NEWS
Friday's release of the new version of the Mac OS, dubbed Snow Leopard, could include some security features that would make it secure, or at least push it closer to the level of security that Vista and Windows 7 have, experts said this week.
Contrary to popular Mac fanboy belief, Macintosh is not more secure from a software standpoint than modern Windows; it's merely safer to use because malware writers prefer to target the platform with the biggest install base, according to Charlie Miller and Dino Dai Zovi, co-authors of The Mac Hacker's Handbook, which came out this spring.
"Apple hasn't implemented all the security features that Vista has," Miller said. "They made some improvements in Leopard, but they are still behind."
If there is any truth to rumours circulating about Snow Leopard, the operating system security playing field could become more level as of this weekend and Mac users will really have something to brag about.
First off, a screenshot published on the Mac Security Blog of Intego on Tuesday appears to show a security feature supposedly in Snow Leopard that looks like it is detecting a Trojan in a disk image being downloaded via Safari. The post cites unnamed reports about an anti-malware feature being added.
"If it's true, it will mark a fundamental change in that Apple will be admitting that their operating system is as susceptible to malware as other operating systems," Miller said.
It's unclear whether rumours are true that Snow Leopard includes several internal features designed to prevent attacks that Vista and Windows 7 have, known as Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) on that platform.
By randomising the location of key pieces of data, ASLR makes it much more difficult for attackers to predict where data is going to be in order to execute their code or the code resident in the process. For exploit code that gets past the ASLR barrier, DEP will try to block it from running, recognising that it is data and not a legitimate code.
"If you have both, it's hard for an exploit to get around it. Leopard has some ASLR but everything is not randomised and Leopard has no DEP," Miller said. "Things could change significantly for the Mac if they do a good job...That was my main gripe with it."
In June, Dai Zovi reported on a new local privilege escalation vulnerability researchers had discovered that gives local root access on Mac OS X Tiger and Leopard. He offered up a wishlist for Snow Leopard that included: "real" ASLR; "full use of hardware-enforced Non-eXecutable memory (NX)"; default 64-bit native execution for security-sensitive processes; sandbox policies for Safari, Mail.app, and third-party applications (akin to what Chrome has); and Mandatory code signing for kernel extensions.
Apple's Mac OS X security page makes reference to offering sandboxing, Library Randomisation, and Execute Disable, but there are no details.
Apple did not respond to request for comment.
The Snow Leopard website says it will offer protection against some common types of heap buffer overflow exploits but not new types of such memory overflow exploits, according to Dai Zovi.
The security level in Leopard falls in between Windows XP Service Pack 2 and Vista, he said. If Snow Leopard has full ASLR and DEP, it would bring its security close to the level of Vista, he added.
While adding full ASLR and DEP to Snow Leopard will boost the operating system's defences against targeted attacks, the Mac OS software arguably has more holes that malware can slip through, Miller said. "It would be fair to say that Mac has more bugs, but it's impossible to measure," he said.
Market pressure has been missing
In this sense, Microsoft has benefited greatly from the plague of security holes in early Windows versions. Those problems led the company to embark on a quasi-religious conversion in 2002 with Bill Gates launching the Trustworthy Computing initiative and setting security as a top priority for the company. Its Software Development Lifecycle (SDL) program - designed to build security into the software--has become the model for the industry.
Microsoft puts "much more effort into auditing their code, the entire SDL process, developer training, automated source code scanners, and hiring external penetration testers," Dai Zovi said.
So far, Apple hasn't felt that kind of...
Comments
There are 6 comments. Join the discussion
1. anonymous
Everything that Microsoft, Apple or any other OS do to make it more difficult for viruses is a good thing.
However, the fact of the matter is that there will always be users who do everything that they can to weaken the protection that the operating systems provide.
Most Windows users use login id's with 'administrator' access to do everything which gives any programs they run access to trash their entire system.
Mac users will blindly hit the "ok" button when asked to grant 'superuser' access to a process, allowing the process to trash the entire system.
No matter how difficult the OS makes it for viruses to function, there will always be a user to hit the "ok" button and effectively disable all of the security features the OS is providing.
2. anonymous
What a moronic view of things! Apple adds even more security to an already secure OS, and some people use this to convince the clueless that Mac OS X is now MORE vulnerable to malware (instead of the opposite).
3. Edward
Mac OS X is nearly invulnerable to malware. This story is a bit rediculous.
4. anonymous
When will the online press ever start getting 'journalists' with a clue?
The facts are simple. There are ZERO viruses affecting Mac OS X in the wild. None. Nada. Zip.
Windows, OTOH, has several hundred thousand at last count. Windows security problems cost American industry tens of billions of dollars per year.
Your statement that malware writers don't try to write malware for OS X is pure speculation. The contrary view is that the first hacker to write a self-propogating Mac OS X virus would have instant notoriety in those circles, but that is speculation, too.
Since it's impossible to state whether malware writers truly attempt to attack Macs, let's stick to facts. Macs are currently safe from viruses. Windows (all versions) are not.
(and please don't try the silly strawman argument that you Mac bashers always use. I never said that Macs would NEVER be attacked, simply that if you want a computer today, Macs are safe from viruses and Windows computers are not).
5. Pat S
You miss the mark. Rather then spend your time complaining about security enhancements you should look for a new job. Obviously you understand that security is a cat and mouse game and both sides keep improving. To think that Apple would just sit and watch in naive at best. To say Unix lags Vista in security is a verbose statement. Do you have any real world proof? The market still says that Windows is the primary carrier of malware and until that changes you can create your fantasy where Mac OS lags windows
6. anonymous
This is amazing: how can you write something like that keeping a straight face?
Were you blindfolded when you listed the malware available for the Mac OS? Didn't you notice it was ALL related to social engineering? Also, about 90% of it is tightly connected to porn sites: I mean come on! If a person feels safe downloading something claiming to be a new codec or a full-featured video player (and usually giving his password when prompted) then the problem lies outside the device and the solution is to forbid him to type or click anything more!
On Windows, on the other hand, there's plenty of nice attacks which only need the machine to be online - I still laugh thinking about that time I formatted my PC and found myself without an antivirus: "No biggie, I'll download one and then quickly disconnect again".. My machine was owned in less than six minutes, had to format it again (was XP SP2).