Road to Mac OS X Snow Leopard: 64-bit security

Posted:
in macOS edited January 2014
In addition to the benefits detailed in previous articles in this series, the move to 64-bits in Mac OS X 10.6 Snow Leopard will enhance Apple's efforts to secure its operating system.



Over the last eight years, Mac OS X has enjoyed a tranquil existence in stark contrast to the high profile security threats and attacks suffered by mainstream Windows users. Microsoft's monopoly over the PC world has long meant that anyone interested in creating extensive, easily spread damage through software exploits would focus their efforts on Windows.



Microsoft's Security Efforts



Since Microsoft's OS was originally developed primarily for business computers sitting together in a trusted LAN environment, it was not only easy to exploit software flaws in the system but also trivial to find ways to fool the system into forwarding viral payloads to other systems. Once exposed to the open Internet, Windows didn't stand a chance.



Reinforcing the Windows PC to survive the onslaught of malicious exploits saturating the Internet would be a complex and expensive task, one Microsoft did not immediately recognize as a priority. However, once Windows started gaining a reputation for lax security after falling victim to a series of famous exploits in the late 90s and into the beginning of the current decade, Microsoft began reevaluating its priorities.



Longhorn, which was intended as a close successor to 2001's Windows XP, ended up being pushed off as the company was forced to initiate a major new effort to solve the outstanding security issues in XP. Toward the end of 2004, Microsoft shipped XP SP2, the product of extensive work within the company using code scanning, auditing, testing, and fundamental feature and architectural reviews, in addition to external source code auditing and penetration testing.



In addition to Microsoft's efforts to identify and patch flaws and vulnerabilities in its software, the company also initiated measures to make unknown vulnerabilities more difficult for attackers to find and exploit. This included having a firewall installed by default and requiring that RPC servers authenticate communications, so that remote attackers would need to present valid credentials before ever being given access to anything that might be attacked to allow entry.



Microsoft is now very public about its security efforts, and takes every opportunity to tout its recent security work as a defense against any criticisms of its past mistakes in taking a less than serious approach to security.



Apple's Security Efforts



In contrast, Apple has never experienced a security crisis related to Mac OS X. Virus writers have nearly zero financial motivation to create new attacks from scratch that target Macs. The theoretical potential of "hackers" attacking Macs for fame and glory, as imagined by pundits with a bias against Apple, has simply failed to materialize over the last half decade, despite their insistence that the threat is so alarmingly close as to be palpable.



Even in cases where exploits have been found or artificial attack installers have been designed, viral outbreaks haven't occurred because installations of Macs aren't ubiquitous enough to sustain the critical mass required for an acute network infection. Add in the fact that Mac OS X wasn't dragging along the same legacy of promiscuous LAN origins as Windows, and you have a series of factors that combined to give Apple a pass from focusing on security retrofitting in crisis mode.



Instead, Apple has had the luxury of planning Mac OS X releases to roll out security features incrementally. As with its other plans for feature enhancements in Mac OS X, the company has remained tight lipped on many of its security efforts. There's evidence the company has performed code security scanning, as simple buffer overflows have been cleaned out of many system libraries, according to a security expert familiar with the history of the OS.



Mac OS X 10.4 Tiger eliminated most of the easy local buffer overflows, while 10.5 Leopard has expanded upon that to remove many of them from remotely accessible network services. Leopard also incorporates stack protection, library randomization, a non-executable

stack, and sandboxing for some system processes. These features are incremental improvements in security that will be expanded upon in Snow Leopard.



Mac OS X's sandboxing is provided by the Mandatory Access Control (MAC) framework, an implementation of the MAC framework from TrustedBSD. Sandboxing imposes permission controls on processes that can, for example, limit them from connecting to a network, from writing any files, or from writing any files outside of specific directories. While sandboxing doesn't prevent a process from being attacked, it does limit the amount of damage malicious attackers can cause once they gain control of a sandboxed application.



On the iPhone, sandboxing is used to restrict each application from accessing anything outside of its own data files and preferences. Even apps that have access to the public networking APIs are restricted from direct access to the communications or networking hardware.



On page 2 of 2: Security in 64-bit Snow Leopard; and Security before it's needed.



Security in 64-bit Snow Leopard



In addition to expanded sandboxing, the move to 64-bit computing will provide a series of other benefits related to security. Apple's 64-bit binaries set all writable memory as non-executable by default, including thread stacks, the heap, and any other writable data segments.



This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes. Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.



Another security weakness in the x86 architecture solved in the move to 64-bits is the use of registers for function call arguments. This makes exploits using return-into-libc techniques much more difficult. On 32-bit x86, function arguments are passed directly on the stack, so when an attacker has overwritten the stack segment, they can completely control the arguments passed to a function that they cause the compromised program to "return into," according to a security researcher.



The move to 64-bits also greatly enhances the Address Space Layout Randomization (ASLR) techniques used to secure Leopard. Currently, 32-bit binaries are restricted to a relatively small 4GB allocation, making it easier to predict useful addresses for malicious code to target. Additionally, Leopard keeps dyld, Mac OS X's dynamic loader (responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass the existing ASLR.



With the much larger address space available to 64-bit binaries, Snow Leopard's ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory. Without knowing what addresses to target, the "vast majority of these exploits will fail," the security expert explained.



Security before it's needed



Apple's sheltered existence in isolation from regular malware attacks puts it in the enviable position of being able to focus on building security features proactively, rather than in response to ongoing, embarrassing exploits. For Mac users, that means the window of opportunity for malware exploits is being closed off before circumstances change enough for the platform to become a viable target.



The company is being relatively quiet about its security efforts because it doesn't want to be directly compared against Microsoft, which is ahead in some security areas, at least in its latest software releases. However, Microsoft's installed base of the billion PCs running Windows worldwide is not protected by advancements in the latest releases because relatively few users have upgraded to the latest releases.



That give Apple a strong position in maintaining its security halo because the Windows PC world is so rife with low hanging fruit for malicious attackers that the Mac platform remains an undesirable target. That leaves disgruntled pundits with nothing to complain about outside of misleading vulnerability counts. So while PC users contend with the constant din of security issues and performance sapping layers of security software, Mac users are free to just enjoy the silence.



Road to Mac OS X Snow Leopard: 64-bit security is the fifth installment in AppleInsider's ongoing Road to Mac OS Snow Leopard series. Previous installments are listed below in the order they were published.



Road to Mac OS X Snow Leopard: 64-Bits



Road to Mac OS X Snow Leopard: 64-bits, Santa Rosa, and more



Road to Snow Leopard: twice the RAM, half the price, 64-bits



Road to Mac OS X Snow Leopard: the future of 64-bit apps
«1

Comments

  • Reply 1 of 40
    virgil-tb2virgil-tb2 Posts: 1,416member
    Quote:
    Originally Posted by AppleInsider View Post


    In addition to the benefits detailed in previous articles in this series, the move to 64-bits in Mac OS X 10.6 Snow Leopard will enhance Apple's efforts to secure its operating system....



    Fantastic article, and so nice to get away from talking about Steve Jobs health and all the negative crap and be positive for a change. This is the kind of article this site used to be known for and should promote.
  • Reply 2 of 40
    jnjnjnjnjnjn Posts: 588member
    Excellent piece !
  • Reply 3 of 40
    Thanks for an interesting article but I'm not sure I agree with the old argument that it's smaller market share that means the Mac hasn't been worth targetting by malware writers. You need to think about who is finding the exploits and writing the viruses... mainly intelligent but poor young programmers in places like eastern Europe or in the developing world. In the absence of good local job prospects it makes perfect rational sense for them to turn their efforts to computer crime instead. People like that are far more likely to only have an old 386 machine available to them rather than a shiny new Mac, so that's what they work on. Give these people a bunch of Macs and time to learn them and they'll be just as happy targetting OS X though. As more people program for the Mac the risks to OS X will undoubtedly increase.
  • Reply 4 of 40
    boogabooga Posts: 1,081member
    Quote:
    Originally Posted by Virgil-TB2 View Post


    Fantastic article, and so nice to get away from talking about Steve Jobs health and all the negative crap and be positive for a change. This is the kind of article this site used to be known for and should promote.



    Agreed! It doesn't make specious claims about how vastly wonderful MacOS X is compared to everything else... it just presents the information in a well-written piece. Nice work.
  • Reply 5 of 40
    boogabooga Posts: 1,081member
    Quote:
    Originally Posted by rhowarth View Post


    Thanks for an interesting article but I'm not sure I agree with the old argument that it's smaller market share that means the Mac hasn't been worth targetting by malware writers. You need to think about who is finding the exploits and writing the viruses... mainly intelligent but poor young programmers in places like eastern Europe or in the developing world. In the absence of good local job prospects it makes perfect rational sense for them to turn their efforts to computer crime instead. People like that are far more likely to only have an old 386 machine available to them rather than a shiny new Mac, so that's what they work on. Give these people a bunch of Macs and time to learn them and they'll be just as happy targetting OS X though. As more people program for the Mac the risks to OS X will undoubtedly increase.



    Also, it's worth looking at the weakest link in the security chain... the person sitting at the keyboard. MacOS X's insistence on no "root" account and requiring a password for significant operations has made it so, as far as I'm aware, every piece of malware for the Mac has so far required the user to explicitly download it and type their password to get infected. Ignoring the purely software-based attack, that has probably helped save many MacOS X systems from harm.
  • Reply 6 of 40
    wigginwiggin Posts: 2,265member
    Quote:
    Originally Posted by Booga View Post


    Agreed! It doesn't make specious claims about how vastly wonderful MacOS X is compared to everything else... it just presents the information in a well-written piece. Nice work.



    I whole-heartedly agree with your agreed! These are the types of articles that made AppleInsider a daily (multiple times a day) visit for me. Well done!
  • Reply 7 of 40
    Quote:
    Originally Posted by rhowarth View Post


    Thanks for an interesting article but I'm not sure I agree with the old argument that it's smaller market share that means the Mac hasn't been worth targetting by malware writers. You need to think about who is finding the exploits and writing the viruses... mainly intelligent but poor young programmers in places like eastern Europe or in the developing world. In the absence of good local job prospects it makes perfect rational sense for them to turn their efforts to computer crime instead. People like that are far more likely to only have an old 386 machine available to them rather than a shiny new Mac, so that's what they work on. Give these people a bunch of Macs and time to learn them and they'll be just as happy targetting OS X though. As more people program for the Mac the risks to OS X will undoubtedly increase.



    rhowarth, you have no sense of how we live in so called „poor eastern European countries“. I can guarantee that most of the programmers here have at least as good live standard than most people in western Europe . Average income of qualified programmer here (Slovak Republic) is about 3000 Euros. Most of the serious programmers take much, much more. Given to lower prices of commodities live standard is quite good.



    Trust me, economy boom here still persists (even in the current hard economic times). People are building new houses (no, not from straw) and have quite good cars (mostly VW, Skoda – newer ones, Peugeots, BMWs). We have now almost as good live standard as people in Italy, Spain or Austria.



    Of course, there are also quite a lot people without higher education, working as common worker, mainly in car industry (Audi Q7s and Porsche Cayenne are made in Slovakia, also Kia, Peugeots). But these people also don't leave in shacks.



    People in Ukraine and Bulgary or Romania are living in much worse conditions, but also, not in shacks. They just can't afford the goods.



    Oh, I'm quite young IT consultant from Slovakia, currently writing from my MacBook Pro 17" with 20" Cinema display, using Time Capsule and iPhone. Driving VW Passat Combi. Sounds poor to you? Trust me, capable and intelligent young people don't have much problems with money here. Oh, we have just changed our currency to Euro.
  • Reply 8 of 40
    Quote:
    Originally Posted by ZhuJo View Post


    rhowarth, you have no sense of how we live in so called ?poor eastern European countries?. I can guarantee that most of the programmers here have at least as good live standard than most people in western Europe . Average income of qualified programmer here (Slovak Republic) is about 3000 Euros. Most of the serious programmers take much, much more. Given to lower prices of commodities live standard is quite good.



    Trust me, economy boom here still persists (even in the current hard economic times). People are building new houses (no, not from straw) and have quite good cars (mostly VW, Skoda ? newer ones, Peugeots, BMWs). We have now almost as good live standard as people in Italy, Spain or Austria.



    Of course, there are also quite a lot people without higher education, working as common worker, mainly in car industry (Audi Q7s and Porsche Cayenne are made in Slovakia, also Kia, Peugeots). But these people also don't leave in shacks.



    People in Ukraine and Bulgary or Romania are living in much worse conditions, but also, not in shacks. They just can't afford the goods.



    Oh, I'm quite young IT consultant from Slovakia, currently writing from my MacBook Pro 17" with 20" Cinema display, using Time Capsule and iPhone. Driving VW Passat Combi. Sounds poor to you? Trust me, capable and intelligent young people don't have much problems with money here. Oh, we have just changed our currency to Euro.



    So, now when you're done massaging your ego (which was pretty pathetic, sorry), maybe it's time to tell you that Slovakia is part of Central Europe, at least when economic, historical, religious, and cultural reasons are taken into account.
  • Reply 9 of 40
    Quote:
    Originally Posted by leathien View Post


    So, now when you're done massaging your ego (which was pretty pathetic, sorry), maybe it's time to tell you that Slovakia is part of Central Europe, at least when economic, historical, religious, and cultural reasons are taken into account.



    Well, there's no need to be so rude!! I'd say you are the pathetic one with such an uncalled for outburst. What! Someone burst your bubble today?



    Personally I found it interesting to hear how things are in Slovakia these days.



    @Zhujo - Unfortunately in these open forums you do get some ignorant people posting. Good to hear you are enjoying life, which obviously this other poster is not!
  • Reply 10 of 40
    [QUOTE=ZhuJo;1364163People in Ukraine and Bulgary or Romania are living in much worse conditions, but also, not in shacks. They just can't afford the goods.[/QUOTE]



    You're right of course, and I'm certainly not suggesting people in Eastern Europe live in shacks. If anything, that's what we'll be doing in the UK before too long if the credit crunch lasts!



    In general though I still think the kind of people who write viruses are more likely to have PCs simply because that's what available to them and what they're already familiar with, rather than because they've sat down, analysed the problem, and concluded that targetting PCs is more cost effective so that's what machine they'll buy.



    -Rolf
  • Reply 11 of 40
    Quote:
    Originally Posted by deanbar View Post


    Well, there's no need to be so rude!! I'd say you are the pathetic one with such an uncalled for outburst. What! Someone burst your bubble today?



    Personally I found it interesting to hear how things are in Slovakia these days.



    @Zhujo - Unfortunately in these open forums you do get some ignorant people posting. Good to hear you are enjoying life, which obviously this other poster is not!



    Yea, I found that to be educational as well. I lived in Prague Czech Rep for a month in 98 after I got out of the Army, where I was stationed in Germany. I haven't been back to Europe since June of 98 so I am surprised how much has changed in almost 11 yrs. I was lucky enough to be using the Czech crown before the Euro took over, and man that was great! The exchange rate was quite good then! Glad to hear the standard of living is improving, but not yet for everyone though obviously.
  • Reply 12 of 40
    if my previous post sounded to somebody like "ego massaging", sorry for that. I just wanted to illustrate how „poor“ we live in here. Countries like Czech rep. Slovak rep., Hungary of course belongs more to Central Europe than it's eastern part, but still – we had a socialist regime here for a long time. Sadly, some of the thinking „goverment should take care of us“ still prevail in people's mind



    I just want to warn all of you, living in „West“ – don't let the leftist parties to fool you in a way „we should donate money to help the industry“ or „more money for poor“. We had enough of that in the past and sadly (at least in Slovakia), we somewhat still do.



    I'll end with all of this crap – we are quite off topic. Sorry for that also.
  • Reply 13 of 40
    cubertcubert Posts: 728member
    I think the primary reason there are zero viruses for the OS X is because of the underlying security. Not every hacker writes viruses for financial gain. Spreading a virus that attacks OS X is the "Hacker Holy Grail". Many have tried and they all have failed.
  • Reply 14 of 40
    bugsnwbugsnw Posts: 717member
    The reason Apple has enjoyed a free ride with security is the "i" in all their product names stands for Invincible.
  • Reply 15 of 40
    While Mac OSX is indeed withstanding the test from malware so far, the mentioning of several technological advancements is still not very accurate, much like the rest of the whole series here. Basically, many features can be enabled on a 32-bit system, just that Mac OSX didn't do it (not that Windows was doing it either). These features, however, are not necessarily exclusive to 64-bit environment and the author should not pretend as if he really knows the story.



    Examples:



    (In the article)



    This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes. Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.


    ...



    Segment-based (not used extensively by modern OS) and paging-based protection can be enforced strictly since i386. A more advanced feature introduced by AMD through AMD64, and now available in all new Intel and AMD processors, is the NX/XD bit this paragraph inherently refers to. However, this feature can be enabled in 32-bit mode if PAE is enabled (because bit 63, the NX bit, of page table is only available with the special page directory referencing structure under PAE). Windows XP SP2 has it under DEP when PAE is enabled (it indeed uses a different approach when PAE is disabled) and yes it is only available after AMD Opteron, but for the processor operating mode it can be done under 32-bit (Legacy) mode.



    (In the article)



    Another security weakness in the x86 architecture solved in the move to 64-bits is the use of registers for function call arguments. This makes exploits using return-into-libc techniques much more difficult. On 32-bit x86, function arguments are passed directly on the stack, so when an attacker has overwritten the stack segment, they can completely control the arguments passed to a function that they cause the compromised program to "return into," according to a security researcher.




    ...

    Another misinterpretation of parameter passing. x86 (or for the sake, x64) near/far/procedure/across-privilege-level calls always push CS:EIP (or CS:RIP) onto the stack and pop them upon returns; passing parameters through more registers have nothing to do with the exploits used by malwares which modify stack and hence the return address.



    It is indeed other technologies (like ASLR mentioned later, among others) that make return-to-libc attacks harder. It's doable under 32-bit system, but not as robust (although, again, not exactly what the article mentioned).



    The author for this series should really update a bit more about technological details, or we should just all read Apple's marketing materials instead of getting some "insider" info.
  • Reply 16 of 40
    Quote:
    Originally Posted by Virgil-TB2 View Post


    Fantastic article, and so nice to get away from talking about Steve Jobs health and all the negative crap and be positive for a change. This is the kind of article this site used to be known for and should promote.



    Agreed, I went to Wired this morning and saw all sorts of BS on Jobs health. Everyone is quick to jump ship in effort to kill Apple stock.
  • Reply 17 of 40
    Quote:
    Originally Posted by Booga View Post


    MacOS X's insistence on no "root" account



    Mac OS X has a root account. I use it occasionally when I have problems with permissions.
  • Reply 18 of 40
    Quote:

    Even in cases where exploits have been found or artificial attack installers have been designed, viral outbreaks haven't occurred because installations of Macs aren't ubiquitous enough to sustain the critical mass required for an acute network infection.



    WRONG. WRONG. WRONG. WRONG. WRONG!



    Appleinsider should not facilitate the spread of this stupid myth. Show me once shred of evidence that supports this idea that ubiquity somehow translates to viruses. We have one model upon which to base that assumption--Windows. And given that Microsoft's products seem prone to security problems (including their Mac software) I'd say it's more logical to assume Windows' woes mostly trace back to dumb decisions made by MS and their lax attitude about security. There's so much evidence against this argument but you don't even have to look far beyond Apple's own products to see it--OS 9 had viruses and less of a presence than OS X. I've seen OS 9 viruses spread through a network.
  • Reply 19 of 40
    kenckenc Posts: 195member
    Prince McLean's, aka Daniel Eran Dilger, latest article on the Road to Snow Leopard is so even-handed and balanced. Usually, people attack him for being too biased!



    I wonder if Daniel, deliberately implied the security by obscurity myth to get others to do the heavy lifting for him. I'm quite sure he has argued against it in the past.
  • Reply 20 of 40
    Quote:
    Originally Posted by inkswamp View Post


    WRONG. WRONG. WRONG. WRONG. WRONG!



    Appleinsider should not facilitate the spread of this stupid myth. Show me once shred of evidence that supports this idea that ubiquity somehow translates to viruses. We have one model upon which to base that assumption--Windows. And given that Microsoft's products seem prone to security problems (including their Mac software) I'd say it's more logical to assume Windows' woes mostly trace back to dumb decisions made by MS and their lax attitude about security. There's so much evidence against this argument but you don't even have to look far beyond Apple's own products to see it--OS 9 had viruses and less of a presence than OS X. I've seen OS 9 viruses spread through a network.



    I'm sorry did you notice the Safari RSS exploit here on Apple Insider? Its there on both Windows and OS X. Just goes to prove that people could if they wanted to target OS X and Apple products. However, the author is 100% correct and you are wrong. It easier to target Windows because you have a 90% chance that the consumer is going to be using Windows. If you made a Mac Virus based on an exploit you would have to target less than 10% of computers before Apple made a patch. In my house we have 4 Windows PCs and a Macbook that runs OS X and Windows. So in my case if I designed I virus for a Mac, it would have nowhere to go in my house. I could maybe send it to one friend I know who has a Mac. He could maybe pass it to his sister's Mac. Beyond that its the same difficult odds. And how would I send the virus? Email, I doubt anyone using a Mac would be fooled and then the WIndows recipients would wonder what it was, I would be found out and Apple would issue a patch. Website, again less than 10% of visitors would be Mac and probably less so who have the exact version my exploit targets. It would be more prudent for me to target Windows, well because their users tend also to be less savvy.



    The recent worm for Windows for example has hit what 3 million computers mostly in Asia. You take that out of over 1 Billion active Windows PCs (most of which are already patched, because Microsoft acts quickly these days, as I suppose Apple would as well) and you see out of your total install base, less than even 1% get infected or about .3% in this case. So if you take 10% of macs you would get what .003% of the entire computer market infected by your virus/trojan if you had similar success rate. Its not worth it all.
Sign In or Register to comment.