I know this reads Mac but it applies to everything
Believe or not, there is a lot of information out there that will tell you that OS X is just as bad in terms of security breaches as any other Operating System. The obvious question is Then why donÂ’t Macs get attacked ? The answer according to this author is that due to the market share, it really isnÂ’t worth the time.
The report focuses its attention on the obvious answer, the standard one for this question: The Mac is less popular, so there's less incentive to write exploits and malware for it. There's as much reason to believe this as ever, since overall Mac market share hasn't moved much in the last few years, in spite of stories about its tremendous growth. Nor would I assume its share of the installed base of systems, a more important number, has grown much over the last few years.
Now before you fire up that e-mail client let me just say this: This isnÂ’t a situation that is simply relegated to Apple. You see it in the browser market and so on. If FireFox picked up 35% of web browser usage you can bet exploits would be flying out of the wood work.
When it first came out in July, Symantec's report "The Mac OS X Threat Landscape: An Overview" revealed a collection of vulnerabilities and potential attacks that rivaled any major operating system (at least in their shipping versions).
The updated version, released earlier this week, reinforces these conclusions, and in fact things are getting worse.
ADVERTISEMENT And yet Macs are not widely attacked, as are Windows systems. In fact, from what I can tell from the monitoring I do of discussions on the matter, Linux boxes are more likely to be attacked, successfully or otherwise, than the average Mac, and there are a lot more Macs out there than Linux boxes.
The Symantec report does no original research; it's all based on publicly available research and vulnerability disclosures from Apple. On the disclosure issue, the report shows graphically that the frequency of vulnerability disclosures for Apple software has been on the increase in recent years. Just recently the Month of Kernel Bugs project revealed a bug in the OS X kernel's fpathconf() system call that could allow a DOS and that was fixed in FreeBSD, the antecedent of OS X, back in June 2000.
The report also discusses more general points that are key to assessing the security state of OS X. One is that the OS has been out for some time now and key components of it, such as the heap manager, are better understood. As Microsoft's Robert Hensing says, "Understanding how something works is the first step in breaking it.
)."
The other general point I didn't appreciate before is the implications of the two-layer kernel. To quote the report:
The OS X operating system is based on FreeBSD, with a set of additional tools and frameworks (such as Core Foundation) built on top. The underlying kernel used by OS X is Darwin, a Mach-based kernel. Because Mac OS X is a UNIX-based operating system, it inherits all its built-in security features, such as a well-designed multiuser infrastructure as well as process and file attributes. It integrates functionality from BSD and Mach kernels, allowing both to interoperate independently.
"Well-designed" as it may be, this two-layer kernel has an abnormally large attack surface because there are two kernels.
Apple has encrypted critical parts of its operating system to protect it from software pirates, according to a researcher. Click here to read more.
This is not just a theoretical argument. The report goes on to cite research by Nemo on uninformed.org showing how BSD security can be bypassed because of flaws in the integration between Mach and BSD in the OS X kernel.
The Symantec researcher argues that they are seeing more activity in the Mac arena, including exploit development, all the time. They argue that the move to x86 architecture will assist this, although I've been skeptical of this argument in the past. They point out a great deal of work done in rootkits for OS X. They point out that OS X has not employed advanced defensive techniques like address space layout randomization or even simpler ones like stack canaries.
OK! I'm sold! Mac OS X has myriad opportunity for attack. So where are all the attacks? How come there aren't armies of Mac botnets? Why aren't there scores of new malware samples for the Mac every day?
The report focuses its attention on the obvious answer, the standard one for this question: The Mac is less popular, so there's less incentive to write exploits and malware for it. There's as much reason to believe this as ever, since overall Mac market share hasn't moved much in the last few years, in spite of stories about its tremendous growth. Nor would I assume its share of the installed base of systems, a more important number, has grown much over the last few years.
There are even fewer Linux or Solaris systems out there, and they get attacked all the time, both through kernel vulnerabilities and application bugs. What explains this difference? Perhaps those who research and write attacks are more familiar with Linux and Solaris. Perhaps these systems are more likely to be servers and therefore more easily targeted for attack. Perhaps these systems are more likely to be business systems and are therefore a better target. Perhaps this is why Apple is not showing an interest in the enterprise.
