Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Foundations of Mac OS X Leopard Security

samzenpus posted more than 6 years ago | from the protect-ya-neck dept.

OS X 213

jsuda writes "At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable." Read below for the rest of Jsuda's review.Many of the security issues raised in the book are theoretical or deal with added elements of the Mac software install that contain non-Apple components — Apache Web server and Perl and PHP scripting packages, for example. Many of the items of concern deal with generic problem areas of computer usage in general, both software and hardware, which affect the Mac as well as any other computers and networks. While the perspective of the book is on the Mac, much of the security review will apply to any type of computer or network.

Messieurs Edge, Barker, and Smith are seasoned Mac and security professionals who point out in a very systematic and comprehensive way the potential problems of running the Mac both in single use and networked environments. The focus is primarily on Mac OS X Leopard and the other software which comes with any new Mac computer, although there is some discussion of earlier OS X versions and earlier generations of Apple applications like Airport.

The book has five main parts covering general security matters, essential security fundamentals, networking, sharing, and workplace security issues. There are four very short appendices of modest value.

The initial first three chapters deal with general security and security fundamentals is basic stuff discussing how technical computer security issues are entwined with practical realities of using computers in a business or home, and that compromises between security and practicality generally must be made. There is discussion of types of security attacks, how the Windows booting programs, Parallels and Boot Camp, implicate Windows security issues on the Mac, and how the UNIX underpinnings of the Mac OS X allow for more sophisticated techniques and tools in securing the Mac computer and networks. Chapter 1 is a useful "quick start" guide of items which can be addressed readily by nearly any level of user to safeguard the Mac from many security concerns. Apple has provided a lot of built-in security features and services which can be adjusted by individual users to his or her own needs, like FileVault, Secure Trash, Keychain, permissions, and others. Higher-level users and maybe experienced security professionals not used to the Mac may be bored with the first part of the book.

Part two deals with protecting the Mac from malware and exploitable services in the OS and major applications like the Safari browser and Mail applications. It explains how malware can affect the Mac through script viruses, social engineering techniques, and other exploits. The book lists a number of available software tools which can help solve some of the potential problems. The section on reviewing and configuring monitoring processes and logs is especially interesting.

Securing networks, using and configuring firewalls, and wireless networking make up the bulk of part three. The content in chapters 7 through 9 is quite technical covering types of networks; routers, hubs and switches;proxy, DMZ, and other servers and hardware setups, advanced firewall configuration using both GUI and command line interfaces; filtering; traffic throttling; and more. The sections describing testing of firewalls and hacking wireless networks using tools like Kismac and iStumbler are especially useful.

Chapter 11, in part four, dealing with website security when utilizing the built-in Apple web services, includes a checklist of at least a dozen items to be dealt with in locking down a site. Security for remote conductivity is addressed also, with particular emphasis given to VPN, secure shell, and the use of network administration tools like Timbuktu and DAVE. Attention is given to both the standard Mac OS X installation as well as to OS X Server. The most complex discussions involve using Open Directory in a security plan. My favorite sections were in chapters 14 on network scanning, monitoring, and intrusion prevention tools. The book describes how to understand your own machine/network security status by learning how to attack other networks. And how to use techniques like white/black box testing, fingerprinting, enumeration, port and TCP/UDP scans, ping sweeps, and more.

The book describes how intrusion detection is accomplished. Guidance is provided on software tools like Tripwire, snort, Checkmate, and others. The last chapter concerns forensics and how to handle attempted or successful intrusions to both understand security weaknesses and to preserve evidence for civil or criminal proceedings, CSI-like.

Nearly all of the presentations cover two levels of interactivity using either GUI-based tools or the command line. Except for a handful of sections, the presentations are useful even for higher-end users, including those dealing with medium to large networks.

The writing is workmanlike and without style or wit, but carefully organized and expressed. There are plenty of (grayscale) screenshots of relevant software application configurations, and sidebar Notes and Tips on many topics. Anyone who has a serious interest in Mac OS X security will benefit from this book as its main virtue is its systematic and comprehensive approach to the issues. It is designed to inform users of all levels how and why to think about OS X security. Geeks who want or need to know Mac OS X security will get a nicely organized book sufficiently filled with useful content. This is not a book intended to raise all security issues or to provide all the answers. It does answer many problems, and will point nearly all users in the right direction for their specific needs.

You can purchase Foundations of Mac OS X Leopard Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Sorry! There are no comments related to the filter you selected.

A good start to the discussion (5, Insightful)

jeiler (1106393) | more than 6 years ago | (#23877207)

OSX is intrinsically far more secure than Windows, but all systems have their vulnerabilities. For Mac pros to acknowledge that "far more secure" does not equal "completely secure" is a good step in the right direction. Thanks for the review, jsuda.

Re:A good start to the discussion (5, Insightful)

negRo_slim (636783) | more than 6 years ago | (#23877285)

OSX is intrinsically more secure than Windows
There fixed that for you. Let us not forget Windows also faces much more exposure due to it's market share. But then again anything that's not locked in a room with no network access is going to be vulnerable to one degree or another.

Fanboi! SIC! (0, Flamebait)

Jeremiah Cornelius (137) | more than 6 years ago | (#23877375)

Take 'em all down, Fanboi! Good dog!

Re:Fanboi! SIC! (1)

negRo_slim (636783) | more than 6 years ago | (#23877549)

Yup, funny that... Enjoying a product that 'just works' (for me at least, I've seen plenty of horrible configs), supports all the latest hardware and has tons of software. Especially the kick-ass fighting games with action missiles! [wikiquote.org]

But I digress I'm sure the windows larger market share plays absolutely no part in it's struggle with securing the platform. I'm sure having more mass appeal ensures only the best and brightest will use your OS, right? right?

Re:Fanboi! SIC! (0, Offtopic)

jellomizer (103300) | more than 6 years ago | (#23877921)

I'm sure the windows larger market share plays absolutely no part in it's struggle with securing the platform.

