If your comparing each operating system to each other then Mac OS X is vastly superior in the security stakes compared to the likes of say......windows. Like you I have never heard of a Mac OS X machine being hacked into.
The big win for OS X comes from a really simple decision: Disable ftp, telnet, sendmail, etc. out of the box. Historically, UNIX and UNIX-like distributions have shipped with every service running. Since most people never change the default (and in this case, there's little cause to, since OS X is a desktop UNIX), it doesn't matter so much that e.g. FTP has a security vulnerability, because it isn't running on the vast bulk of the OS X machines out there.
Remote login is also disabled by default, which closes another big security hole. The Internet Worm got around through remote login.
so OS X is about the same as other forms unix, apple is just smart enough to turn them off thanks</strong><hr></blockquote>
It's worth noting though that while it is secure out of the box, they don't exactly make it hard to open it up so it's wide open to any hacker.
A computer is only secure as it's configuration and if you need remote login, sendmail et al to be working and Apple have provided an older less secure version then really you can be in trouble...
It's worth noting though that while it is secure out of the box, they don't exactly make it hard to open it up so it's wide open to any hacker.
A computer is only secure as it's configuration and if you need remote login, sendmail et al to be working and Apple have provided an older less secure version then really you can be in trouble...</strong><hr></blockquote>
Which is why it's good that Apple has been prompt in keeping up with the latest stable releases and firing off Software Updates with patches when problems come up. It doesn't hurt that they make it really easy to find and apply updates, either.
There is the pathological case of someone who enables all the daemons and ignores SU and every other source of bugfixes, updates and patches, but there's nothing anyone can do about that.
The register talks about hackers using a Root Kit on Windows, and mentions that this technique is old hat on Unix and Linux. Anyone know anything about this, and how secure OS X is with regard to root kits?
Actually, as a Unix person, I haven't been thrilled with OS X's default security setup. Most new users will set themselves up to be an Admin for ease of use. However, just about all files in the /Applications directory are read/writable by anyone in the Admin group. This means that a trojan program (downloaded and run by the user) can wipe out almost every application you have installed. Also, a virus on a program you download could copy itself to any of these applications, meaning other users on your computer can run them and be infected.
In my opinion, that is FAR too big of a hole. Granted, your computer may still boot even if these files are deleted, it is a MAJOR inconvenience. Also, the virus thing is critical. MacOS is currently small enough of a market that most virus programmers don't target it, but they easily could in the future.
My advice: don't make your standard account an Admin account. You could also remove group write privledges to all contents in /Applications.
. . . This means that a trojan program (downloaded and run by the user) can wipe out almost every application you have installed. . .
</strong><hr></blockquote>
I'll risk showing my ignorance of operating systems with a question. Would it be possible to make scripting more secure by requiring authentication of scripts? What I mean is a list of approved scripts, or other such technique. If a script tries to run and it is not on the list, a dialog box pops up. It identifies the script and might even give feedback about the nature of the script. The user could choose to run it or not, and choose to add it to the list or not. It seems simple, but since no OS does it there must be a catch.
. . . For home users the dangers are real, but if you are ignorant to what you enable when an installer asks for an administrator password there isn't much you can do about it except cringe. No anount of security software can fix that issue. Ever.
</strong><hr></blockquote>
Are you saying that a 'good' installer has no reason to ask for the administrator password? In my stupidity, I just figured there were things that needed to be installed in protected folders so the program would work correctly.
Are you saying that a 'good' installer has no reason to ask for the administrator password? In my stupidity, I just figured there were things that needed to be installed in protected folders so the program would work correctly.</strong><hr></blockquote>
Yes, but very few applications should have to do that. System updates, driver updates, the odd iApp that has to update a private framework, the occasional UNIX app, and that's it.
Most applications should require nothing more than a drop into the /Applications or ~/Applications folders.
Yeah but most of those special items can go into ~/Library without a password instead of /Library where programs want to install (so all users have it, though if you're logged in as an admin the program doesn't even need a password).
However I have recently found out how easy it is in cocoa to make malicious programs in OS X... Deleting the contents in your home directory is quite trivial. I believe there was that one iTunes installer that probably just did that accidentally.
