Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
One thing that does alarm me about OS X is that the typical user (on single-user Macs) generally runs as an administrator. There's no good reason for this, especially on OS X. If you're not running as an admin, then the absolute worst thing you can do at that privilege level is hose your own stuff. As an admin, you can hose the system.
Thing is, OS X makes it so painless to run as a "standard" user that there's no tradeoff in terms of usability. If some task requires admin-level access, you are automatically prompted to enter an admin username and password. It's almost completely transparent, and quite painless.
I know sometimes people say "what's the big deal, you get that login prompt anyway for admin-level tasks" - but that's not actually true. You get that prompt for well-behaved admin tasks, but it's quite possible to circumvent that using a little bit of Applescript and a small amount of bash scripting knowledge. With that, anything writable to the admin group can be manipulated or deleted without any prompting at all (note that it doesn't require sudo to do that, if it's group writable).
So folks - please do this. 1) Create another account, and make it an admin - I just take whatever the computer name is and add "admin" to it (e.g. if your computer is named "joe", call the account "joe admin"). 2) Log into that new account, and change your day-to-day account to "standard" - uncheck the "allow .... to administer" box in other words. 3) Be sure to do those first two steps in the order presented here!
Don't demote your existing account until you have an admin account set up! 4) There is no step 4.
Thing is, OS X makes it so painless to run as a "standard" user that there's no tradeoff in terms of usability. If some task requires admin-level access, you are automatically prompted to enter an admin username and password. It's almost completely transparent, and quite painless.
I know sometimes people say "what's the big deal, you get that login prompt anyway for admin-level tasks" - but that's not actually true. You get that prompt for well-behaved admin tasks, but it's quite possible to circumvent that using a little bit of Applescript and a small amount of bash scripting knowledge. With that, anything writable to the admin group can be manipulated or deleted without any prompting at all (note that it doesn't require sudo to do that, if it's group writable).
So folks - please do this. 1) Create another account, and make it an admin - I just take whatever the computer name is and add "admin" to it (e.g. if your computer is named "joe", call the account "joe admin"). 2) Log into that new account, and change your day-to-day account to "standard" - uncheck the "allow .... to administer" box in other words. 3) Be sure to do those first two steps in the order presented here!
Don't demote your existing account until you have an admin account set up! 4) There is no step 4.I don't care how big of an OSX fan he is. If he is withholding exploits* so he can publicly demonstrate them at CanSecWest, he is an attention-whore.
*if he has offered disclose these to Apple, then I applaud his efforts...
One thing that does alarm me about OS X is that the typical user (on single-user Macs) generally runs as an administrator. There's no good reason for this, especially on OS X. If you're not running as an admin, then the absolute worst thing you can do at that privilege level is hose your own stuff. As an admin, you can hose the system.
Thing is, OS X makes it so painless to run as a "standard" user that there's no tradeoff in terms of usability. If some task requires admin-level access, you are automatically prompted to enter an admin username and password. It's almost completely transparent, and quite painless.
I know sometimes people say "what's the big deal, you get that login prompt anyway for admin-level tasks" - but that's not actually true. You get that prompt for well-behaved admin tasks, but it's quite possible to circumvent that using a little bit of Applescript and a small amount of bash scripting knowledge. With that, anything writable to the admin group can be manipulated or deleted without any prompting at all (note that it doesn't require sudo to do that, if it's group writable).
So folks - please do this. 1) Create another account, and make it an admin - I just take whatever the computer name is and add "admin" to it (e.g. if your computer is named "joe", call the account "joe admin"). 2) Log into that new account, and change your day-to-day account to "standard" - uncheck the "allow .... to administer" box in other words. 3) Be sure to do those first two steps in the order presented here!
change your root password to something different than your admin password and make sure its not just the cats name or your favorite food.
I basically provided proof that it isn't just because OS X has "less market share".
IMHO those aren't "smilies" (whatever the heck you mean by that)
If you made points, sorry I didn't get to read them. But for the record, I get everything about it. Its just annoying how people think its just because OS X has less marketshare. Again, OS 9 had less and had viruses. Which debunks the marketshare theory as far as it being the only reason OS X doesn't have viruses.
Of course not. Symantec Endpoint Protection requires an Endpoint Server. Its used for Corporations. Think what you want it does its job well thus far.
Contrary to the headline of the article, he is not releasing the exploits at CanSecWest. He's giving a talk about how he found the exploits, which at a security conference, is much more useful.
And as for the contest that is mentioned from the conference (Pwn2Own), the researchers who win the contest give up their vulnerabilities to Tipping Point, who works with the vendor to get them re-mediated, and does not release them into the wild.
Historically, people have been submitting exploits to the vendor when they discover them. That's the basis for the "responsible disclosure" movement within the security community. The problem is that many vendors don't respond to them, wait a ridiculous amount of time before releasing a fix (years in some cases), or even threaten to sue the security researchers.
