Foundations of Mac OS X Leopard Security 213
jsuda writes "At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable." Read below for the rest of Jsuda's review.
Many of the security issues raised in the book are theoretical or deal with added elements of the Mac software install that contain non-Apple components — Apache Web server and Perl and PHP scripting packages, for example. Many of the items of concern deal with generic problem areas of computer usage in general, both software and hardware, which affect the Mac as well as any other computers and networks. While the perspective of the book is on the Mac, much of the security review will apply to any type of computer or network.Foundations of Mac OS X Leopard Security | |
author | Charles S. Edge, Jr., William Barker, and Zack Smith |
pages | 455 |
publisher | Apress |
rating | 9 |
reviewer | jsuda |
ISBN | 978-1-59059-989-1 |
summary | Best book on Mac Security |
Messieurs Edge, Barker, and Smith are seasoned Mac and security professionals who point out in a very systematic and comprehensive way the potential problems of running the Mac both in single use and networked environments. The focus is primarily on Mac OS X Leopard and the other software which comes with any new Mac computer, although there is some discussion of earlier OS X versions and earlier generations of Apple applications like Airport.
The book has five main parts covering general security matters, essential security fundamentals, networking, sharing, and workplace security issues. There are four very short appendices of modest value.
The initial first three chapters deal with general security and security fundamentals is basic stuff discussing how technical computer security issues are entwined with practical realities of using computers in a business or home, and that compromises between security and practicality generally must be made. There is discussion of types of security attacks, how the Windows booting programs, Parallels and Boot Camp, implicate Windows security issues on the Mac, and how the UNIX underpinnings of the Mac OS X allow for more sophisticated techniques and tools in securing the Mac computer and networks. Chapter 1 is a useful "quick start" guide of items which can be addressed readily by nearly any level of user to safeguard the Mac from many security concerns. Apple has provided a lot of built-in security features and services which can be adjusted by individual users to his or her own needs, like FileVault, Secure Trash, Keychain, permissions, and others. Higher-level users and maybe experienced security professionals not used to the Mac may be bored with the first part of the book.
Part two deals with protecting the Mac from malware and exploitable services in the OS and major applications like the Safari browser and Mail applications. It explains how malware can affect the Mac through script viruses, social engineering techniques, and other exploits. The book lists a number of available software tools which can help solve some of the potential problems. The section on reviewing and configuring monitoring processes and logs is especially interesting.
Securing networks, using and configuring firewalls, and wireless networking make up the bulk of part three. The content in chapters 7 through 9 is quite technical covering types of networks; routers, hubs and switches;proxy, DMZ, and other servers and hardware setups, advanced firewall configuration using both GUI and command line interfaces; filtering; traffic throttling; and more. The sections describing testing of firewalls and hacking wireless networks using tools like Kismac and iStumbler are especially useful.
Chapter 11, in part four, dealing with website security when utilizing the built-in Apple web services, includes a checklist of at least a dozen items to be dealt with in locking down a site. Security for remote conductivity is addressed also, with particular emphasis given to VPN, secure shell, and the use of network administration tools like Timbuktu and DAVE. Attention is given to both the standard Mac OS X installation as well as to OS X Server. The most complex discussions involve using Open Directory in a security plan. My favorite sections were in chapters 14 on network scanning, monitoring, and intrusion prevention tools. The book describes how to understand your own machine/network security status by learning how to attack other networks. And how to use techniques like white/black box testing, fingerprinting, enumeration, port and TCP/UDP scans, ping sweeps, and more.
The book describes how intrusion detection is accomplished. Guidance is provided on software tools like Tripwire, snort, Checkmate, and others. The last chapter concerns forensics and how to handle attempted or successful intrusions to both understand security weaknesses and to preserve evidence for civil or criminal proceedings, CSI-like.
Nearly all of the presentations cover two levels of interactivity using either GUI-based tools or the command line. Except for a handful of sections, the presentations are useful even for higher-end users, including those dealing with medium to large networks.
The writing is workmanlike and without style or wit, but carefully organized and expressed. There are plenty of (grayscale) screenshots of relevant software application configurations, and sidebar Notes and Tips on many topics. Anyone who has a serious interest in Mac OS X security will benefit from this book as its main virtue is its systematic and comprehensive approach to the issues. It is designed to inform users of all levels how and why to think about OS X security. Geeks who want or need to know Mac OS X security will get a nicely organized book sufficiently filled with useful content. This is not a book intended to raise all security issues or to provide all the answers. It does answer many problems, and will point nearly all users in the right direction for their specific needs.
You can purchase Foundations of Mac OS X Leopard Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
A good start to the discussion (Score:5, Insightful)
Re:A good start to the discussion (Score:5, Insightful)
Re:A good start to the discussion (Score:5, Insightful)
I'm aware that Window's market share makes them the "low-hanging fruit," but even without considering market share, OSX has fewer security holes than Windows.
Most of the difference seems (to me, YMMV) to be remnants of OSX's background in BSD, and the security practices in the BSD world--it seems that Apple has added far more functionality to BSD, but at a cost of lowered security.
Don't forget to unplug it, too! :D
Re: (Score:2)
Re:A good start to the discussion (Score:5, Insightful)
By comparing the structure and functionality. If we had to wait until a system has been attacked to see how vulnerable it was, we'd all be in REAL trouble.