I wouldn't say that. A lot of the time Mac Volnerabilities come out in these "Hacking Contests" Either a Buffer Overflow in Quicktime or what not. However they only come up when people are seriously trying to break in... Most Hackers who do it "Professionally" or "Habitually" will just work on windows systems. As if you find a problem you have the most impact with windows. vs. Macs or Linux. While Macs my be more secure then Windows by design however if Macs were the dominate platform I am sure you will see viruses and hacks far more common then there is now and if winodows only had 5% of the market there wouldn't be that many hacks. Get yourself a Prime Mainframe set it up with TCP/IP and put it unprotected on the internet and see how long will it take to get hacked into. Probably a long time. The OS isn't that secure. It is security is if you know the password or not. So even if a password cracker ran once it got in it wouldn't know what to do.

Spare a talent for an old ex leper? (1)

spun (1352) | more than 6 years ago | (#23877757)

Oh, wait, that's OS X Leopard. Sorry, my bad. That parrot story gave me Python on the brain.

The Fullest Measure (4, Insightful)

SuperKendall (25149) | more than 6 years ago | (#23877857)

Take 'em all down, Fanboi! Good dog!

And with that message, your contentless response to a well-written message puts on display the fullest measure of your intelligence.

Re:The Fullest Measure (0)

Anonymous Coward | more than 6 years ago | (#23878195)

Even trolls have standards.

Re:A good start to the discussion (4, Insightful)

jeiler (1106393) | more than 6 years ago | (#23877561)

OSX is intrinsically more secure than Windows
There fixed that for you. Let us not forget Windows also faces much more exposure due to it's market share.

I'm aware that Window's market share makes them the "low-hanging fruit," but even without considering market share, OSX has fewer security holes than Windows.

Most of the difference seems (to me, YMMV) to be remnants of OSX's background in BSD, and the security practices in the BSD world--it seems that Apple has added far more functionality to BSD, but at a cost of lowered security.

But then again anything that's not locked in a room with no network access is going to be vulnerable to one degree or another.

Don't forget to unplug it, too! :D

Re:A good start to the discussion (1)

negRo_slim (636783) | more than 6 years ago | (#23877623)

OSX has fewer security holes than Windows.
How can you say that with any certaintity when you don't have the worlds underground hammering at your door every day for years on years? I believe the mac is simply a less valuable target to those to seek to circumvent your computers security. If the rewards were there, the security problems would be too.

Re:A good start to the discussion (5, Insightful)

jeiler (1106393) | more than 6 years ago | (#23877753)

How can you say that with any certaintity when you don't have the worlds underground hammering at your door every day for years on years?

By comparing the structure and functionality. If we had to wait until a system has been attacked to see how vulnerable it was, we'd all be in REAL trouble.

One basic factor is default user account privileges: Microsoft has all new users default to Admin privileges (a practice that may have stopped with Vista), while Apple (like Linux) has new users default as limited accounts that must be escalated to have Admin. Microsoft's way is more handy (in that even an inexperienced computer owner can set up an account that can do anything), but insecure (because only an inexperienced computer owner would WANT all users to have accounts that can do anything).

There are plenty of vulnerabilities on both sides, but from everything I've seen in 20+ years of working with both Microsoft and Apple products, Apple is in the lead for security. Of course, that may change without notice, if Microsoft tightens up their practices, or Apple adds more vulnerabilities.

Re:A good start to the discussion (0)

Anonymous Coward | more than 6 years ago | (#23878251)

MacOS has no user account privilege seperation. See the AppleScript for-free root privilege escalation story two days ago. You can also ask a certain Apple Store in California for confirmation.

Re:A good start to the discussion (1)

SuperKendall (25149) | more than 6 years ago | (#23879517)

But that is one bug, probably soon fixed - and doesn't even work if the user is logged in (meaning it doesn't work on most OS X servers).

By default OS X has all the account separation of any other UNIX system, privilege escalation through elevated processes is nothing new at all.

Re:A good start to the discussion (3, Insightful)

jedidiah (1196) | more than 6 years ago | (#23877887)

Bullshit.

If you build it, they will come.

If nothing else they will do it to claim bragging rights.

This notion that small marketshare saves you or large marketshare dooms you is just nonsense spouted by people that haven't been around long enough to have used anything else (besides Windows).

Re:A good start to the discussion (4, Interesting)

prockcore (543967) | more than 6 years ago | (#23878567)

What, intrinsically, makes OSX immune to spyware?

OSX cannot stop you from running software that is inherently evil.

The fact that there isn't spyware on OSX proves that small marketshare is indeed a huge factor in lack of exploits in OSX... because there is absolutely no technical reason for spyware not to work on OSX.

Re:A good start to the discussion (2, Interesting)

dr_turgeon (469852) | more than 6 years ago | (#23878247)

How can you say that with any certaintity when you don't have the worlds underground hammering at your door every day for years on years? I believe the mac is simply....
You may be partially right, but that line of reasoning is entirely relative to market-share -- which is one variable. If you ignore the other parameters, you have a compelling argument.

To illustrate, consider this text-book style fallacy: Juan claims metal baseball bats are just as likely to break as wood ones. "Because metal baseball bats aren't used as often* they only seem to be stronger. Believe me, if guys used metal enough, you'd be breaking bats all the time. So stick with wood."

You can now be certain metal bats are as weak as wood?

* disclaimer: I know very little about baseball or bats!

Re:A good start to the discussion (1)

cmacb (547347) | more than 6 years ago | (#23879153)

And remove, and shred the hard drive.

Re:A good start to the discussion (5, Interesting)

Anonymous Coward | more than 6 years ago | (#23877293)

OS X has a solid architecture, but all the evidence indicates that Apple has not taken security seriously as a process issue to the same extent that Microsoft has.

Some of the recent bugs with Safari remind me of the stuff MS was doing 10 years ago, where junior programers hacked together E-Z features without any consideration for the security implications.

The other issue is that QuickTime is a huge smelly bug-filled legacy turd, but thankfully Apple has announced that they are rewriting a replacement.

