The point on security and MacOSX

Posted: September 3, 2008 in Apple

MacOSX is build upon FreeBSD, the purest Unix system (contrary to the Linux branch), and brings the most evolved network layer (without mentioning Apple optimizations) and the most tested (by the open source community). As it uses the Unix architecture (system files cannot be accessed without the root password) there couldn’t be any virus in theorry from outside without the pirate knowing that password. Then no virus was ever encountered on OSX since its late 2000 introduction. At least there was (some years ago) a fake mp3 file that was in fact a disguised application.

The risks are more about these cases, were we download untrusted files (and evidently all OS face that problem). Some downloaded applications ask for an administrative level password in order to function properly (access to system files or components), and the application has so to be trusted. This can be done by signing application file with a certificate (but doesn’t fix the Windows problem were emails in Outlook contain auto executable files). Since Leopard, all OSX bundled applications and utilities have been signed (in that case a MD5 key has been computed from each application binary), so the system can verify the files integrity (but cannot guarantish the provider for downloaded files – most of them aren’t signed with a certificate). Moreover, the first time OSX launches a new downloaded application, it asks for a confirmation (well, we end finally by having to trust the application isn’t fake… except fot OSX base applications whose integrity is monitored through the MD5 hash keys). On VISTA the system asks for confirmation all the time (it seems they didn’t got the point)…

The previously listed risks (consist of the majority of attacks, troyans and other malwares widespread on Windows) are of end user responsability, and will finally be avoided by trusting downloaded applications through certifcates. However there is still the true security flaws, that are called exploits (because most of the time they aren’t exploited, they are just a proof of concept). They make use of bugs in high level system components, to lead to a memory buffer overflow (typically an access to an outerbound index of an array). Then in these situations it can be possible to gain a higher user level right (from outside), what is called privieges escaladation (there has to be noted however that the pirate has to know a lower-level user account before to be able to grow its privileges level, so this condition isn’t meeten most of the case).
We remember the case of some image format management by OS media layers, that led to a vulnerability. The most security-flaws-prone system components are the high level ones (use a lot of code compared with the lower layers, and are more exposed) : media layers (QuickTime, WMP), players (iTunes, WMP) and browers (Safari, IE, etc.)

Then despite OSX being very secure at a basis, it is very difficult to verify that there isn’t any remaining bug in the higher level OS layers : QuickTime is a good example (huge code that have grew since 1991 – that is why it is being completely rewritten for Snow Leopard). Software quality at a higher level is generally poorer, and Apple showed a strong example some years ago when they added a badly thought feature to Safari that led to auto-installing of downloaded .dmg images contents (if it contained a screensaver supposed file). It was quickly removed/disabled by default, but that badly feature demonstrated how easily a secure OS can be bypassed by huge holes in the upper layers.

Despite improvements in Windows VISTA, the Unix lower layers of MacOSX will still be more secure (password-protected system files, open code that is quickly patched by the community – something impossible with the closed Windows code), and the higher level components in OSX are still less buggy than Windows ones (Outlook, IE, etc.) Microsoft lobbying (very strong in France) is now trying to lure users, to make them think OSX isn’t safier. We saw sort of that disinformation this week with the false security flaw in the iPhone OS. Would be great if columnists were engineers too !


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s