“Using a Mac may certainly be a safer choice for a lot of people as despite being vulnerable they are not targeted. However this is not the same as Macs being secure, something Eric Schmidt erroneously advised recently. I may be able to browse impervious to malware on a Mac at the moment, however I personally would not be comfortable using a platform so easily compromised if someone had the motivation to do so. In this article I address just why OS X is so insecure including the technical shortcomings of OS X as well as Apples policies as a company that contribute to the situation.”
OS X has supported ACL since Tiger, and Leopard brought in sandboxing. The pieces are there, but these facilities are under-utilized by Apple and 3rd party developers.
Edited 2011-06-25 09:25 UTC
The fact that they are inviting Charlie Miller and others to review Lion suggests to me that they have at the very least addressed the security flaws that were repeatedly commented upon by those individuals. Otherwise, why bother?
Edited 2011-06-25 09:33 UTC
Because it’s good PR?
Wouldn’t be good PR if the researchers ended up revealing afterwards that none of their often-voiced concerned were properly addressed…
There’s a thing that exists and is called an NDA. Would you put it past Apple to mandate and later enforce one?
Edited 2011-06-29 14:24 UTC
Things will get even better in Lion in regards to sandboxing.
But according to TFA Macs are boned with regards to DEP, ASLR, and process isolation, so how can anyone call it anything but insecure? Because despite the myth that the reason Macs fall first in pwn to own is because the hackers want the pretty MBPs (Protip: The one that drops ANY machine first gets TEN GRAND so dropping the Mac because it is prettier and risking 10k in prize money would be stupid and those guys ain’t dummies) time and time again it is the Macs that drop first, and thanks to DEP, low rights mode, and ASLR I’ve seen the infection rate of my Windows customers drop like a stone since Win 7.
Add to this the behavior of Apple management with their “Don’t say malware and don’t help the customer” Applecare behavior and frankly currently it doesn’t look good. The weird part, the part that has me scratching my head, is how exactly the “RDF” thing works. I’ve had long arguments with Mac owners that swear that “Trojans don’t count” as the user has to interact with the machine for the infection to spread (ignoring the fact the latest Mac Defender doesn’t need interaction nor that despite all their Windows jokes the vast majority of Windows infections are Trojans which they claim don’t count) and frankly I honestly don’t get it.
Look if you want to spend top dollar because you like the Apple design philosophy? Cool beans I don’t blame you, having ridden in one I can say Ferrari is damned nice ride though I can’t see spending that kind of money, but I’d argue the “Macs don’t get bugs” meme is officially dead. From the DNS changer to Mac Defender it is pretty obvious by now a lot of what kept Macs safe was security by obscurity and thanks to the iPad that simply isn’t the case anymore.
There is blood in the water with regards to Macs and now the sharks are coming. From the looks of thing DNS Changer and Mac Defender are only the beginning, and the question is if Apple is gonna take a hard core stance when it comes to locking down OSX or are they gonna end up going with a walled garden app store approach where the user simply can’t install non approved software without jailbreaking. Sadly i’m betting on the latter as Apple has found the app store to be a giant cash cow so switching OSX to a strict app store model not only absolves them of responsibility (I’m sorry but you installed software that was unapproved, you should have stayed with the app store) but will make Apple another giant mound o’ money as well.
“A fine example of this is the trojan iWorks which was distributed through torrents, and never triggered Xprotect”
This is why. You cannot protect a user from their own stupidity. You obtain pirate software from a torrent you may as well expect your whole system to be infested with unwanted nasties.
The problem is that it’s not only pirated torrents. No closed-source software distribution channel can be deemed perfectly secure, because there’s no way to check a binary for existence of backdoors. Which is why all software should be sandboxed.
That’s just not a correct statement. It’s the answer you often hear engineers and computer scientists give because we want to do everything with our computers.
It’s always a trade off between usability and security.
We could do all sorts of things… but of course they would kill some aspect of usability.
– only run ‘trusted’ software… signed binaries and verified by the OS
– only allow (untrusted?) applications to install to their own directory and only allow them access to their own files.
– all executables must be registered/installed by with the OS. They cannot be run otherwise.