One basic factor is default user account privileges: Microsoft has all new users default to Admin privileges (a practice that may have stopped with Vista), while Apple (like Linux) has new users default as limited accounts that must be escalated to have Admin. Microsoft's way is more handy (in that even an inexperienced computer owner can set up an account that can do anything), but insecure (because only an inexperienced computer owner would WANT all users to have accounts that can do anything).
There are plenty of vulnerabilities on both sides, but from everything I've seen in 20+ years of working with both Microsoft and Apple products, Apple is in the lead for security. Of course, that may change without notice, if Microsoft tightens up their practices, or Apple adds more vulnerabilities.
Re: (Score:2)
But that is one bug, probably soon fixed - and doesn't even work if the user is logged in (meaning it doesn't work on most OS X servers).
By default OS X has all the account separation of any other UNIX system, privilege escalation through elevated processes is nothing new at all.
Re:small clarifications (Score:4, Insightful)
That does not mean that you can't set your kids up with a limited account--it simply means that due solely to the way Alpha Centauri is written, it won't work with a more secure setup. But that's not Microsoft's fault--complain to Firaxis.
Re:A good start to the discussion (Score:4, Insightful)
Bullshit.
If you build it, they will come.
If nothing else they will do it to claim bragging rights.
This notion that small marketshare saves you or large marketshare dooms you is just nonsense spouted by people that haven't been around long enough to have used anything else (besides Windows).
Re:A good start to the discussion (Score:5, Interesting)
What, intrinsically, makes OSX immune to spyware?
OSX cannot stop you from running software that is inherently evil.
The fact that there isn't spyware on OSX proves that small marketshare is indeed a huge factor in lack of exploits in OSX... because there is absolutely no technical reason for spyware not to work on OSX.
MacOS X and Spyware (Score:4, Interesting)
Think about how spyware gets on a computer.
From what I understand, there are two basic ways: Drive by downloads and host programs that carry spyware with their installation.
Drive by downloads under Windows are installed thanks to Internet Explorer bugs. IE is capable of installing operating system updates and so it automatically has the access needed to do so.(*) Safari has no special operating system privileges and so it cannot install software on its own without user intervention.
As far as I can tell, other spyware vectors such as commercially developed BitTorrent clients and "smiley face" silliness have not taken off on the Mac.
So as far as I know, the major ways to distribute spyware don't exist on the Mac and probably never will. Thus, Apple is likely to be spared the spyware phenomenon, at least to the dreadful extent it occurs on Windows machines.
D
(*) I think Vista was supposed to fix this but I don't know if that is the case or not. In any event, most Windows users continue to use XP.
Re: (Score:2)
Drive by downloads under Windows are installed thanks to Internet Explorer bugs. IE is capable of installing operating system updates and so it automatically has the access needed to do so.
Do you have any information about what IE bugs are exploited for "drive by" downloads? In my experience, IE bugs have not been responsible for the vast majority of spyware etc in years...does your experience differ?
If users CHOOSE to download and CHOOSE to run software, that is different, and Windows and Mac both query you about running unsafe software now.
(*) Safari has no special operating system privileges and so it cannot install software on its own without user intervention.
I'm confused--are you talkig about IE's ACtiveX abilities?
So as far as I know, the major ways to distribute spyware don't exist on the Mac and probably never will. Thus, Apple is likely to be spared the spyware phenomenon, at least to the dreadful extent it occurs on Windows machines.
Maybe I'm just lucky and missing out, but it's literally been years since I've seen a PC dec
Re: (Score:3, Interesting)
Unfortunately, I live in Pittsburgh, which is an area where most people like the tried and true and don't think much of being up to date. So the problems you mention are still very much alive here, and pretty much every PC I see is encrusted with enormous amounts of spyware and invasive software.
Since Apple's user base skews towards better educated individuals in general, and creative artists and writers specifically, I suspect that fewer of them have the bad taste to download the "Incredimail" and smiley
Mac users don't want to damage their platform (Score:3, Insightful)
I've always thought there's a slightly different phenomenon at work for Mac users.
See, Mac users really like what they're using. If you go to the trouble of buying a Mac, you're joining a group of people that is generally supportive of their computing platform.
So I think there are a lot fewer people who are really interested in breaking into Macs and damaging their computing platform's reputation.
To show this principle in action, take a look at the iPhone hacking community and how quickly they found exploi
Re: (Score:3, Insightful)
I think it's simpler than that. The people on this site are conditioned to be cynical and negative about just about anything. They can't understand positive emotions in favour of a product, especially when that product is made by big business.
This is why you see so many people who are contemptuous of "Apple Fanbois" and slaves to Steve Jobs, without thinking that there might be valid reasons for people to like and appreciate Apple.
People are especially cynical about corporations, which is a little sad sin
Re:A good start to the discussion (Score:4, Insightful)
Others have already replied about Apple's intrinsically superior security based on its BSD roots and more sensible user permissions. There's no need to go into that agaiin.
But there's an additional by-product that good design gets you: If people believe that cracking your system is harder, they won't be as inclined to try.
Case in point: All Debian-based SSL encryption was fundamentally broken for over a year, and yet (as far as we know) it didn't occur to sysadmins and developers to actually test the security of their certs etc. More interestingly, it doesn't seem to have occurred to crackers to even probe Debian's SSL implementation for vulnerabilities.
