backtop


Print 85 comment(s) - last by tmouse.. on Oct 5 at 8:20 AM

Memory protections in Snow Leopard are still too weak, though it shows other improvements

Apple has been bragging about the security of its new operating system, OS X 10.6 "Snow Leopard".  Leaping from Leopard to Snow Leopard, Apple gives its users limited antivirus/anti-malware protection (the feature currently only detects two signatures out of a handful of known OS X malware signatures).

Still, security experts aren't so hot on Snow Leopard, criticizing the operating system's default firewall setting of "off", its lack of fully automatic updates, and weak anti-phishing efforts for Safari.  They also weren't impressed that Apple shipped with a vulnerable version of Flash, which downgrade users from the safer current version.

Now one prominent Mac hacker has pointed out a significant difference that makes Snow Leopard less secure than the upcoming Microsoft OS, Windows 7. 

Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests is about as experienced as OS X hackers come.  He recently criticized Snow Leopard, stating, "Apple didn't change anything.  It's the exact same ASLR as in Leopard, which means it's not very good."

ASLR is address space layout randomization, a security technology that randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions.  According to Mr. Miller, unlike Windows 7, which features robust ASLR, Snow Leopard's ASLR is half-baked. It does not properly randomize the heap, the stack and the dynamic linker, the part of Snow Leopard that links multiple shared libraries for an executable.  This means that it's much easier for hackers to attack Snow Leopard via memory injection than Windows 7.

Still Mr. Miller offered some praise for Apple.  They rewrote QuickTime X, their video player, largely from scratch fixing many holes and insecurities in the process -- including an exploit Mr. Miller had been saving.  He states, "Apple rewrote a bunch of QuickTime, which was really smart, since it's been the source of lots of bugs in the past.  They've shaken out hundreds of bugs in QuickTime over the years, but it was still really smart of them to rewrite it.  [Still] I'd reduce the number of file formats from 200 or so to 50, and reduce the attack surface. I don't think anyone would miss them."

He also praises Apple's relatively effective implementation of DEP (data execution prevention), another memory protection scheme that Windows 7 also has.  DEP is also present in Windows XP Service Pack 2 (SP2) and Windows Vista.  Still without ASLR, DEP is only so good he says.  He states, "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7.  When Apple has both [in place], that's when I'll stop complaining about Apple's security."

So why aren't Macs being exploited left and right and why can Apple still air commercials claiming superior security?  Mr. Miller states, "It's harder to write exploits for Windows than the Mac, but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Quoted for truth
By sprockkets on 9/17/2009 4:57:16 PM , Rating: -1
Don't bother trying to explain it. Somehow these people think that since Microsoft left open unnecessary services in the background, ran those with system/root level permissions, auto executed attachments upon opening emails, left ActiveX unchecked, forced users to run as admins because running as users in XP didn't work, that Apple was stupid too and did the same mistakes.

They didn't. They always implemented security in OSX.

And since SP2 XP (fixing the service and service permission issues) and Vista (fixed the user/admin issues) did this too, there have been no major exploits either like blaster, conflicker, or anything else. I have yet to see any Vista computer infected *when UAC was activated*.

Sure, each can get infected when the stupid user installs stupid crap or visits infected sites, but the level of infection is now contained in ANY OS. For that matter, OSX doesn't have a stupid registry where malware goes in and screws up all the entries like killing .exe file associations or other stupid stuff that is nearly impossible to find and fix.

If anyone wants/needs to run a secure OS, run

http://www.openbsd.org/

Only two remote exploits for it, EVER.


RE: Quoted for truth
By zsejk on 9/18/2009 5:37:09 AM , Rating: 1
I wanted to vote you up but I'm apparently an idiot 'cause I can't. But good comment, I liked it.


RE: Quoted for truth
By sprockkets on 9/18/2009 3:01:58 PM , Rating: 2
People have been proclaiming doom and gloom for OSX since 2003. It hasn't happened, and I doubt OSX will be the new XP.

Other people who proclaim doom for OSX are usually hard core Windows pundits like Dvorak or Enderle, and people who make the most noise about OSX viruses are anti-virus makers wanting to make a buck off of Macs.

Here's another little tib-bit: Most of my customers who get infected never see a dialog box or anything installing, but say it just happened. OSX doesn't have Windows silent background installation, so malware can't easily install without a user noticing.


RE: Quoted for truth
By afkrotch on 9/18/2009 6:04:06 AM , Rating: 1
quote:
Don't bother trying to explain it. Somehow these people think that since Microsoft left open unnecessary services in the background, ran those with system/root level permissions, auto executed attachments upon opening emails, left ActiveX unchecked, forced users to run as admins because running as users in XP didn't work, that Apple was stupid too and did the same mistakes.


I'm not sure what any of that has to do with where we are at today. As of right now, OSX is less secure than Vista/Win 7.

I don't see anyone saying that Apple was stupid in their security implementations, just that they should ramp up their security to match or exceed their competitors.


RE: Quoted for truth
By gstrickler on 9/18/2009 12:48:36 PM , Rating: 2
quote:
I'm not sure what any of that has to do with where we are at today. As of right now, OSX is less secure than Vista/Win 7.
No, it's not. The biggest security threat is the user, and Windows users are no more "secure" than Mac users. In fact, the default user security settings in Vista (haven't seen Win7 yet) are still not as secure as the default settings in Mac OS X. Win 7 might finally have sane and reasonably secure user defaults. I certainly hope it does.

The specific feature addressed in this article, ASLR, has nothing to do with being secure, it only affects the difficulty of developing a security hole into a working exploit. First you have to find a security hole, then you have to figure out a way to exploit it. Until you find a security hole, ASLR is a non issue.

The fact is that Mac OS X has ASLR, just not the best implementation of that feature. Hopefully, Apple will fix that with a service pack.


RE: Quoted for truth
By afkrotch on 9/21/2009 5:31:01 AM , Rating: 2
I think I'm going to believe the guy who hacks and is part of a Security Evaluator's company.

Apple's ASLR is weaker than Win7's ASLR. Bam, less secure. You don't need to find a security hole to be less secure.

One bank's vault has 5 ft thick steel walls, while another bank's vault has 3 ft thick steel walls. There's no security hole, but one is less secure than the other.

Also Apple doesn't do nice free service packs, like Windows. They do OS releases that cost you money and equate to little more than a service pack. Just like the minor move from Leopard to Snow Leopard.


RE: Quoted for truth
By gstrickler on 9/21/2009 9:15:12 PM , Rating: 2
quote:
Apple's ASLR is weaker than Win7's ASLR. Bam, less secure. You don't need to find a security hole to be less secure.

One bank's vault has 5 ft thick steel walls, while another bank's vault has 3 ft thick steel walls. There's no security hole, but one is less secure than the other.
It's more like, two banks, two similar vaults, both have safe deposit boxes in the vaults. One has safe deposit boxes with double key locks, the other has safe deposit boxes with single key locks. Either way, you have to get into the vault first, then you still have to get past at least one key lock.

quote:
Also Apple doesn't do nice free service packs, like Windows.
Yes, they do. There have 11 service packs for Mac OS X 10.4.x, and 8 service packs for 10.5.x
quote:
They do OS releases that cost you money and equate to little more than a service pack. Just like the minor move from Leopard to Snow Leopard.
Snow Leopard is a "service pack" in exactly the same way that Win7 is "a service pack for Vista". They both consist of significant rewrites and streamlining of the infrastructure, include significant new developer focused features in the infrastructure, are notably smaller and faster than their predecessors, and include very few changes in the the user interface or user features. You should learn something about Mac OS X before you misrepresent it.

Call it a "service pack" if you want, but compare the prices of these two "service packs" (neither one is a service pack):

Mac OS 10.6 = $29-$169. $49-$229 (MSRP) for a 5 computer Family pack. The $169 and $229 prices include new versions of all the iLife and iWork applications.

Win 7 = $99-$229. upgrade. $149 for a 3-computer Family Pack of Win 7 Home. Must buy a 32-bit or 64-bit version.


RE: Quoted for truth
By sprockkets on 9/18/2009 2:50:26 PM , Rating: 2
Well, like I posted, does Vista get infected like XP? No, because they fixed their glaring security problems.

OSX never had such wide open attack vectors. That's why both Vista and OSX will not have a blaster worm or conflicker. Just turning on the firewall blocked the blaster worm, something that OSX should have on be default.

Here is something else to consider: What happens after you remove the virus. I've seen Windows fail to load drivers, execute programs (when you open any program, it brings up the dialog box of "What program do you want to use to open it" since the virus put in the registry itself to shell execute when any program was opened), lose the internet, etc.

That takes a long time to fix. Reinstalling windows and all your programs is equally time consuming.

OSX is different. Even if OSX got infected, you can do an archive and install and OSX will be cleaned out with all your programs and settings still intact.

Not having a registry makes it easy to keep your programs without reinstalling.


RE: Quoted for truth
By afkrotch on 9/21/2009 5:31:55 AM , Rating: 2
System Restore. Bam, fixed.


"Well, we didn't have anyone in line that got shot waiting for our system." -- Nintendo of America Vice President Perrin Kaplan














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki