Forwarded from: William Knowles <wk@private> http://www.infowarrior.org/articles/2003-08.html Copyright İ 2003 by author. Permission granted to reproduce in entirety with credit. Richard Forno 12 Dec 03 Since Apple released Mac OS X, even the PC industry trade publications have raved about its quality, design, and features. PC Magazine even gave Mac OS X "Panther" a 5-star rating in October 2003. Perhaps it was because Macs could now seamlessly fit into the Windows- dominated marketplace and satisfy Mac users refusing to relinquish their trusty systems and corporate IT staffs wanting to cut down on tech support calls. Whatever the reason, Mac OS X has proven itself as a worthy operating system for both consumers and business alike. Of course, as with all operating systems, Mac OS X has had its share of technical problems and even a few major security vulnerabilities. Nearly all were quickly resolved by Apple via a downloaded patch or OS update. But in general, Mac OS X is solid, secure, and perhaps the most trustworthy mainstream computing environment available today. As a result, Mac users are generally immune to the incessant security problems plaguing their Windows counterparts, and that somehow bothers PC Magazine columnist Lance Ulanoff. In a December 11 column [1] that epitomizes the concept of yellow journalism, he's "happy" that Mac OS X is vulnerable to a new and quite significant security vulnerability. The article was based on a security advisory by researcher Bill Carrel regarding a DHCP vulnerability in Mac OS X. Carrel reported the vulnerability to Apple in mid-October and, through responsible disclosure practices, waited for a prolonged period before releasing the exploit information publicly since Apple was slow in responding to Carrel's report (a common problem with all big software vendors.) Accordingly, Lance took this as a green light to launch into a snide tirade about how "Mac OS is just as vulnerable as Microsoft Windows" while penning paragraph after paragraph saying "I told you so" and calling anyone who disagrees with him a "Mac zealot." You're either with him or with the "zealots." Where have we heard this narrow-minded extremist view before? More to the point, his article is replete with factual errors. Had he done his homework instead of rushing to smear the Mac security community and fuel his Windows-based envy, he'd have known that not only did Apple tell Carrel on November 19 that a technical fix for the problem would be released in its December Mac OS X update, but that Apple released easy-to-read guidance (complete with screenshots) for users to mitigate this problem on November 26. Somehow he missed that. Since he's obviously neither a technologist (despite writing for a technology magazine) nor a security expert, let's examine a few differences between Mac and Windows to see why Macintosh systems are, despite his crowing, whining, and wishing, inherently more secure than Windows systems. The real security wisdom of Mac OS lies in its internal architecture and how the operating system works and interacts with applications. Itıs also something Microsoft unfortunately canıt accomplish without a complete re-write of the Windows software. At the very least, from the all-important network perspective, unlike Windows, Mac OS X ships with nearly all internet services turned off by default. Place an out-of-the-box Mac OS X installation on a network, and an attacker doesnıt have much to target in trying to compromise your system. A default installation of Windows, on the other hand, shows up like a big red bulls-eye on a network with numerous network services enabled and running. And, unlike Windows, with Mac OS X, thereıs no hard-to-disable ³Messaging Services² that results in spam-like advertisements coming into the system by way of Windows-based pop-up message boxes. And, the Unix-based Mac OS X system firewall simple enough protection for most users -- is enabled in by default, something that Microsoft only recently realized was a good idea and acknowledged should be done in Windows as well. I guess Lance didn't hear about that, either. Then there's the stuff contributing to what I call "truly trustworthy computing." When I install an application, such as a word processor, I want to know with certainty that it will not modify my system internals. Similarly, when I remove the application, I want to know that when I remove it (by either the uninstaller or manually) itıs gone, and nothing of it remains on or has modified my system. Applications installed on Mac OS X donıt modify the system internals the Mac version of the Windows/System directory stays pretty intact. However, install nearly any program in Windows, and chances are it will (for example) place a different .DLL file in the Windows/System directory or even replace existing ones with its own version in what system administrators grudgingly call "DLL Hell." Want to remove the application? Youıve got two choices: completely remove the application (going beyond the software uninstaller to manually remove things like a power user) and risk breaking Windows or remove the application (via the software uninstaller) and let whatever it added or modified in Windows/System to remain, thus presenting you a newly-but-unofficially patched version of your operating system that may cause problems down the road. To make matters worse, Windows patches or updates often re-enable something youıve previously turned off or deleted (such as VBScript or Internet Explorer) or reconfigures parts of your system (such as network shares) without your knowledge and potentially places you at risk of other security problems or future downtime. Apparently, Lance doesn't see this as a major security concern. Further, as seen in recent years, Microsoft used the guise of a critical security fix for its Media Player to forcibly inject controversial Digital Rights Management (DRM) into customer systems.