Snow Leopard less secure than Windows, says hacker

Wasted opportunity to lock down OS, says Mac security guru

Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said.

Dubbed ASLR, for address space layout randomisation, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.

"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."

Snow Leopard on a Windows PC? | Snow Leopard to ship with anti-virus detection | Snow Leopard: The in-depth review | Apple Mac OS X 10.6 Snow Leopard

Two years ago, Miller and other researchers criticised Apple for releasing Mac OS X 10.5, aka Leopard, with half-baked ASLR that failed to randomise important components of the OS, including the heap, the stack and the dynamic linker, the part of Leopard that links multiple shared libraries for an executable.

Miller was disappointed that Apple didn't improve ASLR from Leopard to Snow Leopard. "I hoped Snow Leopard would do full ASLR, but it doesn't," said Miller. "I don't understand why they didn't. But Apple missed an opportunity with Snow Leopard."

Even so, Miller said, Apple made several moves that did improve Mac OS X 10.6's security. Two that stand out, he said, were its revamp of QuickTime and additions to DEP (data execution prevention), another security feature used in Windows Vista.

"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past." That's not surprising, since QuickTime supports scores of file formats, historically its weak link. Last week, in fact, Apple patched four critical QuickTime vulnerabilities in the program's parsing of various file formats.

How Apple's rewrite of QuickTime for Snow Leopard plays out, of course, is uncertain, but Miller was optimistic. An exploit of a vulnerability in Leopard's QuickTime that he had been saving doesn't work in the version included with Snow Leopard, Miller acknowledged.

"They've shaken out hundreds of bugs in QuickTime over the years, but it was still really smart of them to rewrite it," said Miller. If it was up to him, though, Miller would do even more. "I'd reduce the number of file formats from 200 or so to 50, and reduce the attack surface. I don't think anyone would miss them."

Snow Leopard's other major security improvement was in DEP, which Miller said has been significantly enhanced. DEP is designed to stop some kinds of exploits - buffer overflow attacks, primarily - by blocking code from executing in memory that's supposed to contain only data. Microsoft introduced DEP in Windows XP Service Pack 2 (SP2), and expanded it for Vista and the upcoming Windows 7 .

Put ASLR and DEP in an operating system, Miller argued, and it's much more difficult for hackers to create working attack code. "If you don't have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, it's much, much harder."


What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.


Characters remaining: 500

Add your commentComments

Louis Wheeler | Published: 02:04 GMT, 28 October 2009

There is one thing wrong with this article: Apple has both ASLR and DEP in the 64 bit kernel. You can see this by visiting Apple's Snow Leopard security page. http://www.apple.com/macosx/security/ Apple, temporarily, is not booting into the 64 bit kernel, by default, until enough applications have been converted to make it worth the user's trouble. Hence, what Mr Miller says is true, but irrelevant for another six to nine months. Big deal, It's not as though we are under attack, Windows is.

Marcinkus | Published: 09:10 GMT, 23 September 2009

Very well: sometimes a stupid choice is the clever one :-)

Manfry | Published: 08:44 GMT, 23 September 2009

No one is so stupid to code a virus for a OS that covers around 2% of the market. :-)

Marcinkus | Published: 08:37 GMT, 23 September 2009

Hi Guys, I think there is a little misunderstanding: Miller it talking about hackers' attacks, which cannot be considered as a single user/final user problem. By this point of view, anyone knows that Apple OS is not affected by any viruses problem (which instead is the major problem with Microsoft OS). Hacker is a server/web server problem, but honestly I see no reasons to use Apple OS (or Microsoft OS) for a server, instead of Unix/Linux

Jimbo | Published: 14:29 GMT, 20 September 2009

Zeke, your analogy would make sense IF the 2004 Corolla was OS X and the M1 Abrams was Windows. The Abrams operates in a war zone and is a target for the enemy, whereas the Corolla operates on city streets where very few bullets fly (depending on the neighborhood, of course) and attracts little attention.

Zeke | Published: 21:11 GMT, 18 September 2009

There are no viruses in the wild for OS X. How is OS X less secure than ANY Windows OS with their millions of live viruses in the wild? Miller's argument that Windows 7 is more secure than OS X because it has ASLR is ludicrous. It's like saying a 2004 Toyota Corolla is more secure than an Abrams M1 tank because the Corolla has a car alarm and the Abrams doesn't. It's just silly.

AerAps | Published: 11:54 GMT, 17 September 2009

It is sad to see that apple is charging its users for a Service Pack ! Microsoft does that for free.

AerAps | Published: 11:54 GMT, 17 September 2009

DanTe, They would have to provide this service because they have no choice ; windows have no specific stores, the whole world uses windows so you would find many services for that kind of thing ; plus windows is more open then apple so most users would know there way around re-installing windows even without formatting it.

DanTe | Published: 14:53 GMT, 15 September 2009

Well what did you expect? Apple is a DESIGN store, not an IT vendor. People pay for the design. And when they get full of virus, they just take their beautifully designed Apple to the Apple store, and the employees there will happily reformat the harddrive for you for FREE. Yes, FREE. I laughed my arse off when a group of Mactards told me of this wanderful service of theirs that Windows don't have.

Related Security news

Microsoft denies building security 'backdoor' in Windows 7

Privacy organisations shouldn't read too much into NSA involvement it says

Pentagon expands exclusive deal with McAfee

Department of Defense uses McAfee products

Police arrest pair over global banking web scam

Man and woman arrested in Manchester for using notorious Zeus Trojan

Security star Fortinet sets price for IPO

Investors still have taste for tech.



Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Service-oriented security

SOA has become an integral part of enterprise software by providing a framework to efficiently develop software as services that is easily sharable, reusable, and integrated. No where is the need more apparent than in the Identity Management space. Welcome to the age of Service-Oriented Security (SOS).

Download Whitepaper

Data protection prospective vendor checklist

Organisations need a way to map business needs against all these challenges in procuring a technical solution. To help, SANS has developed the following Prospective Vendor Checklist.

Download Whitepaper

Unlock the power of the mainframe

This whitepaper presents the notion of CICS as an integration hub based on a component-based, service-oriented architecture supporting Web services. Highlights will review the challenges and contrasted support for Web services natively in CICS.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
BMC

Ride the express lane in the journey to speed ITIL adoption

Explore the challenges in making the journey to ITIL and the criteria for selecting consulting services
By following ITIL practices, your IT organisation will become more closely integrated with the business. We recommend making the journey to ITIL in a sequence of six incremental steps, the phases of which are driven through execution of a strategic transformational roadmap.

Download white paper

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *