Options
The security of Apple Macs
luke_church
Registered Users Posts: 507 Major grins
OK guys, so this is an area I'm interested in. I'm trying to centralise the conversation here so I don't polute anyone elses threads.
Cavet: I'm writing from the top of my head, I will make mistakes.
My interest: I'm doing academic research at the moment into how usability affects security. AKA the HCI of security, I assert that a huge number of failures are caused by security usability, not technical security. I'm interested both in the attacker and defender psychology.
Further interest: I have some experience with Windows machines, I'm in the process of acquiring a MacOS machine. It was suggested that I might like to document my experiences. This is my opening skeptcism.
So, security and Apples is interesting.
I seriously doubt that OSX is a technically very secure operating system. My reasons:
1. It's based on a FreeBSD derivative. FreeBSD is not all that good for security. It's a UNIX system, the core OS is generally not that bad, the surrounding components are generally fairly weak. (e.g. the last 10 emails I've recieved from Bug traq) (having said which BSD seems to be better than Linux, so maybe there's hope)
1 - KOffice KWord buffer overflow (Un*x application)
2 - PHP SQL insertion attack (All)
3 - Ubutnu SSL problem (Un*x library)
4 - Un*x 3rd party buffer overrun software problem
5 - Stack overrun in authentication on a Un*x variant
6 - iTunes DOS attack (OSX + Windows application software)
7 - Gallery infromation disclosure attack (3rd party)
8 - SQL injection attack (3rd party)
9 - Ubuntu vulnerability (Un*x)
10 - XMail vulnerability (3rd party)
So blah, not exactly great for ~36 hours...
2. I have little faith in Apple's ability to write secure code. They have taken FreeBSD, which is a strong operating system, probably close to as good as any of the UN*X variants, and in the process of writing OSX introduced a series of horrible vulnerabilities. There was one where they failed to authenticate the OSX update facilities correctly, resulting in the ability to DNS spoof the sever and hence get a user to install arbitrary code, thinking it was from Apple. I grow to wonder whether they have taken the security gains of FreeBSD but not from their own ability. How will this play out going forwards?
3. Architecture. The Windows security architecture is probably the most sophesticated desktop security architecture going. It was designed as a superset of the UN*X security system (principally by the people who designed UN*X). Windows offers increadible precision of access control through ACLs.
4. User base. The user base of Apple is tiny compared to that of MS. This gives a serious inventive to attack the Windows platform for financial gain. The fraction of Apple in the server market, is tiny to non-existent. If you want servers you either go Windows or Linux, this gives even less inventive to attack Apple. Afterall desktop machines aren't all that much use.
5. User base. IMHO the security of a platform has a lot to do with the competence of its user base. The user base of Windows is on average a fair bit worse than that of UN*X or Mac. I think that this and 4 are the most significant reasons why Mac is 'more secure'. People who know a lot about what they're talking about seem to say the same thing. e.g. Markus Kuhn (google for him)
6. Historical reasons. MS Windows machines are more difficult to run in a secure mode than UN*X, due to historical reasons. I do not run as an administrator on my machines, the majority of people do. I believe that this is the single most significant reason why Windows machines are compromised so frequently, the default user is root. BAD!!! The vast vast majority of viruses just crash if you try to run them without admin rights, the infection vectors are simply not allowed. Until MS and the third party vendors fix this, their task is vastly harder. They have to win, everywhere all the time.
7. Viruses. I'm not suprised they're not so much of a problem on Apple. The Windows architecture doesn't encourage them, but having users with vastly higher power than they need does.
8. Usability. Here things get interesting. Is the security architecture of Apple more usable than that of XP? I don't know. I have had several experiences with Apple's security system, one was trying to configure and secure an Apple Extreme Wifi box. The configuration architecture was atrocious. Even I couldn't work out what password it meant at several points (and I have helped to explain the attack vectors against the WiFi protocol to a management team, I do understand it). The arguments on the costs of securing machines seem interesting as well, I see some evidence that Windows networks are cheaper to run because of scales and higher SysAdmin effeciency.
UN*X is notoriously poor for unskilled usability, the question is, can Apple take the relatively time hardened UN*X core and build a usable interface on it? That would be a cou-detat, but given their current record, I doubt it.
I doubt that Apple Mac's security is any better than the 'industry standard-sub-standard'. Just the gains are lower.
I look forwards to being proved wrong.
:
Luke
PS. There was more, but unfotunately my hands are telling me to stop typing, so I'll let you eat me for lunch for the above before commenting further.
Cavet: I'm writing from the top of my head, I will make mistakes.
My interest: I'm doing academic research at the moment into how usability affects security. AKA the HCI of security, I assert that a huge number of failures are caused by security usability, not technical security. I'm interested both in the attacker and defender psychology.
Further interest: I have some experience with Windows machines, I'm in the process of acquiring a MacOS machine. It was suggested that I might like to document my experiences. This is my opening skeptcism.
So, security and Apples is interesting.
I seriously doubt that OSX is a technically very secure operating system. My reasons:
1. It's based on a FreeBSD derivative. FreeBSD is not all that good for security. It's a UNIX system, the core OS is generally not that bad, the surrounding components are generally fairly weak. (e.g. the last 10 emails I've recieved from Bug traq) (having said which BSD seems to be better than Linux, so maybe there's hope)
1 - KOffice KWord buffer overflow (Un*x application)
2 - PHP SQL insertion attack (All)
3 - Ubutnu SSL problem (Un*x library)
4 - Un*x 3rd party buffer overrun software problem
5 - Stack overrun in authentication on a Un*x variant
6 - iTunes DOS attack (OSX + Windows application software)
7 - Gallery infromation disclosure attack (3rd party)
8 - SQL injection attack (3rd party)
9 - Ubuntu vulnerability (Un*x)
10 - XMail vulnerability (3rd party)
So blah, not exactly great for ~36 hours...
2. I have little faith in Apple's ability to write secure code. They have taken FreeBSD, which is a strong operating system, probably close to as good as any of the UN*X variants, and in the process of writing OSX introduced a series of horrible vulnerabilities. There was one where they failed to authenticate the OSX update facilities correctly, resulting in the ability to DNS spoof the sever and hence get a user to install arbitrary code, thinking it was from Apple. I grow to wonder whether they have taken the security gains of FreeBSD but not from their own ability. How will this play out going forwards?
3. Architecture. The Windows security architecture is probably the most sophesticated desktop security architecture going. It was designed as a superset of the UN*X security system (principally by the people who designed UN*X). Windows offers increadible precision of access control through ACLs.
4. User base. The user base of Apple is tiny compared to that of MS. This gives a serious inventive to attack the Windows platform for financial gain. The fraction of Apple in the server market, is tiny to non-existent. If you want servers you either go Windows or Linux, this gives even less inventive to attack Apple. Afterall desktop machines aren't all that much use.
5. User base. IMHO the security of a platform has a lot to do with the competence of its user base. The user base of Windows is on average a fair bit worse than that of UN*X or Mac. I think that this and 4 are the most significant reasons why Mac is 'more secure'. People who know a lot about what they're talking about seem to say the same thing. e.g. Markus Kuhn (google for him)
6. Historical reasons. MS Windows machines are more difficult to run in a secure mode than UN*X, due to historical reasons. I do not run as an administrator on my machines, the majority of people do. I believe that this is the single most significant reason why Windows machines are compromised so frequently, the default user is root. BAD!!! The vast vast majority of viruses just crash if you try to run them without admin rights, the infection vectors are simply not allowed. Until MS and the third party vendors fix this, their task is vastly harder. They have to win, everywhere all the time.
7. Viruses. I'm not suprised they're not so much of a problem on Apple. The Windows architecture doesn't encourage them, but having users with vastly higher power than they need does.
8. Usability. Here things get interesting. Is the security architecture of Apple more usable than that of XP? I don't know. I have had several experiences with Apple's security system, one was trying to configure and secure an Apple Extreme Wifi box. The configuration architecture was atrocious. Even I couldn't work out what password it meant at several points (and I have helped to explain the attack vectors against the WiFi protocol to a management team, I do understand it). The arguments on the costs of securing machines seem interesting as well, I see some evidence that Windows networks are cheaper to run because of scales and higher SysAdmin effeciency.
UN*X is notoriously poor for unskilled usability, the question is, can Apple take the relatively time hardened UN*X core and build a usable interface on it? That would be a cou-detat, but given their current record, I doubt it.
I doubt that Apple Mac's security is any better than the 'industry standard-sub-standard'. Just the gains are lower.
I look forwards to being proved wrong.
:Luke
PS. There was more, but unfotunately my hands are telling me to stop typing, so I'll let you eat me for lunch for the above before commenting further.
0
Comments
Portfolio • Workshops • Facebook • Twitter
You're on a totally different playing field than me. Academic and geeky. I'm neither, really. I think I'm advanced intermediate when it comes to things Macintosh. I'm gonna try to keep up, but I'm gonna have a hard time.
The one thing that I've noticed is how little you think of Apple's ability to provide a secure OS. Now granted, no one can provide 100% security, and Apple could do much better, but really, for all intents and purposes, people just aren't going to compare OSX to anything other than windows. LINUX users are a different breed and 99% of computer users would run screaming from it. I know I would.
That being said, I think the real task is comparing the security of OSX to WinXP and then Vista whenever that comes out. At least for most of us.
So as it stands, looking at the Secunia site that I posted in the other thread and everywhere else that I read about it, OSX is more secure than XP. By a long shot. That seems to me to be a step up. Better than a sharp stick in the eye, that's for sure.
So, I'd like to hear what you think of that.
And of course, security is but one part of a larger picture.
I also didn't follow what this meant:
Dgrin FAQ | Me | Workshops
Dgrin FAQ | Me | Workshops
This says it all! IMHO, I suggest the practical reality tells an entirely different story.
Hey, WW. Not sure exactly what your point is. That he's made mistakes or that because it's academic research it's not based in reality....?
Well, if it's the first, at least he's honest, and if it's the second, well...let's just say if we had all listened to the academic researchers about the threat of hurricane damage in N.O., we'd be in a totally different place right now...
Dgrin FAQ | Me | Workshops
I have to go out for a while, I look forwards to replying to your comments when I get back. At the very latest, I will reply tommorow night.
Keep 'em coming
All the best,
Luke
SmugSoftware: www.smugtools.com
Thus, their OS is inherently not secure and they're having a hell of a time trying to make it so without rebuilding it completely from go.
Remember how secure firefox is compared to IE? Remember how firefox took off in popularity? Remember how the popularity increase also increased in the number of security patches needed for the browser?
IF YOU RUN AN OS THAT CONNECTS TO A PUBLIC NETWORK, YOU WILL NEVER BE COMPLETELY SECURE! NEVER!
Now, with that being said, this Apple versus PC war is asinine. It's as stupid as Canon versus Nikon. Ford Versus Chevy, etc.
The one thing that has always iritated me though is the security argument. I bet if you checked to see if the hackers writing these things owned both an apple and a PC, you'd probably see very few MACs. It would be PC's with Windows and Linux.
I also believe some of these virus issues have been tests. When you see huge variants of one virus you begin to realize it's live testing. This isn't just for the usual criminal acts of taking over a PC for sending spam or getting a users's cc number, but to literally get into a businesses network and gather info and not be seen.
If I was a criminal, I would want access to all the companies I could and only use the info to get inside knowledge for the stock market. You can use this knowledge and plug it into an algorhythm that will allow you to best play the market at maximum profit without drawing suspicion.
So all you Apple owners best hope that the business world never chooses to adopt Apple as the standard for servers and workstations, because the minute they do, you will see a ton of security issues with your beloved OS.
So, if you like Apple, great, and if you like PC, great. Everyone wins. Everybody needs to pull up their pants and quit trying to see who has a bigger one.
At least, that's what I think he's getting at. I'm with you, I won't be able to understand much of this discussion, but I'm going to be very interested to try.
I think that his academic research has less to do with security and usability, than the study of how online geeks respond when confronted with a discussion of computer security. We're his guinea pigs! He drops a bomb and then walks away, waiting for us all to self-destruct in useless arguing over which OS is better...he's devious, this one.
Dgrin FAQ | Me | Workshops
Looking at security warnings (i.e., Luke's list from Bugtraq) is a bad way to look at general security. Some vendors (such as Microsoft) combine their security advisories. This allows them to say that they've had fewer advisories than their competitors. However, this doesn't take severity into account. For example, several of those security issues aren't going to effect the average user. The
For what it's worth, I thought the Pegararo article coulorbox linked to is reasonably accurate. Microsoft has started to move in the right direction in the last couple of years, though. We'll see if they keep it up.
My one comment on Apple security is that Apple seems to have done a decent job with OS X of not starting up too many services by default.
Correct. I have seen very little evidence indeed so far. I think little of the security of Windows as well, but from my current impression of the company, Apple are hiding behind being small, and having a good imported code base. I see very little evidence of any ability in security beyond that, and some pointing the wrong way.
Simultaneously, I grow to think that *perhaps* they are the best people in the industry to do it. I think that MS will beat them on technical security through sheer financial might, and they are doing much better than they used to, but Apple should be able to beat them on usability. I think that usability will become more important in security than technical aspects. But this is not an opinion many people have...
Probably true generally. Certainly true for the photography community. There are a bunch of people who think that x86 OSX will compete directly with Linux. I doubt it for a whole set of reasons, but lets not go there for now.
Sure, it's certainly better than a stick in the eye...
I would like to make something clear at this stage. There is a difference between technical security and effective security. If I wrote an OS from scratch, giving minimal concern to security, and then only I ever used it, it would never get hacked, even though it was full of holes...
My opinion is that this is pretty much what is happening. Look again at the Secunia site, who's finding the vulnerabilites in Apple systems? Apple.... Does this mean that they are doing all of the research that the large number of companies attacking Windows are doing? I doubt it... I suspect it means that during maintence they're finding issues and fixing them. Are they finding all of them? Not a chance, MS do code reviews...
The question is then, is OSX more secure than XP. I think that the answer at best is 'possibly but for how long?'
We're also only comparing the OS code, which is a very dangerous thing to do. The majority of vulnerabilites are in 3rd party applications software and configuration errors. I don't think that Apple are any better in this respect. Potentially quite a lot worse, though they do seem better than UN*X in trying to reduce daft config errors.
I think the more realistic answer is that technically OSX is not likely to be very strong, the question is, does it matter?
The answer I feel is probably, for the average user, no.
All I am arguing is that saying that Mac's security is better than Windows is very weak to unproven:
- The users are better (e.g. How good would Mac's security be if its users refused to use passwords?)
- The market penetration is vastly less, especially where it matters, on the server market
However in terms of effective security, it's probably a better. You don't get viruses and spyware, because there is no financial advantage, and there isn't the geek warfare that you get on UNIX.
I'm not convinced that Secunia proves that Mac is technically more secure.
(Oh and for the record Secunia, I don't give a damn if someone can hack my Windows machine by plugging bits of hardware into it, if they're that close they can do it by heating the RAM with a hairdrier!)
I was mearly pointing out that security from most vendors is in a fairly depressing state and that 3rd party software causes a lot of vulnerabilities. There is a strong tendency in the media to not report anything other than Windows vulnerabilities.
Cheers,
Luke
SmugSoftware: www.smugtools.com
SmugSoftware: www.smugtools.com
I'm afraid I don't really understand your comment.
If you would like me to look up references for any part of the above, then please let me know which bit, and I'll happily oblige.
If you are saying that due to the work being academic it cannot have relevence in the real world. I disagree entirely, on several levels. Further, the work I'm trying to do is actually bringing practicalities to security by understanding how to optimise its use, so end users don't trash the security their OS gives them... In what sense isn't this practical?
Further, I have done practical security work before. Regretably I can't discuss what it was in public, but rest assured that I do understand how to apply this to a real world task, and indeed have made money by doing so.
Did I answer your question, or have I missed the point?
Luke
SmugSoftware: www.smugtools.com
They do. I know a UN*X system admin team whose user's get hacked on a weekly basis.
Regretably he feels the need to polute his arguments with pointless emotional tittle-tattle.
Hehe, retrspectively, it could also read remarkably like an advert for SP2...
Is this really true? I guess it could be... Do you have to enable SSH login manually?
It also doesn't really deal with the problem that out-going connections can be abused as well as incoming ones. Don't think that because you're using a firewall that your attack surface is zero.
The last point in the article is the most pertinant. Windows runs as admin by default, this is very bad, as I said in my original post. Vista will be interesting in this respect.
Because of this (and the issue that daft people like Adobe don't seem to be able to work out how to write software that follows guidelines sufficently that they don't ask you to register everytime unless you're an admin), Windows is weaker in its typical install.
However, this can be fixed and therefore cannot be considered to be technical security, only effective security. I'm not trying to play with words, I'm questioning the assertion that there is something fundamentally more secure about Mac...
Regretably the author feels the need to stay stupid things like that at the end...
Luke
SmugSoftware: www.smugtools.com
I agree with the point with respect to the Win32 architecture (95,98,ME), but not with NT. It was built for a hostile world, it just wasn't exposed to one until about '99, hence not enough attention had been paid until recently.
Sorry, I don't see the evidence for this. It would also apply to every other operating system on the desktop, including OSX if it were true... Why do you think it's inherently not secure? The kernel supports a very serious access control core, which is in many ways far more sophesticated than the one OSX uses......
There are historical problems with user space code, I agree, but I don't see any evidence that the OS is fundamentally any less secure than any of the other 'commodity' OSs.
Firefox, that highly secure browser that is currently having vulnerabilities reported at twice the rate of IE, and is still, what 5% market share... Firefox's reputaition as a secure browser is marketting spin, notice that they now only claim to be fixing bugs faster, not being more secure...
Writing browsers is very hard, MS certainly have the correct idea for Vista of running IE as a even lower than low priviledge user, though it'll be interesting to see how they do the cross-authorisation space communications.
Indeed.
I disagree. The war is pointless, yes, and people running both is a very good thing. (see http://www.sei.cmu.edu/publications/documents/03.reports/03tr002.html)
However there are lessons to be learnt in both directions.
Judging on the people I know, the majority own PCs running Windows and UN*X but there are a fair number of techies, esp. in MIT that run Macs.
I would say its more probably other people getting hold of the virus once its released and editting it.
Most of the viruses are being written very badly. If that's what you want publicity is the last thing you want. Also you want viruses that are targetted and non-harmful to the systems. This is not what we are seeing.
I doubt the average virus writter can spell stock market, let alone trade on it. There are some exceptions of ability, but the majority are 'scipt kiddies' who just modify other peoples work, usually breaking it...
e.g. Blaster contained a fair trivial flaw in its TCP comms that prevented it from doing vastly more damage. Not a great work of programming....
I agree with the bit of servers entirely. Servers are a much more promising target to an attacker. Hence one of the reasons why UN*X gets attacked so heavily despite its small market share on the desktop.
I guess I spend my time trying to design a bigger one
All the best and thanks for the thoughts,
Luke
SmugSoftware: www.smugtools.com
Kind of... What I'm saying is:
- Mac is not fundamentally more secure, it's more secure in its default implementation (root user issue) and because the attacks aren't so well know. (So yes, 3 : 5, though I'm not pinning myself to those numbers
But, I don't care. As you say, it scores slightly higher, but I'm not currently interested in how to go from 3 to 3.001. The bug fixes will continue, machines will continue to be exploited because their SysAdmins don't apply the patches, yawn yawn yawn.
The question is how do we make a substanial leap forwards to ~8? Currently, configuring *any* OS to that level requires expert attention, and even then it's probably not possible.
My assertion is that the security of the OSs will creep forwards as more bugs get hammered out, but we will reach a stage, and we're pretty close, when its usability failures that cause the vulnerabilites. In some senses I'm sure we've been there with Windows for quite a while now. SP2 brought a lot more usability to security, but not all that great technical change...
The question is then, how do you design systems so that usability doesn't compromise security?
This is far more interesting than a Mac vs PC war, and is also a real opportunity for Mac, all I'm saying, is that I don't see them taking it. Neither do I see evidence that they understand security in the way the BSD community do and the way the Windows developers are (slowly) learning to...
Luke
SmugSoftware: www.smugtools.com
It would be fun, but no, that isn't the point. Remember the time zone shift, it was 03:00 in the morning when I came back from dealing with a computer last night...
Luke
SmugSoftware: www.smugtools.com
I generally find that Linux is more secure, but takes more effort to keep it that way.
I agree, I did it for 2 reasons:
1. The media are very biased about security and only tend to report Windows issues, I wished to point out that there were security issues by the truckload in other systems
2. To point out that security was in a fairly depressing state generally
Indeed, and also release on set dates. I've I'd done that just after one of those releases, there would have been 7/8 comments on Windows issues at the top of the list.
Agreed, I was also attempting to highlight that OS issues are not the only ones of significance, 3rd party User space software also tends to be very poor.
Indeed, I would not be suprised if Vista is something of a watershed, if they aren't making progress after 5 odd years of trustworthy computing, I think they will be in trouble and they do have a lot of baggae. Having said which Win2k3 is a lot better than XP.
:-) Kudos to Apple. It's interesting to see how commercial companies that need to sell their products have a different attitude to the 'free OS' people, to whom it doesn't matter if you run their services or not. But this is another, all be it important, drop in the ocean, it's not the fundamental advantage that some are claiming...
Thanks for your comments,
Luke
SmugSoftware: www.smugtools.com
I'm afraid to further aid your supecision, now I've dropped a whole lot more, though I don't feel that I've said very much new :-(, I'm going to walk away again for a while...
Your turn
Luke
SmugSoftware: www.smugtools.com
Yep.
Dgrin FAQ | Me | Workshops
I did go back, and unless I'm reading it wrong, at least SOME of the vulnerabilities were reported by people, not Apple. I didn't look at all of them, but I looked enough to see that some were reported by Apple and some by other parties.
Dgrin FAQ | Me | Workshops
I never intended to imply that they were all being reported by Apple.
Thanks for the clarification.
Luke
SmugSoftware: www.smugtools.com
Now wait a second. I still don't think you've addressed what I asked in the other thread. How can Apple possibly be "hiding?" Their market share is more like that of a luxury car company, small but highly visible. They have an expanding chain of profitable retail stores (Microsoft and Dell don't) which are strategically placed in high-income, high-visibility locations. They have an unusually high brand recognition according to advertising studies. They have a 20-year installed base counting in tens of millions of users, a significant percentage of whom are rather arrogant. That makes them a huge target beyond the mere numbers. Given that very high visibility, why, oh why, is the number of active self-propagating Mac viruses not above zero? The proportion of viruses does not at all correlate to the proportion of market share, particularly when absolute numbers are considered (Mac OS X user base being well above zero). They may not have the server penetration, but aren't a lot of Windows viruses aimed at clients?
Second, I don't agree about the "sophistication" of Mac users. I talk to Mac users every day who are ordinary people, no more or less savvy than anyone else. In addition, many Mac users got a Mac because they wanted to be less knowledgeable about computers. They were told it was "simpler." The users are not any more sophisticated, so if their Mac is more secure this additional security is probably being facilitated by the operating system - we're back to that again.
Oh, by the way to answer your question above you do have to enable SSH on OS X. All sharing services are off by default. That's part of what I'm talking about. Maybe you're right that Windows XP is a more secure design on paper, but what good is building Fort Knox if you leave the doors and windows open when you go down to the deli for lunch? The relative security of the operating systems probably comes down to implementation as much as system design.
Hello Luke.
You are way over my head on the technical stuff. After all, I'm just a Mac user - a plug and play kind of guy. I've never had to know how stuff works - it just works. (Which, I suppose is why I love the new Panasonic Lumix DZ30)
What I do know is this: Having been a Mac user since ever (or 1980 - whichever came first) I have NEVER had a virus strike.
You would think that making that brash statement that would be tempting bad luck right? Could be. But I've teased viruses right and left. I've long since stopped updating Norton AntiVirus. I surf the web through all sorts of buggy stuff. I am careless to boot: I open vbs, php and exe files with impunity. Who knows what my kids are downloading. Yet, no viruses. Maybe my luck will run out. But 25 years is a pretty good run.
Am I missing something? How do you open an .exe file on a Mac?
http://www.twitter.com/deegolden
Dgrin FAQ | Me | Workshops
Little Snitch is great, but I wouldn't count it here because only a few Mac users use it, and Windows has it in the form of Zone Alarm and similar utilities. Windows has a far wider range of that type of utility (because the need is greater, of course).
Welll, I know you can't count it as part of OSX's native security. Just wanted to hear about it...should OS's include this? Is it necessary for all users to have? Does it really raise your level of security? etc.
Dgrin FAQ | Me | Workshops