Re:A good start to the discussion (1)

palegray.net (1195047) | more than 6 years ago | (#23877421)

Some of the recent bugs with Safari remind me of the stuff MS was doing 10 years ago, where junior programers hacked together E-Z features without any consideration for the security implications.
As opposed to now, where junior programmers are assigned to security-related tasks? I'm not sure it's much better...

Re:A good start to the discussion (2, Insightful)

aristotle-dude (626586) | more than 6 years ago | (#23877657)

OS X has a solid architecture, but all the evidence indicates that Apple has not taken security seriously as a process issue to the same extent that Microsoft has.

Please. Do you think it wise behavior for IE to load any dll placed on the desktop? IE should not just load any DLL placed in the default path but rather should only load from a well defined directory tree built specifically for add-ons and plugins.

The recent "carpet bomb" issue with Safari on windows brought to centre stage this very issue.

MSFT is is still creating junior level mistakes with their flagship software.

Re:A good start to the discussion (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23878423)

Safari has had at least a half-dozen "dumb features" that caused security problems. So you are comparing an architectural issue with poorly thought-out luserware that Apple went out of their way to implement.

I know your peanut-sized brain can't comprehend this in any terms but "who is worse", but please try to follow along.

Re:A good start to the discussion (1)

jeiler (1106393) | more than 6 years ago | (#23877789)

OS X has a solid architecture, but all the evidence indicates that Apple has not taken security seriously as a process issue to the same extent that Microsoft has.

I normally don't respond to ACs, but this comment is dead on target.

Re:A good start to the discussion (2, Informative)

Darkness404 (1287218) | more than 6 years ago | (#23878103)

I normally don't respond to ACs, but this comment is dead on target.


The thing though is, Apple doesn't have to do anything about them and they will still have a more secure system then MS. The first reason is that unless Apple gives users root access by default, they can't screw up most of Unix. The second part is, Apple has been and always will be the underdog, giving MS the majority of the targets. The third part is, an open source core, so if people complain about security holes, Apple can give them the source and tell them to fix it yourself. Basically, it doesn't matter what Apple does, OS X will always be more secure then Windows in the number of exploited flaws. Because if they aren't exploited, then they don't really matter.

Re:A good start to the discussion (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23878237)

The fifth part was that they broke all legacy compatibility and forced everyone to rewrite their applications. ("Classic" was actually humongous setuid root security hole). Not that MS hasn't made some huge mistakes, but the biggest anchor around their necks is the legacy compat issues which their market position demands they keep.

Re:A good start to the discussion (4, Interesting)

neil-ngc (1019290) | more than 6 years ago | (#23877299)

It's hard to write much about security holes when there isn't much of a history of attacks. Can we say "OSX is intrinsically more secure?" Maybe, certainly a lot of its default configuration tend to be more secure than Windows' defaults.

But what's made, and perpetuated, the notion that Macs are immune to viruses and other attacks is that there just aren't very many of them out there. Even with Mac's quickly growing market share, it's still far more lucrative to target mass market windows machines.

Look at how they are attacked. (4, Interesting)

khasim (1285) | more than 6 years ago | (#23877577)

But what's made, and perpetuated, the notion that Macs are immune to viruses and other attacks is that there just aren't very many of them out there.
No. With the Internet, attacks can be automated.

Put an unpatched WinXP on the Internet and watch how quickly it is cracked by an automated process randomly scanning IP blocks.

Even with Mac's quickly growing market share, it's still far more lucrative to target mass market windows machines.
So you'd turn down $5 million for a chance at a portion of $90 million?

No. If they were easy to crack, they would be cracked. Automatically. By a zombie scanning IP blocks.

Can we say "OSX is intrinsically more secure?" Maybe, certainly a lot of its default configuration tend to be more secure than Windows' defaults.
The real issue is that Macs are very secure ON THEIR OWN. Not in relation to anything else.

Today, most boxes are cracked via worms, browser exploits and email attachments.

Removing entire avenues of attack is possible with a Mac. Remove an avenue of attack and you've increased your security.

Then, as long as the DIS-INFECTION rate is HIGHER than the INFECTION rate, those systems will be "secure". At least, they will not be cracked by worms, browser exploits or email attachments.

Re:Look at how they are attacked. (3, Insightful)

neil-ngc (1019290) | more than 6 years ago | (#23878017)

Gah.

No. If they were easy to crack, they would be cracked. Automatically. By a zombie scanning IP blocks.

A zombie can scan IPs for known security holes, but the programmer still has to design a virus, worm, etc. specifically for the Mac that will exploit that hole. The viruses that attack windows won't work on Mac...you have experiment and find different avenues of attack...identify the security hole to exploit. I maintain that few security holes have been identified because fewer people are looking for them, not because there are fewer of them.

The real issue is that Macs are very secure ON THEIR OWN. Not in relation to anything else.
Remind me again what makes the Mac very secure in an absolute sense? How do you measure it. Because the some of the well known vulnerabilities in other systems don't exist in the Mac?

Today, most boxes are cracked via worms, browser exploits and email attachments.
Are you saying the Mac doesn't receive email attachments, has a 100% secure browser, and isn't suseptible to worms?

Removing entire avenues of attack is possible with a Mac. Remove an avenue of attack and you've increased your security.

Removing avenues increases security, but it doesn't mean that a completely different system doesn't have different avenues of attack that don't exist in the competition. If you have an existing product, and close up one avenue of attack, odds are good that it hasn't opened up a new one, and the newer version will be more secure. When you build a different product, you can look at the mistakes made elsewhere and correct for them, but it's a pretty good bet that you've had the oversight or mistake elsewhere in your own design.

And it still seems like you're implying that the people at Apple have somehow come up with a brilliant way of stopping all attacks by worms, email attachements and browser exploits.

All I'm saying is that Mac's current security is due to market share, not intrinsic to design. Look, I'm a Mac user, too, but don't blind yourself or fool yourself into thinking that somehow those folks at Apple are geniuses who've made the perfect impenetrable system, while the dunces in Redmond couldn't figure out how to lock a door.

