MyLesPaul.com
Homepage - Sponsors - Subscription - Advertise - Spy  
Go Back   MyLesPaul.com > MLP Community > The Backstage
LIKE MyLesPaul on Facebook FOLLOW MyLesPaul on Twitter FOLLOW MyLesPaul on Instagram

Reply
 
Thread Tools Display Modes
Old 08-27-2009, 12:01 PM   #1
geochem1st
V.I.P. Member
 
geochem1st's Avatar
 
Join Date: Mar 2008
Location: NC
Posts: 27,012
Thanks: 1,283
Thanked 1,175 Times in 304 Posts
Mac OS X: Snow Leopard could level security playing field

Friday's release of the new version of the Mac OS, dubbed Snow Leopard, could include some security features that would make it secure, or at least push it closer to the level of security that Vista and Windows 7 have, experts said this week.

Contrary to popular Mac fanboy belief, Macintosh is not more secure from a software standpoint than modern Windows; it's merely safer to use because malware writers prefer to target the platform with the biggest install base, according to Charlie Miller and Dino Dai Zovi, co-authors of The Mac Hacker's Handbook, which
came out this spring"><b><font color=came out this spring" /> came out this spring">came out this spring
.

"Apple hasn't implemented all the security features that Vista has," Miller said. "They made some improvements in Leopard, but they are still behind."

If there is any truth to rumors circulating about Snow Leopard, the operating system security playing field could become more level as of this weekend and Mac users will really have something to brag about.

First off, a screen shot published on the Mac Security Blog of Intego on Tuesday appears to show a security feature supposedly in Snow Leopard that looks like it is detecting a Trojan in a disk image being downloaded via Safari. The post cites unnamed reports about an anti-malware feature being added.

"If it's true, it will mark a fundamental change in that Apple will be admitting that their operating system is as susceptible to malware as other operating systems," Miller said.

CNET's review of Snow Leopard posted late on Wednesday says that File Quarantine, first introduced in Mac OS X 10.4 Tiger, has been refined in Snow Leopard. File Quarantine checks for known malware signatures and displays an alert dialog if it finds a known offender and will be automatically updated via Mac OS X's software update as new malware signatures are found in the wild, the review says.

It's unclear whether rumors are true that Snow Leopard includes several internal features designed to prevent attacks that Vista and Windows 7 have, known as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) on that platform.

By randomizing the location of key pieces of data, ASLR makes it much more difficult for attackers to predict where data is going to be in order to execute their code or the code resident in the process. For exploit code that gets past the ASLR barrier, DEP will try to block it from running, recognizing that it is data and not a legitimate code.

"If you have both, it's hard for an exploit to get around it. Leopard has some ASLR but everything is not randomized and Leopard has no DEP," Miller said. "Things could change significantly for the Mac if they do a good job...That was my main gripe with it."

In June, Dai Zovi reported on a new local privilege escalation vulnerability researchers had discovered that gives local root access on Mac OS X Tiger and Leopard. He offered up a wish list for Snow Leopard that included: real" ASLR; "full use of hardware-enforced Non-eXecutable memory (NX);" default 64-bit native execution for security-sensitive processes; sandbox policies for Safari, Mail.app, and third-party applications (akin to what Chrome has); and Mandatory code signing for kernel extensions.

Apple's Mac OS X security page makes reference to offering sandboxing, Library Randomization, and Execute Disable, but there are no details.
An Apple spokeswoman did not follow up on an e-mail request seeking an interview for this story.

The Snow Leopard Web site says it will offer protection against some common types of heap buffer overflow exploits but not new types of such memory overflow exploits, according to Dai Zovi.

The security level in Leopard falls in between Windows XP Service Pack 2 and Vista, he said. If Snow Leopard has full ASLR and DEP, it would bring its security close to the level of Vista, he added.

While adding full ASLR and DEP to Snow Leopard will boost the operating system's defenses against targeted attacks, the Mac OS software arguably has more holes that malware can slip through, Miller said. "It would be fair to say that Mac has more bugs, but it's impossible to measure," he said.

Market pressure has been missing
In this sense, Microsoft has benefited greatly from the plague of security holes in early Windows versions. Those problems led the company to embark on a quasi-religious conversion in 2002 with Bill Gates launching the Trustworthy Computing initiative and setting security as a top priority for the company. Its Software Development Lifecycle (SDL) program--designed to build security into the software--has become the model for the industry.

Microsoft puts "much more effort into auditing their code, the entire SDL process, developer training, automated source code scanners, and hiring external penetration testers," Dai Zovi said.

So far, Apple hasn't felt that kind of market pressure to improve Mac security, largely because malware writers have ignored it, so its secure software development process isn't nearly as developed or mature as Microsoft's, the security researchers said.

"Microsoft has had a head start. That's why they had ASLR and DEP first," Miller said. "It's not because they're geniuses. They just started caring about it sooner."

"These things go lock in step and it doesn't make sense for businesses to expend a ton of resources when the threat is not there," said Dai Zovi. "So far, Apple has been keeping up pretty well with the level of threats in the wild."

As far as security goes, market share is a double-edged sword. As the Mac operating system gets more popular, the amount of malware targeting it is growing.

The Mac has only about 5 percent market share worldwide (nearly half is in the U.S. alone), compared with nearly 95 percent for Windows, according to market statistics provider Net Applications. But the Mac share is rising, from 3.73 percent to 4.86 percent in less than a year, the firm says.

In the meantime, more and more Mac malware is appearing. Earlier this week, TrendMicro reported that it found a new variant of the JAHLAV family of Trojans that pose as pirated versions of legitimate applications, modify a computer's domain name system (DNS) settings and enabling successful phishing attacks and redirects to sites hosting malware. Earlier versions of the Trojan masqueraded as versions of QuickTime, but this one passes as Foxit Reader or an antivirus program.

Some malware is written for both Windows and Mac platforms and downloads the correct version depending on the browser. Last week, Symantec reported that sites purporting to show streams of new movies were actually feeding up a DNS-changing Trojan instead called OSX.RSPlug.A for Mac and Trojan.Fakeavalert for Windows. Last month, a McAfee blog post wrote about the OSX/Puper.a Trojan that is downloaded onto Mac systems when users download what they think is a video player.

ZDNet's Zero Day blog has covered a number of Mac malware threats this year alone. In January, Intego, which has been tracking Mac malware for several years, discovered a Mac OS X Trojan circulating in pirated copies of Apple's iWork '09 software found on BitTorrent trackers and other sites. Symantec researchers in April linked malware found in bogus copies of iWork '09 and Adobe Photoshop CS4 to what they said could be the first Mac OS X botnet launching denial-of-service attacks. And in May, a new e-mail worm dubbed OSX/Tored-A targeting the Mac was uncovered, although it was not found to be spreading in the wild.

"The frequency is increasing" for Mac threats in the wild, said Dai Zovi. "Still, there are only a handful of threats; no where near what Windows users face."

In addition to considering how buggy the software is, how secure the operating system code is, and whether malware writers are creating viruses and Trojans for the platform, another factor in play is how likely Mac users are to be duped into visiting a malicious site, opening a malicious e-mail attachment, and downloading a fake file.

Most Mac users seem to take pride in their supposed invulnerability, so one would think that they are less cautious in their surfing activities. But it's hard to tell.

"No computer or operating system is more or less secure when it comes to users being tricked into downloading something," Miller said.
Snow Leopard could level security playing field | InSecurity Complex - CNET News


And related:
Mac flaw could let hackers get scrambled data | Technology | Reuters

"SECURITY LOOPHOLES
Apple is the fourth-largest U.S. PC maker and continues to take market share. It held 9 percent of the U.S. market in the second quarter, according to Gartner.

"They are advancing. Our concern is that they are just not advancing as fast as they are gaining market share," said Charlie Miller, co-author of "The Mac Hacker's Handbook."

They said the Mac's operating system will be an easier nut to crack once hackers start to focus on it. That is because it has a lot more code in it than Windows, leaving room for more vulnerabilities and bugs that hackers can exploit."
__________________
_____________________

Quote:
"Why is it that wanting clean drinking water makes you an activist, and why proposing to destroy water with chemical warfare doesn't make a corporation a terrorist."
geochem1st is offline   Reply With Quote
The Following User Says Thank You to geochem1st For This Useful Post:
Old 08-27-2009, 12:03 PM   #2
Jason
Senior Member
 
Jason's Avatar
 
Join Date: Sep 2008
Posts: 18,510
Thanks: 109
Thanked 178 Times in 37 Posts
Re: Mac OS X: Snow Leopard could level security playing field

I am beyond grateful for
Jason is offline   Reply With Quote
Old 08-27-2009, 12:11 PM   #3
gui524
Senior Member
 
gui524's Avatar
 
Join Date: Dec 2008
Location: Brazil
Posts: 2,682
Thanks: 22
Thanked 11 Times in 5 Posts
Re: Mac OS X: Snow Leopard could level security playing field

I use both Windows ( XP ) and a Macbook Pro, I must say I've never had a single virus-related problem with the OSX, my father's notebook has Vista installed and I thought it was as insecure as a XP ... nice surprise !! I think I'll install W7 in my PC ... but does it handles XP programs ??
gui524 is offline   Reply With Quote
Old 08-27-2009, 12:46 PM   #4
BUDOKAI
Senior Member
 
BUDOKAI's Avatar
 
Join Date: Apr 2009
Location: Tokyo
Posts: 2,555
Thanks: 239
Thanked 13 Times in 6 Posts
Re: Mac OS X: Snow Leopard could level security playing field

im getting this tommorrow
__________________
Jazz
BUDOKAI is offline   Reply With Quote
Old 08-27-2009, 12:51 PM   #5
Sinmastah
Epi Verification Expert
 
Sinmastah's Avatar
 
Join Date: Jan 2008
Location: Minnesota.
Posts: 16,640
Thanks: 8
Thanked 692 Times in 112 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Windows 7 will do run any program windows Vista will. So if your XP program runs on Vista, it will run on 7.
__________________
Epiphone Elitist SG Faded Cherry(Jonesey'd and WB'd)
Epiphone Elitist SG Faded Brown (EMG's)
Epiphone MIJ Les Paul Ebony LQ
Fender Mexi Oly White Strat
Squier Natural Vintage M Jazz bass

Peavey Classic 50

SG's FTW
Sinmastah is offline   Reply With Quote
Old 08-27-2009, 12:52 PM   #6
PraXis
V.I.P. Member
 
PraXis's Avatar
 
Join Date: Dec 2007
Location: Planet X
Posts: 24,769
Thanks: 379
Thanked 381 Times in 144 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Macs are overpriced and overrated.

Flame on!
__________________
PraXis is offline   Reply With Quote
Old 08-27-2009, 12:55 PM   #7
Jason
Senior Member
 
Jason's Avatar
 
Join Date: Sep 2008
Posts: 18,510
Thanks: 109
Thanked 178 Times in 37 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by Pwozzie View Post
Macs are overpriced and overrated.

Flame on!
Overpriced, sure. So is the Windows operating system, if you ask me.
Jason is offline   Reply With Quote
Old 08-27-2009, 12:56 PM   #8
Sinmastah
Epi Verification Expert
 
Sinmastah's Avatar
 
Join Date: Jan 2008
Location: Minnesota.
Posts: 16,640
Thanks: 8
Thanked 692 Times in 112 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Meh, I got Windows 7 professional for free from the university, no complaints here.

__________________
Epiphone Elitist SG Faded Cherry(Jonesey'd and WB'd)
Epiphone Elitist SG Faded Brown (EMG's)
Epiphone MIJ Les Paul Ebony LQ
Fender Mexi Oly White Strat
Squier Natural Vintage M Jazz bass

Peavey Classic 50

SG's FTW
Sinmastah is offline   Reply With Quote
Old 08-27-2009, 12:57 PM   #9
PraXis
V.I.P. Member
 
PraXis's Avatar
 
Join Date: Dec 2007
Location: Planet X
Posts: 24,769
Thanks: 379
Thanked 381 Times in 144 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by Jason View Post
Overpriced, sure. So is the Windows operating system, if you ask me.
People pay for OS's?
__________________
PraXis is offline   Reply With Quote
Old 08-27-2009, 01:07 PM   #10
return of the mac
Banned
 
Join Date: Apr 2007
Location: CNY
Posts: 373
Thanks: 1
Thanked 14 Times in 8 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by Pwozzie View Post
Macs are overpriced and overrated.

Flame on!


Maybe so ,but they are very nice none the less. Once you go Mac you'll never look back.
return of the mac is offline   Reply With Quote
Old 08-27-2009, 01:09 PM   #11
Sinmastah
Epi Verification Expert
 
Sinmastah's Avatar
 
Join Date: Jan 2008
Location: Minnesota.
Posts: 16,640
Thanks: 8
Thanked 692 Times in 112 Posts
Re: Mac OS X: Snow Leopard could level security playing field

I've used plenty of macs, don't understand the hype.
__________________
Epiphone Elitist SG Faded Cherry(Jonesey'd and WB'd)
Epiphone Elitist SG Faded Brown (EMG's)
Epiphone MIJ Les Paul Ebony LQ
Fender Mexi Oly White Strat
Squier Natural Vintage M Jazz bass

Peavey Classic 50

SG's FTW
Sinmastah is offline   Reply With Quote
Old 08-27-2009, 01:11 PM   #12
PraXis
V.I.P. Member
 
PraXis's Avatar
 
Join Date: Dec 2007
Location: Planet X
Posts: 24,769
Thanks: 379
Thanked 381 Times in 144 Posts
Re: Mac OS X: Snow Leopard could level security playing field

I only build PC's, so you can't pay me to use a Mac.
__________________
PraXis is offline   Reply With Quote
Old 08-27-2009, 01:19 PM   #13
Jason
Senior Member
 
Jason's Avatar
 
Join Date: Sep 2008
Posts: 18,510
Thanks: 109
Thanked 178 Times in 37 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by Pwozzie View Post
People pay for OS's?
Well, MS has been making a list of those who DON'T for at least 3-4 years now. I predict something similar to what the RIAA has been doing in a couple years.

I guess that explains why you like Windows so much though, you're not paying for it! I'm thinking you might have a different attitude if you had to pay $300 each time they released a new version for an OS that is full of bugs and exploits and requires major hardware upgrades just to run as smoothly as the previous version. Versus, of course, someone like me who (legally) runs a totally free OS with almost no issues. WOULD you pay $300 for it? That's the real question here.

Yeah, you can sit there and pirate Win7, Photoshop, Premiere, Calkewalk, and whatever you want... but by doing that, you've pretty much said that the software isn't worth the asking price to you. Same deal with Windows, obviously.
Jason is offline   Reply With Quote
Old 08-27-2009, 01:22 PM   #14
Sinmastah
Epi Verification Expert
 
Sinmastah's Avatar
 
Join Date: Jan 2008
Location: Minnesota.
Posts: 16,640
Thanks: 8
Thanked 692 Times in 112 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Computers come with Operating systems on them, you pay for them that way, but it doesn't really seem like it. Wouldn't say there are a lot of bugs with this win 7 because of the extensive beta testing. I guess they wanted 7 to stay for a while instead of Vista, and how short it's life was.
__________________
Epiphone Elitist SG Faded Cherry(Jonesey'd and WB'd)
Epiphone Elitist SG Faded Brown (EMG's)
Epiphone MIJ Les Paul Ebony LQ
Fender Mexi Oly White Strat
Squier Natural Vintage M Jazz bass

Peavey Classic 50

SG's FTW
Sinmastah is offline   Reply With Quote
Old 08-27-2009, 01:24 PM   #15
PraXis
V.I.P. Member
 
PraXis's Avatar
 
Join Date: Dec 2007
Location: Planet X
Posts: 24,769
Thanks: 379
Thanked 381 Times in 144 Posts
Re: Mac OS X: Snow Leopard could level security playing field

My W7 is free (RC). When it's released, I get it cheap from my college.
__________________
PraXis is offline   Reply With Quote
Old 08-27-2009, 01:26 PM   #16
Jason
Senior Member
 
Jason's Avatar
 
Join Date: Sep 2008
Posts: 18,510
Thanks: 109
Thanked 178 Times in 37 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by Sinmastah View Post
Computers come with Operating systems on them, you pay for them that way, but it doesn't really seem like it. Wouldn't say there are a lot of bugs with this win 7 because of the extensive beta testing. I guess they wanted 7 to stay for a while instead of Vista, and how short it's life was.
Yeah, but if a certain someone is saying that he builds PCs, they obviously are NOT coming with the OS.

And as far as bugs go, there's ALWAYS extensive beta testing... that doesn't mean there won't be bugs... vulnerabilities will be found because, as has been said before, MS's user base is like 80-90% of all PCs... People writing exploits aren't going to bother with the other OSs, for the most part.
Jason is offline   Reply With Quote
Old 08-27-2009, 03:19 PM   #17
Sinmastah
Epi Verification Expert
 
Sinmastah's Avatar
 
Join Date: Jan 2008
Location: Minnesota.
Posts: 16,640
Thanks: 8
Thanked 692 Times in 112 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Eh, so far Win 7 (Not RC) has no bugs I have found. Will people write viruses for it? Of course, it's part of life.
__________________
Epiphone Elitist SG Faded Cherry(Jonesey'd and WB'd)
Epiphone Elitist SG Faded Brown (EMG's)
Epiphone MIJ Les Paul Ebony LQ
Fender Mexi Oly White Strat
Squier Natural Vintage M Jazz bass

Peavey Classic 50

SG's FTW
Sinmastah is offline   Reply With Quote
Old 08-27-2009, 03:21 PM   #18
stonevibe
Senior Member
 
stonevibe's Avatar
 
Join Date: Mar 2008
Location: Exeter, England
Posts: 775
Thanks: 11
Thanked 33 Times in 6 Posts
Re: Mac OS X: Snow Leopard could level security playing field

My copy is on order and should be delivered by tomorrow. In over 20 years of Mac use I have never had a virus!
stonevibe is offline   Reply With Quote
Old 08-27-2009, 04:08 PM   #19
PraXis
V.I.P. Member
 
PraXis's Avatar
 
Join Date: Dec 2007
Location: Planet X
Posts: 24,769
Thanks: 379
Thanked 381 Times in 144 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by stonevibe View Post
My copy is on order and should be delivered by tomorrow. In over 20 years of Mac use I have never had a virus!
Because it took them 20 years to get a 10% market share!
__________________
PraXis is offline   Reply With Quote
Old 08-27-2009, 04:14 PM   #20
geochem1st
V.I.P. Member
 
geochem1st's Avatar
 
Join Date: Mar 2008
Location: NC
Posts: 27,012
Thanks: 1,283
Thanked 1,175 Times in 304 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by Pwozzie View Post
Because it took them 20 years to get a 10% market share!

NOT because it was an inferior system, but because Micro$oft strong armed the IBM pc clone industry into installing their OS onto every PC sold.
__________________
_____________________

Quote:
"Why is it that wanting clean drinking water makes you an activist, and why proposing to destroy water with chemical warfare doesn't make a corporation a terrorist."
geochem1st is offline   Reply With Quote
Old 08-27-2009, 04:26 PM   #21
kernelofwisdom
V.I.P. Member
 
kernelofwisdom's Avatar
 
Join Date: Jun 2008
Location: Raleigh, NC
Posts: 5,410
Thanks: 144
Thanked 260 Times in 44 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by geochem1st View Post
NOT because it was an inferior system, but because Micro$oft strong armed the IBM pc clone industry into installing their OS onto every PC sold.
To be fair, Apple has always wanted enjoy premium pricing (which I gladly pay!).
__________________
Proud Winner of 2010 Leumas Award!

kernelofwisdom is offline   Reply With Quote
Old 08-27-2009, 04:28 PM   #22
coldsteal2
V.I.P. Member
 
coldsteal2's Avatar
 
Join Date: Sep 2007
Location: Chico, CA "Fly Over America"
Posts: 37,067
Thanks: 731
Thanked 102 Times in 23 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by Pwozzie View Post
Macs are overpriced and overrated.

Flame on!
yep you can buy three for the price of one
and at higher PCU speeds, larger Ram sizes
and hard drive sizes and speeds
coldsteal2 is offline   Reply With Quote
Old 08-27-2009, 04:30 PM   #23
coldsteal2
V.I.P. Member
 
coldsteal2's Avatar
 
Join Date: Sep 2007
Location: Chico, CA "Fly Over America"
Posts: 37,067
Thanks: 731
Thanked 102 Times in 23 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Quote:
Originally Posted by Sinmastah View Post
Computers come with Operating systems on them, you pay for them that way, but it doesn't really seem like it. Wouldn't say there are a lot of bugs with this win 7 because of the extensive beta testing. I guess they wanted 7 to stay for a while instead of Vista, and how short it's life was.
alot of new PC are coming out with a free windows 7
option i bought a Sony a few weeks ago with it
coldsteal2 is offline   Reply With Quote
Old 08-27-2009, 04:34 PM   #24
Sinmastah
Epi Verification Expert
 
Sinmastah's Avatar
 
Join Date: Jan 2008
Location: Minnesota.
Posts: 16,640
Thanks: 8
Thanked 692 Times in 112 Posts
Re: Mac OS X: Snow Leopard could level security playing field

Yeah, I'm surprised, I thought they would wait to roll it out oct 22nd.
__________________
Epiphone Elitist SG Faded Cherry(Jonesey'd and WB'd)
Epiphone Elitist SG Faded Brown (EMG's)
Epiphone MIJ Les Paul Ebony LQ
Fender Mexi Oly White Strat
Squier Natural Vintage M Jazz bass

Peavey Classic 50

SG's FTW
Sinmastah is offline   Reply With Quote
Reply
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

 






All times are GMT -5. The time now is 12:18 PM.


Our Network: PRS Guitar Forum | Luthier Forum | SG Guitar Forum | Marshall Amp Forum | 7 String Guitar Forum | Acoustic Guitar Forum

MyLesPaul proudly supports St. Jude Children's Research Hospital

Copyright © 2006-2016, MyLesPaul.com. All Rights Reserved.