Road to Mac OS X Snow Leopard: 64-bit security

[AppleInsider]

In addition to the benefits detailed in previous articles in this series, the move to 64-bits in Mac OS X 10.6 Snow Leopard will enhance Apple's efforts to secure its operating system.

Over the last eight years, Mac OS X has enjoyed a tranquil existence in stark contrast to the high profile security threats and attacks suffered by mainstream Windows users. Microsoft's monopoly over the PC world has long meant that anyone interested in creating extensive, easily spread damage through software exploits would focus their efforts on Windows.

Microsoft's Security Efforts

Since Microsoft's OS was originally developed primarily for business computers sitting together in a trusted LAN environment, it was not only easy to exploit software flaws in the system but also trivial to find ways to fool the system into forwarding viral payloads to other systems. Once exposed to the open Internet, Windows didn't stand a chance.

Reinforcing the Windows PC to survive the onslaught of malicious exploits saturating the Internet would be a complex and expensive task, one Microsoft did not immediately recognize as a priority. However, once Windows started gaining a reputation for lax security after falling victim to a series of famous exploits in the late 90s and into the beginning of the current decade, Microsoft began reevaluating its priorities.

Longhorn, which was intended as a close successor to 2001's Windows XP, ended up being pushed off as the company was forced to initiate a major new effort to solve the outstanding security issues in XP. Toward the end of 2004, Microsoft shipped XP SP2, the product of extensive work within the company using code scanning, auditing, testing, and fundamental feature and architectural reviews, in addition to external source code auditing and penetration testing.

In addition to Microsoft's efforts to identify and patch flaws and vulnerabilities in its software, the company also initiated measures to make unknown vulnerabilities more difficult for attackers to find and exploit. This included having a firewall installed by default and requiring that RPC servers authenticate communications, so that remote attackers would need to present valid credentials before ever being given access to anything that might be attacked to allow entry.

Microsoft is now very public about its security efforts, and takes every opportunity to tout its recent security work as a defense against any criticisms of its past mistakes in taking a less than serious approach to security.

Apple's Security Efforts

In contrast, Apple has never experienced a security crisis related to Mac OS X. Virus writers have nearly zero financial motivation to create new attacks from scratch that target Macs. The theoretical potential of "hackers" attacking Macs for fame and glory, as imagined by pundits with a bias against Apple, has simply failed to materialize over the last half decade, despite their insistence that the threat is so alarmingly close as to be palpable.

Even in cases where exploits have been found or artificial attack installers have been designed, viral outbreaks haven't occurred because installations of Macs aren't ubiquitous enough to sustain the critical mass required for an acute network infection. Add in the fact that Mac OS X wasn't dragging along the same legacy of promiscuous LAN origins as Windows, and you have a series of factors that combined to give Apple a pass from focusing on security retrofitting in crisis mode.

Instead, Apple has had the luxury of planning Mac OS X releases to roll out security features incrementally. As with its other plans for feature enhancements in Mac OS X, the company has remained tight lipped on many of its security efforts. There's evidence the company has performed code security scanning, as simple buffer overflows have been cleaned out of many system libraries, according to a security expert familiar with the history of the OS.

Mac OS X 10.4 Tiger eliminated most of the easy local buffer overflows, while 10.5 Leopard has expanded upon that to remove many of them from remotely accessible network services. Leopard also incorporates stack protection, library randomization, a non-executable
stack, and sandboxing for some system processes. These features are incremental improvements in security that will be expanded upon in Snow Leopard.

Mac OS X's sandboxing is provided by the Mandatory Access Control (MAC) framework, an implementation of the MAC framework from TrustedBSD. Sandboxing imposes permission controls on processes that can, for example, limit them from connecting to a network, from writing any files, or from writing any files outside of specific directories. While sandboxing doesn't prevent a process from being attacked, it does limit the amount of damage malicious attackers can cause once they gain control of a sandboxed application.

On the iPhone, sandboxing is used to restrict each application from accessing anything outside of its own data files and preferences. Even apps that have access to the public networking APIs are restricted from direct access to the communications or networking hardware.

On page 2 of 2: Security in 64-bit Snow Leopard; and Security before it's needed.

Security in 64-bit Snow Leopard

In addition to expanded sandboxing, the move to 64-bit computing will provide a series of other benefits related to security. Apple's 64-bit binaries set all writable memory as non-executable by default, including thread stacks, the heap, and any other writable data segments.

This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes. Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.

Another security weakness in the x86 architecture solved in the move to 64-bits is the use of registers for function call arguments. This makes exploits using return-into-libc techniques much more difficult. On 32-bit x86, function arguments are passed directly on the stack, so when an attacker has overwritten the stack segment, they can completely control the arguments passed to a function that they cause the compromised program to "return into," according to a security researcher.

The move to 64-bits also greatly enhances the Address Space Layout Randomization (ASLR) techniques used to secure Leopard. Currently, 32-bit binaries are restricted to a relatively small 4GB allocation, making it easier to predict useful addresses for malicious code to target. Additionally, Leopard keeps dyld, Mac OS X's dynamic loader (responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass the existing ASLR.

With the much larger address space available to 64-bit binaries, Snow Leopard's ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory. Without knowing what addresses to target, the "vast majority of these exploits will fail," the security expert explained.

Security before it's needed

Apple's sheltered existence in isolation from regular malware attacks puts it in the enviable position of being able to focus on building security features proactively, rather than in response to ongoing, embarrassing exploits. For Mac users, that means the window of opportunity for malware exploits is being closed off before circumstances change enough for the platform to become a viable target.

The company is being relatively quiet about its security efforts because it doesn't want to be directly compared against Microsoft, which is ahead in some security areas, at least in its latest software releases. However, Microsoft's installed base of the billion PCs running Windows worldwide is not protected by advancements in the latest releases because relatively few users have upgraded to the latest releases.

That give Apple a strong position in maintaining its security halo because the Windows PC world is so rife with low hanging fruit for malicious attackers that the Mac platform remains an undesirable target. That leaves disgruntled pundits with nothing to complain about outside of misleading vulnerability counts. So while PC users contend with the constant din of security issues and performance sapping layers of security software, Mac users are free to just enjoy the silence.

Road to Mac OS X Snow Leopard: 64-bit security is the fifth installment in AppleInsider's ongoing Road to Mac OS Snow Leopard series. Previous installments are listed below in the order they were published.

Road to Mac OS X Snow Leopard: 64-Bits

Road to Mac OS X Snow Leopard: 64-bits, Santa Rosa, and more

Road to Snow Leopard: twice the RAM, half the price, 64-bits

Road to Mac OS X Snow Leopard: the future of 64-bit apps

[ View this article at AppleInsider.com ]

[Virgil-TB2]

Quote:

Originally Posted by AppleInsider

In addition to the benefits detailed in previous articles in this series, the move to 64-bits in Mac OS X 10.6 Snow Leopard will enhance Apple's efforts to secure its operating system....

Fantastic article, and so nice to get away from talking about Steve Jobs health and all the negative crap and be positive for a change. This is the kind of article this site used to be known for and should promote.

[jnjnjn]

Excellent piece !

[rhowarth]

Thanks for an interesting article but I'm not sure I agree with the old argument that it's smaller market share that means the Mac hasn't been worth targetting by malware writers. You need to think about who is finding the exploits and writing the viruses... mainly intelligent but poor young programmers in places like eastern Europe or in the developing world. In the absence of good local job prospects it makes perfect rational sense for them to turn their efforts to computer crime instead. People like that are far more likely to only have an old 386 machine available to them rather than a shiny new Mac, so that's what they work on. Give these people a bunch of Macs and time to learn them and they'll be just as happy targetting OS X though. As more people program for the Mac the risks to OS X will undoubtedly increase.

[Booga]

Quote:

Originally Posted by Virgil-TB2

Fantastic article, and so nice to get away from talking about Steve Jobs health and all the negative crap and be positive for a change. This is the kind of article this site used to be known for and should promote.

Agreed! It doesn't make specious claims about how vastly wonderful MacOS X is compared to everything else... it just presents the information in a well-written piece. Nice work.

[Booga]

Quote:

Originally Posted by rhowarth

Thanks for an interesting article but I'm not sure I agree with the old argument that it's smaller market share that means the Mac hasn't been worth targetting by malware writers. You need to think about who is finding the exploits and writing the viruses... mainly intelligent but poor young programmers in places like eastern Europe or in the developing world. In the absence of good local job prospects it makes perfect rational sense for them to turn their efforts to computer crime instead. People like that are far more likely to only have an old 386 machine available to them rather than a shiny new Mac, so that's what they work on. Give these people a bunch of Macs and time to learn them and they'll be just as happy targetting OS X though. As more people program for the Mac the risks to OS X will undoubtedly increase.

Also, it's worth looking at the weakest link in the security chain... the person sitting at the keyboard. MacOS X's insistence on no "root" account and requiring a password for significant operations has made it so, as far as I'm aware, every piece of malware for the Mac has so far required the user to explicitly download it and type their password to get infected. Ignoring the purely software-based attack, that has probably helped save many MacOS X systems from harm.

[Wiggin]

Quote:

Originally Posted by Booga

Agreed! It doesn't make specious claims about how vastly wonderful MacOS X is compared to everything else... it just presents the information in a well-written piece. Nice work.

I whole-heartedly agree with your agreed! These are the types of articles that made AppleInsider a daily (multiple times a day) visit for me. Well done!

[ZhuJo]

Quote:

Originally Posted by rhowarth

Thanks for an interesting article but I'm not sure I agree with the old argument that it's smaller market share that means the Mac hasn't been worth targetting by malware writers. You need to think about who is finding the exploits and writing the viruses... mainly intelligent but poor young programmers in places like eastern Europe or in the developing world. In the absence of good local job prospects it makes perfect rational sense for them to turn their efforts to computer crime instead. People like that are far more likely to only have an old 386 machine available to them rather than a shiny new Mac, so that's what they work on. Give these people a bunch of Macs and time to learn them and they'll be just as happy targetting OS X though. As more people program for the Mac the risks to OS X will undoubtedly increase.

rhowarth, you have no sense of how we live in so called „poor eastern European countries“. I can guarantee that most of the programmers here have at least as good live standard than most people in western Europe . Average income of qualified programmer here (Slovak Republic) is about 3000 Euros. Most of the serious programmers take much, much more. Given to lower prices of commodities live standard is quite good.

