Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Mac Community > Community Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 18, 2011, 07:08 PM   #1
nec207
macrumors 6502
 
Join Date: Mar 2011
Could OS X have more security

One thing about OS X application are bundle architecture maintains application as self contained bundles thus you can move application around where in windows or Linux you cannot . But I feel OS X way of doing this may be easer for user but this makes holes in security.

Also other weak spot of Mac OS X is it will not ask for authentication in user level only in system level and the way programs run and are installed makes alot of weak security in OS X. It may makes this very user friendly but not good for security .


It should be that all programs never download ,install ,remove or change in user level at all.No program should run or install in user level.Every thing should be in system level.

The thing is some times Apple makes their OS so user friendly thay strip some of the security.


Windows and Linux should be installing programs in system level people tell me.Just like OS X.What do you think? What is better? Should program run and install in system level?

Also how much authentication is too much or not enough.If you where running Apple what would you do that will make OS X have more security?
nec207 is offline   0 Reply With Quote
Old Aug 18, 2011, 09:54 PM   #2
nunes013
macrumors 65816
 
nunes013's Avatar
 
Join Date: May 2010
Location: Connecticut
Quote:
Originally Posted by nec207 View Post
One thing about OS X application are bundle architecture maintains application as self contained bundles thus you can move application around where in windows or Linux you cannot . But I feel OS X way of doing this may be easer for user but this makes holes in security.

Also other weak spot of Mac OS X is it will not ask for authentication in user level only in system level and the way programs run and are installed makes alot of weak security in OS X. It may makes this very user friendly but not good for security .


It should be that all programs never download ,install ,remove or change in user level at all.No program should run or install in user level.Every thing should be in system level.

The thing is some times Apple makes their OS so user friendly thay strip some of the security.


Windows and Linux should be installing programs in system level people tell me.Just like OS X.What do you think? What is better? Should program run and install in system level?

Also how much authentication is too much or not enough.If you where running Apple what would you do that will make OS X have more security?
im not a security expert or anywhere close but i have heard many positive things about OS X Lion. There have been people testing it saying they recommend all Apple users to upgrade sooner than later, and they said same thing with Windows users. I take that as its the most secure OS X update and also more secure than Windows. Ill post the link in a minute.

EDIT: here it is http://www.macrumors.com/2011/07/22/...lity-surfaces/


the guy is tearing it down and posting the results.
__________________
15" 2012 Retina MacBook Pro, 2.3 Ghz Intel Core i7, 8 GB Ram, 256 GB SSD; iPhone 5
nunes013 is offline   0 Reply With Quote
Old Aug 18, 2011, 10:38 PM   #3
unixperience
macrumors regular
 
Join Date: Jul 2010
you can easily move applications due to the bundles (jsut like you would with a bundled java application for instance) but typically when you try and run the program for the first time, it asks if you really want to open it? sure its just a click away in a full administrative account (default account setting)

When you move things into the application folder (since applications live at root) most of them ask for a password (and again with an admin account this is easy type in your account password)

but then again its still unix (bsd based system) so you still have permissions account settings, group settings, you can set all that up for new users (the way a network admin would, or a parent protecting their children :-D ) theres actually a really cool parental controls. you can use a simple finder (only shows applications you allow cant install or change files except your own docs) just like regular unix systems, you can really lock it down. but by default the accounts are basically admin so they are very free
__________________
2008 Aluminum MacBook, 2.4GHz IC2D, 8GB ram, 64bit EFI 10.6.8, 500GB momentus 7200.4
unixperience is offline   0 Reply With Quote
Old Aug 21, 2011, 12:25 PM   #4
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
How does administrative account work vs root?

Is this some thing only Unix,Linux and OS X have this thing called root.

So it will not ask for authentication in user level or system level if you running as a administrative account ?
nec207 is offline   0 Reply With Quote
Old Aug 21, 2011, 01:53 PM   #5
r1ch4rd
macrumors 6502a
 
r1ch4rd's Avatar
 
Join Date: Aug 2005
Location: Manchester UK
It doesn't really matter whether you can run or install programs as an individual user. Because of the way UNIX works, the application cannot access critical parts of the system without an administrative password.

Think of administrators in Mac OS as having the equivalent of "sudo" type functionality in Linux. You can act as the root user, but are forced to authenticate before doing anything.
r1ch4rd is offline   0 Reply With Quote
Old Aug 31, 2011, 10:40 PM   #6
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
munkery we can keep the talk on malware to this thread than the other thread that is about programming and the OS X layers.This was in that other thread but got no reply.



if I understand it you got browser space and OS space . If I go to a web site that as flash ,Java,Java-script,Active-X or scripts there is potential for malware to get on the computer.

Why not the OS and AV like Norton or Kaspersky block it ??? It cannot block it !!! if it block flash ,Java,Java-script,Active-X or scripts on the page than most web sites would not work !!

But the OS you got user level and system level. The malware I got was in user level.

What is the difference of OS X user level and system level vs windows user level and system level .

Why have user level and system level at all.

Why not the browser sandbox or OS sandbox block it ? It cannot if it block it than most web sites would not work.

So the point of a being very secure goes out the window here.It would not better if I was using windows,Linux,Unix or OS X or any other OS as no OS can block it.
nec207 is offline   0 Reply With Quote
Old Aug 31, 2011, 11:45 PM   #7
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
One thing about OS X application are bundle architecture maintains application as self contained bundles thus you can move application around where in windows or Linux you cannot . But I feel OS X way of doing this may be easer for user but this makes holes in security.

Also other weak spot of Mac OS X is it will not ask for authentication in user level only in system level and the way programs run and are installed makes alot of weak security in OS X. It may makes this very user friendly but not good for security .
Doing it this way eliminates way more security issues than it creates.

All the reliable vectors for malware to be profitable are protected by DAC in OS X. The app bundle architecture keeps third party executables separate from these reliable vectors.

Windows installs software at the same level as the reliable vectors in Windows. So, if an app is malicious, it has more access to security sensitive areas in Windows than compared to apps in OS X.

Quote:
Originally Posted by nec207 View Post
It should be that all programs never download ,install ,remove or change in user level at all.No program should run or install in user level.Every thing should be in system level.
This is not possible. If permissions are set to require authentication at the user level, then users would have to authenticate every action on the system, including opening files and folders.

Quote:
Originally Posted by nec207 View Post
The thing is some times Apple makes their OS so user friendly thay strip some of the security.
The total opposite is actually the truth. The increased user friendliness reduces the likelihood of the user making mistakes in relation to security.

Quote:
Originally Posted by nec207 View Post
Windows and Linux should be installing programs in user level people tell me.Just like OS X.What do you think? What is better? Should program run and install in system level?
OSs should follow the principle of least privilege. Windows does not follow this principle as well as other OSs.

Quote:
Originally Posted by nec207 View Post
munkery we can keep the talk on malware to this thread than the other thread that is about programming and the OS X layers.This was in that other thread but got no reply.
Sure, if you stop making threads about topics that I have discussed with you several times in the past.

I don't want to discuss topics with you if you are going to try to spin that information into misinformation.

Quote:
Originally Posted by nec207 View Post
Why not the OS and AV like Norton or Kaspersky block it ??? It cannot block it !!! if it block flash ,Java,Java-script,Active-X or scripts on the page than most web sites would not work !!

But the OS you got user level and system level. The malware I got was in user level.
What specific malware? What OS are you using?

Active-X suggests that you are using Windows. Only Windows uses Active-X.

Quote:
Originally Posted by nec207 View Post
What is the difference of OS X user level and system level vs windows user level and system level .
The difference is that DAC is easily bypassed in Windows and that the registry is not well enough protected by DAC in Windows even if DAC is not bypassed.

These issues do not exist in OS X.

Quote:
Originally Posted by nec207 View Post
Why have user level and system level at all.
Do you want to authenticate every time you open any file or folder?

If no, then OS has to be separated into different levels of permissions.

Do you want malware to have system level access from only a single exploit?

If no, then OS has to be separated into different levels of permissions.

Quote:
Originally Posted by nec207 View Post
Why not the browser sandbox or OS sandbox block it ? It cannot if it block it than most web sites would not work.
What browser are you using? What OS are you using?

The effectiveness of the sandbox in Windows is not as good as the sandbox implementations used in OS X and Linux.

Depending on the browser, the rendering and scripting engines as well as any plugins run in either a separate process and/or a sandbox.

I do not think the sandbox was bypassed unless you are using Windows and IE.

Quote:
Originally Posted by nec207 View Post
So the point of a being very secure goes out the window here.It would not better if I was using windows,Linux,Unix or OS X or any other OS as no OS can block it.
This is absolutely untrue.
__________________
Mac Security Suggestions

Last edited by munkery; Aug 31, 2011 at 11:50 PM.
munkery is offline   0 Reply With Quote
Old Aug 31, 2011, 11:59 PM   #8
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
Quote:
What browser are you using? What OS are you using?

The effectiveness of the sandbox in Windows is not as good as the sandbox implementations used in OS X and Linux.

Depending on the browser, the rendering and scripting engines as well as any plugins run in either a separate process and/or a sandbox.

I do not think the sandbox was bypassed unless you are using Windows and IE.


Any time where there is flash , javascript ,Java or active-x on a page there is potential for malware.

And pop ups are getting very smart now they say the opposite what they mean you click on close and really it is run.Also I have seen fake UAC and fake anti-virus scans that look and feel like the real virus scan. You may go to bad web site and get fake UAC popup or fake AV.

And also I have seen fake pictues on the internet that look like a Jpg ,bmp or giff.Same with videos or music.

Many pages have bad scrips and adverts now.

The malware out there is very smart these day you do not have to downloads cool things of the internet like before to get malware


So I;m not sure how sanbox or OS can block this with out having no flash on the computer ,running no script and just about nothing but plain HTML that is just plain text.

Quote:

Doing it this way eliminates way more security issues than it creates.

All the reliable vectors for malware to be profitable are protected by DAC in OS X. The app bundle architecture keeps third party executables separate from these reliable vectors.

Windows installs software at the same level as the reliable vectors in Windows. So, if an app is malicious, it has more access to security sensitive areas in Windows than compared to apps in OS X.
If I understand the above and past posts here any thing in user level cannot mess up the OS so in reality I could download a bad program or if a program slip by the sanbox on to the OS it will be in user level and cannot do any thing to mess up the OS do to all critical files are in system level.

In windows they use alot of DLL files ,registry and most programs are in system level in windows than user level like OS X.

Last edited by nec207; Sep 1, 2011 at 12:07 AM.
nec207 is offline   0 Reply With Quote
Old Sep 1, 2011, 12:10 AM   #9
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
Any time where there is flash , javascript ,Java or active-x on a page there is potential for malware.

(snip)

So I;m not sure how sanbox or OS can block this with out having no flash on the computer ,running no script and just about nothing but plain HTML that is kust plain text.
If the sandbox is effective, it does block browser exploit based malware from accessing both the user and system levels. With a sandbox, the malware can only access a limited area of the system allowed by the sandbox.

The sandbox in OS X and Linux is more effective than the sandbox in Windows.

If the DAC in an OS is effective, it does block malware that achieves user level access from accessing security sensitive items protected in the system level of the OS via DAC.

The DAC in OS X and Linux is more effective than the DAC in Windows.
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Sep 1, 2011, 12:46 AM   #10
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
Quote:
Originally Posted by munkery View Post
If the sandbox is effective, it does block browser exploit based malware from accessing both the user and system levels. With a sandbox, the malware can only access a limited area of the system allowed by the sandbox.

The sandbox in OS X and Linux is more effective than the sandbox in Windows.

If the DAC in an OS is effective, it does block malware that achieves user level access from accessing security sensitive items protected in the system level of the OS via DAC.

The DAC in OS X and Linux is more effective than the DAC in Windows.
Here is log file of old computer I had.

http://img710.imageshack.us/img710/3855/999ah.jpg

Looking at the log file you can see the AV and windows blocked the malware and some of the malware did get in my user profile and internet cash folder that I had to remove.


A browser is an application that runs above the OS level. You could chose to run Chrome, Firefox, Safari ,Opera or several other browsers. Those choices can make no difference in what happens when you visit a compromised website do to the internet cashing of sites and need to run Java,Java-scrip,flash and rich HTML so on is run in browser layer or in some cases talk to the OS and is not on the page it self. This is a big problem .

Had I had a old crude windows 3.1 computer with no plugins ,no flash,no script nothing just plain monochrome browser I would have got no malware .But yet again the web site would not work.


Where Java,Java-scrip,flash ,scripts and rich HTML so on can be used for good or bad.


Then again the same malware on Windows 7 could be used on OS X or Linux to infect the user on those other OS systems. Both Linux and OS X allow users to run applications and write files to their directories.
nec207 is offline   0 Reply With Quote
Old Sep 1, 2011, 01:10 AM   #11
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
A browser is an application that runs above the OS level. You could chose to run Chrome, Firefox, Safari ,Opera or several other browsers. Those choices can make no difference in what happens when you visit a compromised website do to the internet cashing of sites and need to run Java,Java-scrip,flash and rich HTML so on is run in browser layer or in some cases talk to the OS and is not on the page it self. This is a big problem .
The choice does matter because almost all exploits are specific to one combination of browser and OS. A compromised website is just a host to an exploit.
Quote:
If the sandbox is effective, it does block browser exploit based malware from accessing both the user and system levels. With a sandbox, the malware can only access a limited area of the system allowed by the sandbox.

The sandbox in OS X and Linux is more effective than the sandbox in Windows.
Quote:
Originally Posted by nec207 View Post
Had I had a old crude windows 3.1 computer with no plugins ,no flash,no script nothing just plain monochrome browser I would have got no malware .But yet again the web site would not work.
Even the renderer can be exploited. Browsers are the least secure client-side app.
Quote:
If the sandbox is effective, it does block browser exploit based malware from accessing both the user and system levels. With a sandbox, the malware can only access a limited area of the system allowed by the sandbox.

The sandbox in OS X and Linux is more effective than the sandbox in Windows.

Quote:
Originally Posted by nec207 View Post
Where Java,Java-scrip,flash ,scripts and rich HTML so on can be used for good or bad.
Quote:
If the sandbox is effective, it does block browser exploit based malware from accessing both the user and system levels. With a sandbox, the malware can only access a limited area of the system allowed by the sandbox.

The sandbox in OS X and Linux is more effective than the sandbox in Windows.
Quote:
Originally Posted by nec207 View Post
Then again the same malware on Windows 7 could be used on OS X or Linux to infect the user on those other OS systems. Both Linux and OS X allow users to run applications and write files to their directories.
This is not necessarily true. The same vulnerability may not be exploitable in another OS due to different implementations of security mitigations such as overviewed in the following post:

http://forums.macrumors.com/showpost...9&postcount=24

Below are some posts from a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showpost...58&postcount=2
http://forums.macrumors.com/showpost...9&postcount=17
http://forums.macrumors.com/showpost...6&postcount=20
http://forums.macrumors.com/showpost...4&postcount=21
http://forums.macrumors.com/showpost...1&postcount=24
http://forums.macrumors.com/showpost...7&postcount=26
http://forums.macrumors.com/showpost...4&postcount=28
http://forums.macrumors.com/showpost...7&postcount=30
http://forums.macrumors.com/showpost...9&postcount=32
http://forums.macrumors.com/showpost...0&postcount=34
http://forums.macrumors.com/showpost...5&postcount=36
http://forums.macrumors.com/showpost...4&postcount=38

Below are some more posts from a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showpost...9&postcount=10
http://forums.macrumors.com/showpost...1&postcount=13
http://forums.macrumors.com/showpost...4&postcount=15
http://forums.macrumors.com/showpost...4&postcount=17

Below is a thread that includes a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showthre...001&highlight=
__________________
Mac Security Suggestions

Last edited by munkery; Sep 1, 2011 at 01:48 AM.
munkery is offline   0 Reply With Quote
Old Sep 2, 2011, 11:15 AM   #12
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
That start with this one first before we get to the other things talked about in this thread..

A browser is an application that runs above the OS level. You could chose to run Chrome, Firefox, Safari ,Opera or several other browsers. Those choices can make no difference in what happens when you visit a compromised website do to the internet cashing of sites and need to run Java,Java-scrip,flash and rich HTML so on is run in browser layer or in some cases talk to the OS and is not on the page it self. This is a big problem .

Had I had a old crude windows 3.1 computer with no plugins ,no flash,no script nothing just plain monochrome browser I would have got no malware .But yet again the web site would not work.


Where Java,Java-scrip,flash ,scripts and rich HTML so on can be used for good or bad.


Then again the same malware on Windows 7 could be used on OS X or Linux to infect the user on those other OS systems. Both Linux and OS X allow users to run applications and write files to their directories.


This is do to if the OS blocks this or the sandbox or AV like Norton or Kaspersky than most web sites would not work.


Quote:
If the sandbox is effective, it does block browser exploit based malware from accessing both the user and system levels. With a sandbox, the malware can only access a limited area of the system allowed by the sandbox.
Like I say if the sandbox ,OS or AV like like Norton or Kaspersky block code on web sites other than plain HTML the web sites would not work.

Most web sites like this web site at macrumors you need Java,Java-scrip,flash ,scripts and rich HTML so on .

Last edited by nec207; Sep 2, 2011 at 11:22 AM.
nec207 is offline   0 Reply With Quote
Old Sep 2, 2011, 03:22 PM   #13
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
Like I say if the sandbox ,OS or AV like like Norton or Kaspersky block code on web sites other than plain HTML the web sites would not work.

Most web sites like this web site at macrumors you need Java,Java-scrip,flash ,scripts and rich HTML so on .
The sandbox does not block the code.

The sandbox limits the access of any code in the browser in case the code is malicious.

Malicious code is unable to do any damage if contained in an effective sandbox.

The sandbox in OS X and Linux is more effective than the sandbox in Windows.

Read the links posted in my previous post for an explanation about the differences between these different sandbox implementations.
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Sep 2, 2011, 03:52 PM   #14
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
Wrong

This is do to if the OS blocks this or the sandbox or AV like Norton or Kaspersky than most web sites would not work.

fixed


This is do to if the OS blocks this or AV like Norton or Kaspersky than most web sites would not work.


Okay I fix the error above

----------

[QUOTE=munkery;13278745]If the sandbox is effective, it does block browser exploit based malware from accessing both the user and system levels. With a sandbox, the malware can only access a limited area of the system allowed by the sandbox.

The sandbox in OS X and Linux is more effective than the sandbox in Windows.

If the DAC in an OS is effective, it does block malware that achieves user level access from accessing security sensitive items protected in the system level of the OS via DAC.

The DAC in OS X and Linux is more effective than the DAC in Windows.[/QUOTE]

Yes but how does this work if it does not block Java,Java-scrip,flash ,scripts and rich HTML so on ?
nec207 is offline   0 Reply With Quote
Old Sep 2, 2011, 04:05 PM   #15
villicodelirant
macrumors member
 
Join Date: Aug 2011
Location: Venice, Italy.
Is this a joke?
villicodelirant is offline   1 Reply With Quote
Old Sep 2, 2011, 05:23 PM   #16
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
This is do to if the OS blocks this or AV like Norton or Kaspersky than most web sites would not work.
What in an OS blocks what in websites from working?

Specifically, what is the point that you are trying to make?

Quote:
Originally Posted by nec207 View Post
Yes but how does this work if it does not block Java,Java-scrip,flash ,scripts and rich HTML so on ?
Because it is a sandbox.

Search Google and read articles related to SE-Linux, AppArmor, and TrustedBSD MAC Framework. Also, read about Windows Integrity Control/Mandatory Integrity Control to compare the Windows sandbox to those other sandbox implementations.

I have already provided links related to sandbox implementations. Please read the following links:

Quote:
http://forums.macrumors.com/showpost...9&postcount=24

Below are some posts from a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showpost...58&postcount=2
http://forums.macrumors.com/showpost...9&postcount=17
http://forums.macrumors.com/showpost...6&postcount=20
http://forums.macrumors.com/showpost...4&postcount=21
http://forums.macrumors.com/showpost...1&postcount=24
http://forums.macrumors.com/showpost...7&postcount=26
http://forums.macrumors.com/showpost...4&postcount=28
http://forums.macrumors.com/showpost...7&postcount=30
http://forums.macrumors.com/showpost...9&postcount=32
http://forums.macrumors.com/showpost...0&postcount=34
http://forums.macrumors.com/showpost...5&postcount=36
http://forums.macrumors.com/showpost...4&postcount=38

Below are some more posts from a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showpost...9&postcount=10
http://forums.macrumors.com/showpost...1&postcount=13
http://forums.macrumors.com/showpost...4&postcount=15
http://forums.macrumors.com/showpost...4&postcount=17

Below is a thread that includes a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showthre...001&highlight=
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Sep 2, 2011, 07:42 PM   #17
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
Quote:
Originally Posted by munkery View Post
What in an OS blocks what in websites from working?

Specifically, what is the point that you are trying to make?
If the OS or AV like Norton or Kaspersky block code than most web sites would not work.Even basic sites like gmail,yahoo mail or macrumors.

This is do to web sites have involved and thanks to things like flash we can watch videos on web sites or have animation.JavaScript is a scripting language for computers. It is often run in web browser applications to create dynamic content like message boxes popping up or a live clock or widgets.

java-script is used every where like google, facebook and any site with a form use it to enable interaction with the site , it is capable of sending and retriving data to/from the server with out reloading the page.


It can make complex animations using text or colored divs. it can tell the user that their passwords dont match when they are creating an account


javascript. when you come to a photo album that doesnt require page reloads and dims the background of the page behind the picture has its own little x to close but is in the same browser window.


you dont need to use it but you wont have an interactive webpage with out it. you can still have forms but everything will require a page reload.

If the OS like Linux ,Unix,OS X or windows blocks code on page than most web sites would not work.

Sure you so not have to use Java,Java-scrip,flash ,scripts and rich HTML but most web sites would not work.

The OS does not have Intelligence to scan code to see what is good code and what is bad code.

The AV like Norton or Kaspersky is not built to this.It is built to scan your hard-drive with known malware and remove it.It is only some AV that are now acting as a AV and firewall and do real time scanning and blocking.

The Norton or Kaspersky pro that cost more do real time scanning and blocking it as a firewall and sanbox.

It is still very hard to put Intelligence in OS that would know what is bad code and what is good code.

That why after using Kaspersky it blocks most malware for me but the other malware still slips by and get on the computer.The windows UAC will than block most registry changes or system changes.

Had I use a windows 98 or windows XP I would have got a nasty infection.But using windows 7 and UAC it would not allow registry changes or the malware being put anywhere other than by user profile.

Windows is still broken but much better than windows 98 or windows XP where just about any bad site that as a script can install malware most of tham being a trojan droppers put any where on the system and registry changes .
nec207 is offline   0 Reply With Quote
Old Sep 2, 2011, 08:21 PM   #18
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
.....
I do not understand the point you are trying to make throughout most of your post.

Does the following statement summarize the argument that you are trying to make?
Quote:
If an OS can't execute code, than it won't work.
I never have suggested that an OS should be prevented from executing any code.

The following statement summarizes the content of my posts and links that I have provided.
Quote:
Less buggy code, better runtime security mitigations, and an effective sandbox produces a more secure operating system.
Obviously, OS X and Linux are meeting the goals of that statement more effectively than Windows 7.

http://forums.macrumors.com/showpost...9&postcount=24

Quote:
Originally Posted by nec207 View Post
Windows is still broken but much better than windows 98 or windows XP where just about any bad site that as a script can install malware most of tham being a trojan droppers put any where on the system and registry changes .
I agree.
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Sep 2, 2011, 10:17 PM   #19
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
Quote:
Originally Posted by munkery View Post
I do not understand the point you are trying to make throughout most of your post.

.
You are claiming the OS and AV like Norton or Kaspersky can block bad code like bad Java, bad Java-scrip, bad flash , bad scripts and bad rich HTML so on.I explain above the myth about this.
nec207 is offline   0 Reply With Quote
Old Sep 2, 2011, 11:08 PM   #20
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
You are claiming the OS and AV like Norton or Kaspersky can block bad code like bad Java, bad Java-scrip, bad flash , bad scripts and bad rich HTML so on.I explain above the myth about this.
Technically, the OS can block bad code via the sandbox and DAC if those security mitigations aren't bypassed by the exploit. Malware typically requires system level access to be profitable. Preventing system level access via exploitation is the role of those security mitigations.

Most AV software, including Norton and Kaspersky, are capable of on-access (real-time) scanning. This is effective at preventing the execution of bad code if the AV software has a signature to detect the threat. The problem is that it is easy to use methods (such as obfuscation, bit flipping, and encryption) to avoid detection.

Also, the data types run in the browser do not run with elevated privileges in OSs with DAC enabled. So, even if the exploit bypasses the sandbox to be able to execute code as the user, that exploit alone would not be able to bypass DAC.

In OSs where there is limited damage that can be done with only user level privileges, this negates the impact of the malware.

In Windows where malware is able to access most of the registry with only user level access, malware is able to still have an impact and possibly leverage the registry to achieve system level access via a privilege escalation exploit.

All this is explained in more detail in the following posts:

Quote:
http://forums.macrumors.com/showpost...9&postcount=24

Below are some posts from a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showpost...58&postcount=2
http://forums.macrumors.com/showpost...9&postcount=17
http://forums.macrumors.com/showpost...6&postcount=20
http://forums.macrumors.com/showpost...4&postcount=21
http://forums.macrumors.com/showpost...1&postcount=24
http://forums.macrumors.com/showpost...7&postcount=26
http://forums.macrumors.com/showpost...4&postcount=28
http://forums.macrumors.com/showpost...7&postcount=30
http://forums.macrumors.com/showpost...9&postcount=32
http://forums.macrumors.com/showpost...0&postcount=34
http://forums.macrumors.com/showpost...5&postcount=36
http://forums.macrumors.com/showpost...4&postcount=38

Below are some more posts from a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showpost...9&postcount=10
http://forums.macrumors.com/showpost...1&postcount=13
http://forums.macrumors.com/showpost...4&postcount=15
http://forums.macrumors.com/showpost...4&postcount=17

Below is a thread that includes a previous discussion between that two of us that you should review:

http://forums.macrumors.com/showthre...001&highlight=
Below is a series of posts from another thread that provides more information relevant to this discussion.

Quote:
http://forums.macrumors.com/showpost...9&postcount=24
http://forums.macrumors.com/showpost...9&postcount=55
http://forums.macrumors.com/showpost...2&postcount=96
http://forums.macrumors.com/showpost...6&postcount=99
http://forums.macrumors.com/showpost...&postcount=103
http://forums.macrumors.com/showpost...&postcount=111
http://forums.macrumors.com/showpost...&postcount=122
http://forums.macrumors.com/showpost...&postcount=126
http://forums.macrumors.com/showpost...&postcount=129
http://forums.macrumors.com/showpost...&postcount=131
http://forums.macrumors.com/showpost...&postcount=133
http://forums.macrumors.com/showpost...&postcount=143
http://forums.macrumors.com/showpost...&postcount=147
http://forums.macrumors.com/showpost...&postcount=152
http://forums.macrumors.com/showpost...&postcount=155
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Sep 4, 2011, 03:30 PM   #21
nec207
Thread Starter
macrumors 6502
 
Join Date: Mar 2011
Hay most of your post answer my question here and I have lots of reading to do .

One question you did not see.


If I understand the above and past posts here any thing in user level cannot mess up the OS so in reality I could download a bad program or if a program slip by the sanbox on to the OS it will be in user level and cannot do any thing to mess up the OS do to all critical files are in system level.

In windows they use alot of DLL files ,registry and most programs are in system level in windows than user level like OS X.
nec207 is offline   0 Reply With Quote
Old Sep 4, 2011, 09:22 PM   #22
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
If I understand the above and past posts here any thing in user level cannot mess up the OS so in reality I could download a bad program or if a program slip by the sanbox on to the OS it will be in user level and cannot do any thing to mess up the OS do to all critical files are in system level.
There are not many viable vectors in OS X to make malware with only user level access profitable.

A bad program with only user level access in OS X is unable to access the protected storage of other apps and any protected data entry (text entry fields that are masked).

This makes producing successful automated mass malware targeting OS X a difficult task.

Quote:
Originally Posted by nec207 View Post
In windows they use alot of DLL files ,registry and most programs are in system level in windows than user level like OS X.
The issue with Windows is most of the registry is accessible with only user level access.

Also, portions of the protected storage are located in the registry and no access controls are applied to these entries. A bad program is able to access the protected storage of other programs.

The registry also provides an easy vector to exploit Windows to the system level via registry entries for kernel mode drivers that are accessible via only user level access.

Regardless of where a program is installed, the programs typically only run with user level privileges. Installing programs at the system level makes no difference in relation to the ability to exploit the process in memory.

But, installing programs at the system level increases the amount of damage that can be done if a bad program is installed. Users are more likely to install bad software at the system level if most software is installed at that level within an OS, such as is common practice in Windows.
__________________
Mac Security Suggestions

Last edited by munkery; Sep 4, 2011 at 09:37 PM.
munkery is offline   0 Reply With Quote


Reply
MacRumors Forums > Mac Community > Community Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Chinese Security Team Exploits Safari Security Flaw at PWN2OWN MacRumors Mac Blog Discussion 30 Mar 17, 2014 01:12 PM
Security Researchers Detail New Combination of Touch ID and iOS 7 Security Feature Bypasses MacRumors iOS Blog Discussion 66 Oct 7, 2013 07:49 PM
OS X and other services (security) geek2b OS X 1 May 28, 2013 04:47 AM
Security, or is it no-security aicul Current Events 11 Mar 13, 2013 03:33 AM
i5 security ? Staven iPhone Tips, Help and Troubleshooting 1 Mar 1, 2013 12:23 AM

Forum Jump

All times are GMT -5. The time now is 04:29 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC