads have convinced people that Macs are inhernetly secure (dumb dumb dumb!). The guy is in a position of authority over them in IT regards ... so they open the attachment. They don't know that mail can be forged, or that ARD lets you priv escalate your way to a rootkit. How can they know these things? IT administrators have been telling people not to click attachments in mail for years now, but I discovered a couple of months ago that most of my friends had no clue I could send mail that looked like it came from them (or their boss).

Re:The attitude of Mac users is what worries me

I'm not saying we shouldn't change software, I'm just saying we need to attempt to change people's perceptions as well. The weak link in the computer security chain will almost always be the human being. You can have the best security model in the world, but users will always be able to do something stupid to allow malicious code to circumvent that model. Essentially what you are saying is we should make the automobile drive itself properly rather than teach people how to drive. In the end, the more educated people become about threats, the less of a chance these threats have to thrive. Perhaps IT departments aren't doing a good enough job of educating their users on how to be security conscious.

Re:The attitude of Mac users is what worries me

[NewtonFan]

Another example. Coincidentally, I discovered this week that Apple Mail will run a Mac application thta has been attached to an email directly out of Mail. It will warn you, twice, about this, but Windows warns you about new apps as well that hasn't stopped millions of clueless end users ignoring the warnings and just clicking away. I did a few tests on users at work and they *all* opened the app. An app, combined with the applescript ARDAgent exploit would be an excellent way for an attacker to install a trojan for phishing or zombie purposes. I just tried this under Mac OS X Leopard, but I cannot reproduce this.

small clarifications

[MikePlacid]

Actually, on Mac - *all* users run with no admin privileges. Admin accounts can request an escalation to admin privileges when and if needed. Happens not that often.

And on Win I can't setup my kids' account as a non-Admin: Alpha Centauri would neither install nor run from a non-Admin account.

And I can't say that Win is in any way more handy... (checking ways) No, not one.

Re:small clarifications

[jeiler]

And on Win I can't setup my kids' account as a non-Admin: Alpha Centauri would neither install nor run from a non-Admin account.

That does not mean that you can't set your kids up with a limited account--it simply means that due solely to the way Alpha Centauri is written, it won't work with a more secure setup. But that's not Microsoft's fault--complain to Firaxis.

Re:small clarifications

[Ilgaz]

Apple makes easy for Developers to code things that can run under non-admin account while MS somehow doesn't. It even includes games. You can run any game without Admin permissions on OS X (I don't know the recent WINE junk from EA).

It is all about the core architecture of OS and the Developer tools.

Re:small clarifications

[Allador]

And on Win I can't setup my kids' account as a non-Admin: Alpha Centauri would neither install nor run from a non-Admin account. I think what you mean to say is that you most certainly can setup your kids on windows as non-admin.

It just happens that one piece of software they like is so horrendously designed and implemented that it requires admin to run.

What did the Alpha Centauri developers say about this when you approached them about fixing their software?

Last two years hacking contests

[BountyX]

There is a $10,000 award plus a computer to a hacker that remotley roots an operating system. The hacking competition has three machines, windows, linux and mac. For the last two years Mac has been the first machine to be compromised. It's still more secure than windows imo, just a little fun fact.

Re:Last two years hacking contests

[geekoid]

linky.

Re:Last two years hacking contests

[aaronfaby]

Actually, the Mac out of the box was nigh-impossible to get into, so they created a way for hackers to send a URL to an email address which would cause safari to automatically open the URL on the machine. The winner got in through a Safari vulnerability.

Re:Last two years hacking contests

Actually, the Mac out of the box was nigh-impossible to get into, so they created a way for hackers to send a URL to an email address which would cause safari to automatically open the URL on the machine. The winner got in through a Safari vulnerability.

You say that like they somehow had to cheat to crack the Mac (sorry if I misunderstood you), but this was how the competition was planned in different stages, equal for all systems, OSX still got cracked before Vista, all things being equal. And this is definitely a real world scenario, not a theoretical one.

Mac users don't want to damage their platform

[daviddennis]

I've always thought there's a slightly different phenomenon at work for Mac users.

See, Mac users really like what they're using. If you go to the trouble of buying a Mac, you're joining a group of people that is generally supportive of their computing platform.

So I think there are a lot fewer people who are really interested in breaking into Macs and damaging their computing platform's reputation.

To show this principle in action, take a look at the iPhone hacking community and how quickly they found exploits. The difference? The motivation for breaking iPhone's security was to be able to write software for the device. They were not trying to be destructive and did not see themselves as destructive.

