backtop


Print 85 comment(s) - last by tmouse.. on Oct 5 at 8:20 AM

Memory protections in Snow Leopard are still too weak, though it shows other improvements

Apple has been bragging about the security of its new operating system, OS X 10.6 "Snow Leopard".  Leaping from Leopard to Snow Leopard, Apple gives its users limited antivirus/anti-malware protection (the feature currently only detects two signatures out of a handful of known OS X malware signatures).

Still, security experts aren't so hot on Snow Leopard, criticizing the operating system's default firewall setting of "off", its lack of fully automatic updates, and weak anti-phishing efforts for Safari.  They also weren't impressed that Apple shipped with a vulnerable version of Flash, which downgrade users from the safer current version.

Now one prominent Mac hacker has pointed out a significant difference that makes Snow Leopard less secure than the upcoming Microsoft OS, Windows 7. 

Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests is about as experienced as OS X hackers come.  He recently criticized Snow Leopard, stating, "Apple didn't change anything.  It's the exact same ASLR as in Leopard, which means it's not very good."

ASLR is address space layout randomization, a security technology that randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions.  According to Mr. Miller, unlike Windows 7, which features robust ASLR, Snow Leopard's ASLR is half-baked. It does not properly randomize the heap, the stack and the dynamic linker, the part of Snow Leopard that links multiple shared libraries for an executable.  This means that it's much easier for hackers to attack Snow Leopard via memory injection than Windows 7.

Still Mr. Miller offered some praise for Apple.  They rewrote QuickTime X, their video player, largely from scratch fixing many holes and insecurities in the process -- including an exploit Mr. Miller had been saving.  He states, "Apple rewrote a bunch of QuickTime, which was really smart, since it's been the source of lots of bugs in the past.  They've shaken out hundreds of bugs in QuickTime over the years, but it was still really smart of them to rewrite it.  [Still] I'd reduce the number of file formats from 200 or so to 50, and reduce the attack surface. I don't think anyone would miss them."

He also praises Apple's relatively effective implementation of DEP (data execution prevention), another memory protection scheme that Windows 7 also has.  DEP is also present in Windows XP Service Pack 2 (SP2) and Windows Vista.  Still without ASLR, DEP is only so good he says.  He states, "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7.  When Apple has both [in place], that's when I'll stop complaining about Apple's security."

So why aren't Macs being exploited left and right and why can Apple still air commercials claiming superior security?  Mr. Miller states, "It's harder to write exploits for Windows than the Mac, but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: As a Windows user,
By maven81 on 9/18/2009 11:59:02 AM , Rating: 2
Why you may have supported windows machines, it's clear that you never supported several hundred macs in a large production environment (a big advertising agency in my case).

Macs are NOT more reliable. First of all you have QA issues. A percentage of machines arrives with some defect from the factory. It could be as simple as the CD rom door not opening properly, to as serious as a dead power supply. This wouldn't be apparent to a home user, but when you go through dozens of machines in a work environment I'd say at least one in ten had issues. Lest you think the situation has changed in the last several years since I've stopped doing that job, my own brand new june 09 mac laptop had to be sent in to apple for a motherboard replacement. (bad memory slots).

Second, you have inherent design flaws. The older Imac I'm typing this on right now is showing 51c for the hard drive temp. This is at least 8 degrees higher then it should be and will no doubt shorten the life of the drive. In fact rev a and rev b versions would cook themselves on a regular basis.

Third you have the "most advanced operating system in the world" which has abysmal memory management, and routinely freezes for many seconds at a time (the spinning beachball of death), or just crashes outright. It often hangs up on simple tasks like writing files to a server, changing filenames, etc. It runs into permissions issues (unix has downsides too you know), when it crashes it gives you extremely cryptic error messages that don't tell you much at all about what happened. In fact the most common is just that you should restart your computer. Troubleshooting it is therefore a serious pain.

It's good for what it is, a fisher price "my first os" kind of product for consumers who like you said don't want to know anything about anything. That doesn't mean it's actually a good platform however.


RE: As a Windows user,
By gstrickler on 9/18/2009 1:20:57 PM , Rating: 2
quote:
Why you may have supported windows machines, it's clear that you never supported several hundred macs in a large production environment (a big advertising agency in my case).
In fact, I've supported several large advertising agencies using Macs. At one time, I supported at least half the ad agencies in town, all running exclusively Macs. So, yes, I have supported several hundred Macs in a production environment.

The rest of you post (at least the parts that aren't complete nonsense) applies to every computer system ever made.


RE: As a Windows user,
By maven81 on 9/18/2009 1:35:17 PM , Rating: 2
"The rest of you post (at least the parts that aren't complete nonsense) applies to every computer system ever made."

Prove what's complete nonsense. And that is one hell of a cop-out you just pulled! Well of course it applies to every computer, because newsflash! Intel macs ARE Pcs! They just run a shinier operating system and come in shinier packaging. So how are they more reliable again? Does OSX never crash? Does OSX never freeze? Does it not have security issues (Seems there are patches all the time!), does mac hardware somehow magically not suffer hardware faults? There's absolutely nothing superior about this platform. Different yes, but not superior.


RE: As a Windows user,
By gstrickler on 9/18/2009 2:57:43 PM , Rating: 2
quote:
Prove what's complete nonsense.
quote:
It's good for what it is, a fisher price "my first os" kind of product
Nonsense. Your opinion, not a fact. It's contradicted by hundreds of thousands or more expert computer users like myself.
quote:
but when you go through dozens of machines in a work environment I'd say at least one in ten had issues.
Actually, 10% is close. What's nonsense is the implication that that's bad or that that anyone else does better. Apple is consistently at the top of the reliability surveys (see below).
quote:
you have inherent design flaws. The older Imac I'm typing this on right now is showing 51c for the hard drive temp. This is at least 8 degrees higher then it should be and will no doubt shorten the life of the drive.
51c is not excessive for a HD. Seagate and Hitachi drives are spec'd for up to 60c operating temp, I didn't check the other manufacturers, but I'm sure they're about the same.
quote:
you have the "most advanced operating system in the world" which has abysmal memory management
Nonsense.
quote:
routinely freezes for many seconds at a time (the spinning beachball of death), or just crashes outright.
Nonsense, I rarely have any of those problems. If you're having those frequently, you have a problem with your system.
quote:
for consumers who like you said don't want to know anything about anything.
That's not what I said, so again, nonsense.
quote:
So how are they more reliable again?
I didn't say they were more reliable, I said I spend less time per machine maintaing them. But don't take my word for it, here are some links to non-Mac sites showing the same results (emphasis added):

http://itic-corp.com/blog/2009/07/itic-2009-global...
"The Windows Server 2003 and 2008 operating systems running on Intel-based platforms saw a 35% reduction in the amount of unplanned per server, per annum downtime from 3.77 hours in 2008 to 2.42 hours in 2009. ... and the time spent applying patches similarly decline by 35% from last year to 32 minutes in 2009.

"This year’s survey for the first time, also incorporated reliability results for the Apple Mac and OS X 10.x OS platform. The survey respondents indicated that Apple products are extremely competitive in an enterprise setting. IT managers spend approximately 15 minutes per server to apply patches and Apple Macs recorded just under 40 minutes of per server, per annum downtime."

However, since you brought up reliability:
http://www.pcmag.com/article2/0,2817,2326602,00.as...
Click on the "See the survey results" link. Summary, Apple #1 in reliability/repairs in Desktops, for all categories.

http://www.pcmag.com/article2/0,2817,2326607,00.as...
Summary, Apple #1 in reliability, #1 or #2 in percent needing repair in all categories.

Those are the 2008 results, look at prior years and see the same pattern.

quote:
Does OSX never crash? Does OSX never freeze?
It crashes and freezes. But it's rare and no more often than my Windows machines. As for being unresponsive, applications on my Windows machines become unresponsive about 5x as often.
quote:
Seems there are patches all the time!
Monthly schedule, just like Windows, although there aren't necessarily security patches every month.
quote:
There's absolutely nothing superior about this platform.
Thanks for your opinion. I didn't claim Mac OS X was superior, I said I prefer it and that users choose it because they don't have to learn much about computers to get their work done. By some measures, that would be "superior", but I never made that claim.


RE: As a Windows user,
By maven81 on 9/18/2009 4:01:28 PM , Rating: 2
Nonsense. Your opinion, not a fact. It's contradicted by hundreds of thousands or more expert computer users like myself.

