PDA

View Full Version : 10.4.3 Security Broken


MacBytes
Nov 21, 2005, 07:55 AM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Apple Software
Link: 10.4.3 Security Broken (http://www.macbytes.com/link.php?sid=20051121085523)

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

prechrchet
Nov 21, 2005, 08:27 AM
At this point, I am wondering if Apple might not simply be better off ditching the concept of restricting OSX to mac systems (since it seems that the hackers are going to get around it anyway).

They could...

1. Go back to IBM. (Not likely, IMHO. They have sunk WAY too much money to turn around now.)

2. License OSX to Dell, HP, whoever wants it. (I know, I know, they see themselves (wrongly) as a hardware company that also designs software.)

3. Not actually license OSX, but instead remove the restrictions and simply sell OSX on the open market. This way, people would be able to put OSX on their machine legally, they would have to pay Apple money to do so, and OSX market share increases. Apple would lose some desktop/laptop sales, but this would be offset by the increase in revenue from OSX. It's not a perfect solution, but better than letting hackers run amok (which they seem to be currently doing).

Just my two cents.

prechrchet

eva01
Nov 21, 2005, 08:37 AM
You do know that a huge % of Apples money comes from Hardware sales?

SiliconAddict
Nov 21, 2005, 08:45 AM
You do know that a huge % of Apples money comes from Hardware sales?


It doesn't change the fact that Apple COULD reinvent themselves as a software company. If you think they wouldn't sell a crap load of copies of OS X. . . well you'd be wrong. The problem isn't sales to Windows users. the problem is what happens after OS X has saturated the x86 market. There is simply no way the average Windows user is going to upgrade from OS X version to OS X version every 18 month at $120-ish. Once X saturates the market they are going to be where Windows is now. That is: For many 2K and XP is good enough. So MS is going to have a heck of a time selling Vista to many people.

nbs2
Nov 21, 2005, 08:46 AM
At this point, I am wondering if Apple might not simply be better off ditching the concept of restricting OSX to mac systems (since it seems that the hackers are going to get around it anyway).

They could...

4. Do what they are doing now. "You hack it onto another system? I'm happy you made it work. If it stops working, oh well. We only support our hardware configuration. So, when we break your system you can go do the right thing and buy one of our machines.

nagromme
Nov 21, 2005, 08:59 AM
Even if Apple can't ever stop piracy of OS X, putting it on generic PCs won't be simple and easy, it won't be universal, it won't be supported, it won't meet the stated reqs for most Mac SOFTWARE (so that too will be unsupported), it won't be advertised or sold, it won't be a reviewed product, it won't be possible on every machine, and it won't be legal... and therefore it WILL NOT be for the average computer shopper. It will be for pirates, few of whom were ever going to be valued Apple customers anyway.

Under no circumstances is "stealing a hacked copy of OS X and taking your chances" going to be an option on the radar of most users.

So even if OS X continues to be pirated into the future, I don't expect it to affect Apple's business much until and unless Apple CHOOSES to support an infinite array of hardware and SELL their OS themselves--with official support.

And I tend to hope they don't bother--it will make development and support more expensive for Apple AND for Mac developers. That's not a burden Apple should place on developers lightly. It would also make OS X more complex and bloated--just a little too much like WIndows for my tastes! And as people have said, Apple's in the hardware business--and I LIKE how well they integrate hardware and software designed TOGETHER (unlike Windows PCs). Maybe someday it will make business sense anyway--perhaps with very STRICT hardware guidelines--but I don't see it happening soon.

(Now, the reverse, Windows on Macs, WILL be simple, I think, for a price: Apple has said they will neither encourage nor block such a thing, and I'm sure that apps such as Virtual PC or the like will handle the details for you--while keeping the insecure Windows side safely isolated from the rest of your Mac. It won't be free--you'll have to buy Windows and probably some kind of helper or host app, but it WILL be very easy and polished I think--given time. A very comforting option for switchers to keep in mind.)

prechrchet
Nov 21, 2005, 09:01 AM
You do know that a huge % of Apples money comes from Hardware sales?

Yeah, which is why Apple has resisted doing anything along these lines just yet. However, if hackers are going to beat any defenses that are in place, they hardware sales are going to suffer whether Apple does anything or not.

treblah
Nov 21, 2005, 09:26 AM
Even if Apple can't ever stop piracy of OS X, putting it on generic PCs won't be simple and easy, it won't be universal, it won't be supported, it won't meet the stated reqs for most Mac SOFTWARE (so that too will be unsupported), it won't be advertised or sold, it won't be a reviewed product, it won't be possible on every machine, and it won't be legal... and therefore it WILL NOT be for the average computer shopper. It will be for pirates, few of whom were ever going to be valued Apple customers anyway.

Under no circumstances is "stealing a hacked copy of OS X and taking your chances" going to be an option on the radar of most users.


Exactly!

Not to mention the people who are technologically inclined to do this are also the people that get calls from family and friends asking for tech support. I don't think Apple would mind one 'pirate' for two switchers.

Photorun
Nov 21, 2005, 09:54 AM
4. Do what they are doing now. "You hack it onto another system? I'm happy you made it work. If it stops working, oh well. We only support our hardware configuration. So, when we break your system you can go do the right thing and buy one of our machines.

Precisely! Surely there'll be a few hackers out there, just like there's people using Warez versions of cracked code Adobe CS, Macromedia, hell, even Microsuck XPee, but by in large the majority of the population can't just up and crack code any more than the majority of the population can't do delicate brain surgery (though they may experiment in their tool shed). In fact, probably the same amount of qualified doctors that can crack open a skull can break OS X's code, read: A VERY small handful.

So though yes, people like a challenge and the 'net often you read more bad than good, by in large, this isn't going to be a big deal. And every update will render the previous OS useless. Not to mention what the hell can these people run on these machines? Not a whole lot.

Move along, nothing to really worry about.

nagromme
Nov 21, 2005, 10:16 AM
Also, the attention being paid in the press and online communities to these attempts is good for Apple: it fosters the idea that non-"Mac people" WANT OS X and will go to great lengths trying to get it. That message is not bad for mindshare.

2GMario
Nov 21, 2005, 12:01 PM
the same point is missed time and again about this kind of stuff

if i told my brother, i could tell him how to run OS X on his toshiba laptop, id expect 1 of 3 responses

a: so ?
b: why ?
c: huh ?

the simple fact is, while reading these articles, it may seem perfectly clear how this can be done, why it can be done and why you would want to, walk up to joe shmoe in the mall and tell him about this and he simply wont care

that being said, how many of us are capable of doing this ? 1 out of 100 ? 1 out of 1000 ?

i dont think its that much of a threat as people make it out to be. if i can, i will - it beats carring around 2 laptops, but i wont very well do it for anyone else (support issues) nor will i open a store doing it for the random customer off the street.

this kind of "hacking" isnt as wide spread as something like ripping a dvd. i dont think its an issue, really.

if nothing else, it benefits apple - they can continue to make their security stronger. your more or less doing the debuging for them.

-Mario

impierced
Nov 21, 2005, 12:23 PM
It doesn't change the fact that Apple COULD reinvent themselves as a software company.

Yeah, that worked well for NeXT. :rolleyes:

RobHague
Nov 21, 2005, 12:31 PM
Well this is still not shipping on any 'Intel-based' Macs so im sure Apple are learning from what the hackers are doing (their methods) to circumvent their protection.

I am sure by the end of it, i think it will be solid enough to stop widespread use on other systems. Apple dont have to stop it working, just make it harder to get working so its an effort to keep the system going.

*maybe* Apple will introduce product keys......

Sad fact is though that if they were still going along with PPC still this wouldnt be an issue. Now there is a version that will run on x86 its inveitable that its going to end up on non-mac systems sooner or later...

otter-boy
Nov 21, 2005, 01:00 PM
Precisely! Surely there'll be a few hackers out there, just like there's people using Warez versions of cracked code Adobe CS, Macromedia, hell, even Microsuck XPee, but by in large the majority of the population can't just up and crack code any more than the majority of the population can't do delicate brain surgery (though they may experiment in their tool shed). In fact, probably the same amount of qualified doctors that can crack open a skull can break OS X's code, read: A VERY small handful.

I think the point is less that people can't crack the code (or much more likely, obtain a cracked version of the code). Most people simply do not want to, and the vast majority of companies won't for legal/support reasons--they can't afford to break a contract because their computers running illegal code just stopped working correctly in the middle of a project.

Apple will probably continue to make Mac OS for Mac computers because making the hardware and software allows them to maintain strict quality control and produce a more polished, more functional OS. Part of the reason Windows takes so long to make is that MS has to program it to work on so many different pieces and combinations of hardware. Windows has a broader reach, but it does less things as efficiently and elegantly as OS X.

That being said, I think Apple will make it difficult enough for the average person to run a croacked version of OS X he or she will be reminded that such actions are not accepted/legal. They'll write off the copies lost to hackers.

I think you'll find that most people don't have a desire to run a cracked version of their operating system--maybe a game or some other fluff but not the brains of the system.

Photorun
Nov 21, 2005, 03:56 PM
That being said, I think Apple will make it difficult enough for the average person to run a croacked version of OS X he or she will be reminded that such actions are not accepted/legal. They'll write off the copies lost to hackers.

I think you'll find that most people don't have a desire to run a cracked version of their operating system--maybe a game or some other fluff but not the brains of the system.

All your points are very valid. Which is why my point "move along, nothing to see here." There will be a few bad apples (pardon the pun) but by in large it's not going to be some pandemic of everyone doing this kill Apple's bottom line, not even anything close to it.

zap2
Nov 21, 2005, 04:04 PM
. Apple would lose some desktop/laptop sales, but this would be offset by the increase in revenue from OSX. It's not a perfect solution, but better than letting hackers run amok (which they seem to be currently doing).

Just my two cents.

prechrchet

But really Apple not losing that much Money(only stilled computer user can do this and they cant do what i can on my PPC Mac(all that 3rd party software)

Keep things the way they are.(i would still buy a Mac(Apple HardWare and SoftWare)

matticus008
Nov 21, 2005, 05:22 PM
Yeah, which is why Apple has resisted doing anything along these lines just yet. However, if hackers are going to beat any defenses that are in place, they hardware sales are going to suffer whether Apple does anything or not.
Based on what evidence? There's no particular reason that Apple hardware sales will suffer, because only a certain kind of hardware will work natively with OS X, and so people will have to buy very similar hardware and defeat what will undoubtedly be a hardware-based restriction so that even identical hardware will have to jump through some hoops. Apple's boot ROM only has to differ from the standard BIOS to keep most people away.

People are going to buy the right hardware and they're going to get OS X running on their PCs, but equally likely, more customers will jump ship and buy Macs. Don't forget that Apple doesn't want to be Microsoft. They won't develop the drivers and far-reaching support to run on generic PCs, and people who go to all the trouble to get OS X running on non-matching hardware wouldn't have bought a Mac anyway. They obviously want to be profitable and want to reach a large audience, but they want to preserve the user experience and that means focusing on a narrow subset of computer hardware.

Mac OS X will be designed for and tested against Intel CPUs with a specific few motherboard designs and particular multimedia hardware. Other than a wider range of graphics cards, there will not be a dramatic increase in Mac support for other hardware. If people want to run OS X on their PC, they're going to have to invest time and effort and money into assembling matching hardware (or developing and installing drivers manually) and bypassing security restrictions. It'll be far easier just to buy a Mac for 99% of people, and the rest are in it for the thrill of the challenge.

Fiveos22
Nov 21, 2005, 05:25 PM
Just a slightly off topic question:

With OSX86 will there won't be a need for Virtual PC any longer, yes?

nagromme
Nov 21, 2005, 05:46 PM
Just a slightly off topic question:

With OSX86 will there won't be a need for Virtual PC any longer, yes?
Yes, there will. Maybe not a NEED, but good reasons (convenience, productivity, and security) to want VPC--or something else--handling Windows rather than just booting into Windows.

Dual-boot is a terrible, last-resort kind of solution. Aside from the delay and hassle, you can't USE all your apps together! You're using JUST the Mac apps or JUST the Windows apps. When you're in Windows you don't have your Mac files, or emails, or bookmarks, or.... No. Only a last resort for RARE Windows use.

And even then... Windows opens your Mac up to attack. A Windows virus may not be able to read HFS (unless... it was designed to!) but it can still reformat your HD in theory, Mac partition and all. No thank you! I want to KNOW--not assume--that my Mac is safe from Windows attacks.

So running Windows emulation--now at close to full speed thanks to Intel chips--is the way to go. I love the convenience and security of VPC. Soon I'll have the speed too! (Not to mention that VPC starts almost instantly, unlike booting Windows from scratch.)

With VPC or something similar you can:

* Copy/paste/drag data and files between Mac and Windows.

* Use ANY app at any time in any combination. Mac or Windows.

* Keep Windows running on its own hardfile, entirely unaware of the rest of the HD at any level. So no attack can do worse than wipe Windows' own hardfile.

I'd still rather do without Windows entirely--and not have to BUY Windows--but for people with no other choice, the above sounds pretty nice to me.

vniow
Nov 21, 2005, 05:50 PM
Just a slightly off topic question:

With OSX86 will there won't be a need for Virtual PC any longer, yes?

VPC will take on a whole new meaning once the Intel switch goes full force.

http://forums.macrumors.com/showthread.php?t=161550

shamino
Nov 21, 2005, 06:42 PM
Yeah, that worked well for NeXT. :rolleyes:
Worked great for them. Especially when they got bought out by Apple and ...

Nevermind :o

shamino
Nov 21, 2005, 06:51 PM
I think everything is going according to plan here.

Apple releases updates with new restrictions. The hacker community breaks the restrictions and publishes the results. Apple analyzes the hacks and beefs up their restrictions, which get hacked later.

When the system finally ships, it will be impossible for the casual user to install the OS on a PC - which is the big deal. Nobody cares about the hacker community - there aren't that many of them to impact Apple's finances. As long as an ordinary person can't pick up a box of OS X and do a quick install, that's all that matters.

OS X has always had hardware restrictions, preventing it from installing on pre-G3 Macs, pre-USB Macs (for 10.3), pre-FireWire Macs (for 10.4), and on Macs with CPU upgrade cards. In all cases, hacks (like XPostFacto) were developed to work around the restrictions, and Apple has not bothered to care much. Although they'd prefer to sell new Macs to these customers, the impact to the bottom line was never enough to make it worth their while to do anything about it.

I suspect this will be the same. As long as the people hacking OS X onto their PCs are doing it with legally purchased copies and not pirated ones, I don't think Apple will care much.

SiliconAddict
Nov 21, 2005, 06:56 PM
Yeah, which is why Apple has resisted doing anything along these lines just yet. However, if hackers are going to beat any defenses that are in place, they hardware sales are going to suffer whether Apple does anything or not.

The average computer user is NOT a hacker. No matter how simple some hacker makes the software to install its still going to be levels of difficulty above what the average Windows computer user is capable of doing. Apple should put protection on it but avoid going overboard all over a small handful of geeks who want to roll their own hardware.

SiliconAddict
Nov 21, 2005, 07:14 PM
Yes, there will. Maybe not a NEED, but good reasons (convenience, productivity, and security) to want VPC--or something else--handling Windows rather than just booting into Windows.

Dual-boot is a terrible, last-resort kind of solution. Aside from the delay and hassle, you can't USE all your apps together! You're using JUST the Mac apps or JUST the Windows apps. When you're in Windows you don't have your Mac files, or emails, or bookmarks, or.... No. Only a last resort for RARE Windows use.

And even then... Windows opens your Mac up to attack. A Windows virus may not be able to read HFS (unless... it was designed to!) but it can still reformat your HD in theory, Mac partition and all. No thank you! I want to KNOW--not assume--that my Mac is safe from Windows attacks.


I run VPC on my desktop PC computer at home and I think there are a few misconceptions on how VPC runs along side other OS's. Simply put you do NOT get full speed acceleration through VPC that runs alongside its host OS. I've got 1.5Gb RAM, 2.8Ghz CPU, and a SATA drive and even then forget about using VPC as a gaming platform or for anything other then some of the most basic apps. Is it faster then VPC for the PPC? Of course since it is no longer doing emulation but if you are looking for the fastest performance in Windows you CAN install it alongside OS X. Also you are incorrect about not being able to access Windows apps while in OS X. The Lindows flavor of Linux already does this. As long as you can access the API's on the Windows partition you will be able to run Windows apps as long as there is a go between app to manage the "talking" to Windows. My guess? This will prob be out by 2007.
Finally about viruses. Most if not all recent viruses don't format the drives. In point of fact you pretty much can't format the drive since the OS has control over the disk's partition. try a little experiment sometime on a 2K or XP system. Open the command line, type chkdsk c: /f

You will get this: http://forums.macrumors.com/attachment.php?attachmentid=35189&stc=1&d=1132621565

Also next to NO virus tries formatting the drive. Why? If the virus formats the drive it can't propagate itself. what most viruses do, do is make life a living hell for admins by turning the system into zombie boxes, delete personal files, and pretty much make life a living hell.
Finally do you have any idea how much overhead would be involved in creating a virus that also includes alternate file systems? it wouldn't be impossible but it sure as hell would be hard. Harder then what the script kiddies of the world are putting out for viruses now a days. Simple fact. About 90%-ish of the viruses put out now a days come from someone reverse engineering MS patches or from the release of MS patches dealing with security holes. The average virus writer now a days has very little skills with the OS itself. They rely on others to do the dirty work and as such making a virus that actively attempts to access an OS X partition is well beyond most virus writers skills.

PS- If you run Windows get some AV software and the whole issue becomes a moot point anyways. :rolleyes: You DON'T run Windows without AV software just like you don't drive a car without a seatbelt.

nagromme
Nov 21, 2005, 07:23 PM
I run VPC on my desktop PC computer at home and I think there are a few misconceptions on how VPC runs along side other OS's. Simply put you do NOT get full speed acceleration through VPC that runs alongside its host OS.
I'm very much aware that VPC and the like have overhead. But that overhead is well worth it to me. I'm looking for good Windows performance, not THE fastest that the hardware can attain.


Also next to NO virus tries formatting the drive. Why? If the virus formats the drive it can't propagate itself. what most viruses do, do is make life a living hell for admins by turning the system into zombie boxes, delete personal files, and pretty much make life a living hell.
Finally do you have any idea how much overhead would be involved in creating a virus that also includes alternate file systems? it wouldn't be impossible but it sure as hell would be hard.
"Hard" and "next to no" aren't good enough for me, if my Mac's security is subject to Windows viruses in any way. I want the certainty--not the likelihood--that Windows can't trash the Mac side in any way. That means a hardfile, and virtual hadware that doesn't represent the real hardware. A little performance overhead is well worth it to me.

Basically, whether it's VPC or some other solution, I want protection and convenience that dual-booting can't offer. THAT is the unacceptable option, to me. Beyond that, I'm open to VPC or whatever else emerges.

SiliconAddict
Nov 21, 2005, 07:32 PM
*shrugs* Your call. You are being overly paranoid though. Iíve used Windows for 10 years. Iíve had one viruses back in í95. I consider most people on this board to be relatively smart. Or more accurately smart enough not to do stupid things on their computer.

matticus008
Nov 21, 2005, 08:09 PM
Finally about viruses. Most if not all recent viruses don't format the drives. In point of fact you pretty much can't format the drive since the OS has control over the disk's partition.
Good points, generally, but this one is a little inaccurate. Many, many viruses propagate on reboot or execute only on the next MBR access. While you're right that outright formatting is fairly unpopular these days, the principle is sound that viruses could and do seek to change the low level operation of a computer. This is why once a PC is infected, shutting it down properly is one of the worst things you can do. It's much easier to deal with viruses before that restart.

If you get a virus in VPC, just wipe the image. It'd be a good principle to allow for Windows, but the DRM happy would just use it to prevent modification to system files even for non-infection uses.

nagromme
Nov 21, 2005, 08:16 PM
*shrugs* Your call. You are being overly paranoid though. I’ve used Windows for 10 years. I’ve had one viruses back in ’95. I consider most people on this board to be relatively smart. Or more accurately smart enough not to do stupid things on their computer.
That's exactly the main thing I have against Windows. I don't want to HAVE to be properly trained in keeping Windows secure :) Or, if you wish to phrase it that way, "smart." I'll gladly leave Windows security to the experts, and apply measures in my own computing to make it a non-issue that I don't have to waste time on.

SiliconAddict
Nov 22, 2005, 02:17 AM
Good points, generally, but this one is a little inaccurate. Many, many viruses propagate on reboot or execute only on the next MBR access. While you're right that outright formatting is fairly unpopular these days, the principle is sound that viruses could and do seek to change the low level operation of a computer. This is why once a PC is infected, shutting it down properly is one of the worst things you can do. It's much easier to deal with viruses before that restart.

If you get a virus in VPC, just wipe the image. It'd be a good principle to allow for Windows, but the DRM happy would just use it to prevent modification to system files even for non-infection uses.

With the Windows NT kernel (NT,2K, XP) the system passes to the Ntldr and calls the various boot files from there. (Gah. Its been like 5 years since I've had to even think about Windows startup.) Unless these core files have been infected which I guess is possible. Also I swear, could be wrong, that the NT kernel locks the MBR once it starts up so other processes can't access it only the OS. . Been too long since I looked at this crap.

Eric5h5
Nov 22, 2005, 03:26 PM
Of course since it is no longer doing emulation but if you are looking for the fastest performance in Windows you CAN install it alongside OS X. Also you are incorrect about not being able to access Windows apps while in OS X. The Lindows flavor of Linux already does this. As long as you can access the API's on the Windows partition you will be able to run Windows apps as long as there is a go between app to manage the "talking" to Windows. My guess? This will prob be out by 2007.

Well, no. API stands for Application Programming Interface...APIs aren't physical files or anything. It's a way of accessing various routines. Lindows doesn't have or need a Windows partition (because then they'd have to license Windows, and the whole point is to avoid Microsoft entirely). What it does is re-implement the Windows APIs from scratch in Linux. The problem with this, of course, is that it's not 100% compatible because it's not the real thing, and if Microsoft changes their APIs, Lindows breaks.

Anyway, no need to wait for 2007. Macs do this now; it's called WineX. Obviously, it's not fast because it needs to translate X86 to PPC. OSX86 will take care of that problem, although you're still left with the incomplete compatibility. (Though I must say that reverse engineering Windows as well as they have is a pretty impressive feat.)

--Eric