Mac Pre Windows 7 FUD Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 09/17/2009 7:59:21 AM PDT by BubbaBasher
Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said.
Dubbed ASLR, for address space layout randomisation, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."
Two years ago, Miller and other researchers criticised Apple for releasing Mac OS X 10.5, aka Leopard, with half-baked ASLR that failed to randomise important components of the OS, including the heap, the stack and the dynamic linker, the part of Leopard that links multiple shared libraries for an executable.
Miller was disappointed that Apple didn't improve ASLR from Leopard to Snow Leopard. "I hoped Snow Leopard would do full ASLR, but it doesn't," said Miller. "I don't understand why they didn't. But Apple missed an opportunity with Snow Leopard."
Even so, Miller said, Apple made several moves that did improve Mac OS X 10.6's security. Two that stand out, he said, were its revamp of QuickTime and additions to DEP (data execution prevention), another security feature used in Windows Vista.
"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past." That's not surprising, since QuickTime supports scores of file formats, historically its weak link. Last week, in fact, Apple patched four critical QuickTime vulnerabilities in the program's parsing of various file formats.
How Apple's rewrite of QuickTime for Snow Leopard plays out, of course, is uncertain, but Miller was optimistic. An exploit of a vulnerability in Leopard's QuickTime that he had been saving doesn't work in the version included with Snow Leopard, Miller acknowledged.
"They've shaken out hundreds of bugs in QuickTime over the years, but it was still really smart of them to rewrite it," said Miller. If it was up to him, though, Miller would do even more. "I'd reduce the number of file formats from 200 or so to 50, and reduce the attack surface. I don't think anyone would miss them."
Snow Leopard's other major security improvement was in DEP, which Miller said has been significantly enhanced. DEP is designed to stop some kinds of exploits - buffer overflow attacks, primarily - by blocking code from executing in memory that's supposed to contain only data. Microsoft introduced DEP in Windows XP Service Pack 2 (SP2), and expanded it for Vista and the upcoming Windows 7.
Put ASLR and DEP in an operating system, Miller argued, and it's much more difficult for hackers to create working attack code. "If you don't have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, it's much, much harder."
Because Snow Leopard lacks fully-functional ASLR, Macs are still easier to compromise than Windows Vista systems, Miller said. "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."
In the end, though, hacker disinterest in Mac OS X has more to do with numbers, as in market share, than in what protective measure Apple adds to the OS. "It's harder to write exploits for Windows than the Mac," Miller said, "but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."
Mac users have long relied on that "security-through-obscurity" model to evade attack, and it's still working. "I still think you're pretty safe [on a Mac]," Miller said. "I wouldn't recommend antivirus on the Mac."
But the missed opportunity continues to bother him. "ASLR and DEP are very important," Miller said. "I just don't understand why they didn't do ASLR right," especially, he added, since Apple touted Snow Leopard as a performance and reliability update to Leopard.
"If someone else is running your machine, it's more unreliable than if you're running it," Miller concluded.
VERY nice list of stuff. Great price too. Newegg rocks, I buy a lot of stuff through them, never been burned.
I presume you're a serious gamer -- that sort of firepower is wasted on any lesser activity.
Also, congrats on a successful thread hijack -- of course, it's your own thread, so I'm not complaining, mind you. ;-)
I have found it not so easy to overclock it. I must be doing it incorrectly. Do you know the right way to do it?
Didn’t Miller need root access in order to crack the Mac ?
That's what I meant by "already-compromised".
Requiring root access for a hack to work is like saying you can hack a Linux box by booting up a recovery CD and reading/writing the Linux hard drive. D-uh, so what? Getting root, or getting physical access to the machine, is the hard part.
Windows apologists will go to any length to find a weakness in OS-X or Linux, even if it's not something that can be exercised in any practical sense.
Microsoft is on tenterhooks to see how well Win7 does. If it fails they are toast. I like Win7, and I don't think it will fail, but it has yet to be released to a skeptical world. The residue of Vista still clings to the wheels.
Since this thread seems a ready target for hijacking, have you heard about the Microsoft-sponsored Win7 Tupperware Parties? Read up: They're a riot.
Desperation has a smell, and it's all over this article. ;-)
ROTFLOL !
Thanks guys, now downloaded and off to work I go!
With Apples increased market share, the virus business will shift from PC to Mac as more are online. It's a simple numbers game, and PC'rs have been making this claim since the first virus.
Just a matter of time. And yes, with the introduction of VISTA and now Win7, the built in security has really improved bigtime.
I've often thought about taking my AV program offline as it is not necessary, but should I load a virus, even though it has been rendered useless, I still want a way to manually quarantine it.
Personally I would have used "edlin".
You are right. And from what I read the hacks in created very small problems that unless you were really lookign for them most people would never notice. No missing files, not crashed computer, etc...Very predicable tht they will run out the same stories over and over right before a new windows OS appears? Is propaganda that easy to pass around?
Thanks! I can’t wait to get it working :-)
No argument. But still way behind an operating system that was designed with security in mind, instead of merely bolted on haphazardly afterward.
> With Apples increased market share, the virus business will shift from PC to Mac as more are online. It's a simple numbers game, and PC'rs have been making this claim since the first virus.
Okay, name the number. What's the number?
If not 35,000,000+ unprotected, non-techie-operated, run-with-admin-priv, ZERO anti-virus software machines is not enough to tempt the virus writers, what's the magic number when Macs become a target?
If you shoot too high, you're admitting that Macs will be non-targets (and thus "safe") essentially forever.
If you shoot too low, you'll have to watch the number of Macs exceed it without becoming targets (if I'm right).
So what's the number?
Sure, sure. Hey, don't feel bad, none of the apologists who push that "35 million isn't tempting enough" line are willing to name a number that is.
There will always be some excuse. ;-)
I'm willing to bet Apple will never get enough marketshare that the Mac "becomes a target" based on numbers. The Mac will only become a target if Apple drops their pants on security in a big way, and creates a target. I don't expect that to happen, since they, like Microsoft, are always improving.
They could blow it with a non-Unix product, of course...
I agree with some of your conclusions but this statement is incorrect. Security was a major consideration and designed into Windows starting with Windows NT. Government and Military sales forced the need to move to a new codebase after Win95/98. And actually the NT kernel pretty much came from OS/2 where security was also a focus.
> I agree with some of your conclusions but this statement is incorrect. Security was a major consideration and designed into Windows starting with Windows NT. Government and Military sales forced the need to move to a new codebase after Win95/98. And actually the NT kernel pretty much came from OS/2 where security was also a focus.
Hmmm, ok. Let me modify/clarify my statement. "Bolted on haphazardly afterward" -is- a little harsh these days, although it's not inaccurate for NT's first decade through about 2004 (specifically the release of XP-SP2, which was the first significant improvement).
NT was required because DOS-based Windows could never become a server, never be secure, never be taken seriously. We agree on that.
However, NT has suffered since the beginning until today (NT6.1=Win7) with the burden of having to support architectural weaknesses that are part-and-parcel of the Windows way of doing things. That is, a "Wow, we could do this and it would be way cool!" approach to design, as opposed to a "We could do this, but what problems does it raise?" approach.
For example, there is no other explanation for why, only after all these years, Microsoft is FINALLY admitting that AutoPlay/AutoRun is a stupid design flaw, not a feature. And even now, when they have started disabling it, they only disable it for some things like USB drives, but not for CDs -- even though USB Flash products with "U3" software present themselves as CDs and circumvent the disable. This is a sign of POOR DESIGN.
If you read the Microsoft and MSDN KB articles about these things, you realize that Windows is hobbled, even crippled, by stupid design decisions that can't be fixed, largely because no one understands what else will break if they fix the item in question.
So let me try this: In an environment like Windows, real "security" -- the kind that comes from inherently good design -- is much more difficult, and sometimes impossible without total rewrite. It is, in my opinion, a testament to the outstanding abilities of Microsoft's programmers that they've been able to do as much as they have done to improve Windows in the past five years, and maintain the level of back-compatibility they still have.
Windows NT codebase has been overdue for a total rewrite for many years. When it happens, I and many others will be very happy, because then and only then will Windows have a shot at the kind of security that Unix folks have had for a long time.
If you want on or off the Mac Ping List, Freepmail me.
Full of FUD, but I was a bit dissapointed that Snow Leopard didn’t use ASLR.
However, ASLR is only one bit on the back end to reduce the possibility of a successful intrusion being able to do its work. Attacks are just plain harder in the first place with OS X.
IOW, ASLR would have just been icing on the cake for OS X, while it was sorely needed by Windows.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.