Also, as Amorph said, VERY few programs REQUIRE anything to go into the library whether global or user level other than users prefs, but many do due to programmer laziness, incompetence and/or ignorance. Apple guidance actually discourages non-bundle applications that install components in places that require a password. Frameworks and bundles are capable of handling the vast majority of application needs--drivers are another matter (sometimes).</strong><hr></blockquote>
Why should bundle applications be allowed to ask for a password, and non-bundled be discouraged from doing so? I fail to see the distinction.
Actually, I would MUCH prefer it if ALL installations asked me if I wanted to install the application locally (i.e., in my home dir) without a password, or in the main application directory for all users with a password. If possible, I prefer to see drag-and-drop of a simple application bundle. This allows me to try it locally, and then run sudo to move it to /Applications if I so desire later (this is typically what I do when checking out the latest Chimera/Camino build).
VERY few applications give me the option to install in my home directory, though. Instead, I have to give blind trust and enter that admin user's password. I'll do this for commercial applications like Photoshop, I won't do it for most things I'd download from the web.
Again, though, the default user is Admin enabled, meaning a password isn't even required to do malicious/stupid things to applications in /Application. At the very least, the standard applications (iLife, etc.) should be non-group writable (forcing a password to modify them).
Why should bundle applications be allowed to ask for a password, and non-bundled be discouraged from doing so? I fail to see the distinction.</strong><hr></blockquote>
The distinction is that the point of bundles is to localize all the application's files in the bundle. A bundled app is self-contained, so it doesn't need permission to go spamming files in system directories. It goes where it's dropped, period.
Someone porting an app over from Mac OS, however, might be used to stuffing files in various places within the System Folder, and they might have opted to keep that arrangement rather than reorganizing their app into a bundle - especially if it's also a Windows app.
[quote]<strong>Actually, I would MUCH prefer it if ALL installations asked me if I wanted to install the application locally (i.e., in my home dir) without a password, or in the main application directory for all users with a password.</strong><hr></blockquote>
This is an excellent idea. In fact, I'd like to see ~/Applications be the default, with installation in /Applications an "Advanced" feature available to people installing from an Administrator account. The shortcut on the Finder toolbar should also do something like present ~/Applications, /Applications, and network Applications as if they were in the same folder, but treat all drops as if they were to ~/Applications - again, unless there was a specific intervention by an Administrator.
I'm sure this could be further refined, but it's an important step. Once you get used to the idea that the real analog in OS X for "Macintosh HD" is your home folder (something that having Finder windows default to Home would certainly help) it's a lot easier and more secure to work within your home directory than it is to get used to mucking around in top-level folders.
Comments
Remote login is also disabled by default, which closes another big security hole. The Internet Worm got around through remote login.
so OS X is about the same as other forms unix, apple is just smart enough to turn them off thanks
<strong>thanks
so OS X is about the same as other forms unix, apple is just smart enough to turn them off thanks</strong><hr></blockquote>
It's worth noting though that while it is secure out of the box, they don't exactly make it hard to open it up so it's wide open to any hacker.
A computer is only secure as it's configuration and if you need remote login, sendmail et al to be working and Apple have provided an older less secure version then really you can be in trouble...
Aside from that, I havent even HEARD of a Mac user's computer getting hacked or whatnot (OS 7-9 and OS X)
<strong>
It's worth noting though that while it is secure out of the box, they don't exactly make it hard to open it up so it's wide open to any hacker.
A computer is only secure as it's configuration and if you need remote login, sendmail et al to be working and Apple have provided an older less secure version then really you can be in trouble...</strong><hr></blockquote>
Which is why it's good that Apple has been prompt in keeping up with the latest stable releases and firing off Software Updates with patches when problems come up. It doesn't hurt that they make it really easy to find and apply updates, either.
There is the pathological case of someone who enables all the daemons and ignores SU and every other source of bugfixes, updates and patches, but there's nothing anyone can do about that.
<a href="http://www.theregister.co.uk/content/55/29638.html"; target="_blank">http://www.theregister.co.uk/content/55/29638.html</a>;
In my opinion, that is FAR too big of a hole. Granted, your computer may still boot even if these files are deleted, it is a MAJOR inconvenience. Also, the virus thing is critical. MacOS is currently small enough of a market that most virus programmers don't target it, but they easily could in the future.
My advice: don't make your standard account an Admin account. You could also remove group write privledges to all contents in /Applications.