[2] Users were free to not run the patch and avoid DRM on their systems, but if they wanted to be secure, they had to accept monopoly-enforcing DRM technologies and allow Microsoft to update such systems at any time in the future. How can we trust that our systems are secure and configured the way we expect them to be (enterprise change management comes to mind) with such subtle vendor trickery being forced upon us? Sounds like blackmail to me. (Incidentally, Lance believes the ability of a user to "hack" their own system to circumvent the Apple iTunes DRM makes the Macintosh a bigger "hack target" for the purposes of his article....apparently, he's not familiar with the many nuances of the terms "hack" and "hackers" or knows that power-users often "hack" their own systems for fun.) What does that say about trusting an operating system's ability to perform in a stable and secure manner? Windows users should wonder whoıs really in control of their systems these days. But Lance is oblivious to this, and happy to exist in such an untrustworthy computing environment. On the matter of malicious code, Lance reports being "driven crazy" when Mac users grin at not falling victim to another Windows virus or malicious code attack. He's free to rebuild his machine after each new attack if he wants, and needs to know that Mac users are grinning at not having to worry about such things getting in the way of being productive. You see, because of how Mac OS X was originally designed, the chance of a user suffering from a malicious code attack - such as those nasty e-mail worms - is extremely low. Granted, Mac users may transmit copies of a Word Macro Virus if they receive an infected file (and use Microsoft Word) but itıs not likely that again, due to Mac OS X's internal design a piece of malicious code could wreak the same kind of havoc that it does repeatedly on Windows. Applications and the operating system just donıt have the same level of trusted interdependencies in Mac OS X that they do on Windows, making it much more difficult for most forms of malicious code to work against a Macintosh. Unlike Windows, Mac OS X requires an administrator password to change certain configurations, run the system updater, and when installing new software. From a security perspective, this is another example of how Apple takes a proactive approach to system-level security. If a virus, remote hacker, or co-worker tries to install or reconfigure something on the system, theyıre stymied without knowing the administratorıs password stored in the hardened System Keychain. (Incidentally, this password is not the same as the Unix 'root' account password of the system's FreeBSD foundation, something that further enhances security.) Lance also fails to recognize that Windows and Mac OS are different not just by vendor and market share, but by the fundamental way that they're designed, developed, tested, and supported. By integrating Internet Explorer, Media Player, and any number of other 'extras' (such as VB Script and ActiveX) into the operating system to lock out competitors, Microsoft knowingly inflicts many of its security vulnerabilities onto itself. As a result, its desire to achieve marketplace dominance over all facets of a user's system has created a situation that's anything but trustworthy or conducive to stable, secure computing. Mac users are free to use whatever browser, e-mail client, or media player they want, and the system accepts (and more importantly, remembers!) their choice. Contrary to his article, the small market segment held by Apple doesn't automatically make the Mac OS less vulnerable to attack or exploitation. Any competent security professional will tell you that "security through obscurity" - what Lance is referring to toward the end of his article - doesn't work. In other words, if, as he suggests, Mac OS was the dominant operating system, its users would still enjoy an inherently more secure and trustworthy computing environment even if the number of attacks against it increased. That's because unlike Windows, Mac OS was designed from the ground up with security in mind. Is it totally secure? Nothing will ever be totally secure. But when compared to Windows, Mac OS is proving to be a significantly more reliable and (exponentially) more secure computing environment for today's users, including this security professional. If Lance is sleeping well believing that he's on an equal level with the Mac regarding system security, he can crow about not being overly embarrassed while working on the only mainstream operating system that, among other high-profile incidents over the years, facilitated remote system exploitation through a word processor's clip art function! [2] Trustworthy computing must be more than a catchy marketing phrase. Ironically, despite a few hiccups along the way, it's becoming clear that Mac OS, not Windows, epitomizes Microsoft's new mantra of "secure by design, default, and deployment." Who's crowing now? [1] Macs Are Not Invulnerable http://abcnews.go.com/sections/scitech/ZDM/mac_vulnerablility_pcmag_031211.h tml [2] Microsoft Makes An Offer You Can't Refuse http://www.infowarrior.org/articles/2002-09.html [3] Buffer Overflow in Clipart Gallery (MS00-015) http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/fq00-015.asp # # # # # Richard Forno is a security technologist, author, and the former Chief Security Officer at Network Solutions. His home in cyberspace is at http://www.infowarrior.org/. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 15 2003 - 06:06:44 PST