Many security researchers are tired of doing QA work for vendors for free, as the reality is that they should be the ones fixing their own vulnerabilities. This is somewhat the impetus for the "no more free bugs" movement. Honestly, I'm not sure yet how I feel about it.
It doesn't debunk anything. In the OS9 days the hacking market was completely different. Its a business now. Infections on Windows95/98 also were not the same as they are now. You can't compare two completely different generations of machines. The internet was much different during OS9 as well.
I will never go back to Windows!!
This isn't about that. This isn't about Mac>Windows or go back to a PC. This is simply pointing out that the Mac isn't immune how dense are you people. Most of us agreeing with this article are Mac owners and lover, I've even seen some of the typical fan boys submitting to this article. This is all about making OSX better.
Every year he pops up on some web site before this contest and states he is the king of OS X hacking. This to me makes him a media whore that tries to get his name all over the news waves.
Absolutely agree. I just wish Apple were quicker to respond to vulnerabilities. That last Java one took how long to patch?
And why is there not full ASLR in SL?
I love OS X, but really people need to stop sticking their head in the sand with their "Not in my neighborhood!" mentality and request more from their favorite OS provider.
"It's more secure because it's UNIX!"
Yeah. Okay.
Every year he pops up on some web site before this contest and states he is the king of OS X hacking. This to me makes him a media whore that tries to get his name all over the news waves.
Charlie Miller is not running a charity. He's a professional security guy that makes money by finding vulnerabilities. When he starts working for United Way or the Salvation Army, I'll expect to hear less from him.
No one says its immune. What we are saying is that year after year this guy comes out of nowhere to demonstrate all his amazing hacks that could almost never happen in the real world because they rely on crazy complicated steps to occur, usually including physical access to the computer itself.
Now, he does do something useful once in a while, but Apple usually drops an update within a few weeks of this yearly hacking contest.
That's good to hear.
For the record I have no problem with releasing the details of an exploit given that a vendor has had a reasonable amount of time to react. Sometimes lighting a fire under the vendor is the only way to get a fix.
That's my favorite. Based off of UNIX and IS UNIX are two different things. OSX is still a closed system and when outside people point out its shortcomings Apple should do what MS has been doing lately and jumping on it, not ignoring it.
... and thats all that matters to me is that the exploit is discovered and fixed. I could care less if this guy is a tool or not. He gets the info out and its either fixed or its ignored. Being responsible for a huge Mac environment the more fixes that are out there the better my chances are of not getting FIRED!!!
Every year he pops up on some web site before this contest and states he is the king of OS X hacking. This to me makes him a media whore that tries to get his name all over the news waves.
Honestly, I'd be curious to see some of those web sites, as the only thing I ever see is that before the conference, media will cover that there's a hacking contest, and the past two years, they've talked about how OS X was the first system hacked; in which case they share some quotes with Charlie (as he's won the contest the past couple years) where he talks about OS X security.
Every actual interview I've seen him give has been pretty down-to-earth, usually as he tries to dispel some of the nonsensical rumors that get associated with OS X security, or the security research community in general.
But look, I'm not his brother or anything, I just don't like seeing someone in my industry maligned by people making guesses as to their motivations or abilities without any information to back it up.
Hmm...I think it's you that doesn't understand, The market share for Macs is NOT 0.001% it's nearer 10%. There are millions of Macs out there, it would easily worth the effort, all other things being equal. Especially as last years figure showed that over 30% of the money was spent on those 10% of machines. Why wouldn't you go after the wealthier market?
I'm also surprised that no-one seems (OK, I haven't read every post, maybe they have) to have brought up the most obvious reason that Windows is still the main target - the registry!
Have you ever tried to clean a badly infected Windows machine of a virus or indeed any malware? I have many times, as I seem to be the go to person for friends and family. Getting crap out of the registry is a nightmare, it's a wonderful place to hide. You delete all the offending files and registry items you can find and two minutes later they're all back. You need to boot into safe mode without any services running to even have a chance.
There's nothing similar that I'm aware of in Linux and OS X. If anyone knows differently please let me know. That, I think, is a major reason that self-replicating virii and malware are not plagues on these systems.
OK then why does has name been featured in the tech news circles for the past few yew years? He is a media whore trying to show how viable he is and why is it we never hear from other contests of the contest.
You have hit the nail on the head about the reason that the full-disclosure movement started. Prior to it, vendors were sitting on vulnerabilities because people in general were unaware. And I don't mean to beat up on vendors, some of them try very hard at this stuff and are fine to work with.
Others...not so much, and sometimes it takes something akin to a public shaming to get them to actually fix vulnerabilities.
Not surprised, when OSX becomes more relevant it'll become just like Windows, It has nothing to do with Macs being more secure, thats just BS.. I love OSX but being a computer enthusiast I know the reason the OSX do not have many viruses or spyware is due to the fact that not many people use it..