I wrote a quick run-down on this phenomenon (with a few caveats) on my website [imagicity.com]. In hindsight, it's nothing short of astounding that nobody caught this error. Considering that the payoff for a computer criminal would be potentially huge, I can only attribute the failure to comprehensively exploit the vulnerability to a folk-wisdom phenomenon, which is that if your software is generally considered safer, rightly or wrongly, people will tend to treat it as if it were, and leave it alone.
The converse, of course, is that if your software (e.g. Windows) is generally considered insecure, people will go to great lengths to exploit it. When you look at the cleverness of some of the hacks used to infiltrate a Windows system and compare the level of knowledge and skill required to simply brute-forcing Debian's broken SSL, you'll see what I mean.
Re: (Score:3, Insightful)
No, UNIX style security cannot ever work on the desktop. It's a system that is doomed to fail by design because it has insufficient layering and a confusing setup for the end user. Do I really need to point you at the usability studies done on user-based DAC security? Or will you take it on my word that the vast majority of users will t
Re: (Score:2)
And remove, and shred the hard drive.
Re: (Score:3, Interesting)
I'm aware that Window's market share makes them the "low-hanging fruit," but even without considering market share, OSX has fewer security holes than Windows
Really? Compare Vista to OS X... Heck even compare 10.5 to Vista...
When you get back from your research, please post a retraction to your clueless assertion.
Most of the difference seems (to me, YMMV) to be remnants of OSX's background in BSD
Do you even understand what you are trying to state? BSD is not a 'secure' end all OS design. One, I repeat one BS
Re: (Score:2)
Re:A good start to the discussion (Score:5, Insightful)
You poise a logical fallacy.
"Let us not forget Windows also faces much more exposure due to it's market share. "
I order for that to be a factor worth considering, the OSes must be designed with the same architecture, management, coder skill, etc. . . .
The MAc has not been in a locked room with no network, there are many groups of people trying to find remote flaws all the time, with almost no success. And the success they did had relied on 3rd party hardware and drivers.
While I understand it's not perfect, it is far better then Windows by design, and it is reflected in the many tests groups outside of Apple do every day.
Insightful my ass.
Re: (Score:2)
But I digress I'm sure the windows larger market share plays absolutely no part in it's struggle with securing the platform. I'm sure having more mass appeal ensures only the best and brightest will use your OS, right? right?
Spare a talent for an old ex leper? (Score:2)
Oh, wait, that's OS X Leopard. Sorry, my bad. That parrot story gave me Python on the brain.
The Fullest Measure (Score:5, Insightful)
Take 'em all down, Fanboi! Good dog!
And with that message, your contentless response to a well-written message puts on display the fullest measure of your intelligence.
Re:A good start to the discussion (Score:5, Interesting)
OS X has a solid architecture, but all the evidence indicates that Apple has not taken security seriously as a process issue to the same extent that Microsoft has.
Some of the recent bugs with Safari remind me of the stuff MS was doing 10 years ago, where junior programers hacked together E-Z features without any consideration for the security implications.
The other issue is that QuickTime is a huge smelly bug-filled legacy turd, but thankfully Apple has announced that they are rewriting a replacement.
Re: (Score:3, Insightful)
OS X has a solid architecture, but all the evidence indicates that Apple has not taken security seriously as a process issue to the same extent that Microsoft has.
Please. Do you think it wise behavior for IE to load any dll placed on the desktop? IE should not just load any DLL placed in the default path but rather should only load from a well defined directory tree built specifically for add-ons and plugins.
The recent "carpet bomb" issue with Safari on windows brought to centre stage this very issue.
MSFT is is still creating junior level mistakes with their flagship software.
Re: (Score:2)
I normally don't respond to ACs, but this comment is dead on target.
Re: (Score:3, Informative)
I normally don't respond to ACs, but this comment is dead on target.
The thing though is, Apple doesn't have to do anything about them and they will still have a more secure system then MS. The first reason is that unless Apple gives users root access by default, they can't screw up most of Unix. The second part is, Apple has been and always will be the underdog, giving MS the majority of the targets. The third part is, an open source core, so if people complain about security holes, Apple can give them the source and tell them to fix it yourself. Basically, it doesn't
Re: (Score:2)
The thing though is, Apple doesn't have to do anything about them and they will still have a more secure system then MS.
Not for long. Like Microsoft or hate them, they patch bugs. Sometimes the patch is worse than the bug, admittedly, but they're trying.
Basically, it doesn't matter what Apple does, OS X will always be more secure then Windows in the number of exploited flaws. Because if they aren't exploited, then they don't really matter.
And this is just sheer foolishness. Yes, non-exploited flaws do matter. No, OS X will not necessarily "always be more secure then Windows." Microsoft has proven that they can learn from their mistakes sometimes, and Apple has proven that they can make mistakes--and even completely fuck things up.
And no, fanboi-isms like the ones in your post above really don't make you
Re:A good start to the discussion (Score:4, Interesting)
It's hard to write much about security holes when there isn't much of a history of attacks. Can we say "OSX is intrinsically more secure?" Maybe, certainly a lot of its default configuration tend to be more secure than Windows' defaults.
But what's made, and perpetuated, the notion that Macs are immune to viruses and other attacks is that there just aren't very many of them out there. Even with Mac's quickly growing market share, it's still far more lucrative to target mass market windows machines.