You're wrong. (1)

khasim (1285) | more than 6 years ago | (#23878571)

The viruses that attack windows won't work on Mac...you have experiment and find different avenues of attack...identify the security hole to exploit.
The avenues of attack are the same. Those are CLASSES of attacks.

A zombie can scan IPs for known security holes, but the programmer still has to design a virus, worm, etc. specifically for the Mac that will exploit that hole.
And with about 5 million Macs out there, why wouldn't said programmer do so?

All I'm saying is that Mac's current security is due to market share, not intrinsic to design.
And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited.

And it still seems like you're implying that the people at Apple have somehow come up with a brilliant way of stopping all attacks by worms, email attachements and browser exploits.
Look up the word "security".

There is nothing "brilliant" about following basic security practices in the design of the system.

That's all there is. Nothing magical. And it won't change if Macs suddenly become the dominant platform.

All Apple does is follow basic security practices.

Re:No, you're wrong (1)

neil-ngc (1019290) | more than 6 years ago | (#23878819)

And with about 5 million Macs out there, why wouldn't said programmer do so?
Because the same amount of time invested opens up a lot more victims.

And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited.
First off, there are mac exploits, just not a lot. Second off, if the same amount of invested effort would give you a pool of potential victims that is orders of magnitude larger, why would you waste your time. But more than that, just because somebody is looking for a hole, and a hole exists, doesn't mean that a small number of people are going to find it. Small number of people working on the...ummm...well let's call it a problem, means that the problem is less likely to be solved. Large number of people working on it greatly increases the odds of success. If you're going to argue that even a significant fraction of the number of criminals working on windows holes are working on Mac holes because, hey 5 million is a lot of machines, then I'm clearly not going to dissuade you. But you're wrong.

And it won't change if Macs suddenly become the dominant platform.
I'm sorry, but there's no gentle way to respond to this. If you think that it would make no difference if OS X was the dominant platform worldwide, then you're living in a fan-boy fantasy.

Re:You're wrong. (4, Interesting)

xaxa (988988) | more than 6 years ago | (#23878881)

And I'm saying that an environment of 5 million machines WOULD be exploited if it COULD be exploited.
We have proof of that: just look at the unpatched Linux servers (running crappy forum software which has been exploited) controlling botnets etc (chosen because they have good network connections and aren't often turned off).

Re:Look at how they are attacked. (5, Insightful)

Sparks23 (412116) | more than 6 years ago | (#23878749)

Well...

Mac OS X has some advantages in security. But I can't really say those advantages are due to Apple being somehow inherently 'better' coders than Microsoft or having made some kind of perfect system.

In my opinion, Mac OS X is less vulnerable than Windows in many areas is due to Apple being willing to go 'okay, this particular technology is dead, move along.' Microsoft relies on backwards compatibility for large market share; break backwards compatibility, and people do not upgrade. (Case in point: Vista.)

Apple has a smaller market share (and speaking as a Mac user and developer, we tend to sort of go, 'yes please, whatever you say' when they want to change things). We might bitch about it periodically (whither thou, 64-bit Carbon?), but this gives them the freedom to throw out legacy code and simplifies the code maintenance.

Or, in short: Apple's coders are not inherently better, but they end up with less old cruft to support and try to be aware of.

As a case in point, I'll note that the worst offender in terms of security on Mac OS X has, historically, been Quicktime. Quicktime is perhaps the oldest, most legacy-laden bit of crud in Apple's library. (The Quicktime APIs are darn near prehistoric, especially compared to things like CoreImage et al.) One would assume this means that Quicktime, more than almost anything else, has chunks of code that predate most of the programmers working on it, and which no one remembers or thinks about.

And in my experience, that's often where those kind of bugs come from... you change something, add a new bit of code that passing something into a function somewhere, completely unaware that four levels deeper there's some function which assumes the buffer is only 4k long. The old programmers knew there was an implicit limit down in this ancient routine, but no one now knows of that limit, and so -- unaware of this lurking nightmare 5 levels deeper in the stack -- they pass in a 6k buffer. Boom, security issue.

Windows has this problem in almost every corner of the OS. Worse, they cannot readily get around it... you can't just rewrite things from scratch, or you break legacy support! But as a result, there often are quite a few lurking behaviors that newer coders aren't aware of somewhere deeper in the system, things that never got documented, and which will eventually reach out to bite them.

Sure, there's situations which are just plain dumb (the carpet-bombing attack, for instance, is inexcusable behavior on IE's part), but most of those seem to be the minority.

So, yeah, Mac OS X has some advantage, as they have less legacy stuff to deal with. But even with that sort of advantage, no operating system -- not even Linux! -- is completely free of all flaws. We as users need to accept as a given that almost nothing is completely secure (at least, not and still be usable). This is especially true when many viruses and trojans rely on social engineering.

Even if Mac OS X prompts the user before allowing a program to elevate privileges, does that matter if users just click without looking? After all, lots of programs prompt for such things in order to install some shared framework they use at the installation or first-run stage. I know a lot of Mac users who just click on that warning blindly. And the warning doesn't matter if the user doesn't really pay attention.

So, yeah. Mac OS X may have less tangled, jungle-like legacy code for scary security holes to lurk in, but that does not mean it is invulnerable. Certainly not immune even to automated bugs, and especially not immune from social engineering.

Because the biggest security hole -- on ANY operating system -- is often user behavior.

There's my $0.02, anyway. :)

Re:A good start to the discussion (4, Funny)

The Ultimate Fartkno (756456) | more than 6 years ago | (#23877321)

but all systems have their vulnerabilities.
*shocked gasp!*

villager: Look, Slashdot, look! A heretic!

*rumblerumblerumble*

unix mob: BIND HIM TO A SERVER RACK WITH CAT-5 AND BURN HIM!

dissenter #1: We can't!

unix mob: Why not?

dissenter #2: Halon fire suppression system in the room!

