IT Jobs
Snow Leopard less secure than Windows, says hacker
Wasted opportunity to lock down OS, says Mac security guru
By Gregg Keizer | Computerworld US
Published: 13:24 GMT, 15 September 09
Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said.
Dubbed ASLR, for address space layout randomisation, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."
Snow Leopard on a Windows PC? | Snow Leopard to ship with anti-virus detection | Snow Leopard: The in-depth review | Apple Mac OS X 10.6 Snow Leopard
Two years ago, Miller and other researchers criticised Apple for releasing Mac OS X 10.5, aka Leopard, with half-baked ASLR that failed to randomise important components of the OS, including the heap, the stack and the dynamic linker, the part of Leopard that links multiple shared libraries for an executable.
Miller was disappointed that Apple didn't improve ASLR from Leopard to Snow Leopard. "I hoped Snow Leopard would do full ASLR, but it doesn't," said Miller. "I don't understand why they didn't. But Apple missed an opportunity with Snow Leopard."
Even so, Miller said, Apple made several moves that did improve Mac OS X 10.6's security. Two that stand out, he said, were its revamp of QuickTime and additions to DEP (data execution prevention), another security feature used in Windows Vista.
"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past." That's not surprising, since QuickTime supports scores of file formats, historically its weak link. Last week, in fact, Apple patched four critical QuickTime vulnerabilities in the program's parsing of various file formats.
How Apple's rewrite of QuickTime for Snow Leopard plays out, of course, is uncertain, but Miller was optimistic. An exploit of a vulnerability in Leopard's QuickTime that he had been saving doesn't work in the version included with Snow Leopard, Miller acknowledged.
"They've shaken out hundreds of bugs in QuickTime over the years, but it was still really smart of them to rewrite it," said Miller. If it was up to him, though, Miller would do even more. "I'd reduce the number of file formats from 200 or so to 50, and reduce the attack surface. I don't think anyone would miss them."
Snow Leopard's other major security improvement was in DEP, which Miller said has been significantly enhanced. DEP is designed to stop some kinds of exploits - buffer overflow attacks, primarily - by blocking code from executing in memory that's supposed to contain only data. Microsoft introduced DEP in Windows XP Service Pack 2 (SP2), and expanded it for Vista and the upcoming Windows 7 .
Put ASLR and DEP in an operating system, Miller argued, and it's much more difficult for hackers to create working attack code. "If you don't have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, it's much, much harder."
.gif)
Add your commentComments
Louis Wheeler | Published: 02:04 GMT, 28 October 2009
There is one thing wrong with this article: Apple has both ASLR and DEP in the 64 bit kernel. You can see this by visiting Apple's Snow Leopard security page. http://www.apple.com/macosx/security/ Apple, temporarily, is not booting into the 64 bit kernel, by default, until enough applications have been converted to make it worth the user's trouble. Hence, what Mr Miller says is true, but irrelevant for another six to nine months. Big deal, It's not as though we are under attack, Windows is.
Marcinkus | Published: 09:10 GMT, 23 September 2009
Very well: sometimes a stupid choice is the clever one :-)
Manfry | Published: 08:44 GMT, 23 September 2009
No one is so stupid to code a virus for a OS that covers around 2% of the market. :-)
Marcinkus | Published: 08:37 GMT, 23 September 2009
Hi Guys, I think there is a little misunderstanding: Miller it talking about hackers' attacks, which cannot be considered as a single user/final user problem. By this point of view, anyone knows that Apple OS is not affected by any viruses problem (which instead is the major problem with Microsoft OS). Hacker is a server/web server problem, but honestly I see no reasons to use Apple OS (or Microsoft OS) for a server, instead of Unix/Linux
Jimbo | Published: 14:29 GMT, 20 September 2009
Zeke, your analogy would make sense IF the 2004 Corolla was OS X and the M1 Abrams was Windows. The Abrams operates in a war zone and is a target for the enemy, whereas the Corolla operates on city streets where very few bullets fly (depending on the neighborhood, of course) and attracts little attention.
Zeke | Published: 21:11 GMT, 18 September 2009
There are no viruses in the wild for OS X. How is OS X less secure than ANY Windows OS with their millions of live viruses in the wild? Miller's argument that Windows 7 is more secure than OS X because it has ASLR is ludicrous. It's like saying a 2004 Toyota Corolla is more secure than an Abrams M1 tank because the Corolla has a car alarm and the Abrams doesn't. It's just silly.
AerAps | Published: 11:54 GMT, 17 September 2009
It is sad to see that apple is charging its users for a Service Pack ! Microsoft does that for free.
AerAps | Published: 11:54 GMT, 17 September 2009
DanTe, They would have to provide this service because they have no choice ; windows have no specific stores, the whole world uses windows so you would find many services for that kind of thing ; plus windows is more open then apple so most users would know there way around re-installing windows even without formatting it.
DanTe | Published: 14:53 GMT, 15 September 2009
Well what did you expect? Apple is a DESIGN store, not an IT vendor. People pay for the design. And when they get full of virus, they just take their beautifully designed Apple to the Apple store, and the employees there will happily reformat the harddrive for you for FREE. Yes, FREE. I laughed my arse off when a group of Mactards told me of this wanderful service of theirs that Windows don't have.