Separate names with a comma.
Discussion in 'PowerPC Macs' started by PrinterJelle, Jan 13, 2018.
These days there are a lot of reports about Intel leaks. How safe is the PPC processor we use?
The processor issues are, IMO, way overblown. IMO problems in the operating system are much more of a concern than that of the processors (of which PPC is affected). The side channel processor flaws are all the rage in security these past couple of weeks but they're not the top of the list for PPC users. IMO the larger concern would be the fact the latest OS PPC can run has been out of support for many years. Not as sexy though.
@pl1984 Thanks for your reply. So, the processor is not the problem but the system. Is there a way to make the system safely as possible? I found no antivirus software for the PPC mac.
I wouldn't worry too much on security as I would on compatibility. Those macs don't suppport current browsers (if I recall correctly), so you'll have trouble visiting websites that use modern technologies.
Read this http://tenfourfox.blogspot.de/2017/11/the-security-blanket-blues-revisited-or.html
It includes a very good guide about hardening OS X (PPC).
Unless you are working in a 50/50 (OSX/Windows) mixed environment please don't try to install antivirus software... not on a PPC. One would only install it for the reason of securing the windows machines in the environment. For OS X PPC you really don't need antivirus.
You do indeed recall correctly BUT there's a big but. No, 2, to be precisely. Tenfourfox and Leopard Webkit are browsers to surf modern web with old machines while having modern techniques implemented (long story short)
My thought is if you're at all concerned about security you shouldn't be using an operating system which stopped receiving support seven years ago.
--- Post Merged, Jan 14, 2018 ---
The processors are the problem and it's extremely unlikely they will ever be fixed (because they can't or they're too old that the manufacturer won't ever do it). Therefore patches to the operating systems and software are being implemented to mitigate the issue. Since Leopard has long been out of support Apple is extremely unlikely to release an OS patch. While things like Java may be patched.
The side channel attacks require some kind of access to the system in order to be effective. That access can be physical access, through another compromise, or a shared system. It's the latter which are of the most concern. Companies which offer hosting services, such as AWS and Azure, need to address this issue immediately. For home users the risk is relatively low. Browsing the web can be a concern but, if you're doing so with an OS that went out of support seven years ago, you're probably not all that concerned about security anyway.
--- Post Merged, Jan 14, 2018 ---
I have to echo this, but I would direct that more to the OP.
I find it odd when we get these questions here. It can't escape people that these systems are over 12 years old for the youngest systems, while Leopard itself is over 10 years old and had support dropped a long time ago.
Knowing that and knowing the constant mantra of UPDATE, UPDATE, UPDATE for security this is why I find these questions odd.
Why would anyone think PowerPC is secure? Why would anyone think that there is a possibility, however small, that Apple would patch a system they killed off over 12 years?
If you want secure, you have the latest PC or Mac offered for sale with all the security updates applied as they release.
You aren't dealing with PowerPC.
Getting maniac about PPC all started with a 12" iBook G4 as a beamer-companion for meetings.
Most lecturers bring their own USB-stick containing the PDF- or PP-slideshow or SpreadSheet-file and the iBook is able to deal with that task with ease PLUS offers a wireless hotspot to be accessible via ScreenSharing from anywhere in the room.
Before my 11" MacBookAir got stolen, it was used it for the same purpose, but I really felt uncomfortable, whenever it got acquaintance with anybodies USB-drive ...
With PPCs I hope the risks of 'modern' malicious software is reduced, since I don't believe, any potential offender will spend time and effort to attack the <0,1% PPC-user.
@rafark @amagichnich @pl1984 @eyoungren @bobesch Thanks for all the input! I am aware of the age of Leopard (10.5.8) and its consequences in these days but I just wondered how you can get the system as safe as possible. The artikel via @amagichnich is perfect, thank you for the tip!
Apologies for not understanding your question. I think PPC is safe for the reason bobesch provided in his last sentence.
@pl1984 No problem, maybe my question was not completely defined. I appreciate your input!
TenFourFox is a modern fork of Firefox, which is still up to date and compatible with the modern web. Leopard WebKit is as well, but it isn't nearly as frequently updated as TFF. But even then, there are some older browsers that still work fine for the most part.
As for the OP's question, the operating system has a lot of potential security holes. While I doubt any hacker would go after such an antiquated operating system, since they'd fetch far less potential victims, I still wouldn't do stuff like online banking on any of my PowerPCs. But regular browsing is something I still occasionally do on them.
Modern attacks are developed by discovering crashes in software, reverse engineering the crash and finding if it occurs during a vulnerable state, and then manipulating the crash to perform an exploit (often without crashing at all, but instead controlling the circumstances). When browsing the web, all an attacker has to do is lure a victim to a site with malicious content that causes your browser to traverse this vulnerable path, and the exploit executes.
How do you defend against these attacks? Update your software. If you can't update your software because you're using ancient hardware, you're doomed.
I would recommend that these machines be air-gapped.
Doomed? Doubt it. Many of us have survived on "ancient hardware" and software for that matter for over a decade with no issues. If a person uses an old machine with an older OS daily, which most of us here do, just be smart about it. I do my banking/ebay/paypal/amazon stuff on my phone, otherwise 95% of the time i'm on my iBook G4 running Leopard or macbook w/Snow Leopard because i love those OS's, and they still handle my daily tasks and surfing quite well. 10.7 and beyond blows goats anyway. The only thing i use my El Cap iMac for is the newer GarageBand. Never since the commercialized internet was unleashed some 33ish years ago have i had my credit cards / paypal account etc or operating system compromised. NOBODY is safe regardless of how new and updated their system is. If anyone is THAT worried..... STAY OFFLINE.
That's my 2 cents.
Just because one reckless driver doesn't have an accident doesn't mean that reckless driving isn't dangerous. The only good piece of advice here is to stay offline. Want to know exactly what you're vulnerable to?
Every advisory from that page and the pages dating back to the last time your system was updated contains CVEs. Every one of those CVEs is potentially exploitable on your system. Acting like this isn't a problem will eventually cost you. It might not be today or tomorrow, but down the road it will happen.
Security through obscurity is not security. However there is a lot of truth to what he wrote. Aside from cross platform technology, such as Java, Macros, etc., exploit code tends to be very platform specific. Platform as in hardware and operating system specific.
These days it's highly unlikely anyone is going to specifically target the PPC platform. They may write some java code which happens to work on the PPC platform. But I doubt anyone is going to test their exploit code on a PPC system let alone specifically target it.
So while the type of safety he's referring to is not security it does have merit.
Yeah... Problem is that you're not right either. Java for example: In university I tried to stick to PPC but when coding in Java I had severe problems because these old versions of Java lack many of the modern features. To do my assignments I often had to use a workaround to get things running. That provides security through obscurity.
Modern exploits written and compiled on Intel won't work on PPC too. Again often because certain OS features are missing.
One wrong line of code often renders the complete code useless. Then PPC is safe only because of luck.
Don't get me wrong here, I'm not saying PPC is safe per se because of its obscurity. But a coder is lazy per se. Why bother with PPC, why compile your code so that it could theoretically run on a PPC, if you coul take the easy route and concentrate on Intel?
Exploit code usually just changes register states of an application during crash to execute instructions at a machine level. Exploits for ARM iPhones work on x86_64 Safari on macOS as well. Hackers do not compile code (unless it's spyware / ransomeware perhaps) for exploits, they craft malicious source files that your applications run either through the browser or via social engineering.
--- Post Merged, Jan 16, 2018 ---
Oh, and if you are interested, there's publicly known and easy-to-add exploit shell code for PPC macs online that anyone can find.
--- Post Merged, Jan 16, 2018 ---
What do you mean with this statement?
Ok, bit of background is needed here. Let me attach a screenshot of a crash to assist in my explanation.
If you look at that register dump from one of the crashes that I've found (this one was in Safari) it shows the values of your computer's registers had at the moment of the crash. This information is recorded in your system files, and is viewable via the Console application in Applications/Utilities/. A simple check for exploitability is to see if any of those register values appear in the source file data, or input data as the case may be. If it does, and it manipulates the correct registers (ideally the instruction pointer) you can take control over the crashing application and execute your own code. It's that simple. By not updating your applications / software you are not receiving protection against the most recently found vulnerabilities.
That's how I understood things:
RISC and x86 are completely different at the instruction layer. Even big and little endian PPCs are different. I just cannot believe that there is an 'universal' exploit. Register reading exploits target one specific processor layout. Also the latency is important - older architectures are much slower at certain things and because of processor evolution less bloated. Some things simply can't work, others take up too much time or use a non existing command (eg call a vector like sse) - the chain breaks and the exploit or whatever malicious code is used becomes useless.
Now please correct me if I'm wrong, I'm always open for more knowledge
Did you even read the linked exploit? It specifically includes PPC instructions, but honestly, who would do that today?
Well, I wouldn’t go doing any online banking/ shopping on it (or indeed anything that requires logging in) but general web browsing I guess should be ok?
Heres a shell code for PPC and x86:
Edit: Think of it this way, regardless of how it was compiled from it's original high-level programming language for RISC / x86 / ARM - it still is the same underlying code. The vulnerability still exists in that code, and will translate onto whichever machine binary it is compiled for.
As I thought you're referring to a very low level aspect of the system which is not going to be the same between various processor architectures. Thus register manipulation, at least the actual implementation and not high level theory, in one architecture is extremely unlikely to work on another architecture. The registers available and how they're utilized are different between different architectures. Thus you are supporting what has already been said: At this level shell code is going to be very architecture and operating system dependent and thus what works on one is very unlikely to work on a different one.
--- Post Merged, Jan 16, 2018 ---
That last bit right there is the key. Most exploits that we're worried about when considering this PPC thread's subject are surrounding Safari, or whatever browser they choose to use. Since they can't update those applications (stock mac apps anyway) then thats where you're vulnerable. Have I made the point clear yet?
Edit: The 'exploit' being specifically written to target Safari is something you can assume. Vulnerabilities are rarely tied to hardware, but they do happen as evidenced by Intel's laundry list of security advisories. Part of my day job is going through vulnerabilities that come out every day and writing audits for them. I'd estimate that 95-98% of the vulnerabilities that I end up going through are software specific related.