Welll, I know you can't count it as part of OSX's native security. Just wanted to hear about it...should OS's include this? Is it necessary for all users to have? Does it really raise your level of security? etc.
Sure, something like Little Snitch would make you more secure (assuming that it works as advertised). The problem with these things is that you can get a lot of false positives for web applications, and it can be kind of a pain depending on what you're doing. Security is always a trade off between convenience and security.
By the way, the most obnoxious people email our abuse address because of false positives from these sorts of programs. "You're hacking me! Quit it or I'll sue!" Uh, no, that's from a web site which you visited voluntarily. Please pay attention.
Sure, something like Little Snitch would make you more secure (assuming that it works as advertised). The problem with these things is that you can get a lot of false positives for web applications, and it can be kind of a pain depending on what you're doing. Security is always a trade off between convenience and security.
By the way, the most obnoxious people email our abuse address because of false positives from these sorts of programs. "You're hacking me! Quit it or I'll sue!" Uh, no, that's from a web site which you visited voluntarily. Please pay attention.
It can be a pain. It learns from you as it goes, but it pops up a lot at first.
I said reasonably good job of not starting services by default. Obviously, this is a glaring exception (and it reminds me of something Microsoft would do).
Am I missing something? How do you open an .exe file on a Mac?
You are correct, a Mac will not open an .exe file. But you can accidentally double-click on them and the Mac will try to open them - eventually giving up. A PC will, of course, open an .exe file. Lord help you if it's a virus or some other malware.
You are correct, a Mac will not open an .exe file.
Now, someone could conceivably plant a .app file designed to infect a Mac behind your back, since .app is the Mac equivalent of .exe. But that file could be stopped in three ways because Mac OS X:
warns you when a file being downloaded is an application
warns you when you're starting an app for the first time, in case you weren't expecting to
will require a password for an action that will affect the system
Windows now has some of those safeguards too, but the point is even if someone designed a malicious .app, you should in theory get plenty of warning about something happening behind your back.
No Security With People Involved.
why do I let myself get drawn into these?
The Windows security architecture is probably the most sophesticated desktop security architecture going. It was designed as a superset of the UN*X security system (principally by the people who designed UN*X).
Actually, Dave & co. who left DEC were VMS (now called OpenVMS) engineers. I'd hold VMS up as more secure than any of the Un*ces, but that's not the question here. He wanted to do Desktop VMS, wasn't given enough funding or freedom (though one version did exist internally) and BillG offered him more of both to build NT. Of course, then the problem became adding in "backward compatability" and "ease of use" both of which, under time-to-market constraints lead to the problems we still see. Especially when backfitted to consumer-level OS' (the server side's somewhat better).
The bug fixes will continue, machines will continue to be exploited because their SysAdmins don't apply the patches, yawn yawn yawn.
right. The users - home, soho and enterprise - who scream the loudest are often the ones who don't update. Which of the last 'big' attacks had actually been through a hole that had a patch available for at least 6 months... but almost nobody'd insalled it.
The question is how do we make a substanial leap forwards to ~8? Currently, configuring *any* OS to that level requires expert attention, and even then it's probably not possible.
possible, but not realistically feasible with the way apps are written . I've tried. Jon Udell's tried. Many of us have tried... only to be thwarted by our family's use.
when its usability failures that cause the vulnerabilites.
Yup. I can make a Win system competely secure... and completely worthless to today's user. They expect to be connected. They expect to click on something and have "the right thing" happen. Most have no clue what to do when a (real) certificate warning is presented, so most just now default to hitting the "install it anyway" button.
OS X may very well get as easily polluted, though by default there are fewer consumer-level holes (*cough*ActiveX*cough*) there to start with.
The question is then, how do you design systems so that usability doesn't compromise security?
That's the question, Mr. Spock.
In the meantime, do you care to explain this to me please?
I won't say this as gospel, but the appearances are that Apple's software folks don't "do" Windows apps well... either on purpose (so everything's better on the Mac) or not.
Now, someone could conceivably plant a .app file designed to infect a Mac behind your back
Been done already. Fortunately most people recognised it for what it was (because it was stupidly put in a "here's MS Office/Mac for free" thing but was comparatively tiny).
Mac OS X:
warns you when...
Windows is getting better about warning, but the problem still comes down to...
(wait for it)
...people.
Most users just don't understand what clicking that "ok" button can do to them. I'm not trying to be insulting here; heck I don't understand the truck I drive. If I was at a filling station and the attendant (remember those?) gave me something to put in my gas tank and said it would make my truck "go better," I'd probably believe him.
-Steven Microsoft Certified Systems Engineer,
tester and user of 95/98/me/NT3/NT4/XP... as well as OS X, VMS, OSF/1... too dang many computers to remember
Which will give you some background. Apple has completed a couple required government certifications for this stuff, and does take security very seriously. Certainly they are aware of CERT advisories, and security patches for actual compromises typically come along pretty quickly.
Your CERT advisory list:
1 - KOffice KWord buffer overflow (Un*x application)
2 - PHP SQL insertion attack (All)
3 - Ubutnu SSL problem (Un*x library)
4 - Un*x 3rd party buffer overrun software problem
5 - Stack overrun in authentication on a Un*x variant
6 - iTunes DOS attack (OSX + Windows application software)
7 - Gallery infromation disclosure attack (3rd party)
8 - SQL injection attack (3rd party)
9 - Ubuntu vulnerability (Un*x)
10 - XMail vulnerability (3rd party)
Seems rather silly... NONE of those are applications that the typical Mac user would be running. Saying that a buffer overflow can exist in a UNIX application isn't really useful -- of course they can. The key is... does a buffer overflow in an application compromise the system in any way? If so, will it affect the Mac? None of those listed issues will.
Furthermore, Macs ship from the factory locked down, in terms of network ports. There are 0 ports open by default, so you could plug it into your DSL line with no firewall or router, and let it sit for months without being compromised. You can't hack in if there are no services listening.
I argue that Macs most certainly are more secure. There are no known viruses that affect OS X, today. This is not to say one cannot be written -- I'm sure it can. I would disagree with someone who would say the *only* reason there are no Mac viruses is because nobody can be bothered to write a virus for an OS with "only" 5% market share.
As for this statement:
"3. Architecture. The Windows security architecture is probably the most sophesticated desktop security architecture going. It was designed as a superset of the UN*X security system (principally by the people who designed UN*X). Windows offers increadible precision of access control through ACLs."
I'm not really sure what you're getting at here -- Windows file system ACLs for security? They're almost never used by end users, and file system ACLs don't really in themselves make the system secure. OS X 10.4 does support ACLs itself, though they're not enabled by default on the "client" version of the OS. They can be enabled via the command line if you wish.
Yup. I can make a Win system competely secure... and completely worthless to today's user. They expect to be connected. They expect to click on something and have "the right thing" happen.
Ha, too true. Have you guys seen these? I read the one for Mac OS X. Like StevenV says, you can make a computer very secure, but it sure won't act like the one in the store when you're through.
Unfortunatly the plauges of work and hands have overtaken me, I don't have time to give these the responses they deserve.
I will get back to this question.
>Which will give you some background. Apple has completed a couple required government certifications for this stuff,
Which ones?
>Seems rather silly... NONE of those are applications that the typical Mac user would be running. Saying that a buffer overflow can exist in a UNIX application isn't really useful -- of course they can. The key is... does a buffer overflow in an application compromise the system in any way? If so, will it affect the Mac? None of those listed issues will.
This is beside the point. As I have stated in a previous post in this thread I was highlighting the generally abmisal state of security and helping counteract the myth that the media seem to like portraying that Windows is the only system with security issues.
Sorry, the rest of my response and to other posts in this thread will have to wait. I've I'd known my workload was going to behave the way it has done I would have let it go.
I may well be forced to do that soon anyhow, appologies again.
>Seems rather silly... NONE of those are applications that the typical Mac user would be running. Saying that a buffer overflow can exist in a UNIX application isn't really useful -- of course they can. The key is... does a buffer overflow in an application compromise the system in any way? If so, will it affect the Mac? None of those listed issues will.
This is beside the point. As I have stated in a previous post in this thread I was highlighting the generally abmisal state of security and helping counteract the myth that the media seem to like portraying that Windows is the only system with security issues.
Of course it's not the only system with security issues. However, it absolutely is important to distinguish between the security of an OS, and the security of the applications that run on that OS. Highlighting a security risk in Ubuntu has absolutely nothing to do with OS X, because they're nothing the same, unless your point is that Linux and OS X are both "UNIXy," which is a like saying Jaguars and BMWs are both unreliable cars, because they both were founded in Europe.
Forgive me if the overall security of OS X seems a rather odd topic for the dgrin forums.
I have yet to read the document that you sent me, so the below may be wrong for this document however generally one should be wary of the CC....
Ross Anderson, one of the world's leading security experts has a few interesting comments in his book on CC:
'In other words, the Criteria avoid all the hard and intersting bits of securty engineering, and can easily become a cherry picker's charter.'
'In non of the half-dozen or so affected cases I've been involved in has the Common Criteria approached proved satisfactory'
'In general, the structure of the CC is strongly orientated toward MLS systems and the devices that support them, ..... They assume trained obedient users, small systems that can be formally verified, uniform MLS-type security policies and an abscence of higher-level attacks, such as legal challeneges. This makes them essentially useless for most of the applications one finds in the real world'
and finally... 'Fortunately the economics discussed in Section 23.2.1 should limit the uptake of the Criteria to sectors where an offical certification, however irrelevant, erroneous or mendacious, offers some competitive advantage'
Not exactly an endorsement....
Incidentally if you're interest in this kind of thing, the book is an excellent read. Probably the best book on information security I've ever come across.
Comments
By the way, the most obnoxious people email our abuse address because of false positives from these sorts of programs. "You're hacking me! Quit it or I'll sue!" Uh, no, that's from a web site which you visited voluntarily. Please pay attention.
It can be a pain. It learns from you as it goes, but it pops up a lot at first.
Dgrin FAQ | Me | Workshops
I'll reply later, got to work now. Thanks again for the comments as always...
In the meantime, do you care to explain this to me please?
http://www.dgrin.com/showthread.php?goto=newpost&t=20526
Don't worry, I won't hold you responsible......
Luke
SmugSoftware: www.smugtools.com
Is it listening to anything?
You are correct, a Mac will not open an .exe file. But you can accidentally double-click on them and the Mac will try to open them - eventually giving up. A PC will, of course, open an .exe file. Lord help you if it's a virus or some other malware.
Now, someone could conceivably plant a .app file designed to infect a Mac behind your back, since .app is the Mac equivalent of .exe. But that file could be stopped in three ways because Mac OS X:
Windows now has some of those safeguards too, but the point is even if someone designed a malicious .app, you should in theory get plenty of warning about something happening behind your back.
why do I let myself get drawn into these?
Actually, Dave & co. who left DEC were VMS (now called OpenVMS) engineers. I'd hold VMS up as more secure than any of the Un*ces, but that's not the question here. He wanted to do Desktop VMS, wasn't given enough funding or freedom (though one version did exist internally) and BillG offered him more of both to build NT. Of course, then the problem became adding in "backward compatability" and "ease of use" both of which, under time-to-market constraints lead to the problems we still see. Especially when backfitted to consumer-level OS' (the server side's somewhat better).
right. The users - home, soho and enterprise - who scream the loudest are often the ones who don't update. Which of the last 'big' attacks had actually been through a hole that had a patch available for at least 6 months... but almost nobody'd insalled it.
possible, but not realistically feasible with the way apps are written
Yup. I can make a Win system competely secure... and completely worthless to today's user. They expect to be connected. They expect to click on something and have "the right thing" happen. Most have no clue what to do when a (real) certificate warning is presented, so most just now default to hitting the "install it anyway" button.
OS X may very well get as easily polluted, though by default there are fewer consumer-level holes (*cough*ActiveX*cough*) there to start with.
That's the question, Mr. Spock.
I won't say this as gospel, but the appearances are that Apple's software folks don't "do" Windows apps well... either on purpose (so everything's better on the Mac) or not.
Been done already. Fortunately most people recognised it for what it was (because it was stupidly put in a "here's MS Office/Mac for free" thing but was comparatively tiny).
Windows is getting better about warning, but the problem still comes down to...
(wait for it)
...people.
Most users just don't understand what clicking that "ok" button can do to them. I'm not trying to be insulting here; heck I don't understand the truck I drive. If I was at a filling station and the attendant (remember those?) gave me something to put in my gas tank and said it would make my truck "go better," I'd probably believe him.
-Steven
Microsoft Certified Systems Engineer,
tester and user of 95/98/me/NT3/NT4/XP... as well as OS X, VMS, OSF/1...
too dang many computers to remember
my words, my "pro"pictures, my "fun" pictures, my videos.
Lots of questions you have there
First, you may wish to read Apple's OS X Security Tech Brief:
Tiger Security Tech Brief
Which will give you some background. Apple has completed a couple required government certifications for this stuff, and does take security very seriously. Certainly they are aware of CERT advisories, and security patches for actual compromises typically come along pretty quickly.
Your CERT advisory list:
1 - KOffice KWord buffer overflow (Un*x application)
2 - PHP SQL insertion attack (All)
3 - Ubutnu SSL problem (Un*x library)
4 - Un*x 3rd party buffer overrun software problem
5 - Stack overrun in authentication on a Un*x variant
6 - iTunes DOS attack (OSX + Windows application software)
7 - Gallery infromation disclosure attack (3rd party)
8 - SQL injection attack (3rd party)
9 - Ubuntu vulnerability (Un*x)
10 - XMail vulnerability (3rd party)
Seems rather silly... NONE of those are applications that the typical Mac user would be running. Saying that a buffer overflow can exist in a UNIX application isn't really useful -- of course they can. The key is... does a buffer overflow in an application compromise the system in any way? If so, will it affect the Mac? None of those listed issues will.
Furthermore, Macs ship from the factory locked down, in terms of network ports. There are 0 ports open by default, so you could plug it into your DSL line with no firewall or router, and let it sit for months without being compromised. You can't hack in if there are no services listening.
I argue that Macs most certainly are more secure. There are no known viruses that affect OS X, today. This is not to say one cannot be written -- I'm sure it can. I would disagree with someone who would say the *only* reason there are no Mac viruses is because nobody can be bothered to write a virus for an OS with "only" 5% market share.
As for this statement:
"3. Architecture. The Windows security architecture is probably the most sophesticated desktop security architecture going. It was designed as a superset of the UN*X security system (principally by the people who designed UN*X). Windows offers increadible precision of access control through ACLs."
I'm not really sure what you're getting at here -- Windows file system ACLs for security? They're almost never used by end users, and file system ACLs don't really in themselves make the system secure. OS X 10.4 does support ACLs itself, though they're not enabled by default on the "client" version of the OS. They can be enabled via the command line if you wish.
Ha, too true. Have you guys seen these? I read the one for Mac OS X. Like StevenV says, you can make a computer very secure, but it sure won't act like the one in the store when you're through.
Unfortunatly the plauges of work and hands have overtaken me, I don't have time to give these the responses they deserve.
I will get back to this question.
>Which will give you some background. Apple has completed a couple required government certifications for this stuff,
Which ones?
>Seems rather silly... NONE of those are applications that the typical Mac user would be running. Saying that a buffer overflow can exist in a UNIX application isn't really useful -- of course they can. The key is... does a buffer overflow in an application compromise the system in any way? If so, will it affect the Mac? None of those listed issues will.
This is beside the point. As I have stated in a previous post in this thread I was highlighting the generally abmisal state of security and helping counteract the myth that the media seem to like portraying that Windows is the only system with security issues.
Sorry, the rest of my response and to other posts in this thread will have to wait. I've I'd known my workload was going to behave the way it has done I would have let it go.
I may well be forced to do that soon anyhow, appologies again.
Luke
SmugSoftware: www.smugtools.com
Common Criteria, for one:
Apple's Common Criteria page, with tools
Of course it's not the only system with security issues. However, it absolutely is important to distinguish between the security of an OS, and the security of the applications that run on that OS. Highlighting a security risk in Ubuntu has absolutely nothing to do with OS X, because they're nothing the same, unless your point is that Linux and OS X are both "UNIXy," which is a like saying Jaguars and BMWs are both unreliable cars, because they both were founded in Europe.
Forgive me if the overall security of OS X seems a rather odd topic for the dgrin forums.
Ross Anderson, one of the world's leading security experts has a few interesting comments in his book on CC:
'In other words, the Criteria avoid all the hard and intersting bits of securty engineering, and can easily become a cherry picker's charter.'
'In non of the half-dozen or so affected cases I've been involved in has the Common Criteria approached proved satisfactory'
'In general, the structure of the CC is strongly orientated toward MLS systems and the devices that support them, ..... They assume trained obedient users, small systems that can be formally verified, uniform MLS-type security policies and an abscence of higher-level attacks, such as legal challeneges. This makes them essentially useless for most of the applications one finds in the real world'
and finally... 'Fortunately the economics discussed in Section 23.2.1 should limit the uptake of the Criteria to sectors where an offical certification, however irrelevant, erroneous or mendacious, offers some competitive advantage'
Not exactly an endorsement....
Incidentally if you're interest in this kind of thing, the book is an excellent read. Probably the best book on information security I've ever come across.
All the best,
Luke
SmugSoftware: www.smugtools.com