…
Installing software from an unknown vendor is a risk, but one that people take because we at least know where the software comes from and so have a course of action to take should it turn out to be buggy, or even worse malicious. This is a trade off between usability and risk, but installing pirated software from an unknown source? In what bat shit crazy world is that a usability tradeoff? It is straight forward stupidity no tradeoff occurring whatsoever.
That is why I think the only way to have proper security on the machine is educating users. Anti-virus, anti-malware or other mumbo jumbo is just voodoo…
Yes…if not voodoo, it is simply reactive. The simple proactive antidotes are to run as Standard User, and Snow Leopard will require authentication for anything that looks to install, and don’t click on links you know nothing about.
I wouldn’t say there are two many parallels with Windows of then 99/2000 with Mac OSX of today. Yes the security features of NT were side stepped but mainly from Microsoft as well as other vendors (Microsoft Office required administrator rights and would go insane without them).
Windows by default during this era was open with everything installed, Windows 2003 was the first version to really tackle this even XPSP2 was not as great of a change only shutting down a few services and adding a basic firewall. Windows 2003 did start the improvement by starting the trend to lower the surface area, installing items only required. However this was a Server OS and end users didn’t really see these changes until 2007 with Vista. However the most hideous security element has to be RPC on Windows, during the 2000’s this caused a security nightmare with nearly a new virus every week exploiting various RPC’s.
I know this may seem like missing the point, with the point being Mac OSX, however the article did focus and try to compare MacOSX to Windows 2000/XP early 2000’s era.
Now as for MacOSX, there are some stupid design decisions.
Why have ALSR and not fully implement it as well as DEP. The security feature is there, it’s incredibly half-arsed. Like fitting a great security lock to your front door and then leaving the door open.
Don’t understand why Apple still has safari open what it deems to be Safe Files. People are not that stupid, they will find the file and if anything it makes it more confusing, i have seen plenty of mac users run apps still in their disk containers without moving/installing in the App’s folder.
Inconsistent authorisation prompt. If your doing something out of the norm, the prompt for your password should come up. Sometimes it does sometimes it doesn’t.
Im hoping that apple has learnt something from the recent security concerns and that they look at Chrome and implement the sand boxing they have, to separate the browser from the OS a bit, as most security issues now arrive through the browser with email being a close second.
The authorization prompt is pretty standard. It just gives you sudo access. Anything you need sudo to do, you will be prompted.
Simply run Snow Leopard as a Standard User (trivially easy to configure), don’t install what you don’t know…and, presto…you’re in good shape on the Mac. Too much tortured prose (with an agenda) in that article, imho.
Edited 2011-06-25 11:06 UTC
So it’s like Windows, then.
It’s easier to run as Standard User in Snow Leopard, in my experience…ymmv.
Not since Vista
Agreed…I run as Standard in Win 7 Pro, and it’s quite similar to Snow Leopard.
I have been running as a standard user for years in Windows, it always “mostly” worked, sometimes (especially in the old days of NT and W2k) it took a lot of work, but it was worth it, that extra peace of mind.
The referenced article is an interesting read, but ultimately means nothing to the average consumer. All OS’s are far more secure now than they were a few years ago. We are no longer hearing about outbreaks of such things as the Melissa, Storm Worm, Mydoom, Nimda, Sobig, I Love You, and the thousands of others that wrought havoc back then.
And while I do agree that OS X might be “insecure”, and even “Horribly Insecure” as the author suggests, there has still to date been NO outbreak of a virus or malware of the scale of any of the above-mentioned viruses that has affected Mac computers.
One can say it is due to there only being a very few Apple computers out there and they are not targeted, but there are millions more now than there were back in even 2000, and yet there have been no attacks. I don’t buy this argument at all. I think the simple fact that you have to enter an Administrator password for these things to gain access to your Mac is a pretty good deterrent against a widespread attack. I may be wrong, but I think Mac users are pretty wise to such tactics.
One can ramble all one wants to about technical shortcomings, architecture flaws, anything you want as a reason an OS is “insecure”, but the fact there are and has never been, any attacks, trumps all that hoohaa.
Except you don’t have to enter the admin password for many attacks to work on a Mac. For example, I could send you a trojan’d executable that when you run it, will email me everything in your Documents directory. You wouldn’t be required to enter any password because it does not need admin permission to do that. I could also email your Apple Mail folders to myself and then harvest email addresses, emails from your bank, etc. Again, no admin permission required because these directories and files only need user permission to be able to access.
Also, keep in mind that the latest versions of MacDefender do not require you to enter the admin password in order to do their dirty work.
You actually are wrong about that. A study conducted by Evan’s Data I think it was found that Mac users are actually more vulnerable to being tricked by social engineering attempts than Windows users are. They are more likely to fall for phishing attempts for example. The reason appears to be that many Mac users don’t seem to realize the difference between phishing scams, trojans that try trick you into entering admin passwords, etc., and actual “viruses”. And Apple has been spending so long telling them that their Macs don’t get viruses, and are secure, that many Mac users believe they are immune from phishing attacks and trojans as well.
There definitely needs to be more education of Mac users when it comes to this.
One can ramble all one wants to about technical shortcomings, architecture flaws, anything you want as a reason an OS is “insecure”, but the fact there are and has never been, any attacks, trumps all that hoohaa. [/q]
Edited 2011-06-25 15:14 UTC
Fair enough. How does any OS defend against such an attack?
By only letting applications access their own folder and files explicitly pointed out by the user. I’ve been told that Android does a bit of this, by forcing applications to tell the user what they want to access at installation time. This system just needs to be improved and polished until it shines.
jack_perry,
“Fair enough. How does any OS defend against such an attack?”
Neolander,
“By only letting applications access their own folder and files explicitly pointed out by the user.”
A user should not have to trust an app in order to run it. Untrusted apps should be allowed to run, but remain individually sandboxed. This way a user could in fact download and run untrusted software without compromising anything else on the system. I don’t know of any OS which does this effectively. Java Web Start gets very close, it’s a shame Sun never got much traction with it.
Obviously it’s extremely difficult to implement sandboxing mid-game. Once we have a huge base of legitimate software which sets the precedent of requiring full access in order to run at all, the user is trained to routinely give app’s escalated privileges. This means the security provided by the sandboxing becomes ineffective – ms vista is a good example of this.
Android runs each application inside its own chroot environment. Although whether that has made Android any more secure or not is very debatable. Recent reports from security research firms have suggested that Android is the second biggest vector of mobile malware now. Second only to Symbian. And that it is rapidly catching up to become the biggest vector of mobile malware. So it doesn’t look like Android’s security model actually works.
Do people actually read and understand the capability list of applications on Android ? If so, the security model is indeed to blame. If not, it’s more of a user interface problem.
Edited 2011-06-25 20:05 UTC
I don’t see how this is a solution. A trojan that can convince a user to install it, can also convince a user to grant it access to all files in a Documents directory. Never mind the hassle to the user who’s trying to run serious programs.
Neolander,
“By only letting applications access their own folder and files explicitly pointed out by the user.”
jack_perry,
“I don’t see how this is a solution. A trojan that can convince a user to install it, can also convince a user to grant it access to all files in a Documents directory. Never mind the hassle to the user who’s trying to run serious programs.”
Imagine a new OS which doesn’t have to inherit legacy software. A user can download, install, and run any application in a sandbox by default. The sandbox could access files opened explicitly through drag and drop or an open dialog box, as well as files created itself.
By far an large, legitimate applications (games/editors) will be able to run in the sandbox without any privilege escalation.
If an app turns out to be malicious, it’s damage would be very limited in scope because of the sandbox.
If a game is downloaded from P2P network and requests higher privileges (let’s say to access email), one could be fairly confident that it is malware.
Okay, it might not be that much of a hassle (though I’m not convinced). None of this addresses the main point of my argument.
We’re talking about trojans, right? somehow a user is convinced to install a trojan, perhaps because (s)he’s visiting the seedier side of the web. (Torrents, of course. What’d you think I meant?)
Now, the trojan is called “MacDefender” and promises to defend you against viruses both old and yet unwritten (through new, amazing technology developed by researchers so recently that the mainstream OS makers haven’t yet implemented it). But, to do that, it needs access to all your files — your Documents directory, say.
Of course, it could ask for more, but I’m working under the desired outcome, which is to access only the Documents directory. I don’t see how any OS defends against this, and Neolander’s proposed solution won’t do it. Remember that part of the hypothesis is that we’re dealing with a user dumb enough to install a virus program from a seedy web site in the first place!