*natternatternatter*

unix mob: Make him use Windows...

jeiler: Do your worst!

unix mob: ...VISTA!

jeiler: NOOOOOOOOOOOOOOOO!!

Re:A good start to the discussion (1)

jeiler (1106393) | more than 6 years ago | (#23877583)

Eek! I've been Vista-ed. :D

Re:A good start to the discussion (1)

The Ultimate Fartkno (756456) | more than 6 years ago | (#23877881)

At least you got the joke. The dogma patrol is already after me. Your sig is quite apt today. ;)

Re:A good start to the discussion (1)

jeiler (1106393) | more than 6 years ago | (#23877989)

Heh. Let's hope the metamods catch that one--I thought it was hilarious!

Re:A good start to the discussion (1)

clbyjack81 (597903) | more than 6 years ago | (#23877773)

unix mob: BIND HIM TO A SERVER RACK WITH CAT-5 AND BURN HIM!

Are fires bad for the ecosystem? Ballmer might not be too happy about that...

Re:A good start to the discussion (0)

Anonymous Coward | more than 6 years ago | (#23878489)

I modded you Flamebait, but since you're obviously a whiner I'll post and nullify the mod. Your parent post was insightful (though redundant, but I didn't ding him for that). Given that most of the visible posts above yours are all essentially saying the same thing, and not saying "OMG APPLEROXORZZZ GET OUT TEH CAT5", makes your post flamebait. Asshat.

Re:A good start to the discussion (0)

Anonymous Coward | more than 6 years ago | (#23879091)

I don't need your pity, you humorless douche. *I'm* a whiner? Yeah, that's it. Go ahead, polish up your Slashdot Patrol badge, and mod me down again. I can take it.

Oh, and go fuck your mother.

See? *That's* flamebait.

Re:A good start to the discussion (1)

david.emery (127135) | more than 6 years ago | (#23879367)

I bare my registry at you!

I portscan in your full IP subnet range!

Your father was an Atari, and your GUI smells of X Windows!

No go away or I will CERT you a Second Time, you silly Mac Person You!

dave

Re:A good start to the discussion (1)

prockcore (543967) | more than 6 years ago | (#23877391)

as long as the Applications folder is writable by the primary user by default, OSX is intrinsically insecure.

OSX is vulnerable to the oldest of viruses.. the kind that attaches to an executable and then spreads to all your other executables.

It doesn't need you to type your password in order to infect Safari or iTunes.

Re:A good start to the discussion (1)

peragrin (659227) | more than 6 years ago | (#23877467)

actually if things continue as they are I wouldn't be surprised if Snow Leopard requires signed binaries like he iPhone does. The iPhone does run a stripped down version of OS X so it is very possible that apple will due the DRM MSFt has only dreamed about.

Re:A good start to the discussion (0)

Anonymous Coward | more than 6 years ago | (#23877475)

Bullshit. As I recall, Mac OS X was the first to fall to a remote exploit compared to Windows Vista and Linux.

What about that recent AppleScript root escalation exploit? What about the hundreds of other exploits we've heard about, but the cult of Mac has dismissed and quietly buried?

Re:A good start to the discussion (0, Flamebait)

jeiler (1106393) | more than 6 years ago | (#23877633)

Anecdotal evidence (and one-off incidents that rely on the browser) do not a successful argument make. One must look at the entire dataset, not simply the data you prefer.

Oh, but you're an AC. Either grow a pair and post with your username, or stop exciting electrons for no purpose.

AC = Electron Tease. :D

Re:A good start to the discussion (1)

aristotle-dude (626586) | more than 6 years ago | (#23877717)

Bullshit. As I recall, Mac OS X was the first to fall to a remote exploit compared to Windows Vista and Linux.

What about that recent AppleScript root escalation exploit? What about the hundreds of other exploits we've heard about, but the cult of Mac has dismissed and quietly buried?

Over here, we call those carefully crafted "web pages" and "social engineering". There was no remote exploit for OS X in that contests. What was required was a user navigating to a specially crafted web page after having enabled remote login daemons disabled by default and creating basic accounts for the "hackers" to use to exploit the privilege escalation.

Re:A good start to the discussion (1)

Mister Whirly (964219) | more than 6 years ago | (#23878115)

"Over here, we call those carefully crafted "web pages" and "social engineering". There was no remote exploit for OS X in that contests. What was required was a user navigating to a specially crafted web page after having enabled remote login daemons disabled by default and creating basic accounts for the "hackers" to use to exploit the privilege escalation."

Which was the same thing they tried on the Vista and Linux systems, but those didn't get compromised. So what was the point again?

Re:A good start to the discussion (1)

egomaniac (105476) | more than 6 years ago | (#23878369)

So... one particular avenue of attack succeeded on one system and failed on the others, so it must be less secure overall? That's great logic there, buckaroo.

Re:A good start to the discussion (1)

Mister Whirly (964219) | more than 6 years ago | (#23878529)

Whatever you need to tell yourself to sleep at night...
I was commenting because there was in implication that the Mac was subject to conditions that the other systems weren't. I was refuting that, plain and simple. Buckaroo.

Re:A good start to the discussion (2, Insightful)

Darth (29071) | more than 6 years ago | (#23879109)

If i recall the requirements of that contest correctly, contestants were required to use an unknown vulnerability to compromise the machine. All of the windows vulnerabilities that were being exploited in the wild or had been published by security researchers were not allowed to be used. In that case, the frequency of exploits and their discovery by researchers and bad guys alike probably actually worked to make it harder to win against the windows box.

I'm not taking a position one way or the other on the overall quality of security of any of the operating systems involved in the contest; i'm just saying the rules for the contest seem like they make it not terribly useful in determining the overall security of an operating system.

Re:A good start to the discussion (1)

Divebus (860563) | more than 6 years ago | (#23877739)

I like the way a couple of vulnerabilities makes OS X just as insecure as Windows. There's a difference between a smart hacker who's found a bug to exploit and the 140,000 or so viruses that regularly devastate Windows, mostly written by 14 year old script kiddies.