So it would appear that there are fewer "destructive hackers" for Apple products than there are for other platforms. People are only really interested in breaking into Apple systems when there is some kind of hacking challenge, or when a product like iPhone or Apple TV is preventing them from using the devices as they wish.

I do believe that Apple has better security overall than Windows, but at the same time I also think the overall software environment is far more benign.

D

Re:Mac users don't want to damage their platform

Too bad you didn't get modded up for your insightfulness, but social/interpersonal issues are lightyears beyond the stunts that post on this site.

Re:Mac users don't want to damage their platform

[daviddennis]

I think it's simpler than that. The people on this site are conditioned to be cynical and negative about just about anything. They can't understand positive emotions in favour of a product, especially when that product is made by big business.

This is why you see so many people who are contemptuous of "Apple Fanbois" and slaves to Steve Jobs, without thinking that there might be valid reasons for people to like and appreciate Apple.

People are especially cynical about corporations, which is a little sad since Linux probably would have been litigated out of existence if IBM hadn't spent tens of millions of dollars litigating the SCO cases.

Steve is not God, and Apple has some policies that are far from praiseworthy, but if you pick up the big picture he's tried very hard to satisfy his customers, and you can't say that of Gates and Ballmer.

I can guarantee you that iTunes DRM will function for eternity, and Steve would never promise that his systems would work well with an upgrade and then break that promise. Gates and Ballmer have violated both of those principles, in publically embarassing ways, and they don't even seem to feel they've done anything wrong.

Or it might just be that few people saw the post. It's buried at the end of a long string and if you read messages in the usual threaded format you will never see it.

And eventually it did get modded up, but I think those two factors are why that didn't happen earlier.

D

MacOS X and Spyware

[daviddennis]

Think about how spyware gets on a computer.

From what I understand, there are two basic ways: Drive by downloads and host programs that carry spyware with their installation.

Drive by downloads under Windows are installed thanks to Internet Explorer bugs. IE is capable of installing operating system updates and so it automatically has the access needed to do so.(*) Safari has no special operating system privileges and so it cannot install software on its own without user intervention.

As far as I can tell, other spyware vectors such as commercially developed BitTorrent clients and "smiley face" silliness have not taken off on the Mac.

So as far as I know, the major ways to distribute spyware don't exist on the Mac and probably never will. Thus, Apple is likely to be spared the spyware phenomenon, at least to the dreadful extent it occurs on Windows machines.

D

(*) I think Vista was supposed to fix this but I don't know if that is the case or not. In any event, most Windows users continue to use XP.

Re:MacOS X and Spyware

[Moridineas]

Drive by downloads under Windows are installed thanks to Internet Explorer bugs. IE is capable of installing operating system updates and so it automatically has the access needed to do so. Do you have any information about what IE bugs are exploited for "drive by" downloads? In my experience, IE bugs have not been responsible for the vast majority of spyware etc in years...does your experience differ?

If users CHOOSE to download and CHOOSE to run software, that is different, and Windows and Mac both query you about running unsafe software now.

(*) Safari has no special operating system privileges and so it cannot install software on its own without user intervention. I'm confused--are you talkig about IE's ACtiveX abilities?

So as far as I know, the major ways to distribute spyware don't exist on the Mac and probably never will. Thus, Apple is likely to be spared the spyware phenomenon, at least to the dreadful extent it occurs on Windows machines. Maybe I'm just lucky and missing out, but it's literally been years since I've seen a PC decked out with spyware. If you don't install junk on your computer, nowadays you are very unlikely to get spyware. If you're willing to install junk on PC, chances are, you're willing to install it on your Mac as well..

Re:MacOS X and Spyware

[daviddennis]

Unfortunately, I live in Pittsburgh, which is an area where most people like the tried and true and don't think much of being up to date. So the problems you mention are still very much alive here, and pretty much every PC I see is encrusted with enormous amounts of spyware and invasive software.

Since Apple's user base skews towards better educated individuals in general, and creative artists and writers specifically, I suspect that fewer of them have the bad taste to download the "Incredimail" and smiley face software that are common spyware vectors. However, in all fairness, I think that software is not available for the platform in any event. If and when it becomes available, it will be interesting to see how much spyware proliferates.

D

Re:MacOS X and Spyware

[IamTheRealMike]

From what I understand, there are two basic ways: Drive by downloads and host programs that carry spyware with their installation.

These days it's almost exclusively the former. Very little malware gets onto systems via other host programs, and when it does it's usually in things like copy protection cracks rather than "smiley face" programs.