Look at how they are attacked. (Score:5, Interesting)
Put an unpatched WinXP on the Internet and watch how quickly it is cracked by an automated process randomly scanning IP blocks.
So you'd turn down $5 million for a chance at a portion of $90 million?No. If they were easy to crack, they would be cracked. Automatically. By a zombie scanning IP blocks.
The real issue is that Macs are very secure ON THEIR OWN. Not in relation to anything else.Today, most boxes are cracked via worms, browser exploits and email attachments.
Removing entire avenues of attack is possible with a Mac. Remove an avenue of attack and you've increased your security.
Then, as long as the DIS-INFECTION rate is HIGHER than the INFECTION rate, those systems will be "secure". At least, they will not be cracked by worms, browser exploits or email attachments.
Re: (Score:3, Insightful)
Gah.
A zombie can scan IPs for known security holes, but the programmer still has to design a virus, worm, etc. specifically for the Mac that will exploit that hole. The viruses that attack windows won't work on Mac...you have experiment and find different avenues of attack...identify the security hole to exploit. I maintain that few security holes have been identified because fewer people are looking for
You're wrong. (Score:2)
The avenues of attack are the same. Those are CLASSES of attacks.
And with about 5 million Macs out there, why wouldn't said programmer do so?
Re:You're wrong. (Score:5, Interesting)
Re: (Score:3, Interesting)
Re: (Score:2)
And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited.
We have proof of that: just look at the unpatched Linux servers (running crappy forum software which has been exploited) controlling botnets etc (chosen because they have good network connections and aren't often turned off).
And my counterpoint would be Debian's borked SSL implementation, which (apparently) went undiscovered by crackers for over a year, despite the ease with which it could be exploited and the immense payoff that would come from exploiting it.
See my previous comment above [slashdot.org] for details
Re:Look at how they are attacked. (Score:5, Insightful)
Well...
Mac OS X has some advantages in security. But I can't really say those advantages are due to Apple being somehow inherently 'better' coders than Microsoft or having made some kind of perfect system.
In my opinion, Mac OS X is less vulnerable than Windows in many areas is due to Apple being willing to go 'okay, this particular technology is dead, move along.' Microsoft relies on backwards compatibility for large market share; break backwards compatibility, and people do not upgrade. (Case in point: Vista.)
Apple has a smaller market share (and speaking as a Mac user and developer, we tend to sort of go, 'yes please, whatever you say' when they want to change things). We might bitch about it periodically (whither thou, 64-bit Carbon?), but this gives them the freedom to throw out legacy code and simplifies the code maintenance.
Or, in short: Apple's coders are not inherently better, but they end up with less old cruft to support and try to be aware of.
As a case in point, I'll note that the worst offender in terms of security on Mac OS X has, historically, been Quicktime. Quicktime is perhaps the oldest, most legacy-laden bit of crud in Apple's library. (The Quicktime APIs are darn near prehistoric, especially compared to things like CoreImage et al.) One would assume this means that Quicktime, more than almost anything else, has chunks of code that predate most of the programmers working on it, and which no one remembers or thinks about.
And in my experience, that's often where those kind of bugs come from... you change something, add a new bit of code that passing something into a function somewhere, completely unaware that four levels deeper there's some function which assumes the buffer is only 4k long. The old programmers knew there was an implicit limit down in this ancient routine, but no one now knows of that limit, and so -- unaware of this lurking nightmare 5 levels deeper in the stack -- they pass in a 6k buffer. Boom, security issue.
Windows has this problem in almost every corner of the OS. Worse, they cannot readily get around it... you can't just rewrite things from scratch, or you break legacy support! But as a result, there often are quite a few lurking behaviors that newer coders aren't aware of somewhere deeper in the system, things that never got documented, and which will eventually reach out to bite them.
Sure, there's situations which are just plain dumb (the carpet-bombing attack, for instance, is inexcusable behavior on IE's part), but most of those seem to be the minority.
So, yeah, Mac OS X has some advantage, as they have less legacy stuff to deal with. But even with that sort of advantage, no operating system -- not even Linux! -- is completely free of all flaws. We as users need to accept as a given that almost nothing is completely secure (at least, not and still be usable). This is especially true when many viruses and trojans rely on social engineering.
Even if Mac OS X prompts the user before allowing a program to elevate privileges, does that matter if users just click without looking? After all, lots of programs prompt for such things in order to install some shared framework they use at the installation or first-run stage. I know a lot of Mac users who just click on that warning blindly. And the warning doesn't matter if the user doesn't really pay attention.
So, yeah. Mac OS X may have less tangled, jungle-like legacy code for scary security holes to lurk in, but that does not mean it is invulnerable. Certainly not immune even to automated bugs, and especially not immune from social engineering.
Because the biggest security hole -- on ANY operating system -- is often user behavior.
There's my $0.02, anyway. :)
Actually, there are other advantages... (Score:3, Interesting)
Mac OS X has some advantages in security. But I can't really say those advantages are due to Apple being somehow inherently 'better' coders than Microsoft or having made some kind of perfect system.
I slightly disagree with that statement.
Most programming done on other systems for higher level OS and application stuff, is C or C++.
In OS X, it is Objective C.
SImply because of the message passing nature and the way the frameworks are built, I would say that generally any application written in Objective C woul
Re: (Score:2)
ObjC is my language of choice to develop in when possible, and I grant you that some of the nature of ObjC makes it easier to avoid some of the 'stock' security pitfalls. But not all of the system is in ObjC -- most of the daemons and so on are in C, after all.
