Still, security experts aren't
so hot on Snow Leopard, criticizing the operating system's
default firewall setting of "off", its lack of fully
automatic updates, and weak anti-phishing efforts for Safari.
They also weren't impressed that Apple shipped with a vulnerable
version of Flash, which downgrade users from the
safer current version.
Now one prominent Mac hacker has
pointed out a significant difference that makes Snow Leopard less
secure than the upcoming Microsoft OS, Windows 7.
Miller, of Baltimore-based Independent Security Evaluators, the
co-author of The Mac Hacker's Handbook, and winner of two consecutive
"Pwn2own" hacker contests is about as experienced as OS X
hackers come. He recently criticized
Snow Leopard, stating, "Apple didn't change anything.
It's the exact same ASLR as in Leopard, which means it's not very
ASLR is address space layout randomization, a
security technology that randomly assigns data to memory to make it
tougher for attackers to determine the location of critical operating
system functions. According to Mr. Miller, unlike Windows 7,
which features robust
ASLR, Snow Leopard's ASLR is half-baked. It does not properly
randomize the heap, the stack and the dynamic linker, the part of
Snow Leopard that links multiple shared libraries for an executable.
This means that it's much easier for hackers to attack Snow Leopard
via memory injection than Windows 7.
Still Mr. Miller offered
some praise for Apple. They rewrote QuickTime X, their video
player, largely from scratch fixing many holes and insecurities in
the process -- including an exploit Mr. Miller had been saving.
He states, "Apple rewrote a bunch of QuickTime, which was really
smart, since it's been the source of lots of bugs in the past.
They've shaken out hundreds of bugs in QuickTime over the years, but
it was still really smart of them to rewrite it. [Still] I'd
reduce the number of file formats from 200 or so to 50, and reduce
the attack surface. I don't think anyone would miss them."
also praises Apple's relatively effective implementation of DEP (data
execution prevention), another memory protection scheme that Windows
7 also has. DEP is also present in Windows XP Service Pack 2
(SP2) and Windows Vista. Still without ASLR, DEP is only so
good he says. He states, "Snow Leopard's more secure than
Leopard, but it's not as secure as Vista or Windows 7. When
Apple has both [in place], that's when I'll stop complaining about
So why aren't Macs being exploited
left and right and why can Apple still air commercials claiming
superior security? Mr. Miller states, "It's harder to
write exploits for Windows than the Mac, but all you see are Windows
exploits. That's because if [the hacker] can hit 90% of the machines
out there, that's all he's gonna do. It's not worth him nearly
doubling his work just to get that last 10%."
quote: Apple: security by obscurity.
quote: Don't bother trying to explain it. Somehow these people think that since Microsoft left open unnecessary services in the background, ran those with system/root level permissions, auto executed attachments upon opening emails, left ActiveX unchecked, forced users to run as admins because running as users in XP didn't work, that Apple was stupid too and did the same mistakes.
quote: I'm not sure what any of that has to do with where we are at today. As of right now, OSX is less secure than Vista/Win 7.
quote: Apple's ASLR is weaker than Win7's ASLR. Bam, less secure. You don't need to find a security hole to be less secure.One bank's vault has 5 ft thick steel walls, while another bank's vault has 3 ft thick steel walls. There's no security hole, but one is less secure than the other.
quote: Also Apple doesn't do nice free service packs, like Windows.
quote: They do OS releases that cost you money and equate to little more than a service pack. Just like the minor move from Leopard to Snow Leopard.
quote: Consider this: If Mac users are tens of millions of richer, clueless, users running an insecure OS, connected to to the Internet, where are all the exploits that should invite? It sounds like a scammers dream come true. Tens of millions of "easy targets", yet the attacks and exploits are extremely rare. Why?
quote: All security systems have vulnerabilities . If there is a human involved in it's operation, that's a big vulnerability. The questions are and always has been:1. Is there enough security to discourage or defeat the vast majority of attacks, or to cause the attackers to look elsewhere?2. How can we mitigate the loss/damage caused by an attack?And those questions always have to be considered in the context of the value of what the security system is protecting. If you're protecting Ft Knox, a large bank, military secrets, or a celebrity, you need a different level of security than a typical business or average person.
quote: OSX runs the Mach kernel, which is not BSD.
quote: Today further experimental research on Mach appears ended, ... Neither Mac OS X nor FreeBSD maintain the microkernel structure pioneered in Mach
quote: Certain parts from FreeBSD's and NetBSD's implementation of Unix were incorporated in Nextstep, the core of Mac OS X
quote: The lead developer on the Mach project, Richard Rashid, has been working at Microsoft since 1991 in various top-level positions revolving around the Microsoft Research division. Another of the original Mach developers, Avie Tevanian, was formerly head of software at NeXT, then Chief Software Technology Officer at Apple Computer until March 2006.
quote: XNU was a hybrid kernel combining version 2.5 of the Mach kernel developed at Carnegie Mellon University with components from 4.3BSD