Mac Pre Windows 7 FUD Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 09/17/2009 7:59:21 AM PDT by BubbaBasher
Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said.
Dubbed ASLR, for address space layout randomisation, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."
Two years ago, Miller and other researchers criticised Apple for releasing Mac OS X 10.5, aka Leopard, with half-baked ASLR that failed to randomise important components of the OS, including the heap, the stack and the dynamic linker, the part of Leopard that links multiple shared libraries for an executable.
Miller was disappointed that Apple didn't improve ASLR from Leopard to Snow Leopard. "I hoped Snow Leopard would do full ASLR, but it doesn't," said Miller. "I don't understand why they didn't. But Apple missed an opportunity with Snow Leopard."
Even so, Miller said, Apple made several moves that did improve Mac OS X 10.6's security. Two that stand out, he said, were its revamp of QuickTime and additions to DEP (data execution prevention), another security feature used in Windows Vista.
"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past." That's not surprising, since QuickTime supports scores of file formats, historically its weak link. Last week, in fact, Apple patched four critical QuickTime vulnerabilities in the program's parsing of various file formats.
How Apple's rewrite of QuickTime for Snow Leopard plays out, of course, is uncertain, but Miller was optimistic. An exploit of a vulnerability in Leopard's QuickTime that he had been saving doesn't work in the version included with Snow Leopard, Miller acknowledged.
"They've shaken out hundreds of bugs in QuickTime over the years, but it was still really smart of them to rewrite it," said Miller. If it was up to him, though, Miller would do even more. "I'd reduce the number of file formats from 200 or so to 50, and reduce the attack surface. I don't think anyone would miss them."
Snow Leopard's other major security improvement was in DEP, which Miller said has been significantly enhanced. DEP is designed to stop some kinds of exploits - buffer overflow attacks, primarily - by blocking code from executing in memory that's supposed to contain only data. Microsoft introduced DEP in Windows XP Service Pack 2 (SP2), and expanded it for Vista and the upcoming Windows 7.
Put ASLR and DEP in an operating system, Miller argued, and it's much more difficult for hackers to create working attack code. "If you don't have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, it's much, much harder."
Because Snow Leopard lacks fully-functional ASLR, Macs are still easier to compromise than Windows Vista systems, Miller said. "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."
In the end, though, hacker disinterest in Mac OS X has more to do with numbers, as in market share, than in what protective measure Apple adds to the OS. "It's harder to write exploits for Windows than the Mac," Miller said, "but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."
Mac users have long relied on that "security-through-obscurity" model to evade attack, and it's still working. "I still think you're pretty safe [on a Mac]," Miller said. "I wouldn't recommend antivirus on the Mac."
But the missed opportunity continues to bother him. "ASLR and DEP are very important," Miller said. "I just don't understand why they didn't do ASLR right," especially, he added, since Apple touted Snow Leopard as a performance and reliability update to Leopard.
"If someone else is running your machine, it's more unreliable than if you're running it," Miller concluded.
This is what I have maintained all along. The same goes for all the Linux variations as well. I'm loving my new Windows 7 64 bit PC. A quad core AMD CPU clocked at 3.2Mhz, 4 Gbs of dual channel RAM, a BluRay/HD/DVD optical drive, 1 Tb hard drive, 7.1 surround sound audio, and HDMI video output. Total cost: $1,000.
But...but...but...Apple’s are immune to viruses!!!!
Why do people hate America? It’s the worlds big dog. Why do people target Windows for viruses? It’s the computer world’s big dog.
Linux is succeptible to viruses, but has two things going for it: 1. it isn’t a big target, 2. there are tons of developer eyes looking at it, so vunerabilites get found and corrected quickly.
I suspect at some point Apple is going to get bitten bad by a virus. Because it is a closed OS, nobody really knows what vunerabilities have been found, but haven’t been publicised by Apple.
Microsoft's ramping up the FUD campaign in preparation for the Windows 7 rollout in a month.
I like Win7, and am using it happily, but there's no excuse for this kind of misleading stuff.
Are you using a Phenom II 940? If so, what OC settings are you using?
I have one of those with 8GB of cheap ECC memory. It is the most stable system I have ever owned. I’d love to see if I couldn’t get some more cycles out of it, though.
Good for you! You win a cookie! Just keep repeating, “I’m good enough, I’m smart enough, and doggone it, people like me!”
Please ... do tell where you got it or list your components if self-built.
I'm glad you like Win7. I like it too.
Now think for a minute. There are 35,000,000+ Macs on the internet running OS-X. Virtually ALL of them are being operated by non-techies, running with full admin privilege. Virtually NONE of them have any 3rd-party anti-virus protection whatsoever.
A useful botnet is 30,000 machines. A big botnet is 100,000 machines.
If a virus-writer could write a successful virus for OS-X, they could immediately have A THOUSAND BOTNETS that are useful, or maybe 300 BIG botnets.
And no competition from other virus writers! Wow, what a great opportunity -- millions of machines wide open and no competition!
Yet there is NOT A SINGLE SUCH VIRUS in the wild. The only exploits for Macs are user-operated trojans that are human-engineered for the operator to spread their legs.
The reason is that OS-X is, at its core, Unix, which is inherently much more secure than Windows, even Win7, which is still the NT codebase. Security by design, not by marketshare. DESIGN. Unix was done right. Windows could have been, but wasn't. Someday it will, but that's not today.
Your argument just doesn't hold water -- it's the same old FUD about marketshare. Sorry, it's an old, discredited argument.
..and yet you still missed the biggest reason why it doesn't have any. #2 above is a big reason--but not the biggest reason, and #1 is just laughable.
What you say is true (and it's one reason I like open-source stuff). But I would wager there are at least as many developer eyes just at Microsoft, who have access to the proprietary code, than there are really watching the open-source inner guts of Linux.
We can't know, of course, since Microsoft won't say, and open-source developers are spread all over the place.
Point being, while I agree with you, there's no excuse for EITHER party being slow about response to vulnerabilities.
> I suspect at some point Apple is going to get bitten bad by a virus. Because it is a closed OS, nobody really knows what vunerabilities have been found, but haven’t been publicised by Apple.
Here you are mistaken. The Apple-written applications are closed, but the OS itself is quite open -- it's BSD Unix, and the sources are readily available all over the internet.
Any virus would have to attack a weakness in the BSD Unix core -- attacking an app typically doesn't gain control over the machine. The memory address space randomizing feature should be strengthened, no argument there. But it's not a gaping hole the way this writer claims. Read the fine print about how it's exercised -- the attacker has to already have direct access to a compromised machine. Yawn.
Anyway, BSD Unix is not a closed OS. Apple writes a lot of proprietary code, yes; but the strength of OS-X is due to the Unix core.
I do agree that Apple should be a lot more forthcoming about vulnerabilities in its apps, and patch them quicker.
Do tell where you got the box please. While I am a Linux bug, I have a friend who is shopping.
I'm not so sure. Way back in the days of system 6 (Go MultiFinder!) and 7 there were plenty of Mac viruses. I suspect that had more to do with the availability of the Macs to college geeks rather than MacOS not being based on UNIX.
Now, with Windows as the dominant machine, why bother to write Mac or Linux viruses? It's harder and there isn't much of a payoff.
Nah, the old Mac OS was a swiss cheese of security holes -- more design flaws and bugs than you can imagine. Hell, the old Mac OS wasn't designed for security at all -- just like MS-DOS and Windows (prior to NT). In the 1980's and first half of the 90's, none of the consumer OSes even paid lip service to security. OTOH, Unix had been working on it since the mid-70's. The 1988 Morris worm hipped the Unix community to the remaining problems.
> Now, with Windows as the dominant machine, why bother to write Mac or Linux viruses? It's harder...
You are correct about that.
> ... and there isn't much of a payoff.
See my post #7 above. There's a HUGE potential payoff for a successful Mac OS-X virus. HUGE. Hugh, even ;-)
Yet there isn't one. It's because it's TOO hard to do, not because there aren't a bunch of virus writers trying.
Prices from NewEgg:
Phenom II x4 955 - $189
GIGABYTE GA-MA770T-UD3P $80
G.Skill 4GB RAM $86
LiteOn BluRay/DVD $60
Hitachi 1TB drive $80
Great price if you want to upgrade!
“but there’s no excuse for this kind of misleading stuff. “
There may be some marketing hype but its not misleading.
Headline: "Snow Leopard less secure than Windows"
That's misleading. One memory randomization weakness, whose use requires having direct access to an already-compromised machine, makes OS-X less secure than Windows?
True only in that one, tightly restricted context. In the general area of comparative OS security, that claim is laughable.
People have written a virus for iPods hacked to run Linux. How many of those do you think are in the world? Security by obscurity is largely a myth.
Thanks in advance:
We now return to our regular program.
(I'm not brain dead yet, I even learned how to write the Pres's name:Ø)
Thanks, ShadowAce, for the quick response to their question. I would have give the same OpenOffice link, but I was distracted for a few minutes ("Look! Something shiny!") and just got back on this thread... ;-)
I got everything from www.newegg.com
| Item | Description | Quantity | Unit Price | Extended Price |
| 11-144-197 | CASE APEVIA(ASP)|X-JPJGT-BK RT | 1 | $64.99 | $64.99 |
| 11-998-121 | FAN APEVIA(ASPIRE) |120MCF12SL-UBLR | 1 | $7.99 | $7.99 |
| 17-148-040 | PSU APEVIA|ATX-AQ700W-BK 700W RT | 1 | $89.99 | $89.99 |
| 27-136-133 | BD/HD-ROM COMBO LG|GGC-H20L SATA RT | 1 | $109.99 | $109.99 |
| COMDISCOUNT FOR PROMOTION CODE | 1 | ($11.00) | ($11.00) | |
| 13-131-366 | MB ASUS M4A78T-E AM3 790GX/SB750 RT | 1 | $129.99 | $129.99 |
| 22-136-317 | HD 1T|WD 32M WD10EADS % | 1 | $89.99 | $89.99 |
| 19-103-674 | CPU AMD|PH II X4 955 3.2G AM3 BE | 1 | $199.99 | $199.99 |
| GSkill 2x2Gb DDR3 8-8-8-21 | $79.95 | |||
| Mail-in Rebates | ($55.00) | ($55.00) | ||
| ------------ | ||||
| TOTAL | ||||
| $706.88 |
Remaining purchases:
ATI Radeon HD4890 Graphics Card for $200
Another 4Gb of RAM for $79.95
This CPU will easily overclock to 4 Ghz.
VERY nice list of stuff. Great price too. Newegg rocks, I buy a lot of stuff through them, never been burned.
I presume you're a serious gamer -- that sort of firepower is wasted on any lesser activity.
Also, congrats on a successful thread hijack -- of course, it's your own thread, so I'm not complaining, mind you. ;-)
I have found it not so easy to overclock it. I must be doing it incorrectly. Do you know the right way to do it?
Didn’t Miller need root access in order to crack the Mac ?
That's what I meant by "already-compromised".
Requiring root access for a hack to work is like saying you can hack a Linux box by booting up a recovery CD and reading/writing the Linux hard drive. D-uh, so what? Getting root, or getting physical access to the machine, is the hard part.
Windows apologists will go to any length to find a weakness in OS-X or Linux, even if it's not something that can be exercised in any practical sense.
Microsoft is on tenterhooks to see how well Win7 does. If it fails they are toast. I like Win7, and I don't think it will fail, but it has yet to be released to a skeptical world. The residue of Vista still clings to the wheels.
Since this thread seems a ready target for hijacking, have you heard about the Microsoft-sponsored Win7 Tupperware Parties? Read up: They're a riot.
Desperation has a smell, and it's all over this article. ;-)
ROTFLOL !
Thanks guys, now downloaded and off to work I go!
With Apples increased market share, the virus business will shift from PC to Mac as more are online. It's a simple numbers game, and PC'rs have been making this claim since the first virus.
Just a matter of time. And yes, with the introduction of VISTA and now Win7, the built in security has really improved bigtime.
I've often thought about taking my AV program offline as it is not necessary, but should I load a virus, even though it has been rendered useless, I still want a way to manually quarantine it.
Personally I would have used "edlin".
You are right. And from what I read the hacks in created very small problems that unless you were really lookign for them most people would never notice. No missing files, not crashed computer, etc...Very predicable tht they will run out the same stories over and over right before a new windows OS appears? Is propaganda that easy to pass around?
Thanks! I can’t wait to get it working :-)
No argument. But still way behind an operating system that was designed with security in mind, instead of merely bolted on haphazardly afterward.
> With Apples increased market share, the virus business will shift from PC to Mac as more are online. It's a simple numbers game, and PC'rs have been making this claim since the first virus.
Okay, name the number. What's the number?
If not 35,000,000+ unprotected, non-techie-operated, run-with-admin-priv, ZERO anti-virus software machines is not enough to tempt the virus writers, what's the magic number when Macs become a target?
If you shoot too high, you're admitting that Macs will be non-targets (and thus "safe") essentially forever.
If you shoot too low, you'll have to watch the number of Macs exceed it without becoming targets (if I'm right).
So what's the number?
Sure, sure. Hey, don't feel bad, none of the apologists who push that "35 million isn't tempting enough" line are willing to name a number that is.
There will always be some excuse. ;-)
I'm willing to bet Apple will never get enough marketshare that the Mac "becomes a target" based on numbers. The Mac will only become a target if Apple drops their pants on security in a big way, and creates a target. I don't expect that to happen, since they, like Microsoft, are always improving.
They could blow it with a non-Unix product, of course...
I agree with some of your conclusions but this statement is incorrect. Security was a major consideration and designed into Windows starting with Windows NT. Government and Military sales forced the need to move to a new codebase after Win95/98. And actually the NT kernel pretty much came from OS/2 where security was also a focus.
> I agree with some of your conclusions but this statement is incorrect. Security was a major consideration and designed into Windows starting with Windows NT. Government and Military sales forced the need to move to a new codebase after Win95/98. And actually the NT kernel pretty much came from OS/2 where security was also a focus.
Hmmm, ok. Let me modify/clarify my statement. "Bolted on haphazardly afterward" -is- a little harsh these days, although it's not inaccurate for NT's first decade through about 2004 (specifically the release of XP-SP2, which was the first significant improvement).
NT was required because DOS-based Windows could never become a server, never be secure, never be taken seriously. We agree on that.
However, NT has suffered since the beginning until today (NT6.1=Win7) with the burden of having to support architectural weaknesses that are part-and-parcel of the Windows way of doing things. That is, a "Wow, we could do this and it would be way cool!" approach to design, as opposed to a "We could do this, but what problems does it raise?" approach.
For example, there is no other explanation for why, only after all these years, Microsoft is FINALLY admitting that AutoPlay/AutoRun is a stupid design flaw, not a feature. And even now, when they have started disabling it, they only disable it for some things like USB drives, but not for CDs -- even though USB Flash products with "U3" software present themselves as CDs and circumvent the disable. This is a sign of POOR DESIGN.
If you read the Microsoft and MSDN KB articles about these things, you realize that Windows is hobbled, even crippled, by stupid design decisions that can't be fixed, largely because no one understands what else will break if they fix the item in question.
So let me try this: In an environment like Windows, real "security" -- the kind that comes from inherently good design -- is much more difficult, and sometimes impossible without total rewrite. It is, in my opinion, a testament to the outstanding abilities of Microsoft's programmers that they've been able to do as much as they have done to improve Windows in the past five years, and maintain the level of back-compatibility they still have.
Windows NT codebase has been overdue for a total rewrite for many years. When it happens, I and many others will be very happy, because then and only then will Windows have a shot at the kind of security that Unix folks have had for a long time.
If you want on or off the Mac Ping List, Freepmail me.
Full of FUD, but I was a bit dissapointed that Snow Leopard didn’t use ASLR.
However, ASLR is only one bit on the back end to reduce the possibility of a successful intrusion being able to do its work. Attacks are just plain harder in the first place with OS X.
IOW, ASLR would have just been icing on the cake for OS X, while it was sorely needed by Windows.
Actually, no, there weren't. They did exist, but there were only a total of 113 total MacOS viruses, counting variations on a basic design.
Today, there are now almost 40,000,000 OSX Macs in use and the total number of viruses in the wild for OSX is ZERO. Viruses have been written for target population of fewer than 12,000 vulnerable computers (Witty Worm), and even for the few dozen iPods that had been converted to run LINUX, yet no one has succeeded in writing a virus to attack the 40M Macs in over eight years. There have been about seven "proof of concept" attempts to do so, but none of them have ever worked.
More like because back then Mac OS was pretty much one big gaping security hole. It was easy to hack, didn't even have protected memory.
bttt
It is misleading because the author and Charlie Miller choose to ignore the alternative methods of attaining similar levels of security that Apple IS implementing in preference to Miller's pet approach of Address Space Location Randomization which Apple does use for dynamic libraries and other system files but chooses to use a different approach for other files including heap and stack non-executability, etc.
So they have. They've been trumpeting "Just you wait! When there are enough Macs, Macs will have just as much or more malware than Windows!"
They've been saying the same tired old canard for eight years now. Tell me. What is the magic number of OSX Macs that will unleash the Dogs of Havoc? Since we've reached 40,000,000, that's not it. So what is the number that will suddenly make it easy to compromise Mac security?
Or as I like to say, why worry about a potential virus delivered over the Internet when the bigger problem is the uninvited houseguest sitting at your computer in your living room.
Hey, Swordmaker, I already gave Cold Heat a hard time over The Number back at #33 above. ;-)
He wouldn't let on... but I found it anyway! It was written on a folded-up piece of paper back in the alley behind Microsoft campus. Apparently they figured out how to compromise OS-X security! It said:
"Mac #51389207 is The One! It has the Mac GUI, but underneath, instead of BSD Unix, we've switched in a copy of Windows. When this baby hits the interweb, it'll be all over for the Mac! -- Steve"A Microsoft spokesman was unavailable for comment.
At least it's user friendly.
Oh, don't worry, I'm no Machead. I'm a Unixhead who currently is using mostly Apple hardware platforms because it's reliable. I've got Windows, OS-X, Linux, and BSD all running RIGHT NOW in front of me on mostly Apple hardware, just to do my job.
> At least it's user friendly.
Actually, truth be known, I don't like the OS-X Finder/GUI as much as the Windows XP Win-Explorer/GUI, and my dream machine would have Win-Explorer over Unix instead of Finder over Unix.
But in any case, I live on a commandline in xterms and SSh. I don't give a rat's ass for the modern user friendly. Far as I care, any system with "man" pages is user friendly enough for me. Seriously.
But I appreciate the stirring. About $600 for the Minis and about $1200 for the Macbooks. ;-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.