I challenge you to find a large group of people using it in mission critical applications. Banks and ATMs, vending machines, science labs, the military, factories and production facilities, inventory systems all use windows. (and linux as well as someone will no doubt point out). The list is vast. Are these people stupid?
Meanwhile the majority of mac systems are in the hands of consumers, or in places like design studios, ad agencies, music production studios (and even that has changed over the years).
You'd think if the product was half as amazing as apple says it is it would take over vast areas of the market. But don't take my word for it... Apple markets it to consumers. Business and work is boring to them. They think it's a good OS for "creative" types.

"Actually, 10% is close. What's nonsense is the implication that that's bad or that that anyone else does better. Apple is consistently at the top of the reliability surveys (see below)."

The reason I brought it up is your implication that they are better. This is what you said: "2. It's reliable. I don't have to spend much time "futzing" with it to keep it working at top speed. I get paid to support computers, I don't want to spend my time fixing, tweaking, reinstalling, or troubleshooting my own machine any more than necessary. While my Windows machine are stable and secure, they do require more time (per machine) maintaining them than my Mac does."
I know you're trying to play semantics here, because yes, you did not say "more" reliable, just reliable. But you listed it as a reason why you prefer macs to PCs. That does in fact imply that PCs are not as reliable. I'm just saying that in my experience that's not true at all.
And as for surveys apple is notorious for covering up problems, deleting posts on their support forums, or telling users that they just have to live with the issue.

"51c is not excessive for a HD. Seagate and Hitachi drives are spec'd for up to 60c operating temp, I didn't check the other manufacturers, but I'm sure they're about the same."
You accuse me of using my opinions and substitute your own? What makes your opinion better then? Temps in the 50s will definitely shorten the life of your drive, you can count on it. And on the rev a and rev b imacs this was a severe issue that effected a lot of machines. (along with capacitors failing).

"Nonsense, I rarely have any of those problems. If you're having those frequently, you have a problem with your system."

That's a good one! It's a perfect example of an apple fanboy. If I haven't heard about it, it's nonsense! You can't be serious. Even windows users will admit that it's not that there aren't problems, it's that they aren't as widespread as some sources try to make us believe.
The memory management is crap by design. It never seems to unload processes from memory. You quit an application but don't reclaim as much space as you should. Run it hard for a while and it gets to a point that you have to reboot.

"That's not what I said, so again, nonsense."

You said that people don't have to know how to be a mechanic to drive. As if Windows forces you to be a power user, but I digress. So yes, for people who don't want to know anything about computers the OS is perfect. But these people by extension don't understand security, maintenance, upgrades etc.

"here are some links to non-Mac sites showing the same results (emphasis added):"

Your definition of less maintenance is time to apply patches?! Do you do any actual work?


RE: As a Windows user,
By gstrickler on 9/18/2009 5:45:13 PM , Rating: 2
quote:
I challenge you to find a large group of people using it in mission critical applications.
Go ask the company who did the survey, because they had enough reports from "Enterprise IT" departments that Mac OS X Server showed up in their report.
quote:
Banks and ATMs, vending machines, science labs, the military, factories and production facilities, inventory systems all use windows. (and linux as well as someone will no doubt point out). The list is vast. Are these people stupid?
No, and please stop trying put words in my mouth. Windows or Linux may be the better option for them. Undoubtedly, some of it is because it's what they already know. Some may because Mac OS is definitely user focused, and for a server, you don't need the all the user focused stuff (it's nice, but unnecessary). However, since Mac OS X is based upon BSD, and almost anything that will run on BSD can be ported to OS X pretty easily (not counting a Mac-like UI), anywhere that Linux or BSD is appropriate, a Mac OS machine can usually work as well. Whether or not a Mac is beneficial or "better" depends upon the environment, software, and needs.
quote:
Temps in the 50s will definitely shorten the life of your drive, you can count on it.
Your evidence? If you have a link to any studies, please give them.

I agree that cooler is preferable, but I have yet to see any evidence that temperatures below 60c have any affect on the reliability or durability of HDs. The manufacturers warranty the drive for 3-5 years as long as you keep it in the specified operating range (0c-60c), which they couldn't afford to do if operating at the edges of that range significantly shortened it's life. And 51c is not at the edge of the range anyway.

On the other hand, I do have anecdotal evidence that drives can operate at very high temps for extended periods without causing problems. One of my clients had a whole bunch of servers with arrays of drives operating 24/7 at temps too hot to handle for 10 years with under 10% drive failure during that 10 years. The drives were too old to have built-in thermal sensors, so I don't have an exact temp, but 60c is 140f. 130f takes about 30 secs to actually burn and 160f will burn in 1 sec, so too hot to hold for 1-2 sec without getting burned is between 130f and 160f, and it's likely in the 145f-155f range.
quote:
That's a good one! It's a perfect example of an apple fanboy. If I haven't heard about it, it's nonsense!
Again, not what I said. I can't tell if you have trouble with comprehension or you are deliberately misinterpreting what I write.

I didn't state that I haven't heard of problems, I certainly have. But to date, every time I've encountered a problematic machine, I was able to identify a piece of defective hardware or was able to demonstrate that the problem does not exist with a clean install of the OS. 80% of the time, it's caused by a third party extension (and most of those are corrected by installing an updated version), 10% by hardware problems, 10% by a corrupted installation. Which brings me right back to what I DID say, if you're frequently having those types of problems, it's a problem with your system.
quote:
Your definition of less maintenance is time to apply patches?! Do you do any actual work?
Time to apply patches is part of the time to maintain systems. Backups, disk checks, software updates, anti-malware scans, installing/removing software, tracking down compatibility issues, etc. are also part of that time. On average, I spend about half as much time doing those thing in a Mac as on a Windows machine.

I do lots of work, that's why I choose a Mac. I'm not telling you that you should use a Mac, nor that anyone else I haven't discussed specific details with that they should use a Mac. In fact, I tell most of my clients they need Windows, not because Windows is "better", but because they need to run Windows specific applications most of the time. However, for clients who don't have Windows only applications (or for those that only need to use Windows on occasion) I often recommend a Mac. Sometimes they go Mac, sometimes they don't.

What I do recommend is that anyone make a list of the software they need to use and how often they need to use that software. Find out if there are Mac equivalent programs available for those. Then, if you will spend more than about 30% of your time using software that is Windows only, get a Windows machine. If you'll spend less than 30% using Windows only software, consider a Mac for your primary tasks and use Windows under VMware Fusion for any Windows only software you need.

I can tell you this for certain. I make about 2x more money (per machine) supporting Windows computers than I do Macs. I charge by the hour, and since a Windows machine typically takes about 2x as much time to maintain, it costs the client 2x as much to maintain. It doesn't bother me one bit when my clients need or choose Windows, it means more money in my pocket.

It's mostly irrelevant on this site, most of the readers prefer to build their own machines and/or are hardcore gamers, and for most of those people, a Mac is not a good option.

What I am trying to do is to educate people and get them to quit telling everyone else that "Macs suck", "are unreliable", or any of the other "myths", "misunderstandings", or "lies". If a Mac doesn't meet your needs, use Windows, or Linux, or AIX, or Solaris, or a Commodore 64 for all I care. I use Mac OS X, Windows XP (looking forward to Win7), and Linux, and I've worked on Solaris, Xenix, SCO Unix, and a variety of mini-computer and mainframe system, I don't hold anyone's choice of OS against them. However, you won't know what a Mac can do until you try it, preferably with the guidance of someone who knows both Macs and Windows because not everything you know from Windows will help you on a Mac.

Ok, I do hold it against you if you willingly choose Win3x/Win9x/ME. :)


RE: As a Windows user,
By sprockkets on 9/18/2009 7:46:11 PM , Rating: 2
Back in 1999, The US Army used Mac OS9 and WEBSTAR to get rid of NT, since it was so hacked.

http://www.thefreelibrary.com/WebSTAR+Server+Suite...

And the saddest part about this is, Mac OS9 didn't even have root/admin sandboxing like NT did, and it STILL was more secure.

Dell also used NeXT for its web site. They ditched it once Apple bought NeXT :)

You have to remember, Microsoft was the LAST person to the game. Unix already did everything NT server did, and better. Novell had its own Active Directory 10 years before Microsoft made theirs.

Digital running VMS or Unix on the Alpha processor tore the crap out of Itanium. F*ck you Carly Fiorina for destroying the best platform this world has ever known!


RE: As a Windows user,
By monkeyman1140 on 9/21/2009 4:54:22 PM , Rating: 2
I got tons of stories like that. One time we bought 130 Compaqs with maxtor bigfoot drives. Every drive failed, and compaq was so exasperating with the bigfoots they started mailing us seagate replacements...

And there's the infamous Dell 270 puffy capacitor problem, and the Dell GX power supplies committing hara-kiri on a regular basis, and so on...


"Can anyone tell me what MobileMe is supposed to do?... So why the f*** doesn't it do that?" -- Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki