backtop


Print 85 comment(s) - last by tmouse.. on Oct 5 at 8:20 AM

Memory protections in Snow Leopard are still too weak, though it shows other improvements

Apple has been bragging about the security of its new operating system, OS X 10.6 "Snow Leopard".  Leaping from Leopard to Snow Leopard, Apple gives its users limited antivirus/anti-malware protection (the feature currently only detects two signatures out of a handful of known OS X malware signatures).

Still, security experts aren't so hot on Snow Leopard, criticizing the operating system's default firewall setting of "off", its lack of fully automatic updates, and weak anti-phishing efforts for Safari.  They also weren't impressed that Apple shipped with a vulnerable version of Flash, which downgrade users from the safer current version.

Now one prominent Mac hacker has pointed out a significant difference that makes Snow Leopard less secure than the upcoming Microsoft OS, Windows 7. 

Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests is about as experienced as OS X hackers come.  He recently criticized Snow Leopard, stating, "Apple didn't change anything.  It's the exact same ASLR as in Leopard, which means it's not very good."

ASLR is address space layout randomization, a security technology that randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions.  According to Mr. Miller, unlike Windows 7, which features robust ASLR, Snow Leopard's ASLR is half-baked. It does not properly randomize the heap, the stack and the dynamic linker, the part of Snow Leopard that links multiple shared libraries for an executable.  This means that it's much easier for hackers to attack Snow Leopard via memory injection than Windows 7.

Still Mr. Miller offered some praise for Apple.  They rewrote QuickTime X, their video player, largely from scratch fixing many holes and insecurities in the process -- including an exploit Mr. Miller had been saving.  He states, "Apple rewrote a bunch of QuickTime, which was really smart, since it's been the source of lots of bugs in the past.  They've shaken out hundreds of bugs in QuickTime over the years, but it was still really smart of them to rewrite it.  [Still] I'd reduce the number of file formats from 200 or so to 50, and reduce the attack surface. I don't think anyone would miss them."

He also praises Apple's relatively effective implementation of DEP (data execution prevention), another memory protection scheme that Windows 7 also has.  DEP is also present in Windows XP Service Pack 2 (SP2) and Windows Vista.  Still without ASLR, DEP is only so good he says.  He states, "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7.  When Apple has both [in place], that's when I'll stop complaining about Apple's security."

So why aren't Macs being exploited left and right and why can Apple still air commercials claiming superior security?  Mr. Miller states, "It's harder to write exploits for Windows than the Mac, but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Quoted for truth
By omnicronx on 9/17/2009 1:28:36 PM , Rating: 1
quote:
For example even if Linux exceeded Apple in market share it would remain less of a target, since there is no corporate persona associated with it. Microsoft is double hit with a huge amount of market share and the persona of being the corporate goliath.
Not a very good example, Linux/Unix has a huge presence in the server market, and they are targeted far more because of such.

It is security through obscurity, but there are many other factors. You are right, not being in a corporate environment does help Apple, but I think one of the big ones is you are far more likely to be networking with other PC's than you are on a to network from Apple to Apple. This is one of the main transportation methods for worms (especially) and many pieces of malware. Of course this also ties into security through obscurity, but as Macs become more prevalent in the home environment, this is likely to change.


RE: Quoted for truth
By RjBass on 9/18/2009 9:33:36 AM , Rating: 2
I was about to point out the same thing. In the server market Linux has a huge market share. Heck even in the little private school I teach at, we have 4 servers. Only one of them is a Windows server and the other three are running Ubuntu and Fedora.


RE: Quoted for truth
By tmouse on 10/5/2009 8:20:21 AM , Rating: 3
You missed my point completely. It has NOTHING to do with the systems being in a corporation environment per se. I'm talking about people's perception of Apple vs Microsoft. Microsoft is perceived as the big bad corporation, while Apple is perceived as being warm and fuzzy, hence it will remain less of a target. Real intrusion methods are not released on the net, they are for making money and the less that know about them the longer they last. The VAST majority of Microsoft's attacks are purely to throw a stone at Goliath and not necessarily to gain access. Now I agree most worms are used to create botnets for net attacks and here windows preeminence makes it a target. My point was Linux has no "evil" corporate identity, Apple has some but Microsoft has a huge one. Even if Apple and Linux gains more market share they will remain less of a target.


"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki