OS X’s changing security landscape


There’s a lot of talk going on in the tech blogosphere about the newest release of OS X, Snow Leopard, coming to market with a built-in malware scanner. Now that it has shipped we are seeing exactly what lies behind the real thing and it turns out to be not much more than an XML styled file called XProtect.plist that at this point only contains the signature information for two trojans.

Interestingly enough the files detailed are for trojans that hit the web earlier this year, there is nothing for more current exploits. While security experts may be divided on the actual usefulness of such a limited scanning the reality is that at this point in time the Mac doesn’t need the same type of malware definition file that Windows does. This is because for the most part Mac doesn’t share the same market share or interest for malware creators.

For much of the life of the Mac computers there has been no real need to worry about things like viruses, trojans, or other types of malware because the truth of the matter is that as a platform it held no attraction for those people who create malware. This unfortunately has given Mac users a deluded point of view that Mac’s are some how immune to malware. Many a flamewar has risen over this fact with people who try to point out that Mac’s real security has been one of market share rather than true security baked into the operating system.

It isn’t just Windows users who have been trying to say this in defense of their operating system of choice but is also coming from die-hard Apple fans who use Mac systems day in and day out. Such a person is Dino Dai Zovi who has been hacking Mac’s for almost as long as he has been using computers. The winner of the PWN2OWN hacking contest in 2007 said recently that “the Mac is not magically protected from malware“.

Charlie Miller, co-author of The Mac Hacker’s Handbook with Dai Zovi, who is a multi-year winner of the PWN2OWN hacking contests said in an interview

“I had a feeling that Mac was easier (to hack) than Windows,” he said. “If I can find the Safari bug or exploit in a few days and it would take me 10 times as long for IE, why would I do that? I go after the easiest guy.”

Even in light of what people like Miller and Dai Zovi are saying there is still a large contingent of Mac users who truly believe that they are invulnerable to malware by virtue of the Unix base that OS X is built on. It is also the same type of opinions held by the Linux community as well. As much as these people like to believe this they are ignoring a fundamental law of our world – whatever mankind creates someone will find some way to figure out how it works and then subvert it.

Pick any technology created by man at at some point some-one finds a way around it, a way through it or some way to break it. It is an inescapable law and just because Mac users would like to think that OS X is above all this they are living in a dream world.

Apple though may be coming out of their dream state fugue with Snow Leopard and the inclusion of a malware scanner. For Mac security experts like Dino Dai Zovi though this initial step may not go far, or deep, enough as he recently put forth his wish list when it comes to Snow Leopard

In June, Dai Zovi reported on a new local privilege escalation vulnerability researchers had discovered that gives local root access on Mac OS X Tiger and Leopard. He offered up a wish list for Snow Leopard that included: real” ASLR; “full use of hardware-enforced Non-eXecutable memory (NX);” default 64-bit native execution for security-sensitive processes; sandbox policies for Safari, Mail.app, and third-party applications (akin to what Chrome has); and Mandatory code signing for kernel extensions.

At this point Dai Zovi also adds Leopard has a security level akin to something between Windows XP Service Pack 2 and Vista and it still remains to be seen where Snow Leopard will fall.

Right now the Mac only has about 5 percent market share worldwide with half of that being US users but it is a share that is rising, from 3.73 percent to 4.86 percent in one year. With that rise though also comes the increased visibility of OS X as a target for malware creators so the dreamland that many Mac users live in when it comes to security is in danger of crashing down around them.

As Charlie Miller said

“No computer or operating system is more or less secure when it comes to users being tricked into downloading something,”

image courtesy of Mac Magazine Brazil

Share this article: OS X’s changing security landscape
More from Inquisitr