So, how do non-Mac OS’s defend against this? I’m still waiting for a solution, not for a defense of how a non-solution isn’t that inconvenient.
Edited 2011-06-26 20:44 UTC
I agree that once a user is convinced that the software he downloaded legitimately needs advanced security permissions, the efficiency of sandboxing – or any technological malware protection method, for that matter – fades away.
However, I don’t think that the user would be lured into this on a shady website. Here’s why.
Let’s take a picture of random search results on a popular torrent website. It looks the same everywhere anyway.
http://img39.imageshack.us/i/capturepsz.png/
Here we have lots of aggressive ads, one that pretends to be legit sites control but will open a page in a new tab in the upper right corner, one about girls in light clothing that “want to date you” (even though they know nothing about you), and one which I don’t fully understand because it’s in Swedish but am 99% sure it’s about winning a lottery.
These ads are poorly done. Our user is not so dumb that he can’t find out that this place is full of scam. Maybe he’ll have to get burn once first, but he’ll get it.
From this point, the user will get a very defensive behaviour towards ads and strangely one-sided attractive proposals. He’ll focus on getting things done, not on ad tourism.
In this context, the “your computer is infected, but we have cure for cancer” scam won’t harm him, because he’s already cautious enough to notice its flaws.
Now, I *can* get that someone could get a trojan through a browser + OS exploit that makes it use true system dialogs. Or when the trojan’s advertising is *alone* in the place and unexpected. But in a crowded and aggressive environment like torrent websites, users focus on getting things done as quickly as possible and don’t look around, I think. Even a well-done fake dialog like http://sophosnews.files.wordpress.com/2011/05/fakeav.jpg would fail in this context.
Edited 2011-06-26 22:15 UTC
Okay, we agree there.
People did download and install MacDefender, and I understood that they obtained it from shady websites. Maybe not. However they did it, that’s the relevant hypothesis.
Making operating systems so secure that bloated antivirus crap becomes a thing from the past, removing #1 cover identity of scamware ?
(Yes, I know, chicken and egg)
Edited 2011-06-26 22:29 UTC
I think you’d be surprised by how much desktop applications would be fine with no more access to your home or document folder than its own files and the files which you explicitly direct it to (through a system open file dialog, drag and drop or a CLI parameter). Most software is not dangerous by its very nature.
About six months ago, while I was using Windows as my primary OS, I’ve done the following exercise : opening the “Add and remove software” dialog of my Windows install, and finding out what security permissions each entry would need, given a redesign for a sandboxed OS. As it turns out, few entries actually needed disk access to more than their private folder and user-picked files at a conceptual level. These were…
-Adobe Flash Player, because it copies itself in web browsers’ private folders (and as such alters your web browsing experience).
-AVG 2011, because current antivirus want to take over your entire system in the same way as malware.
-System updates.
-Driver software for my phone.
Would you agree that all of these are sufficiently dangerous to reasonably require a security warning and a double check that they come from a reliable source ?
Now imagine that the huge majority of applications which do not require a warning get installed very quickly, without hassle. Only when you install a truly dangerous piece of software do you get a warning. This way, you get a much improved user experience for everyday use and a much stronger user awareness and cooperation when some installation actually involves dangerous software. Add up a security warning dialog that is actually informative (unlike Windows UAC and its OSX equivalent), as permitted by the sandboxed model, and you get much stronger security than what we have now.
Edited 2011-06-26 05:55 UTC
Neolander,
Those things would be practically free (given the ability to sandbox an app in the first place). So it makes so little sense that we’re not doing those things today. They’re obvious improvements to typical security models in use today.
Operating systems also need to do a better job of managing fine grained access.
On one system after an upgrade, I was troubleshooting a mysql issue. It would fail for no apparent reason – it indicated a file didn’t exist, but it did and was owned by mysql. I ran strace against mysql, and to my surprise linux was reporting that the file didn’t exist. I was extremely frustrated and straced mysql as root, which worked fine. Long story short, unbeknown to me, ubuntu’s “apparmor” package made the file inaccessible to mysql. I admit inexperience with apparmor, however the level of grief caused by it was totally unacceptable. A normal user might have given up and run mysql as root.
I know there’s a delicate balance to be reached somewhere, but the simple rules described by Neolander would go a long way to improving usability and security.
I think your post contains the description of why we’re not doing sandboxing in all modern OSs already.
When you have thousands of legacy applications lying around which were never designed for a sandboxed environment in the first place, patching that huge mass of code until it works, like Linux distros which use SElinux or AppArmor try to do, is quite a challenge.
This is why I think that Apple have hugely messed up by not making sandboxing a core part of iOS’ design while they could. But well…
Neolander,
“When you have thousands of legacy applications lying around which were never designed for a sandboxed environment in the first place, patching that huge mass of code until it works, like Linux distros which use SElinux or AppArmor try to do, is quite a challenge.”
Well this is a given. And it’s made all that much more confusing due to the fact that between posix user/group/other bitmasks, ACLs, SeLinux/AppArmor, and NFS shares, the access rights can be totally contradictory. There’s just no practical way to determine access rights under linux without actually testing them. The gnome file browser (along with nearly 100% of tools) doesn’t even display ACL. I don’t think *nix will ever recover from it’s POSIX roots.
When I was a windows admin, I never had this problem even with complex DFS file systems across servers.
I’m curious about what MacOS does.
I think I’ve read somewhere that MacOS X only offers sandboxing as an optional extension for developers to use. People choose to put themselves in the sandbox, so to speak. If you don’t use the sandbox, OS X behaves like a normal *NIX
So fully switching to a sandboxed model on OSX would be about as painful as it is on Linux, though with the difference that a large part of the libraries used by OSX developers are under Apple’s control. It might help a bit.
Edited 2011-06-26 09:55 UTC
[/q]
Most Mac users are either former Windows users or current users of both platforms….nothing to indicate that a Mac user is less savvy.
How lovely , you can keep holding on to your lovely sense of superiority.
As for real-world concerns about security, OSX fails to implement techniques that other OS successfully deploy to reduce vulnerabilities. Whatever other platforms a good number of OSX users use/have used, whatever lack of savvy these `lesser Mac users` possess, they comprise the majority of OSX users, and as such should be reflected in the operational use scenarios that security features take into account.
And if you`re aware of the hacking contest being discussed, the test is simply visiting a webpage, no entry of user passwords or any other user intervention required… But I guess researchers who focus all of their time on mattes of computer security just are wasting their time and don`t know what they are talking about. If only they `understood` the Apple way.
(BTW, I like the OSX user experience at large, and think it`s the best out there… I don`t think that means Apple is flawless or that they are excused from having top-notch security methods. I would be glad if/when they do so, but until then it`s a valid criticism)
mutantsushi,
“And if you`re aware of the hacking contest being discussed, the test is simply visiting a webpage, no entry of user passwords or any other user intervention required…”
I assume your talking about pawn2own? If I recall, in the last competition mac os failed on day two via an email exploit, not a web page. You are correct there was no interaction except for viewing the email.
“How lovely , you can keep holding on to your lovely sense of superiority.”
I don’t think this is fair to the poster you responded to. I believe he was suggesting that mac users have security competency at levels similar to windows users. He didn’t provide any evidence to support the claim, but then nobody provided evidence to the contrary. I don’t think he was trying to be smug.
I use and appreciate both OSX and Win 7…neither are perfected. There is a slight learning curve with either platform to run it intelligently and safely. Almost all Mac users I know are using Windows at work, so they have some familiarity with both systems. The idea that Mac users are simpletons who swallow the Apple koolaid is tribal wisdom for some here and elsewhere, but doesn’t pass the giggle test for truth.
What mutantsushi ascribes as ‘lovely sense of superiority’ could also be described as someone’s lack of accurate perspective.
Edited 2011-06-26 13:15 UTC
So you’re okay with rampant security vulnerabilities, just so long as no one can be bothered to exploit them? That’s like getting diagnosed with Herpes and saying “it doesn’t matter because I haven’t had an outbreak yet!”
Uh, yes Virginia, there have been attacks.
Yeah, I guess it would be a difficult argument to swallow… if you’re completely ignorant of how viruses & worms spread and the actual factors that make it possible for them to propagate.
You say there have been attacks. Would you please cite them? Just exactly what attacks on Macs have there been in the past on the scale of Melissa, I Love You, Nimda, and the others I cited in my post? Hmmm? What attacks? I and everyone else on here are waiting to see this supposedly massive list of attacks that have been perpetrated on Macs in the past that demonstrates their vulnerability and ostensibly ridiculously horrible security.