Beyond that, the very adoption of ObjC as the primary language of the system is, itself, a break with legacy code (Mac OS 9 and earlier did not have ObjC, after all, much less have anything written in it). ;)
Re: (Score:2)
Most programming done on other systems for higher level OS and application stuff, is C or C++.
In OS X, it is Objective C.
Ach, enough with the blatant fanboism! Yes, Cocoa/Objective C is ONE way of programming for OSX, and indeed Apple's stated preferred method. But...
Looking at a couple of my currently running programs..Firefox. Photoshop. Microsoft Word. Azureus. None are written in Objective C, none use Cocoa.
Ok, admittedly, those are non-Apple applications. Let's take a look at some Apple applications--that come with the OS even. iTunes--uses Carbon. Quicktime--Carbon. Safari--partially Carbon. Mail.app -- all carbon. Fin
Re: (Score:3, Informative)
btw, replying again, if you want to check out which frameworks Mac programs use, open a command line (thats in Applications/Utilities) and cd to the application direction. For instance:
% cd /Applications/Mail.app/
Then go to the binary--
% cd /Applications/Mail.app/Contents/MacOS
and run the otool command:
% otool -L Mail
Re: (Score:2)
apologies for mistaken off-topic mod - appears undoable without this reply
Re:Look at how they are attacked. (Score:4, Insightful)
Even if Mac OS X prompts the user before allowing a program to elevate privileges, does that matter if users just click without looking? After all, lots of programs prompt for such things in order to install some shared framework they use at the installation or first-run stage
I think in this area apple has an advantage that often goes overlooked. The number of warnings and popups a windows system presents the user with is a magnitude greater than what an OS X user sees. My god, plug in a flash drive. Can you escape with fewer than three popups? There's a reason windows users have the "click the button in the new window that just opened without reading it" mentality. Windows has gone from just letting programs do as they please, to popping up dialogs every 25 seconds. This is not an improvement, it just conditions the user to ignore the message and click the button to get on with it.
So although the windows and the mac user base will both have a degree of "make the interrupting box go away" mentality, a lot more os x users stop and read the box when it pops up, because they're not used to being harassed constantly by it and have an actual interest in seeing what it's about.
My other unrelated point is developer assumptions. I have, to date, ran into three pieces of OS X software that REQUIRE you to be logged in as an admin to either install, or to run, their software. In all other cases, they will either install or run if you provide an administrator's login and password.
And the grand majority of software for OS X does not require installation to run, you can drag it to your desktop and kick it off. Again the and also the grand majority of software for OS X, particularly that which your "average user" would want to use, does not require any authentication to run because it can function from within a basic user's privileges.
Compare that with windows. It's very hard to find a single app that will run without installing, and neigh impossible to find an app that a non admin can install. Once installed, about 8% of the programs won't run at all or won't run properly if you are not an admin user. Numerous programs will only run if you are the specific (admin) user that installed them.
Some of this is windows' fault, and some of it is programmers' fault. The programmers have come to expect all users to be admins because that's been the default. And it's easier that way, there's so much less you have to deal with if you can assume the user is an admin. So they take the short way and simply demand you be an admin to install it.
This perpetuates the problem, because now everyone wants to be an admin because they can't install software or run some software etc without logging out and back in as the admin, so for pure convenience they use an admin account.
There is a third point this just reminded me of. Assumed administrator rights. There is a group "admin" on OS X, that DOES give you write permission to certain folders that an unprivileged user does not have. But the scope is very small. On windows, merely logging in as an admin gives you a whole basket full of extra powers. This is probably why the programmers want the users to simply be admins, because it makes their jobs (particularly on installing) soooo much simpler. Instead of dealing with a dozen different permissions, you can either say are you an admin or not and be done with it. If you are, go do whatever you like. Otherwise, take a hike.
This again perpetuates windows wanting to default to admin, users wanting to default to admin, and developers wanting to default to admin. That throws a pretty daunting wrench into the works when trying to secure a system by default.
Stop with the fallacy people. (Score:2)
http://books.slashdot.org/comments.pl?sid=590261&cid=23880967 [slashdot.org]
Re:A good start to the discussion (Score:5, Funny)
villager: Look, Slashdot, look! A heretic!
*rumblerumblerumble*
unix mob: BIND HIM TO A SERVER RACK WITH CAT-5 AND BURN HIM!
dissenter #1: We can't!
unix mob: Why not?
dissenter #2: Halon fire suppression system in the room!
*natternatternatter*
unix mob: Make him use Windows...
jeiler: Do your worst!
unix mob: ...VISTA!
jeiler: NOOOOOOOOOOOOOOOO!!
Re: (Score:2)
Eek! I've been Vista-ed. :D
Re: (Score:2)
At least you got the joke. The dogma patrol is already after me. Your sig is quite apt today. ;)
Re: (Score:2)
Re: (Score:2)
Are fires bad for the ecosystem? Ballmer might not be too happy about that...
Re: (Score:2)
Re: (Score:2)
I bare my registry at you!
I portscan in your full IP subnet range!
Your father was an Atari, and your GUI smells of X Windows!
No go away or I will CERT you a Second Time, you silly Mac Person You!
dave
Vista? Why not ME? (Score:2)
ME is worse than Vista IMO. :)
Re: (Score:2)
Re: (Score:2)
Dear Sir or Madam:
There is this little invention called "humor"....
Re: (Score:2)
as long as the Applications folder is writable by the primary user by default, OSX is intrinsically insecure.
OSX is vulnerable to the oldest of viruses.. the kind that attaches to an executable and then spreads to all your other executables.
It doesn't need you to type your password in order to infect Safari or iTunes.
Re: (Score:2)
actually if things continue as they are I wouldn't be surprised if Snow Leopard requires signed binaries like he iPhone does. The iPhone does run a stripped down version of OS X so it is very possible that apple will due the DRM MSFt has only dreamed about.
Re: (Score:2)
OSX is intrinsically far more secure than Windows, but all systems have their vulnerabilities. For Mac pros to acknowledge that "far more secure" does not equal "completely secure" is a good step in the right direction. Thanks for the review, jsuda.
Yep, it's about time. Really OS X offers a lot of good security features, slightly beyond those standard in a non-security-hardened distro of Linux even. The main problem is getting Apple to patch both their operating system and its third party applications in a reasonable period of time. Apple needs to pay a lot more attention to issues like this, and others, in order to be ready for the enterprise. ("Is Linux ready for the desktop?" is sort of the reverse of what you ask about OS X "Is it ready for the e
Re: (Score:2)
Theoretically good OS, neglectful company that focuses on consumer hardware.
Well, that brings up an interesting observation. The argument over whether or not Apple is primarily a hardware company or a software company has been going on for years, and it's not one that's going to be solved on Slashdot. However, Jobs evidently thinks of Apple as primarily a software company--it would seem to me that if this is the case, then maybe the neglect is one reason for the lack of market share.
Re: (Score:2)
Bullshit. As I recall, Mac OS X was the first to fall to a remote exploit compared to Windows Vista and Linux.
What about that recent AppleScript root escalation exploit? What about the hundreds of other exploits we've heard about, but the cult of Mac has dismissed and quietly buried?
Over here, we call those carefully crafted "web pages" and "social engineering". There was no remote exploit for OS X in that contests. What was required was a user navigating to a specially crafted web page after having enabled remote login daemons disabled by default and creating basic accounts for the "hackers" to use to exploit the privilege escalation.
Re: (Score:2)
Which was the same thing they tried on the Vista and Linux systems, but those didn't get compromised. So what was the point again?
Re: (Score:2)
So... one particular avenue of attack succeeded on one system and failed on the others, so it must be less secure overall? That's great logic there, buckaroo.
Re: (Score:2)
I was commenting because there was in implication that the Mac was subject to conditions that the other systems weren't. I was refuting that, plain and simple. Buckaroo.
Re: (Score:3, Insightful)
If i recall the requirements of that contest correctly, contestants were required to use an unknown vulnerability to compromise the machine. All of the windows vulnerabilities that were being exploited in the wild or had been published by security researchers were not allowed to be used. In that case, the frequency of exploits and their discovery by researchers and bad guys alike probably actually worked to make it harder to win against the windows box.
I'm not taking a position one way or the other on the o
Re: (Score:2)
I like the way a couple of vulnerabilities makes OS X just as insecure as Windows. There's a difference between a smart hacker who's found a bug to exploit and the 140,000 or so viruses that regularly devastate Windows, mostly written by 14 year old script kiddies.
I'll also draw a line at exploits where you need to be sitting at the keyboard with the administrator password.
Re: (Score:3, Insightful)
Re: (Score:2)
How many people really belief that Macs are immune, 100% resistant to attacks and 100% bug free?
Anecdotal evidence does not make for a good argument, but back when I was working for Apple, I knew a heck of a lot. (Disclaimer: this was back in the days of OS 9.)
a misconception by Windows apologists that Mca OS X has less attacks due to market share.
That's not so much a misconception as it is "taking an argument too far." Yes, Macs have less market share, and yes, there are less attacks. Macs also have less vulnerabilities to attack, and are more difficult to write attack code for (especially if one is attempting to pwn the actual OS, rather than escalate privileges or some other attack
The reason is UNIX, not Mac (Score:4, Insightful)
That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac.
I would think the reason is more that almost any book on UNIX security gets you 99% of what you need to know, and there are online sources to cover the rest.
Not that a book is not a good thing to see, but to my mind among admins or more serious users of OS X, the misconception that OS X is totally secure is in itself a misconception. OS X know systems will have vulnerabilities, but we also know there have been basically no attacks in the wild and that by default many things which might leave un-noticed holes (like web servers) are off by default - and that helps a lot, for the eventuality of real attacks coming someday.
To my mind, another aspect stopping attacks is actually the switch to Intel. That reset the counter for when we might see OS X attacks since buffer overflow stuff can't rely on which architecture it might hit. That and a more friendly update model (than Windows) that people actually apply when updates come.
Macs can have funny exploits (Score:2)
I was amused today when I read this [matasano.com] article about a local Mac exploit due to a SUID binary.
All my Mac using friends reported they were vulnerable and I think they're all using the latest Leopard. I'm no Apple hater, don't get me wrong, but it does seem the little things can slip past Apple too, not just Linux (people where I work are *still* affected by the Ubuntu key issue of last month :o)!
--
Free Playstation 3, XBox 360 and Nintendo Wii [free-toys.co.uk]
Re: (Score:2)
Re: (Score:2)
You do need to be logged in as a user but you do NOT have to be remote. I just did this over ssh:
osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
root
Re: (Score:2)
It can piggyback on a safari exploit and boom, it becomes a remote exploit.
Re: (Score:2)
That's not true at all. I sshed to my laptop and remotely triggered the exploit.
The user currently has to be logged in graphically, but the exploit can certainly be pulled off remotely. Compromised account, you're good to go.
That's not remote (Score:2)
That's not true at all. I sshed to my laptop and remotely triggered the exploit.
No, you ran the exploit locally on that system - that you were connected to remotely.
You did not INITIATE the exploit remotely. And on top of that, by default SSH is not even enabled on a Mac. Which is why the exploit is not as bad as you might think, because you could take a Mac out of the box and hook it to the internet and after several years no-one would have managed to trigger that exploit. THAT is what remote means, tha
Re: (Score:2)
What you say is all well and good (and I agree with your definition of remote exploit), but that is by no means fits the definition of "physical access" which was what I replied to, so I'm not really sure what the point of your post was?
Physical access means ... physical access by the attacker (this is how I've always seen and used the term at the very least...). Physical access is not to be confused with local access (is that what you meant?)
Shell access, malicious webpage, malicious attachment, random buf
Wrong reason (Score:5, Insightful)
I don't think that's it at all. It's there is very little market for OS X security books at this point. Most people don't care. Let me explain.
On the home end of things, Macs are great and relatively secure. They do fine. That said, how many people buy books on Windows Security for those home computers? I'm going to say very few. Most people don't care or don't know they should do something to increase security.
The other front is businesses. Most businesses don't use Macs, by a large margin. Macs have a smaller enterprise market share than overall market share. If you are asked to secure a server or desktop, chances are it will be Windows or Linux.
These kind of books are, for the most part, targeted at administrators, businesses, etc. Since that market (administrators of Macs) is so small (compared to administrators of Windows boxes) there are very few books written.
This is compounded by the most important boxes to secure: web facing boxes (like servers). OS X Server's market share is very tiny compared Windows and Linux.
The books aren't there because the demand for them isn't very big, not because Mac users are think they are invulnerable from arrogance.
Wait (Score:2)
Re: (Score:3, Interesting)
"Sadly, there are plenty of Mac hipsters out there who do think that it is totally immune."
Are there? Show me a quote or two where somebody has actually written that. NOBODY actually believes Mac OS is totally immune, not even the most fervent of hipsters.
Did anyone pick up on the posters nym? (Score:2)
That jsuda is an anagram of Judas?
Seems suspicious to me.
The two OSes are products of different ages (Score:4, Insightful)
Back when Windows was first designed Microsoft assumed there was only one user on the computers and there was not way to get at the computer other than via the keyboard/mouse.
Unix was designed from the first to be used on a shared computer. The idea was that computers were so expensive that you could only afford one for an entire department, so you hooked up a bunch of terminals and let lots of peopleuse the machine at the same time. The "prime directive" of OS design was "it should not be possable for one user to screw up an others users work."
Unix was designed to run on very expensive shared computers while Windows was designed to run on cheap in-expensive personal computers that were owned and used by just one person. Mac OS X is based in Unix and ha very stong abillty to pertition users from each other. Untill recent years Windows did not even have to concept that there might be more then one user
The attitude of Mac users is what worries me (Score:5, Interesting)
I own four macs and am a sysadmin to a company running about 45 macs. I really like Mac OSX as an OS, as it is generally very robust and flexible, and, in my experience, the OS contains many features that make it both more productive and secure than Windows.
That, however, is a generalisation. Windows has made strides to improve its security record and Vista is much better in this respect than XP was (even if one does get the feeling that a lot of Vista functionality was "bolted on" after the fact). I would be wary of making wild claims about Vista being less secure than OSX, but I think, in general, Apple's use of ACLs in 10.5, coupled with other security features do give it a slight edge.
That said, the exploit this week about the Applescript ARDAgent vulnerability, and above all, the general reaction of Mac users to this vulnerability, and again as expressed in this slashdot comments section, coupled with my experiences with my users at work shows me a few things:
Mac users in general, tend to hold on to myths and marketing claims put out by Apple's PR more that users of other platforms do. I honestly think that the Mac vs. PC ads do Mac users a disservice because so many belive the claims without even asking any questions about them. An example: PC is frustrated because Mac now has Office 2008 which can do all that Office 2007 can. This is simply false. Office 2008 lacks VBA for one thing, lacks conditional formatting in Excel for another, and is so slow, it is barely usable on a new Mac Pro tower. Our older Office version, Office v.X runs faster in Rosetta emulation.
Another example. Coincidentally, I discovered this week that Apple Mail will run a Mac application thta has been attached to an email directly out of Mail. It will warn you, twice, about this, but Windows warns you about new apps as well that hasn't stopped millions of clueless end users ignoring the warnings and just clicking away. I did a few tests on users at work and they *all* opened the app. An app, combined with the applescript ARDAgent exploit would be an excellent way for an attacker to install a trojan for phishing or zombie purposes.
The atttude of Mac users that the platform is magically secure than Windows (it is more secure than XP, but not much more than Vista if at all) in the same way that Mac users were still crowing about Win98 BSODs the same way Windows users were crowing about OS9 crashing all over the place, years after neither one was used very much any more, is indicative of the problems that we, the Mac using community will face when malware exploits start to gather pace on the Mac.
I honestly believe that the Mac has been mostly protected by its small marketshare up until now. Most exploits come out of China and Russia, and most malware authors there do not have Macs. That will eventually change.
I say that Mac users should be less confident in the platform and more aware of security. I suspect that in 5 years, Anti-Virus software will also be a mainstay on OSX.
Re: (Score:2, Interesting)
Full of shit (Score:5, Insightful)
DISCLAIMER: I work at Microsoft.
Pretty much everyone who posts about this is full of shit.
Vista has had 34 vulnerabilities over the last 1.5 years. That's less than Mac OS X over the same period.
If you want to argue that Mac OS X is "more secure", you need to do it on grounds other than vulnerabilities. At best, Mac OS X and Vista are similar in the number and severity of vulnerabilities.
So the new big thing on Slashdot, since the vulnerability statistics don't back up the "more secure" argument, is to argue that Mac OS is "intrinsically" more secure than Windows.
I have no idea what people are talking about there. Vista has ACLs, just like Mac OS X. Vista has sudo (UAC in Vista), just like Mac OS X. Vista disables network-facing services by default, just like Mac OS X. Vista has a firewall, just like Mac OS X.
So, you can wave your hands and say that Mac OS X is secure because it's "UNIX". But I'm not impressed. There's nothing "intrinsically" secure about UNIX compared to any other modern OS.
What I can say is that Apple doesn't take security bugs seriously. Microsoft acknowledges when there is a reported vulnerability and reports when a fix is delivered. Apple pretends that vulnerabilities don't exist. Apple sometimes stealth-patches vulnerabilities away. And Apple frequently tries to downplay the severity of vulnerabilities.
Take, for example, the root privilege escalation vulnerability reported several days ago in Mac OS X. That kind of bug is extremely serious, yet we had 20 people on Slashdot commenting about how it's not a big deal. Apple hasn't even acknowledged that there's a problem.
Re: (Score:2, Flamebait)
Re: (Score:3, Informative)
Link please? I only ask because often the Mac viruses that people point to turn out to be trojans, such as the Leap-A "worm" that requires a user to open a file that downloaded as a tgz, unzip it, then run the executable inside.
Re: (Score:2)
Moderators: I think the above was meant to be funny. At least I found it so.
Coincidentally I had only just heard about a new trend of sending people e-mail messages with subjects such as "cmacb you sure are ugly in this photo" and with an executable as an attachment.
I rarely look in my spam folder because Gmail does such a good job that there are almost never any false positives, but I looked and there were several such messages as described. But they clearly showed up as executables of the form "whateve
Re: (Score:2, Insightful)
Re: (Score:2)
For "bang for the buck", would attacking servers be more useful, since they tend to have much better internet connections?
Re: (Score:2, Insightful)
Total bullshit (Score:4, Insightful)
Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share
There are now tens of millions of macs being used now. That's active use, not just purchased...
Now you tell me how in this day and age where viruses are all about building up botnets which are then sold, that a fairly homogenous systems with MILLIONS of systems to be had, is not a juicy target?
Marketshare alone is meaningless as a reason not to write viruses when you get to those kinds of numbers.
Re: (Score:2, Insightful)
But greater than zero (Score:2)
If you had a chance at a few million dollars, why would you let that lie fallow?
Don't forget the Windows market is far more mined out at this point, in theory OS X would be a less hardened target since people are not looking out for stuff as much.
You way underestimate the allure of money to the criminal element who are responsible for viruses/spyware we see today.
Re: (Score:3, Insightful)
And it's still way more than the largest botnet. So it's still a good target. But it's never been exploited - I wonder why?
Re: (Score:2)
Plus the black hat groups that have been trying to do this for years, and failed.
Not market share... (Score:2)
its just not a very useful platform to write viruses for since they have such a tiny market share.
Back in the '80s Macs had a tiny market share, but were a major virus breeding ground. WHy? BIG surface area exposed to attack: auto-execution of floppies, resource forks, CDEVs and INITs, etc etc etc...
Now it's Windows that's hanging on to things like auto-execute, and letting random websites download and execute code if the user responds to "Internet Explorer wants to gibberish incomprehensible stuff here, op
Proofs but nothing in the wild (Score:2)
There have been proofs of concepts but nothing in the wild.
Even the fabled "thirty days of Mac exploits" came up with one or two middling system weaknesses, the rest were bugs in third party programs - many of which did not even ship with the OS!
Re: (Score:2)
FreeBSD is their reference platform for compatibility. They all share a lot of code in common.
Re: (Score:2)
It is not a Mach Microkernel.
Re: (Score:3, Informative)
Mac OS X is based on the Mach kernel and is derived from the Berkeley Software Distribution (BSD) implementation of Unix in Nextstep.
So the kernel is not Mach but based on it. Specifically the kernel is a hybrid kernel called XNU that was developed by Next. The other parts are based on Nextstep's BSD.
Re: (Score:2)
The it sounds like you aren't comparing Apple users with Linux users, you're comparing computer users to computer programmers. Anyone with the ability to fix a security problem of course isn't going to take security for granted, the same way an OB/GYN doesn't take successful delivery of a baby for granted. But most users of any OS simply take it for granted that their system will function the way it is sup
Re: (Score:2)
linky.
Re: (Score:2)