Trust me, economy boom here still persists (even in the current hard economic times). People are building new houses (no, not from straw) and have quite good cars (mostly VW, Skoda – newer ones, Peugeots, BMWs). We have now almost as good live standard as people in Italy, Spain or Austria.

Of course, there are also quite a lot people without higher education, working as common worker, mainly in car industry (Audi Q7s and Porsche Cayenne are made in Slovakia, also Kia, Peugeots). But these people also don't leave in shacks.

People in Ukraine and Bulgary or Romania are living in much worse conditions, but also, not in shacks. They just can't afford the goods.

Oh, I'm quite young IT consultant from Slovakia, currently writing from my MacBook Pro 17" with 20" Cinema display, using Time Capsule and iPhone. Driving VW Passat Combi. Sounds poor to you? Trust me, capable and intelligent young people don't have much problems with money here. Oh, we have just changed our currency to Euro.

[leathien]

Quote:

Originally Posted by ZhuJo

rhowarth, you have no sense of how we live in so called „poor eastern European countries“. I can guarantee that most of the programmers here have at least as good live standard than most people in western Europe . Average income of qualified programmer here (Slovak Republic) is about 3000 Euros. Most of the serious programmers take much, much more. Given to lower prices of commodities live standard is quite good.

Trust me, economy boom here still persists (even in the current hard economic times). People are building new houses (no, not from straw) and have quite good cars (mostly VW, Skoda – newer ones, Peugeots, BMWs). We have now almost as good live standard as people in Italy, Spain or Austria.

Of course, there are also quite a lot people without higher education, working as common worker, mainly in car industry (Audi Q7s and Porsche Cayenne are made in Slovakia, also Kia, Peugeots). But these people also don't leave in shacks.

People in Ukraine and Bulgary or Romania are living in much worse conditions, but also, not in shacks. They just can't afford the goods.

Oh, I'm quite young IT consultant from Slovakia, currently writing from my MacBook Pro 17" with 20" Cinema display, using Time Capsule and iPhone. Driving VW Passat Combi. Sounds poor to you? Trust me, capable and intelligent young people don't have much problems with money here. Oh, we have just changed our currency to Euro.

So, now when you're done massaging your ego (which was pretty pathetic, sorry), maybe it's time to tell you that Slovakia is part of Central Europe, at least when economic, historical, religious, and cultural reasons are taken into account.

[deanbar]

Quote:

Originally Posted by leathien

So, now when you're done massaging your ego (which was pretty pathetic, sorry), maybe it's time to tell you that Slovakia is part of Central Europe, at least when economic, historical, religious, and cultural reasons are taken into account.

Well, there's no need to be so rude!! I'd say you are the pathetic one with such an uncalled for outburst. What! Someone burst your bubble today?

Personally I found it interesting to hear how things are in Slovakia these days.

@Zhujo - Unfortunately in these open forums you do get some ignorant people posting. Good to hear you are enjoying life, which obviously this other poster is not!

[rhowarth]

[QUOTE=ZhuJo;1364163People in Ukraine and Bulgary or Romania are living in much worse conditions, but also, not in shacks. They just can't afford the goods.[/QUOTE]

You're right of course, and I'm certainly not suggesting people in Eastern Europe live in shacks. If anything, that's what we'll be doing in the UK before too long if the credit crunch lasts!

In general though I still think the kind of people who write viruses are more likely to have PCs simply because that's what available to them and what they're already familiar with, rather than because they've sat down, analysed the problem, and concluded that targetting PCs is more cost effective so that's what machine they'll buy.

-Rolf

[hypoluxa]

Quote:

Originally Posted by deanbar

Well, there's no need to be so rude!! I'd say you are the pathetic one with such an uncalled for outburst. What! Someone burst your bubble today?

Personally I found it interesting to hear how things are in Slovakia these days.

@Zhujo - Unfortunately in these open forums you do get some ignorant people posting. Good to hear you are enjoying life, which obviously this other poster is not!

Yea, I found that to be educational as well. I lived in Prague Czech Rep for a month in 98 after I got out of the Army, where I was stationed in Germany. I haven't been back to Europe since June of 98 so I am surprised how much has changed in almost 11 yrs. I was lucky enough to be using the Czech crown before the Euro took over, and man that was great! The exchange rate was quite good then! Glad to hear the standard of living is improving, but not yet for everyone though obviously.

[ZhuJo]

if my previous post sounded to somebody like "ego massaging", sorry for that. I just wanted to illustrate how „poor“ we live in here. Countries like Czech rep. Slovak rep., Hungary of course belongs more to Central Europe than it's eastern part, but still – we had a socialist regime here for a long time. Sadly, some of the thinking „goverment should take care of us“ still prevail in people's mind

I just want to warn all of you, living in „West“ – don't let the leftist parties to fool you in a way „we should donate money to help the industry“ or „more money for poor“. We had enough of that in the past and sadly (at least in Slovakia), we somewhat still do.

I'll end with all of this crap – we are quite off topic. Sorry for that also.

[Cubert]

I think the primary reason there are zero viruses for the OS X is because of the underlying security. Not every hacker writes viruses for financial gain. Spreading a virus that attacks OS X is the "Hacker Holy Grail". Many have tried and they all have failed.

[bugsnw]

The reason Apple has enjoyed a free ride with security is the "i" in all their product names stands for Invincible.

[Davdoc]

While Mac OSX is indeed withstanding the test from malware so far, the mentioning of several technological advancements is still not very accurate, much like the rest of the whole series here. Basically, many features can be enabled on a 32-bit system, just that Mac OSX didn't do it (not that Windows was doing it either). These features, however, are not necessarily exclusive to 64-bit environment and the author should not pretend as if he really knows the story.

Examples:

(In the article)

This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes. Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.
...

Segment-based (not used extensively by modern OS) and paging-based protection can be enforced strictly since i386. A more advanced feature introduced by AMD through AMD64, and now available in all new Intel and AMD processors, is the NX/XD bit this paragraph inherently refers to. However, this feature can be enabled in 32-bit mode if PAE is enabled (because bit 63, the NX bit, of page table is only available with the special page directory referencing structure under PAE). Windows XP SP2 has it under DEP when PAE is enabled (it indeed uses a different approach when PAE is disabled) and yes it is only available after AMD Opteron, but for the processor operating mode it can be done under 32-bit (Legacy) mode.

(In the article)

Another security weakness in the x86 architecture solved in the move to 64-bits is the use of registers for function call arguments. This makes exploits using return-into-libc techniques much more difficult. On 32-bit x86, function arguments are passed directly on the stack, so when an attacker has overwritten the stack segment, they can completely control the arguments passed to a function that they cause the compromised program to "return into," according to a security researcher.

...
Another misinterpretation of parameter passing. x86 (or for the sake, x64) near/far/procedure/across-privilege-level calls always push CS:EIP (or CS:RIP) onto the stack and pop them upon returns; passing parameters through more registers have nothing to do with the exploits used by malwares which modify stack and hence the return address.

It is indeed other technologies (like ASLR mentioned later, among others) that make return-to-libc attacks harder. It's doable under 32-bit system, but not as robust (although, again, not exactly what the article mentioned).

The author for this series should really update a bit more about technological details, or we should just all read Apple's marketing materials instead of getting some "insider" info.

[walkerdarin2003]

Quote:

Originally Posted by Virgil-TB2

Fantastic article, and so nice to get away from talking about Steve Jobs health and all the negative crap and be positive for a change. This is the kind of article this site used to be known for and should promote.

Agreed, I went to Wired this morning and saw all sorts of BS on Jobs health. Everyone is quick to jump ship in effort to kill Apple stock.

[diskimage]

Quote:

Originally Posted by Booga

MacOS X's insistence on no "root" account

Mac OS X has a root account. I use it occasionally when I have problems with permissions.

[inkswamp]

Quote:

Even in cases where exploits have been found or artificial attack installers have been designed, viral outbreaks haven't occurred because installations of Macs aren't ubiquitous enough to sustain the critical mass required for an acute network infection.

WRONG. WRONG. WRONG. WRONG. WRONG!

Appleinsider should not facilitate the spread of this stupid myth. Show me once shred of evidence that supports this idea that ubiquity somehow translates to viruses. We have one model upon which to base that assumption--Windows. And given that Microsoft's products seem prone to security problems (including their Mac software) I'd say it's more logical to assume Windows' woes mostly trace back to dumb decisions made by MS and their lax attitude about security. There's so much evidence against this argument but you don't even have to look far beyond Apple's own products to see it--OS 9 had viruses and less of a presence than OS X. I've seen OS 9 viruses spread through a network.

[KenC]

Prince McLean's, aka Daniel Eran Dilger, latest article on the Road to Snow Leopard is so even-handed and balanced. Usually, people attack him for being too biased!

I wonder if Daniel, deliberately implied the security by obscurity myth to get others to do the heavy lifting for him. I'm quite sure he has argued against it in the past.

[UltimateKylie]

Quote:

Originally Posted by inkswamp

WRONG. WRONG. WRONG. WRONG. WRONG!

Appleinsider should not facilitate the spread of this stupid myth. Show me once shred of evidence that supports this idea that ubiquity somehow translates to viruses. We have one model upon which to base that assumption--Windows. And given that Microsoft's products seem prone to security problems (including their Mac software) I'd say it's more logical to assume Windows' woes mostly trace back to dumb decisions made by MS and their lax attitude about security. There's so much evidence against this argument but you don't even have to look far beyond Apple's own products to see it--OS 9 had viruses and less of a presence than OS X. I've seen OS 9 viruses spread through a network.