Safari has had a pretty damn poor track record of being a secure browser, for what it's worth. You would have thought that after years of IE setting an example of how not to do things, given the chance to write a new codebase they'd have made extra extra sure that Safari was built like a rock. Apparently not though.

So I don't understand how you have concluded that "the major ways to distribute spyware don't exist on the Mac and probably never will". They exist today and aren't being widely exploited because most of the truly evil sofware being written today is written for profit, and there isn't much profit in exploiting a platform as small as MacOS. It's really that simple.

MacOS, as far as I can tell, has very little inherent security. It inherited a security model that was deeply flawed and inappropriate for the desktop from UNIX, and then proceeded to blow holes in it with a series of trivial privilege escalation vulnerabilities. A single escalation hole reduces the security model of a UNIX system to that of Windows 95, ie, none whatsoever. Although it's true that most malware functions don't require root, they can and will exploit root to embed themselves deeper within the system (eg, using rootkits) making it hard or impossible to remove without a reinstall.

Really, Microsoft learned a lot of lessons from the experiences of the XP era. It might not seem like it at times, but they now have extremely thorough security training for all their employees working on the platform, they use external and internal penetration testing, they have security improvements built into their compiler toolchain and so on. Apple unfortunately doesn't seem to have learned the same lessons yet.

Re:MacOS X and Spyware

[daviddennis]

Apple users, including myself, should worry about this because Apple's market share has been growing substantially in the last year or so. If it continues to increase, and if vunerabilities are as you say, malware may become a real problem.

I have always been under the impression that Microsoft's security problem is ActiveX, which allows IE to do software updates on its own.

As far as I know, Apple has never done anything like ActiveX and that alone makes it far more secure than IE.

What specific vulnerabilities in Safari are you referring to?

D

Re:MacOS X and Spyware

[Crazyswedishguy]

As far as I can tell, other spyware vectors such as commercially developed BitTorrent clients and "smiley face" silliness have not taken off on the Mac. I don't intend to start a flamewar, but it seems to me that until recently, Mac users were overall a little more technical and computer-savvy than your average Windows user. This isn't to say there aren't uber-technical Windows users, just that most non-technical people chose Windows out of convenience.

Because a lot of viruses, spyware, hacks and exploits depend on a user to inadvertently install or run it ("oh, .exe file in my email from someone I don't know? Let's double-click it to find out what it is!") and people are inappropriately educated about the risks of opening unsafe attachments, it seems Windows is intrinsically more at risk due to its user base.

I think Linux, on the other hand is generally used by tech-savvy people who know what to open and what to put in the trash immediately. It would be more difficult to write a virus that's spread thanks to user naivete.

Because of how Apple has (in the US at least) somewhat exploded in recent years and the user-base is increasingly people attracted to the simplicity and the "pretty design", I feel OS X may be becoming more vulnerable.

My point is not that the size of the user base (which for a hacker translates into size of the target) will drive more vulnerabilities, but rather the nature of the user base will.

In the end, security is also what you make of it, and no matter how good the system is, if the user doesn't know how to use it, there will be vulnerabilities.

Re:MacOS X and Spyware

[daviddennis]

There's a subtle difference that's more about good taste than knowledge - Non-technical Apple users tend to be artists, video editors, graphic designers and so on, and of course they appreciate quality aesthetics.

In that kind of environment, bouncing smiley faces and the like just are not as appealing. I don't expect the girl I worked with years ago who liked HotBar [an early spyware program] because it was "Pink" to ever become an Apple customer :-).

The odd thing about Apple is that it seems to appeal to people who barely know how to turn on a computer and people who are computer experts of many years standing, but the great in between masses have not really been moved to try it. As long as Apple proportionately attracts tech rubes and tech elites I don't know if the problem will increase much, since tech rubes are not particularly adventurous in how they use their computer.

The in-betweens, who think they know more than they do, may be the real danger. We'll see how well Apple does with them in the future.

D

Re:MacOS X and Spyware

[Allador]

From what I understand, there are two basic ways: Drive by downloads and host programs that carry spyware with their installation. This is incorrect, at least in my experience. The vast majority of malware installs I see are from people installing it explicitly. They think its a porn codec or a cool video player, or a cracked copy of Office or something.

So nothing to do with software, just pure social engineering.

Drive by downloads under Windows are installed thanks to Internet Explorer bugs. IE is capable of installing operating system updates and so it automatically has the access needed to do so.(*) Safari has no special operating system privileges and so it cannot install software on its own without user intervention. This is completely inaccurate and shows a lack of understanding of operating system behavior.

IE isnt magic, and doesnt have magical properties. It is simply an executable that runs under some account.

If you run it under an account with local admin privileges, then it has local admin privileges. If you run it under an account with no admin privileges, then it has no admin privileges. If you run it with a 'drop my rights' style tweak, then it has exactly those rights.

The bad mix is people running IE under an account with local admin privs. Then the various patched and unpatched vulns expose the user to random software installation for the joy of browsing to a webpage.

Re:MacOS X and Spyware

[IamTheRealMike]

ActiveX hasn't been default-on for years now, it's really not a hole any longer and hasn't been for a while. FWIW the experience of Firefox has been that people started to target it when it reached ~12% market share, so Apple has a while to go yet. For Safari just google "safari remote code execution". QuickTime also has had some nasty exploits.

Stop with the fallacy people.

[geekoid]

http://books.slashdot.org/comments.pl?sid=590261&cid=23880967

Application install methods.

A big complaint I had with OSX Tiger(I actually haven't used Leopard yet) is that it spews a ton of open-source programs all over your system... but failed to keep them patched correctly. Apple needs to invest into Fink/Macports or something and only install open-source software through there from the get-go. Secondly... why is the Software Update system closed off so that other software can't piggy-back onto it to keep everything updated using the one manager?

Most applications I install on OSX require Administrator access.

Maybe the blame can be placed entirely on the application designers... but something needs to be done with operating systems to stop this from continually happening... they need to be able to trick applications into thinking they actually have root-level access.

Typical

[Jasonjk74]

I forgot, if you don't agree with everyone here, if you *gasp* dare to say anything about Macs/Mac users, then you're "Flamebait" or a "Troll." Whoever modded me, move out of your parent's basement and attempt to meet a woman sometime.

Nobody said it was.

[jpellino]

Sorry.

Full of shit

[RzUpAnmsCwrds]

DISCLAIMER: I work at Microsoft.

Pretty much everyone who posts about this is full of shit.

Vista has had 34 vulnerabilities over the last 1.5 years. That's less than Mac OS X over the same period.

If you want to argue that Mac OS X is "more secure", you need to do it on grounds other than vulnerabilities. At best, Mac OS X and Vista are similar in the number and severity of vulnerabilities.

So the new big thing on Slashdot, since the vulnerability statistics don't back up the "more secure" argument, is to argue that Mac OS is "intrinsically" more secure than Windows.

I have no idea what people are talking about there. Vista has ACLs, just like Mac OS X. Vista has sudo (UAC in Vista), just like Mac OS X. Vista disables network-facing services by default, just like Mac OS X. Vista has a firewall, just like Mac OS X.

So, you can wave your hands and say that Mac OS X is secure because it's "UNIX". But I'm not impressed. There's nothing "intrinsically" secure about UNIX compared to any other modern OS.

What I can say is that Apple doesn't take security bugs seriously. Microsoft acknowledges when there is a reported vulnerability and reports when a fix is delivered. Apple pretends that vulnerabilities don't exist. Apple sometimes stealth-patches vulnerabilities away. And Apple frequently tries to downplay the severity of vulnerabilities.

Take, for example, the root privilege escalation vulnerability reported several days ago in Mac OS X. That kind of bug is extremely serious, yet we had 20 people on Slashdot commenting about how it's not a big deal. Apple hasn't even acknowledged that there's a problem.

Re:Full of shit

[Watson+Ladd]

The Vista permissions system is what again? Unix permissions are very well understood after 25 years. And Microsoft with 100 times the resources of Open BSD has many more vulnerabilities. Neither Apple nor Microsoft care about security: if they did we would all be using Coyote.

Re:Full of shit

[Lodragandraoidh]

DISCLAIMER: I work at Microsoft.

Pretty much everyone who posts about this is full of shit.

1. Try to influence the discussion of something that is self serving/conflict of interest.
2. Throw out an insult.
3. ???
4. Profit!

Yet another nail in the coffin of any respect I had left for Microsoft.

Re:No, you're wrong

[Jerry+Smith]

And with about 5 million Macs out there, why wouldn't said programmer do so?

Because the same amount of time invested opens up a lot more victims.

And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited.

First off, there are mac exploits, just not a lot. Second off, if the same amount of invested effort would give you a pool of potential victims that is orders of magnitude larger, why would you waste your time.

Most mac-users don't use anti-virus programs. They just don't. So that would make the total number of targets lower, but the vulnerability of them higher. So it should be an interesting pool of victims indeed, despite the lower market-share.

No, you are wrong

Of course I'll get modded down for this, as I always do, but when you make broad statements like "OSX is far more secure than Windows"... that deserves to be quantified. However, the very act of SHOWING it quantified is what gets one modded down. This site is run by Linux.com... so go figure.

Here are security issues with OSX
and here are security issues with Vista

At the moment, I'd say they are tied, if anything. However, there have been plenty of times where Vista had a really small amount of security issues, while OSX had a huge amount.

Sorry to burst all those bubbles, but there's no such thing as "intrinsically more secure". If you think so, then please explain to the rest of the class exactly what is going on under the hood in each OS, and what is going on in Windows that is fundamentally flawed.

Because while it gets people modded up around here by saying stupid crap like that, it actually infuriates security experts to hear brain-dead drivel like that... especially when the people saying it try fooling everyone into thinking they are tech savvy.

I suspect this book is already outdated.

[ubiquitin]

Seriously.

Does this book have the osascript bug in it?
osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

A local root escalation issue that's on more than 40% of typically configured machines is something you'd want to know about.

No INFOSEC book is ever complete. We're all still writing it.

How to determine strengths/weaknesses w/o testing:

[RexDevious]

There are 3 debated OS's: Windows, Mac, and 'Nix. There's plenty of objective and subjective discussion about the strengths and weaknesses of each. But here's a simple principle that cuts through the confusion:

"A group of people who *try* to accomplish something, will succeed at a higher rate than a group that doesn't"

Just look at what the people behind each OS have *tried* to do, and you'll see that they've succeeded more in that area.

The 'Nix developers *tried* to develop a secure, scalable OS - because that was what their market required. Not surprisingly, 'Nix is the most secure and scalable. They didn't really try to make it something Grandma could find her way around in easily, or that could play bleeding edge video games, or win beauty contests. Not surprisingly, they didn't succeed at doing any of those things with the OS compared to the alternatives.

The people behind Windows (pick any version you like), tried to make it something that appealed to office workers who had IT guys around to help out, encouraged third party hardware and all the software that that enabled (like video games that needed fast but cheap sound and graphic cards), and a small learning curve to develop basic business apps - because riding into the corporate world on IBM's coat-tails, that was their market. Not surprisingly, they succeeded in these areas. They didn't try to make it stable enough to use without an IT staff, as secure as a financial services data center would need to be, or the tool of choice for artistic types - because that wasn't their market until much later. So no big surprise they didn't beat the groups that had been trying to do nothing but that for much longer.

Apple tried to make truly personal computers. Easy enough to use, and stable enough to trust, without the aid of an IT staff. Not a lot people wanted personal computers to run spreadsheets at home, but they did want to use them for more creative projects. And, no surprise again, that's what Mac's are still good at.

Of course, eventually computers became too important in the world for any OS to be exceptionally weak in any area even for the original market, so all three groups started trying to address their weaknesses. 'Nix got a couple of GUI shells, and easier to install packages. Windows made a stab and running more stable servers, supporting multimedia, introducing the concept of security to office workers, and spawning a whole anti-virus industry. And Mac ran office programs, started playing nicer with Windows networks, and took on BSD core to maintain security and stability. They'd probably also have addressed their gaming short-comings if consoles hadn't pretty much reduced gaming on personal computers to a small hard-core niche of users who cheerfully pay more for a video card upgrade than what a whole next-gen console costs.

But the trajectories stay the same. 'Nix has to please the "We don't care what it looks like, it has be secure and scalable" crowd, Windows has to please the "I just need to finish this spreadsheet, so put my 'password' on a post it note on my monitor and tell the IT guys to fix the virus I just downloaded" crowd, and Mac has to please the "I'm here to make music, art, and email Grandma; not get a CS degree" crowd.

As I've seen written on Slashdot before - the road to failure is paved with perfection, the road to success is paved with "Good Enough". No OS will ever be perfect, but they'll survive by being the best for their target market's primary needs, and "good enough" for the other needs that market has.

The reason Microsoft is losing market share, is that it's simply trying to serve too many markets, and losing out in the secondary "Good Enough" areas. It spent too much time trying to catch up to 'nix on server needs, and Mac on multimedia needs, and wound up not being quite "good enough" with security, stability, and ease of use for the spreadsheet crowd. It's still the best option for someone who needs to keep doing the same spreadsheets, word documents, and power po

Re:Rooting a Mac under 1 minute

They sure are stupid, failing to see jobs suck money out of them while simultaneously sucking his cock.

Its OK to be a whore, but a stupid whore.. I think not.