I'm still stumped. All of these explanations make sense, and somehow they're all unsatisfying. One thing is clear: Mac users are really lucky so far.
http://www.eweek.com/article2/0,1895,2059980,00.asp
Believe or not, there is a lot of information out there that will tell you that OS X is just as bad in terms of security breaches as any other Operating System. The obvious question is Then why donÂ’t Macs get attacked ? The answer according to this author is that due to the market share, it really isnÂ’t worth the time.
The report focuses its attention on the obvious answer, the standard one for this question: The Mac is less popular, so there's less incentive to write exploits and malware for it. There's as much reason to believe this as ever, since overall Mac market share hasn't moved much in the last few years, in spite of stories about its tremendous growth. Nor would I assume its share of the installed base of systems, a more important number, has grown much over the last few years.
Now before you fire up that e-mail client let me just say this: This isnÂ’t a situation that is simply relegated to Apple. You see it in the browser market and so on. If FireFox picked up 35% of web browser usage you can bet exploits would be flying out of the wood work.
When it first came out in July, Symantec's report "The Mac OS X Threat Landscape: An Overview" revealed a collection of vulnerabilities and potential attacks that rivaled any major operating system (at least in their shipping versions).
The updated version, released earlier this week, reinforces these conclusions, and in fact things are getting worse.
ADVERTISEMENT And yet Macs are not widely attacked, as are Windows systems. In fact, from what I can tell from the monitoring I do of discussions on the matter, Linux boxes are more likely to be attacked, successfully or otherwise, than the average Mac, and there are a lot more Macs out there than Linux boxes.
The Symantec report does no original research; it's all based on publicly available research and vulnerability disclosures from Apple. On the disclosure issue, the report shows graphically that the frequency of vulnerability disclosures for Apple software has been on the increase in recent years. Just recently the Month of Kernel Bugs project revealed a bug in the OS X kernel's fpathconf() system call that could allow a DOS and that was fixed in FreeBSD, the antecedent of OS X, back in June 2000.
The report also discusses more general points that are key to assessing the security state of OS X. One is that the OS has been out for some time now and key components of it, such as the heap manager, are better understood. As Microsoft's Robert Hensing says, "Understanding how something works is the first step in breaking it.
)." The other general point I didn't appreciate before is the implications of the two-layer kernel. To quote the report:
The OS X operating system is based on FreeBSD, with a set of additional tools and frameworks (such as Core Foundation) built on top. The underlying kernel used by OS X is Darwin, a Mach-based kernel. Because Mac OS X is a UNIX-based operating system, it inherits all its built-in security features, such as a well-designed multiuser infrastructure as well as process and file attributes. It integrates functionality from BSD and Mach kernels, allowing both to interoperate independently.
"Well-designed" as it may be, this two-layer kernel has an abnormally large attack surface because there are two kernels.
Apple has encrypted critical parts of its operating system to protect it from software pirates, according to a researcher. Click here to read more.
This is not just a theoretical argument. The report goes on to cite research by Nemo on uninformed.org showing how BSD security can be bypassed because of flaws in the integration between Mach and BSD in the OS X kernel.
The Symantec researcher argues that they are seeing more activity in the Mac arena, including exploit development, all the time. They argue that the move to x86 architecture will assist this, although I've been skeptical of this argument in the past. They point out a great deal of work done in rootkits for OS X. They point out that OS X has not employed advanced defensive techniques like address space layout randomization or even simpler ones like stack canaries.
OK! I'm sold! Mac OS X has myriad opportunity for attack. So where are all the attacks? How come there aren't armies of Mac botnets? Why aren't there scores of new malware samples for the Mac every day?
The report focuses its attention on the obvious answer, the standard one for this question: The Mac is less popular, so there's less incentive to write exploits and malware for it. There's as much reason to believe this as ever, since overall Mac market share hasn't moved much in the last few years, in spite of stories about its tremendous growth. Nor would I assume its share of the installed base of systems, a more important number, has grown much over the last few years.
There are even fewer Linux or Solaris systems out there, and they get attacked all the time, both through kernel vulnerabilities and application bugs. What explains this difference? Perhaps those who research and write attacks are more familiar with Linux and Solaris. Perhaps these systems are more likely to be servers and therefore more easily targeted for attack. Perhaps these systems are more likely to be business systems and are therefore a better target. Perhaps this is why Apple is not showing an interest in the enterprise.
I'm still stumped. All of these explanations make sense, and somehow they're all unsatisfying. One thing is clear: Mac users are really lucky so far.
http://www.eweek.com/article2/0,1895,2059980,00.asp