I'll also draw a line at exploits where you need to be sitting at the keyboard with the administrator password.

Re:A good start to the discussion (0)

Anonymous Coward | more than 6 years ago | (#23878003)

Bingo.

Mac died first in the race to destruction match (oh but it wasn't a Mac core software element), has for-free privilege escalation (I was at an Apple store in California yesterday and rm -rf / a macbook before asking a salesman why safari wouldn't open--he spent ten minutes sweating all over the computer before switching me to a new one), had that drive-by safari fubar, the MOAB shit from a year or two back, and a perverted end-user security culture which tries very had to reduce or dismiss the implications of these events in any and all venues.

I can not and would not claim that MacOS is inferior to Windows with regard to security because I do not know--I do know that MacOS isn't a target like either Windows or production *nix OSs. The point is, I suppose, that the Mac security culture is inferior.

Re:A good start to the discussion (2, Insightful)

stewbacca (1033764) | more than 6 years ago | (#23878365)

As I recall, Mac OS X was the first to fall to a remote exploit compared to Windows Vista and Linux.
Context my friend, context. It was the first attacked, thus, the first to fall. It's not like there was a race going on, especially since the guy who took it down came with a canned script prepared the night before.

Re:A good start to the discussion (0)

Anonymous Coward | more than 6 years ago | (#23878869)

It took them 5 minutes to compromise the Mac and then they spent the entire rest of the day attempting to compromise the Linux and Windows machines under the same rules. In the end, the Mac was compromised and the others weren't.

Rooting a Mac under 1 minute (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#23877775)

Mac owners are stupid..

Re:Rooting a Mac under 1 minute (1)

matrixownsyou (1286206) | more than 6 years ago | (#23879237)

you're an ass

Re:A good start to the discussion (1)

MobyTurbo (537363) | more than 6 years ago | (#23878781)

OSX is intrinsically far more secure than Windows, but all systems have their vulnerabilities. For Mac pros to acknowledge that "far more secure" does not equal "completely secure" is a good step in the right direction. Thanks for the review, jsuda.
Yep, it's about time. Really OS X offers a lot of good security features, slightly beyond those standard in a non-security-hardened distro of Linux even. The main problem is getting Apple to patch both their operating system and its third party applications in a reasonable period of time. Apple needs to pay a lot more attention to issues like this, and others, in order to be ready for the enterprise. ("Is Linux ready for the desktop?" is sort of the reverse of what you ask about OS X "Is it ready for the enterprise?" Security is just one failing of Apple in this regard. Theoretically good OS, neglectful company that focuses on consumer hardware. I suspect, that as Apple tries to get the iPhone into the enterprise, they will do the same eventually for Macs; along hopefully with more of a security focus among other things.

Re:A good start to the discussion (0)

Anonymous Coward | more than 6 years ago | (#23878855)

The author started with a strawman argument: there is a misconception that the Macintosh computer is immune from security problems. How many people really belief that Macs are immune, 100% resistant to attacks and 100% bug free? Really, I don't know such person, so there is no such misconception. What's there is:

  1. a misconception by Windows apologists that Mca OS X has less attacks due to market share.
  2. a belief of Mac users that Macs are more secure than Windows and not without a reason either. The authors' finding also support that notion:

    The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows.
    Given the state of Windows, practically every non-Windows OS is more secure.

This made up misconception is just an argument used to promote the book. Really, if there is such misconception, the opposite actually should be true. The book market should be flooded with books trying to cash in by debunking the security myth.

OMG WTF (-1, Flamebait)

bluefoxlucid (723572) | more than 6 years ago | (#23877215)

But it's based on linux it has to be invulnerables linux doesn't have viruses!

Re:OMG WTF (1)

bb5ch39t (786551) | more than 6 years ago | (#23877307)

Mac OSX is not based on Linux. It is based on Darwin, which is a *BSD derivative. I don't know which particular *BSD.

Re:OMG WTF (1, Informative)

Anonymous Coward | more than 6 years ago | (#23877383)

Mac OSX is not based on Linux. It is based on Darwin, which is a *BSD derivative. I don't know which particular *BSD.
It's Mach microkernel with a lot of code from the FreeBSD project.

Re:OMG WTF (1)

bhima (46039) | more than 6 years ago | (#23877787)

It is not a Mach Microkernel.

Re:OMG WTF (0)

Anonymous Coward | more than 6 years ago | (#23878009)

Yes, it's not Mach, it's XNU :

XNU is the computer operating system kernel that Apple Inc. acquired and developed for use in the Mac OS X operating system and released as free and open source software as part of the Darwin operating system. XNU is an acronym for X is Not Unix

See here : http://developer.apple.com/documentation/Porting/Conceptual/PortingUnix/glossary/chapter_998_section_1.html#//apple_ref/doc/uid/TP40002859-DontLinkElementID_38

Re:OMG WTF (2, Informative)

UnknowingFool (672806) | more than 6 years ago | (#23878121)

From wikipedia: [wikipedia.org]

Mac OS X is based on the Mach kernel and is derived from the Berkeley Software Distribution (BSD) implementation of Unix in Nextstep.

So the kernel is not Mach but based on it. Specifically the kernel is a hybrid kernel called XNU that was developed by Next. The other parts are based on Nextstep's BSD.

Do not read (0, Redundant)

m.ducharme (1082683) | more than 6 years ago | (#23878507)

Posting to clear a mod.

Re:OMG WTF (1)

99BottlesOfBeerInMyF (813746) | more than 6 years ago | (#23877513)

FreeBSD is their reference platform for compatibility. They all share a lot of code in common.

no mac viruses (0, Troll)

Anonymous Coward | more than 6 years ago | (#23877251)

In spite of all this theory, nobody has been able to write a succesful mac os X virus or even spyware.

Re:no mac viruses (1, Flamebait)

Gewalt (1200451) | more than 6 years ago | (#23877279)

Thats not true at all.

Re:no mac viruses (2, Informative)

CODiNE (27417) | more than 6 years ago | (#23877769)

Link please? I only ask because often the Mac viruses that people point to turn out to be trojans, such as the Leap-A "worm" that requires a user to open a file that downloaded as a tgz, unzip it, then run the executable inside.

Re:no mac viruses (1)

cmacb (547347) | more than 6 years ago | (#23879427)

Moderators: I think the above was meant to be funny. At least I found it so.

Coincidentally I had only just heard about a new trend of sending people e-mail messages with subjects such as "cmacb you sure are ugly in this photo" and with an executable as an attachment.

I rarely look in my spam folder because Gmail does such a good job that there are almost never any false positives, but I looked and there were several such messages as described. But they clearly showed up as executables of the form "whatever.exe" and I can't imaging, even as a former Windows user that I would ever click on such a thing. Do modern version of Windows still just haul off and run such an attachment? Or do you still have to bog down your system with protective software to keep you from being a retard?

Seriously, why aren't people at Microsoft in jail over this sort of nonsense? Maybe when the octogenarians in Congress finally get replaced there will be some retroactive law-making and retro-active punishments dished out as was the case with the tobacco companies (Constitution be damned). I can only hope so. (Well, no, I don't hope we damn the Constitution, but since we are routinely doing that anyway, might as well get some good out of it.)

Re:no mac viruses (0, Troll)

dark whole (1220600) | more than 6 years ago | (#23877283)

or, no one has BOTHERED to. wait until market share tops 15-20 %

Re:no mac viruses (0)

Anonymous Coward | more than 6 years ago | (#23878063)

If someone could write a worm or a virus for th mac, they would have done so. MacOS is 100% immune to viruses, worms, remote exploits, and drive by website infections that the Linux and Windows users have to deal with daily.

What about AIDS? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23877313)

The AIDS virus has affected more Mac users than the Republican party.

Re:no mac viruses (2, Insightful)

joeytmann (664434) | more than 6 years ago | (#23877331)

Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share. Hackers for hire use the ideal of "most bang for the buck" style so....windows it is. Turn the tides on market share and I bet you'd see a ton more viruses for OSX than you do now and it probably would be the Windows users saying....looks at all those viruses for OSX...their security sucks.

Re:no mac viruses (1)

corsec67 (627446) | more than 6 years ago | (#23877377)

For "bang for the buck", would attacking servers be more useful, since they tend to have much better internet connections?

Re:no mac viruses (2, Insightful)

joeytmann (664434) | more than 6 years ago | (#23877425)

Good question. But since servers tend to be protected a bit more than your average home users computer its a bit easier to get 100K of those than 1000 servers. But on very rare occasions a hacker figures out how to have his cake and eat it too.....

Total bullshit (3, Insightful)

SuperKendall (25149) | more than 6 years ago | (#23877799)

Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share

There are now tens of millions of macs being used now. That's active use, not just purchased...

Now you tell me how in this day and age where viruses are all about building up botnets which are then sold, that a fairly homogenous systems with MILLIONS of systems to be had, is not a juicy target?

Marketshare alone is meaningless as a reason not to write viruses when you get to those kinds of numbers.

Re:Total bullshit (2, Insightful)

joeytmann (664434) | more than 6 years ago | (#23877897)

Tens of millions is still way less than the 100's of millions of Windows computer....

But greater than zero (1)

SuperKendall (25149) | more than 6 years ago | (#23878051)

If you had a chance at a few million dollars, why would you let that lie fallow?

Don't forget the Windows market is far more mined out at this point, in theory OS X would be a less hardened target since people are not looking out for stuff as much.

You way underestimate the allure of money to the criminal element who are responsible for viruses/spyware we see today.

Re:Total bullshit (2, Insightful)

abigor (540274) | more than 6 years ago | (#23878215)

And it's still way more than the largest botnet. So it's still a good target. But it's never been exploited - I wonder why?

Re:no mac viruses (0)

Anonymous Coward | more than 6 years ago | (#23877867)

Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share.
I'd rather write viruses to hack the growing crowd of wealthier Mac users than all the unwashed Wal-Mart shopping, Oprah watching windows luzers.

Not market share... (1)

argent (18001) | more than 6 years ago | (#23878499)

its just not a very useful platform to write viruses for since they have such a tiny market share.

Back in the '80s Macs had a tiny market share, but were a major virus breeding ground. WHy? BIG surface area exposed to attack: auto-execution of floppies, resource forks, CDEVs and INITs, etc etc etc...

Now it's Windows that's hanging on to things like auto-execute, and letting random websites download and execute code if the user responds to "Internet Explorer wants to gibberish incomprehensible stuff here, open or panic?" dialogs the wrong way, and depending on firewalls to close access to essential services rather than using local sockets or named pipes, and having the default eceution path for the browser go through the download directory...

Turn the tides in market share and you'd be back in the '80s, and you'd still have a huge viral load on Windows because Windows basically hangs around in the bad part of town asking viruses if they'd like a good time.

Re:no mac viruses (0)

Anonymous Coward | more than 6 years ago | (#23877339)

I recall there being a few viruses not long ago. They were posted here on slashdot.
Yes, I am an anonymous coward :(

Steve J.

Proofs but nothing in the wild (1)

SuperKendall (25149) | more than 6 years ago | (#23877999)

There have been proofs of concepts but nothing in the wild.

Even the fabled "thirty days of Mac exploits" came up with one or two middling system weaknesses, the rest were bugs in third party programs - many of which did not even ship with the OS!

Come on now (1)

Flaystus (887453) | more than 6 years ago | (#23877267)

Can we get a dug tag added to this? I mean who really thinks OSX has perfect security?

Re:Come on now (1)

techwizrd (1164023) | more than 6 years ago | (#23877691)

who really thinks OSX has perfect security?
Apple fanbois? My either use Linux or Macintosh. When I talk to my Macintosh friends about Operating Systems, they sit there and talk for hours about how much more secure it is than {any other Operating System}. When I talk to my Linux friends about computers, we talk about security problems and how to fix them, rather than marvel at the seeming invincibility. I may be wrong, but much of OSX's security is upstream. Apple fanbois tend to take everything for granted...