John Whitney
<strong>
. . . This means that a trojan program (downloaded and run by the user) can wipe out almost every application you have installed. . .
</strong><hr></blockquote>
I'll risk showing my ignorance of operating systems with a question. Would it be possible to make scripting more secure by requiring authentication of scripts? What I mean is a list of approved scripts, or other such technique. If a script tries to run and it is not on the list, a dialog box pops up. It identifies the script and might even give feedback about the nature of the script. The user could choose to run it or not, and choose to add it to the list or not. It seems simple, but since no OS does it there must be a catch.
[ 03-10-2003: Message edited by: snoopy ]</p>
<strong>
. . . For home users the dangers are real, but if you are ignorant to what you enable when an installer asks for an administrator password there isn't much you can do about it except cringe. No anount of security software can fix that issue. Ever.
</strong><hr></blockquote>
Are you saying that a 'good' installer has no reason to ask for the administrator password? In my stupidity, I just figured there were things that needed to be installed in protected folders so the program would work correctly.
<strong>
Are you saying that a 'good' installer has no reason to ask for the administrator password? In my stupidity, I just figured there were things that needed to be installed in protected folders so the program would work correctly.</strong><hr></blockquote>
Yes, but very few applications should have to do that. System updates, driver updates, the odd iApp that has to update a private framework, the occasional UNIX app, and that's it.
Most applications should require nothing more than a drop into the /Applications or ~/Applications folders.
However I have recently found out how easy it is in cocoa to make malicious programs in OS X... Deleting the contents in your home directory is quite trivial. I believe there was that one iTunes installer that probably just did that accidentally.
<strong>
Also, as Amorph said, VERY few programs REQUIRE anything to go into the library whether global or user level other than users prefs, but many do due to programmer laziness, incompetence and/or ignorance. Apple guidance actually discourages non-bundle applications that install components in places that require a password. Frameworks and bundles are capable of handling the vast majority of application needs--drivers are another matter (sometimes).</strong><hr></blockquote>
Why should bundle applications be allowed to ask for a password, and non-bundled be discouraged from doing so? I fail to see the distinction.
Actually, I would MUCH prefer it if ALL installations asked me if I wanted to install the application locally (i.e., in my home dir) without a password, or in the main application directory for all users with a password. If possible, I prefer to see drag-and-drop of a simple application bundle. This allows me to try it locally, and then run sudo to move it to /Applications if I so desire later (this is typically what I do when checking out the latest Chimera/Camino build).
VERY few applications give me the option to install in my home directory, though. Instead, I have to give blind trust and enter that admin user's password. I'll do this for commercial applications like Photoshop, I won't do it for most things I'd download from the web.
Again, though, the default user is Admin enabled, meaning a password isn't even required to do malicious/stupid things to applications in /Application. At the very least, the standard applications (iLife, etc.) should be non-group writable (forcing a password to modify them).
John
<strong>
Why should bundle applications be allowed to ask for a password, and non-bundled be discouraged from doing so? I fail to see the distinction.</strong><hr></blockquote>
The distinction is that the point of bundles is to localize all the application's files in the bundle. A bundled app is self-contained, so it doesn't need permission to go spamming files in system directories. It goes where it's dropped, period.
Someone porting an app over from Mac OS, however, might be used to stuffing files in various places within the System Folder, and they might have opted to keep that arrangement rather than reorganizing their app into a bundle - especially if it's also a Windows app.
[quote]<strong>Actually, I would MUCH prefer it if ALL installations asked me if I wanted to install the application locally (i.e., in my home dir) without a password, or in the main application directory for all users with a password.</strong><hr></blockquote>
This is an excellent idea. In fact, I'd like to see ~/Applications be the default, with installation in /Applications an "Advanced" feature available to people installing from an Administrator account. The shortcut on the Finder toolbar should also do something like present ~/Applications, /Applications, and network Applications as if they were in the same folder, but treat all drops as if they were to ~/Applications - again, unless there was a specific intervention by an Administrator.
I'm sure this could be further refined, but it's an important step. Once you get used to the idea that the real analog in OS X for "Macintosh HD" is your home folder (something that having Finder windows default to Home would certainly help) it's a lot easier and more secure to work within your home directory than it is to get used to mucking around in top-level folders.
[ 03-11-2003: Message edited by: Amorph ]</p>