A house with no locks is insecure even when it never gets broken into.
Or…a house with locks that are not used.
Would a house with a strong lock on the windows and a front door without a lock be a better analogy ?
Edited 2011-06-26 13:58 UTC
wocowboy,
“You say there have been attacks. Would you please cite them? Just exactly what attacks on Macs have there been in the past on the scale of Melissa, I Love You, Nimda, and the others I cited in my post? Hmmm? What attacks? I and everyone else on here are waiting to see this supposedly massive list of attacks that have been perpetrated on Macs in the past that demonstrates their vulnerability and ostensibly ridiculously horrible security.”
Well this is a big straw man, your ignoring what everyone said and trying discredit us based on things no one here has said.
If anything, most of us have already acknowledged that Mac viruses are much less common than windows ones. What we disagree with is claims of superior security in apple’s camp, particularly today.
For starters, there’s the one mentioned here several times in the last month or two (MacDefender), as well as 3 mentions in the comments for this story alone.
Backpedaling noted. Your original claim was, and I quote:
Nothing mentioned there about scale, you’ll note.
Where did anyone claim there’s a “massive list of attacks”? Or are one of those Apple apologists who just finds it easier to argue against strawmen?
Your argument still amounts to nothing more than “la la la la, I’m not listening, security vulnerabilities don’t exist until they’re exploited.” And you’ll probably continue spouting that line right up until the day that there is large-scale OS X exploit.
“For starters, there’s the one mentioned here several times in the last month or two (MacDefender), as well as 3 mentions in the comments for this story alone.”
Those viruses, malware, whatever you call them, have also been discredited in these comments for being insignificant and very minor in overall effect or having produced no effect at all.
Several posters have stated that there have been many attacks on the Mac OS over the years, yet no citations of these supposed attacks has been made at all. I cited Melissa, Nimda, ILoveYou, and other Windows-related malware and viruses that wreaked havoc in the PC industry in their day, bringing millions of computers down, causing people to have to erase/reformat/reinstall Windows or just trash their hard drives altogether. I remember those attacks, I had to deal with them. THAT is what I was talking about when I refer to attacks on that “SCALE”.
“Your argument still amounts to nothing more than “la la la la, I’m not listening, security vulnerabilities don’t exist until they’re exploited.” And you’ll probably continue spouting that line right up until the day that there is large-scale OS X exploit.”
Yes I probably will, and then I will be one of the first to complain to Apple that they should have been paying more attention to security all along. Never in any of my posts have I said that security vulnerabilities don’t exist, show me where I have said that.
In the end, what I object to is related to the title of the article, “OS X – Safe, Yet Horribly Insecure”. People ignore the “safe” part and use the adjective “insecure” as a basis for an argument that based on that word alone that OS X should not be used.
I guess you don’t read very well them. Because I listed the names of several attacks.
Right, because if it hasn’t happened yet there’s no need to worry.
Also known as : “I’ve never got AIDS, so I don’t understand all the fuss about condoms”.
Soulbender,
“Right, because if it hasn’t happened yet there’s no need to worry.”
Many apple users are ridiculously insecure about their OS (pun intended).
A darwin distro like older livecds could cater for secure minimal installs (and let the community make something like a real pureDarwin)
the emperor still thinks the clothes are real.
Everything he says about OSX is true, but he didn’t really examine windows security in depth. It was designed less secure than he thinks and ultimately implemented even less securely.
HIs biggest complaints seem to be the lack of ASLR, sand boxing and apple’s past response to security threats. Then, in the conclusion he mentions that all of these are being addressed in Lion. That’s bold writing right there: arguing that a company should do exactly what they just told you they should do!
> It was designed less secure than he thinks and ultimately implemented even less securely.
Citation needed.
First user is “owner\sudoer\wheel” browser allows arbitrary code, pdfs run at an exec level, Broswer unstuffs and mounts .dmg\.iso files – I guess that would be bad, firewall is off, guest accounts are on iLife services sharing on a bunch of porst and just a bunch of other stuff. I am a big Apple head, and the Non-Admin accounts is with Limited and Parental Controls on is nice but the Admin account is a nightmare.