I'm sorry did you notice the Safari RSS exploit here on Apple Insider? Its there on both Windows and OS X. Just goes to prove that people could if they wanted to target OS X and Apple products. However, the author is 100% correct and you are wrong. It easier to target Windows because you have a 90% chance that the consumer is going to be using Windows. If you made a Mac Virus based on an exploit you would have to target less than 10% of computers before Apple made a patch. In my house we have 4 Windows PCs and a Macbook that runs OS X and Windows. So in my case if I designed I virus for a Mac, it would have nowhere to go in my house. I could maybe send it to one friend I know who has a Mac. He could maybe pass it to his sister's Mac. Beyond that its the same difficult odds. And how would I send the virus? Email, I doubt anyone using a Mac would be fooled and then the WIndows recipients would wonder what it was, I would be found out and Apple would issue a patch. Website, again less than 10% of visitors would be Mac and probably less so who have the exact version my exploit targets. It would be more prudent for me to target Windows, well because their users tend also to be less savvy.

The recent worm for Windows for example has hit what 3 million computers mostly in Asia. You take that out of over 1 Billion active Windows PCs (most of which are already patched, because Microsoft acts quickly these days, as I suppose Apple would as well) and you see out of your total install base, less than even 1% get infected or about .3% in this case. So if you take 10% of macs you would get what .003% of the entire computer market infected by your virus/trojan if you had similar success rate. Its not worth it all.

[Virgil-TB2]

Quote:

Originally Posted by ZhuJo

if my previous post sounded to somebody like "ego massaging", sorry for that. I just wanted to illustrate how „poor“ we live in here. Countries like Czech rep. Slovak rep., Hungary of course belongs more to Central Europe than it's eastern part, but still – we had a socialist regime here for a long time. Sadly, some of the thinking „goverment should take care of us“ still prevail in people's mind

I just want to warn all of you, living in „West“ – don't let the leftist parties to fool you in a way „we should donate money to help the industry“ or „more money for poor“. We had enough of that in the past and sadly (at least in Slovakia), we somewhat still do.

I'll end with all of this crap – we are quite off topic. Sorry for that also.

I liked the story about what conditions are really like in Eastern European countries and I disagree with people who say these countries are actually "central." Historically, I think it's fair to refer to anything that was once behind the Iron Curtain, "Eastern Europe" and a bit nit-[icky to argue about it.

That being said however, it's a fact that a lot of viruses and generally nefarious sites come out of former Eastern bloc countries (Serbia in particular).

I also think that the last place anyone would go for advice on "left" parties is someone who is from behind the former Iron Curtain. they are experts on totalitarianism because they lived through it recently, but progressive or left wing parties in the West have nothing to do with the kind of "socialism" (totalitarianism) practised by the Soviet states.

IMO just as the average American only knows socialism as a mythical boogy-man and has no idea what it really entails and how it really works, the average person from the former Soviet states only knows capitalism as a kind of fairy-tale or "good" myth and has no idea what it really entails or how it works. What actually works is something between the two mythical extremes.

[tim68]

I'm confused. I know Snow Leopard will work with my early 2008 8 core Mac Pro, but will my computer be able to take full advantage of all the 64 bit goodness?

[Cubert]

Quote:

Originally Posted by UltimateKylie

I'm sorry did you notice the Safari RSS exploit here on Apple Insider? Its there on both Windows and OS X. Just goes to prove that people could if they wanted to target OS X and Apple products. However, the author is 100% correct and you are wrong. It easier to target Windows because you have a 90% chance that the consumer is going to be using Windows. If you made a Mac Virus based on an exploit you would have to target less than 10% of computers before Apple made a patch. In my house we have 4 Windows PCs and a Macbook that runs OS X and Windows. So in my case if I designed I virus for a Mac, it would have nowhere to go in my house. I could maybe send it to one friend I know who has a Mac. He could maybe pass it to his sister's Mac. Beyond that its the same difficult odds. And how would I send the virus? Email, I doubt anyone using a Mac would be fooled and then the WIndows recipients would wonder what it was, I would be found out and Apple would issue a patch. Website, again less than 10% of visitors would be Mac and probably less so who have the exact version my exploit targets. It would be more prudent for me to target Windows, well because their users tend also to be less savvy.

The recent worm for Windows for example has hit what 3 million computers mostly in Asia. You take that out of over 1 Billion active Windows PCs (most of which are already patched, because Microsoft acts quickly these days, as I suppose Apple would as well) and you see out of your total install base, less than even 1% get infected or about .3% in this case. So if you take 10% of macs you would get what .003% of the entire computer market infected by your virus/trojan if you had similar success rate. Its not worth it all.

Sorry, but you lose. You are confusing application security flaws that can be exploited with system security flaws that can be exploited. The Safari RSS issue you cite is specific to that app. It is the security of the OS that keeps application exploits from infecting the operating system.

[mdriftmeyer]

Quote:

Originally Posted by tim68

I'm confused. I know Snow Leopard will work with my early 2008 8 core Mac Pro, but will my computer be able to take full advantage of all the 64 bit goodness?

Raise your hand if you know of an 8-core 32 bit processor from Intel.

[Virgil-TB2]

Quote:

Originally Posted by KenC

Prince McLean's, aka Daniel Eran Dilger, latest article on the Road to Snow Leopard is so even-handed and balanced. Usually, people attack him for being too biased!

I wonder if Daniel, deliberately implied the security by obscurity myth to get others to do the heavy lifting for him. I'm quite sure he has argued against it in the past.

People seem to attack Dan no matter what he says, even though you can check his record easily enough and see that he is right the vast majority of the time.

Here, (at least in my opinion), he seems to have tried deliberately to be less biased and less emotional (and in my opinion succeeded admirably), and some people *still* jump all over him.

Everyone knows the "security by obscurity" myth is a bit of a red herring. None perhaps more so than Dan who has written about it many times. There is however *something* to the myth in that it takes a bot-net to do any real damage nowadays and most commercial virus activity does focus on windows for that reason. In other words it's a (small) factor but a real one.

My take on this article is that this is exactly what the author was getting at. I think it's a great article and the tiny nod to the obscurity myth was just right.

[Shunnabunich]

For reference's sake, below are links to Dan's articles about why the "market share myth" he supported in this article doesn't work. They were written the better part of a year ago.

The Unavoidable Malware Myth: Why Apple Won't Inherit Microsoft's Malware Crown
Five Factors Shifting the Future of Malware and Platform Security

[Fairly]

I can't even begin to point out where this article goes wrong. It'd take the time for a complete PhD thesis. And it wouldn't be worth it.

[Fairly]

Quote:

Originally Posted by rhowarth

In the absence of good local job prospects it makes perfect rational sense for them to turn their efforts to computer crime instead. People like that are far more likely to only have an old 386 machine available to them rather than a shiny new Mac

Yes but they're employed by organized crime. And in organized crime there's lots of money for computer hardware investments. Mac OS is increasingly turning up in eastern European countries and even far eastern countries.

[Fairly]

Quote:

Originally Posted by KenC

Prince McLean's, aka Daniel Eran Dilger

So this is DED? Say no more. Barf.

[Snafu]

Quote:

Originally Posted by Cubert

Sorry, but you lose. You are confusing application security flaws that can be exploited with system security flaws that can be exploited. The Safari RSS issue you cite is specific to that app. It is the security of the OS that keeps application exploits from infecting the operating system.

Arguably, any security flaw that affects the OS' default applications set and allows for external forces to take control of one's machine ought to be taken as seriously as any OS-level fault.

We've seen Macs taken over by simply visiting malicious web pages in Black Hat sessions at least twice. The attackers revealed very simple techniques to determine vulnerabilities (such as seeing what open source components' versions OS X was using, usually behind the latest ones because Apple has to take time to adapt them to its filesystem, etc., and go for the vulns the very latest Linux versions do eliminate). We have also had our scares when conflicting filetype determination systems could hide an executable as a data file. We've had a couple trojans, and I've been shown by a developer friend the very same trojan codec trick some guys suffered some time ago.

That OS X is certainly harder to crack (but not so incredibly difficult as many believe) and that it still hasn't reached 10% marketshare penetration; that current Mac piracy routes are more community-based (so that anything strange "gets reported" instantly); and that Mac people tend to meet in Mac-related places makes for a quite less attractive platform to exploit.

[Fairly]

Wrong. He is right and the author - whom we now can identify as a clown writing elsewhere under his more real name and who has no accreditation whatsoever to discuss these matters - is typically sadly pathologically in error. Again.

[vtvita]

It's a great pleasure to read articles so superbly written as this one.

[bloggerblog]

Quote:

Originally Posted by mdriftmeyer

Raise your hand if you know of an 8-core 32 bit processor from Intel.

I think you meant to say dual quad-core processors.

[bloggerblog]

Quote:

Originally Posted by inkswamp

OS 9 had viruses and less of a presence than OS X. I've seen OS 9 viruses spread through a network.

good point.

[skittlebrau79]

Quote:

Originally Posted by Cubert

Sorry, but you lose. You are confusing application security flaws that can be exploited with system security flaws that can be exploited. The Safari RSS issue you cite is specific to that app. It is the security of the OS that keeps application exploits from infecting the operating system.

Sorry, but you lose. Almost all malware these days spreads through application specific vulnerabilities. The lines have been blurred between system and application vulnerabilities anyway—a vulnerability in Safari like the Safari RSS vulnerability is actually caused by a vulnerability in an underlying system framework (in this case PubSub.framework). Internet Explorer and Windows Media Player are where most of the vulnerabilities in Windows lie, and that is how most malware is distributed. Those are definitely application vulnerabilities, but they ship with Windows obviously.

PS: Funnily enough QuickTime had the most vulnerabilities of any component in 2006 and 2007. When the numbers are tallied for 2008 I wouldn't be surprised to see QuickTime take the three-peat.

[krabbelen]

Quote:

Originally Posted by Snafu

Arguably, any security flaw that affects the OS' default applications set and allows for external forces to take control of one's machine ought to be taken as seriously as any OS-level fault.

We've seen Macs taken over by simply visiting malicious web pages in Black Hat sessions at least twice. The attackers revealed very simple techniques to determine vulnerabilities (such as seeing what open source components' versions OS X was using, usually behind the latest ones because Apple has to take time to adapt them to its filesystem, etc., and go for the vulns the very latest Linux versions do eliminate). We have also had our scares when conflicting filetype determination systems could hide an executable as a data file. We've had a couple trojans, and I've been shown by a developer friend the very same trojan codec trick some guys suffered some time ago.

That OS X is certainly harder to crack (but not so incredibly difficult as many believe) and that it still hasn't reached 10% marketshare penetration; that current Mac piracy routes are more community-based (so that anything strange "gets reported" instantly); and that Mac people tend to meet in Mac-related places makes for a quite less attractive platform to exploit.

@snafu
I don't think the Macs were "taken over", and certainly not by simply visiting a malicious webpage. The rules had to be relaxed so that the hackers either had direct access to the Mac, or the Mac's user was given an email with explicit instructions he had to follow to download a file and install it with an admin name and password. Even then, it could do little system-wide damage. And yes, we know about the codecs -- you have to visit a porn site, download a "special codec" for "viewing their proprietary video" and, again, type in your admin username and password in order to install it.

@others
Yes, Daniel DOES frequently and eloquently argue against the security through obscurity myth. I don't think he was implying it in that argument. I think he was saying, EVEN IF their were viable viruses for Macs (more than the ONE OR TWO questionable ones mentioned above), EVEN IF an infected Mac could infect other Macs, it wouldn't get very far -- NOT because the Mac is obscure or lacks market share, but because of the nature of Mac computing. The reason Windows computing is in the state it is in, is NOT because it has greater market share, thus providing a more attractive target; it is in the sad state it is in because MS dumped Windows on all these corporate networks with a complete disregard for value and security. Windows became ubiquitous over night (largely due to being in the right place at the right time and people refusing to think differently), and now people are counting the cost.

True, there aren't *many* Mac only networks yet (outside of graphics bureaux), maybe a few college campuses come close. EVENSO, the Mac didn't start life as a drone or dumb terminal on a big corporate network, a network which COMPLETELY RELIES on IT departments to secure the outside, with little per computer in-built security other than virus-scanning software. Whether on a large network behind a firewall, or on its own right on the internet, the Mac is more secure inside and out. And Macs are certainly not turned into spam-bots unbeknownst to their owners.

When and if Mac networks become *ubiquitous* they will be a little different by nature, because Macs started life with a bit different philosophy; and now there is STILL the opportunity to take the time to look ahead and plan for the time when they do in fact become ubiquitous (despite the one or two *exploits* being trumpeted about as though that somehow makes the Mac *just as* -- and those are the words used -- vulnerable as Windows). Whoa. Because Macs do not have the same kind of vulnerabilities (NOT due to luck or the fact they are obscure or few in number), Apple has the luxury of PROACTIVELY preparing for some battles, rather than reacting every other day to all the various threats faced by Windows which must continually act to put out the fires on a number of very real and SERIOUS exploits (not merely theoretical threats or self-discovered vulnerabilities). I just read of some 8 million recently infected PCs that are phoning home to goodness knows where because the return path is still obscure to researchers. These PCs are actually phoning home right now as I type. Where's the hew and cry?

Apple is not simply shoving its product out the door without any regard for its users (I know, I know, that foolish sentiment is just the coolaid talking), and on top of that trying to sell software or services to patch holes that have already been exploited before you buy your next PC. Apple, already ahead of the game, is working on the next level of security, from the FOUNDATION up, again.

Yeah, I too had a virus under OS 9, back in the day...I think (some 11-12 years ago I would guess). My Mac acted funny about restarting or something for a couple of days there. Ahhh, those were the days.

Besides the obvious creative reasons for using Macs, small businesses use them PRECISELY BECAUSE they have counted the cost, have weighed the security implications and have decided they want more responsible computing that is inherently more proactive on the security side -- rather than putting money into IT and Support specialists and anti-virus software. It is a calculated decision. It is a proactive decision and not a naive, head-in-the-sand one.

Yeah, Apple users: poor, naiive bastards with a religious fixation and their heads in the sand who are only concerned with style and who like toy computers which can't do anything useful nor need a degree or full-time support to use as intended. Apparently, we like the latest gizmos; and YET, we use our Macs for at least 5 years each (24/7 I'm using a PowerMac G4 at least six yrs old, and a PowerMac G5 at least 4 and haven't needed a single hour of professional support, EVER). Yeah, go figure. I'll happily keep my head in the sand about security under those terms. I have to say, I trust Apple a little more than MS. Call me a fool affected by the RDF. Whatever. You can't pay me to use Windows, because I have used it.

[kaiwai]

Quote:

Originally Posted by ZhuJo

rhowarth, you have no sense of how we live in so called „poor eastern European countries“. I can guarantee that most of the programmers here have at least as good live standard than most people in western Europe . Average income of qualified programmer here (Slovak Republic) is about 3000 Euros. Most of the serious programmers take much, much more. Given to lower prices of commodities live standard is quite good.

