Posted on 09/17/2009 7:59:21 AM PDT by BubbaBasher
Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said.
Dubbed ASLR, for address space layout randomisation, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."
Two years ago, Miller and other researchers criticised Apple for releasing Mac OS X 10.5, aka Leopard, with half-baked ASLR that failed to randomise important components of the OS, including the heap, the stack and the dynamic linker, the part of Leopard that links multiple shared libraries for an executable.
Miller was disappointed that Apple didn't improve ASLR from Leopard to Snow Leopard. "I hoped Snow Leopard would do full ASLR, but it doesn't," said Miller. "I don't understand why they didn't. But Apple missed an opportunity with Snow Leopard."
Even so, Miller said, Apple made several moves that did improve Mac OS X 10.6's security. Two that stand out, he said, were its revamp of QuickTime and additions to DEP (data execution prevention), another security feature used in Windows Vista.
"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past." That's not surprising, since QuickTime supports scores of file formats, historically its weak link. Last week, in fact, Apple patched four critical QuickTime vulnerabilities in the program's parsing of various file formats.
How Apple's rewrite of QuickTime for Snow Leopard plays out, of course, is uncertain, but Miller was optimistic. An exploit of a vulnerability in Leopard's QuickTime that he had been saving doesn't work in the version included with Snow Leopard, Miller acknowledged.
"They've shaken out hundreds of bugs in QuickTime over the years, but it was still really smart of them to rewrite it," said Miller. If it was up to him, though, Miller would do even more. "I'd reduce the number of file formats from 200 or so to 50, and reduce the attack surface. I don't think anyone would miss them."
Snow Leopard's other major security improvement was in DEP, which Miller said has been significantly enhanced. DEP is designed to stop some kinds of exploits - buffer overflow attacks, primarily - by blocking code from executing in memory that's supposed to contain only data. Microsoft introduced DEP in Windows XP Service Pack 2 (SP2), and expanded it for Vista and the upcoming Windows 7.
Put ASLR and DEP in an operating system, Miller argued, and it's much more difficult for hackers to create working attack code. "If you don't have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, it's much, much harder."
Because Snow Leopard lacks fully-functional ASLR, Macs are still easier to compromise than Windows Vista systems, Miller said. "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."
In the end, though, hacker disinterest in Mac OS X has more to do with numbers, as in market share, than in what protective measure Apple adds to the OS. "It's harder to write exploits for Windows than the Mac," Miller said, "but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."
Mac users have long relied on that "security-through-obscurity" model to evade attack, and it's still working. "I still think you're pretty safe [on a Mac]," Miller said. "I wouldn't recommend antivirus on the Mac."
But the missed opportunity continues to bother him. "ASLR and DEP are very important," Miller said. "I just don't understand why they didn't do ASLR right," especially, he added, since Apple touted Snow Leopard as a performance and reliability update to Leopard.
"If someone else is running your machine, it's more unreliable than if you're running it," Miller concluded.
This is what I have maintained all along. The same goes for all the Linux variations as well. I'm loving my new Windows 7 64 bit PC. A quad core AMD CPU clocked at 3.2Mhz, 4 Gbs of dual channel RAM, a BluRay/HD/DVD optical drive, 1 Tb hard drive, 7.1 surround sound audio, and HDMI video output. Total cost: $1,000.
But...but...but...Apple’s are immune to viruses!!!!
Why do people hate America? It’s the worlds big dog. Why do people target Windows for viruses? It’s the computer world’s big dog.
Linux is succeptible to viruses, but has two things going for it: 1. it isn’t a big target, 2. there are tons of developer eyes looking at it, so vunerabilites get found and corrected quickly.
I suspect at some point Apple is going to get bitten bad by a virus. Because it is a closed OS, nobody really knows what vunerabilities have been found, but haven’t been publicised by Apple.
Microsoft's ramping up the FUD campaign in preparation for the Windows 7 rollout in a month.
I like Win7, and am using it happily, but there's no excuse for this kind of misleading stuff.
Are you using a Phenom II 940? If so, what OC settings are you using?
I have one of those with 8GB of cheap ECC memory. It is the most stable system I have ever owned. I’d love to see if I couldn’t get some more cycles out of it, though.
Good for you! You win a cookie! Just keep repeating, “I’m good enough, I’m smart enough, and doggone it, people like me!”
Please ... do tell where you got it or list your components if self-built.
I'm glad you like Win7. I like it too.
Now think for a minute. There are 35,000,000+ Macs on the internet running OS-X. Virtually ALL of them are being operated by non-techies, running with full admin privilege. Virtually NONE of them have any 3rd-party anti-virus protection whatsoever.
A useful botnet is 30,000 machines. A big botnet is 100,000 machines.
If a virus-writer could write a successful virus for OS-X, they could immediately have A THOUSAND BOTNETS that are useful, or maybe 300 BIG botnets.
And no competition from other virus writers! Wow, what a great opportunity -- millions of machines wide open and no competition!
Yet there is NOT A SINGLE SUCH VIRUS in the wild. The only exploits for Macs are user-operated trojans that are human-engineered for the operator to spread their legs.
The reason is that OS-X is, at its core, Unix, which is inherently much more secure than Windows, even Win7, which is still the NT codebase. Security by design, not by marketshare. DESIGN. Unix was done right. Windows could have been, but wasn't. Someday it will, but that's not today.
Your argument just doesn't hold water -- it's the same old FUD about marketshare. Sorry, it's an old, discredited argument.
..and yet you still missed the biggest reason why it doesn't have any. #2 above is a big reason--but not the biggest reason, and #1 is just laughable.
What you say is true (and it's one reason I like open-source stuff). But I would wager there are at least as many developer eyes just at Microsoft, who have access to the proprietary code, than there are really watching the open-source inner guts of Linux.
We can't know, of course, since Microsoft won't say, and open-source developers are spread all over the place.
Point being, while I agree with you, there's no excuse for EITHER party being slow about response to vulnerabilities.
> I suspect at some point Apple is going to get bitten bad by a virus. Because it is a closed OS, nobody really knows what vunerabilities have been found, but havent been publicised by Apple.
Here you are mistaken. The Apple-written applications are closed, but the OS itself is quite open -- it's BSD Unix, and the sources are readily available all over the internet.
Any virus would have to attack a weakness in the BSD Unix core -- attacking an app typically doesn't gain control over the machine. The memory address space randomizing feature should be strengthened, no argument there. But it's not a gaping hole the way this writer claims. Read the fine print about how it's exercised -- the attacker has to already have direct access to a compromised machine. Yawn.
Anyway, BSD Unix is not a closed OS. Apple writes a lot of proprietary code, yes; but the strength of OS-X is due to the Unix core.
I do agree that Apple should be a lot more forthcoming about vulnerabilities in its apps, and patch them quicker.
Do tell where you got the box please. While I am a Linux bug, I have a friend who is shopping.
I'm not so sure. Way back in the days of system 6 (Go MultiFinder!) and 7 there were plenty of Mac viruses. I suspect that had more to do with the availability of the Macs to college geeks rather than MacOS not being based on UNIX.
Now, with Windows as the dominant machine, why bother to write Mac or Linux viruses? It's harder and there isn't much of a payoff.
Nah, the old Mac OS was a swiss cheese of security holes -- more design flaws and bugs than you can imagine. Hell, the old Mac OS wasn't designed for security at all -- just like MS-DOS and Windows (prior to NT). In the 1980's and first half of the 90's, none of the consumer OSes even paid lip service to security. OTOH, Unix had been working on it since the mid-70's. The 1988 Morris worm hipped the Unix community to the remaining problems.
> Now, with Windows as the dominant machine, why bother to write Mac or Linux viruses? It's harder...
You are correct about that.
> ... and there isn't much of a payoff.
See my post #7 above. There's a HUGE potential payoff for a successful Mac OS-X virus. HUGE. Hugh, even ;-)
Yet there isn't one. It's because it's TOO hard to do, not because there aren't a bunch of virus writers trying.
Prices from NewEgg:
Phenom II x4 955 - $189
GIGABYTE GA-MA770T-UD3P $80
G.Skill 4GB RAM $86
LiteOn BluRay/DVD $60
Hitachi 1TB drive $80
Great price if you want to upgrade!
“but there’s no excuse for this kind of misleading stuff. “
There may be some marketing hype but its not misleading.
Headline: "Snow Leopard less secure than Windows"
That's misleading. One memory randomization weakness, whose use requires having direct access to an already-compromised machine, makes OS-X less secure than Windows?
True only in that one, tightly restricted context. In the general area of comparative OS security, that claim is laughable.
People have written a virus for iPods hacked to run Linux. How many of those do you think are in the world? Security by obscurity is largely a myth.
Thanks in advance:
We now return to our regular program.
(I'm not brain dead yet, I even learned how to write the Pres's name:Ø)
Thanks, ShadowAce, for the quick response to their question. I would have give the same OpenOffice link, but I was distracted for a few minutes ("Look! Something shiny!") and just got back on this thread... ;-)
I got everything from www.newegg.com
Item | Description | Quantity | Unit Price | Extended Price |
11-144-197 | CASE APEVIA(ASP)|X-JPJGT-BK RT | 1 | $64.99 | $64.99 |
11-998-121 | FAN APEVIA(ASPIRE) |120MCF12SL-UBLR | 1 | $7.99 | $7.99 |
17-148-040 | PSU APEVIA|ATX-AQ700W-BK 700W RT | 1 | $89.99 | $89.99 |
27-136-133 | BD/HD-ROM COMBO LG|GGC-H20L SATA RT | 1 | $109.99 | $109.99 |
COMDISCOUNT FOR PROMOTION CODE | 1 | ($11.00) | ($11.00) | |
13-131-366 | MB ASUS M4A78T-E AM3 790GX/SB750 RT | 1 | $129.99 | $129.99 |
22-136-317 | HD 1T|WD 32M WD10EADS % | 1 | $89.99 | $89.99 |
19-103-674 | CPU AMD|PH II X4 955 3.2G AM3 BE | 1 | $199.99 | $199.99 |
GSkill 2x2Gb DDR3 8-8-8-21 | $79.95 | |||
Mail-in Rebates | ($55.00) | ($55.00) | ||
------------ | ||||
TOTAL | ||||
$706.88 |
Remaining purchases:
ATI Radeon HD4890 Graphics Card for $200
Another 4Gb of RAM for $79.95
This CPU will easily overclock to 4 Ghz.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.