BUT that is again hard to patch against the stupid user. Unity as an interface took a beating but it makes it harder for a curious newbie to assassinate his configuration. And it seems plenty secure with user defaults.
does that article need to be so long? holy shitballs. I’m skeptical the subject warranted so much heft and girth of mass
Somebody comes along and posts a ridiculous article (OS X is less secure than Windows because Windows has more ACLs! ASLR solves all our problems!) and gets a mix of ridiculous agreement comments and successfully-trolled people.
When you see the word “horribly” in an article title, that’s a good indicator that it’s more tabloid style and less, you know, factual.
Yes, we know, fanboy. Here. Have some more kool-aid. It’s made by rainbows and unicorns you know.
At least safer than windows…
Btw name 1 virus or worm for Mac OSX.
Name one for up-to-date Windows 7 machines.
No OS is adequately secure, and that includes Windows 7.
Edited 2011-06-25 19:33 UTC
Every mainstream OS is adequately secure, perfectly secure maybe not, but secure enough for use. yep.
No OS is adequately secure against social engineering exploits, nor can they be. Users have to employ common sense and a modicum of knowledge to compute safely.
.
Edited 2011-06-25 23:32 UTC
– OSX.Leap.A (Worm that propegated through iChat)
– Exploit.Evilgrade.A (tricked OS X into downloading fake updates, which were trojaned).
– Worm.OSX.Tored.A (Worm that propegated through Mac network shares and through Apple Mail).
Those are three that I am aware of without even looking very hard. None of them achieved very wide spread infections because they could only propegate through Macs. And since Macs were not very popular yet when they were creagted, many infected Macs searched in vain trying to find another Mac that they could infect.
But I have now given you three examples of Worms on OS X).
Edited 2011-06-25 20:40 UTC
pantheraleo,
“Those are three that I am aware of without even looking very hard. None of them achieved very wide spread infections because they could only propegate through Macs.”
I always thought that the argument was (simply) that macs were less of a target for malware authors due to small market share.
However it never occurred to me to think that even when the mac os is targeted by viruses, those viruses will have more trouble than windows viruses in randomly finding more targets. The lack of targets would help retard mac virus propagation.
Sorry, Leap.A was at best (worst?) Malware. (not a worm or virus)
This exploit toolkit was a low threat-level multiplatform exploit tool that allows it to take advantage of poor upgrade implementations by injecting fake updates. (not a worm or virus)
Sorry, Leap.A was at best (worst?) Malware. (not a worm or virus)
This is the only example where you have a point and even this worm had flaws that made it highly unlikely to be seen in the wild.
Edited 2011-06-25 23:45 UTC
Jennimc,
“Sorry, Leap.A was at best (worst?) Malware. (not a worm or virus) ”
Wasn’t Leap.A this the virus which propagated through a jpeg decoder vulnerability? The executable payload was run whenever the remote user’s thumbnail was displayed, at which point one’s own jpeg thumbnail became infected. Why doesn’t that qualify as a computer virus to you?
“This is the only example where you have a point and even this worm had flaws that made it highly unlikely to be seen in the wild.”
It sounds funny to me to hear people downplay security vulnerabilities in this manor. If researchers successfully write a working proof of concept virus, but it is never released into the wild, then I’d still argue that it should still be considered evidence against a platform’s security.
Look at recent security updates for OSX.
http://support.apple.com/kb/HT4723
“Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution”
This is one of many arbitrary code execution vulnerabilities mentioned. Hopefully this is fixed now, but I can guaranty that there was some mac chap somewhere boasting mac os as invulnerable, even though this was wrong. The lack real world attacks, if anything, demonstrates a lack of motivation.
No operating system has a perfect track record. Don’t deny it, just fix it and move on.
Ah. Another Mac fanboy who either doesn’t want to admit it was a worm, or doesn’t know what the definition of a worm is. Leap.A took advantage of a JPEG decoder vulnerability in iChat as others pointed out. And propegated by sending itself to other people in your iChat contact list. So yes, by definition, it was a worm.
It was a worm because one of the fake updates that it was possible to inject through it was the exploit tool itself, which would then turn the infected Mac into a fake update server that could infect other Macs. Again, it meets the definition of a worm.
It was seen in the wild. But as I said, not very often because Macs were not very common in the wild. It mostly infected corporate networks that had a lot of Macs running on them.
