Slashdot Mirror
Snow Leopard Missed a Security Opportunity
CWmike writes "Apple missed a golden opportunity to lock down Snow Leopard when it again failed to implement fully a security technology that Microsoft perfected nearly three years ago in Windows Vista, noted Mac researcher Charlie Miller said today. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus makes it harder for them to craft reliable exploits. 'Apple didn't change anything,' said Miller, of Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive 'Pwn2own' hacker contests. 'It's the exact same ASLR as in Leopard, which means it's not very good.'"
I don't think your use of "fanboy" helps anything.
While you are not referring to my post, I read the post to mean something different.
I agree with the idea of the core security being a problem due to the single point of control for patches.
If you look at the big problematic viruses that ransacked Windows XP and created the security/virus panic at Microsoft that resulted in Vista's new security focus, outbreaks such as Melissa virus or the more recent Storm trojan, you realize that all this bullshit being spewed by security experts about exploit vulnerabilities and root access is a distraction.
Melissa was a fucking Office macro virus. Storm is a trojan. All the "malware" on the Mac is stupid shit you have to authorize the installation for. None of Windows' malware/virus/adware crisis is really solved by ASLR. There are no advanced OS security features that can prevent people from authorizing the installation of a trojan masquerading as a video codec or a pirate copy of iWork. If you have admin rights on a machine, you can install all the trojans you need, and you can wipe out all of your own data without any need for "root access."
Charlie Miller is a smart guy, but complaining that ASLR on the Mac isn't bulletproof is like the Maytag repairman publishing how Maytag can eliminate a potential part failure. Doesn't he need to preserve something to be able to show up at award shows and demonstrate flaws on the Mac? It's not like anyone else cares about Mac vulnerabilities, apart from the antivirus companies trying to sell Mac users software they don't need - or so that the user can be "alerted" when they try to install a fake/pirate version of iWork that is really a bit of malware.
The only way to kill malware dead is to prevent users from installing software that isn't approved and vetted. That's what the iPhone App Store does, and all you freetards out there don't like that either, do you?
And on that subject, guess what company is copying Apple's App Store but introducing far more draconian restrictions: Microsoft sells restrictive new WiMo Marketplace via iPhone ads
Christ.
What did Microsoft perfect? "A security technology."
Does this imply Microsoft invented it? No. Does this imply Microsoft was the first to implement it? No. Does this imply that Microsoft was the first to perfect it? No.
So why did the first reply read as if the sentence had said: "Microsoft perfected and invented and first-used and basically is GOD of this technology that in no way appeared in BSD first!"
By the way, you're right: nowhere does it say "their version." Of course I don't see how that's EVEN REMOTELY FUCKING RELEVANT you illiterate hack.
Comment of the year
The problem with judging politicians is that you only see the action they could accomplish... not what they would do had they enjoyed free reign. Had Ronald Reagan and his superstitious wife, who insisted that Ronald delay acting until auspicious dates, had that liberty I don't think his racist and anti-civil rights tendencies would have achieved the respect the 'circumvented Reagan' we know currently enjoys. Just Google Reagan and racism... you'll find the campaign speech with a historical aside for racists, the tax breaks for racist schools, and the attempted repeal of civil rights law.