Re:Come on now (1)

Flaystus (887453) | more than 6 years ago | (#23877975)

Well maybe you are just around stupid Macintosh using friends. Anyone who know crap about computers should know better. I don't personally know a single mac user who would say such a thing and when I did get that from customers (when I used to do mac support) I would correct them.

Re:Come on now (1)

NMerriam (15122) | more than 6 years ago | (#23879443)

When I talk to my Linux friends about computers, we talk about security problems and how to fix them

The it sounds like you aren't comparing Apple users with Linux users, you're comparing computer users to computer programmers. Anyone with the ability to fix a security problem of course isn't going to take security for granted, the same way an OB/GYN doesn't take successful delivery of a baby for granted. But most users of any OS simply take it for granted that their system will function the way it is supposed to.

I don't know many Linux programmers who worry about prepress technology, but I talk about prepress all the time with Apple users -- does that mean Linux programmers never print anything? Does it mean Linux doesn't support printing at all?

The reason is UNIX, not Mac (3, Insightful)

SuperKendall (25149) | more than 6 years ago | (#23877521)

That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac.

I would think the reason is more that almost any book on UNIX security gets you 99% of what you need to know, and there are online sources to cover the rest.

Not that a book is not a good thing to see, but to my mind among admins or more serious users of OS X, the misconception that OS X is totally secure is in itself a misconception. OS X know systems will have vulnerabilities, but we also know there have been basically no attacks in the wild and that by default many things which might leave un-noticed holes (like web servers) are off by default - and that helps a lot, for the eventuality of real attacks coming someday.

To my mind, another aspect stopping attacks is actually the switch to Intel. That reset the counter for when we might see OS X attacks since buffer overflow stuff can't rely on which architecture it might hit. That and a more friendly update model (than Windows) that people actually apply when updates come.

Macs can have funny exploits (1)

Idimmu Xul (204345) | more than 6 years ago | (#23877581)

I was amused today when I read this [matasano.com] article about a local Mac exploit due to a SUID binary.

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

All my Mac using friends reported they were vulnerable and I think they're all using the latest Leopard. I'm no Apple hater, don't get me wrong, but it does seem the little things can slip past Apple too, not just Linux (people where I work are *still* affected by the Ubuntu key issue of last month :o)!

--
Free Playstation 3, XBox 360 and Nintendo Wii [free-toys.co.uk]

Re:Macs can have funny exploits (0)

Anonymous Coward | more than 6 years ago | (#23877929)

This does not work in tiger. Apparently ARDAgent 'is' Error 609 Connection Invalid, as oppossed to 'r00t'. I haven't tested it on a Leopard machine. I've seen a similar problem with iPhones running Cydia installer, there's a SUID called godmode which bus errors with no stdin, but can take commands after it and execute them. Stupid design.

Re:Macs can have funny exploits (1)

UnknowingFool (672806) | more than 6 years ago | (#23877981)

No system is completely secure. The exploit that you mention however does require physical access and for you to be logged into as a user. It's not a remote exploit.

Re:Macs can have funny exploits (1)

0100010001010011 (652467) | more than 6 years ago | (#23878291)

You do need to be logged in as a user but you do NOT have to be remote. I just did this over ssh:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
root

Re:Macs can have funny exploits (1)

prockcore (543967) | more than 6 years ago | (#23878661)

It can piggyback on a safari exploit and boom, it becomes a remote exploit.

Re:Macs can have funny exploits (1)

Moridineas (213502) | more than 6 years ago | (#23879503)

That's not true at all. I sshed to my laptop and remotely triggered the exploit.

The user currently has to be logged in graphically, but the exploit can certainly be pulled off remotely. Compromised account, you're good to go.

Re:Macs can have funny exploits (0)

Anonymous Coward | more than 6 years ago | (#23879073)

How the fuck are they still affected by the Ubuntu key issue when the fix was made available by Debian like thirty seconds after the exploit was reported?

Re:Macs can have funny exploits (0)

Anonymous Coward | more than 6 years ago | (#23879339)

Is there a reason you feel the need to spam all of slashdot everytime you post?

Wrong reason (5, Insightful)

MBCook (132727) | more than 6 years ago | (#23877741)

That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac.

I don't think that's it at all. It's there is very little market for OS X security books at this point. Most people don't care. Let me explain.

On the home end of things, Macs are great and relatively secure. They do fine. That said, how many people buy books on Windows Security for those home computers? I'm going to say very few. Most people don't care or don't know they should do something to increase security.

The other front is businesses. Most businesses don't use Macs, by a large margin. Macs have a smaller enterprise market share than overall market share. If you are asked to secure a server or desktop, chances are it will be Windows or Linux.

These kind of books are, for the most part, targeted at administrators, businesses, etc. Since that market (administrators of Macs) is so small (compared to administrators of Windows boxes) there are very few books written.

This is compounded by the most important boxes to secure: web facing boxes (like servers). OS X Server's market share is very tiny compared Windows and Linux.

The books aren't there because the demand for them isn't very big, not because Mac users are think they are invulnerable from arrogance.

Foundations of Mac OS X Leopard Security (0)

Anonymous Coward | more than 6 years ago | (#23877949)

osascript

Wait (1)

Quiet_Desperation (858215) | more than 6 years ago | (#23878207)

I thought the misconception was that anyone actually thinks Mac OS X is totally immune.

Re:Wait (0, Flamebait)

Jasonjk74 (1104789) | more than 6 years ago | (#23879221)

I thought the misconception was that anyone actually thinks Mac OS X is totally immune.
Sadly, there are plenty of Mac hipsters out there who do think that it is totally immune.

Did anyone pick up on the posters nym? (1)

oDDmON oUT (231200) | more than 6 years ago | (#23879185)

That jsuda is an anagram of Judas?

Seems suspicious to me.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?