Trust me, economy boom here still persists (even in the current hard economic times). People are building new houses (no, not from straw) and have quite good cars (mostly VW, Skoda – newer ones, Peugeots, BMWs). We have now almost as good live standard as people in Italy, Spain or Austria.

Of course, there are also quite a lot people without higher education, working as common worker, mainly in car industry (Audi Q7s and Porsche Cayenne are made in Slovakia, also Kia, Peugeots). But these people also don't leave in shacks.

People in Ukraine and Bulgary or Romania are living in much worse conditions, but also, not in shacks. They just can't afford the goods.

Oh, I'm quite young IT consultant from Slovakia, currently writing from my MacBook Pro 17" with 20" Cinema display, using Time Capsule and iPhone. Driving VW Passat Combi. Sounds poor to you? Trust me, capable and intelligent young people don't have much problems with money here. Oh, we have just changed our currency to Euro.

What I am confused about are those who think that people are struggling in Slovakia and are low paid. I've just gone to wikipedia to find out Slovakia's statistics - on the basis of GDP percapita (via PPP) - its on par to New Zealand and most other countries, and I wouldn't call New Zealand poor by any stretch of the imagination.

[kaiwai]

Quote:

Originally Posted by ZhuJo

rhowarth, you have no sense of how we live in so called „poor eastern European countries“. I can guarantee that most of the programmers here have at least as good live standard than most people in western Europe . Average income of qualified programmer here (Slovak Republic) is about 3000 Euros. Most of the serious programmers take much, much more. Given to lower prices of commodities live standard is quite good.

Trust me, economy boom here still persists (even in the current hard economic times). People are building new houses (no, not from straw) and have quite good cars (mostly VW, Skoda – newer ones, Peugeots, BMWs). We have now almost as good live standard as people in Italy, Spain or Austria.

Of course, there are also quite a lot people without higher education, working as common worker, mainly in car industry (Audi Q7s and Porsche Cayenne are made in Slovakia, also Kia, Peugeots). But these people also don't leave in shacks.

People in Ukraine and Bulgary or Romania are living in much worse conditions, but also, not in shacks. They just can't afford the goods.

Oh, I'm quite young IT consultant from Slovakia, currently writing from my MacBook Pro 17" with 20" Cinema display, using Time Capsule and iPhone. Driving VW Passat Combi. Sounds poor to you? Trust me, capable and intelligent young people don't have much problems with money here. Oh, we have just changed our currency to Euro.

Quote:

Originally Posted by Davdoc

While Mac OSX is indeed withstanding the test from malware so far, the mentioning of several technological advancements is still not very accurate, much like the rest of the whole series here. Basically, many features can be enabled on a 32-bit system, just that Mac OSX didn't do it (not that Windows was doing it either). These features, however, are not necessarily exclusive to 64-bit environment and the author should not pretend as if he really knows the story.

Examples:

(In the article)

This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes. Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.
...

Segment-based (not used extensively by modern OS) and paging-based protection can be enforced strictly since i386. A more advanced feature introduced by AMD through AMD64, and now available in all new Intel and AMD processors, is the NX/XD bit this paragraph inherently refers to. However, this feature can be enabled in 32-bit mode if PAE is enabled (because bit 63, the NX bit, of page table is only available with the special page directory referencing structure under PAE). Windows XP SP2 has it under DEP when PAE is enabled (it indeed uses a different approach when PAE is disabled) and yes it is only available after AMD Opteron, but for the processor operating mode it can be done under 32-bit (Legacy) mode.

(In the article)

Another security weakness in the x86 architecture solved in the move to 64-bits is the use of registers for function call arguments. This makes exploits using return-into-libc techniques much more difficult. On 32-bit x86, function arguments are passed directly on the stack, so when an attacker has overwritten the stack segment, they can completely control the arguments passed to a function that they cause the compromised program to "return into," according to a security researcher.

...
Another misinterpretation of parameter passing. x86 (or for the sake, x64) near/far/procedure/across-privilege-level calls always push CS:EIP (or CS:RIP) onto the stack and pop them upon returns; passing parameters through more registers have nothing to do with the exploits used by malwares which modify stack and hence the return address.

It is indeed other technologies (like ASLR mentioned later, among others) that make return-to-libc attacks harder. It's doable under 32-bit system, but not as robust (although, again, not exactly what the article mentioned).

The author for this series should really update a bit more about technological details, or we should just all read Apple's marketing materials instead of getting some "insider" info.

Thank you for correcting the article; I was reading it and even with my very immature understanding of the x86 architecture, it isn't as bad as people try to make out. There are a lot of security features available but are never used because it would cause portability issues in their code and performance penalties.

What Apple should be doing is going the full monty when it comes to security and start using these features - lord knows it isn't as though they're going to move off the x86 architecture anytime soon - its the architecture that keeps on going even in the face of things that appear in the surface to he superior (in terms of engineering elegance).

[talksense101]

This article doesn't say much about any changes in the software security model for OS X. Any improvements in there? Also, 32bit apps still run on 10.6, how are they shielded against the issues mentioned in the article?