I am very impressed by some of the newer versions of linux. So on a vacation i took one on a test ren for a couple of weeks. I have an old version of Vista as my VM for about 4 years, and that seems stable and secure or at least un infected (also using 0 third-party Anti Virus installed). And of course I use the Mac OS full time and all three of these OS’s have a competent driver on board. Heck I insist that the average OSAlert reader is similarly immune in this regard.
2 out of those 3 OS’s security model steer the user away from the Admin account and Apple misses on that. So a Phishing/Spearfishing attack could work, sometimes wven without a security prompt. but I just do not see them. (in OSX) Moreover while just taking the user out of the Admin account does not fix every vulnerability but these then could not bypass an admin prompt, but it does reduce the Attack Surface.
The Simplest Fact – the Occam’s Razor if you will is that anecdotally and empirically the Mac OS has remained thus far, pretty cool as far as malware goes. Hell users have more to fear from a flaky filesystem than they do from external threats.
Of the 3 key OS’s the key is not only how to be more secure but how to be reasonably secure without having to be shut out from usability, which makes a user want to bypass security – Vista and 7 still allow me to bypass UAC which I do not see on the Unix/Mac side yet. The Mac is not perfect but it is more useful (out of the box) than Linux, and safer then windows. If I could not afford a Mac, then I would go with Linux. So it is a good thing to look at on a Saturday Afternoon and talk it over in the pub, or on irc in a caf~A(c) or here. On the whole I think that the discussion has moved beyond a flamewar and into a set of best practices.
That is a very nice article assuming that Apple were to stay static – anyone with a free Apple developer account can watch the variety of WWDC2011 videos that have been uploaded which addresses pretty much everything that has been raised in the essay. I’m sorry to say this but the person who wrote this is the epitome of lazy when they’re on one hand talking about how ‘horrible’ Snow Leopard is but ignore the changes made in Lion and announced in WWDC2011 as if these changes didn’t exist. The parallel to this would be Windows 7 on the verge of being released and evaluating the whole Windows ecosystem (past, present and future) on Windows Vista – it would be a stupid essay to write but low and behold the author of the article has established what he is really about (creating mass hysteria).
As for someone within the replies to this article who noted ASLR, DEP and so forth – again, the WWDC2011 session videos are available and anyone with a free Apple developer account can view the videos and then make an evaluation as to whether Apple takes security seriously. Sorry, I’m not going to excuse laziness because it is “all too hard” to sign up for a free account and watch a couple of videos.
I think Apple is going to get to the point that they are going to turn their desktop OS around. Meaning that when you buy a Mac, it will be set up like the iPhone where you can only install stuff from the App Store unless you go through extra steps to do it. That way if you go there then you take on the risk yourself. Apple is no longer a computer company, they are a consumer electronics company that just happens to use an OS to run all their products. They want everything to be like a TV. You get it, plug it in and turn it on and it just works.
Yes, that would be a great solution, but then everyone on here and every pundit on the internet will complain and moan and rant and rave that it is a “closed system” or “walled garden” and therefore is worthless because you can’t install open source software on it, or Apple is being its usual draconian control-freak self, or some other such nonsense.
Read the post again. He was talking about having an official sideloading mechanism, like what Microsoft apparently plans to do with WP7.
Could be the winning compromise in the end, and though I’m not fond of it it could be satisfactory.
My guess is that Apple will make it as easy and attractive as possible for its users to download apps from its curated App Store. And, it will still be just as easy to choose to install apps from web downloads etc; but perhaps Apple will insert enhanced cautions or warnings about installs that don’t source from their store.
I don’t get why some people like to use the “curated” adjective when talking about Apple’s application store.
Maybe it’s because of my limited English skills, but it always reads as an aggressive and subjective, flamewar-inducing term. Like, you know “everyone in the computing world has pest, except us because we have found a cure”.
Edited 2011-06-26 13:46 UTC
Curated in this instance is defined as differentiating installs from any variety of sources which may or may not be safe with those which Apple has presumably examined and approved for their store….not really subjective at all.
Oh, right. It’s a synonym for “with a review process”, then ?
Yes
Thanks for the clarification
You are 100% right on that! People keep forgetting that Apple’s main goal is to support mom and pop, not power users!