Researchers: Apple’s Mac OS X Lion is the king of security

Discussion in 'Apple, Inc and Tech Industry' started by *LTD*, Jul 21, 2011.

  1. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #1
    http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/

    Researchers: Apple’s Mac OS X Lion is the king of security

    “With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say,” Dan Goodin reports for The Register.

    “The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features,” Goodin reports. “‘It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,’ said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. ‘I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.’”

    “With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser,” Goodin reports. “‘Now, you end up inside this restricted process that only does the web parsing, and you can’t do other things you might want to do as an attacker, such as write files or read a person’s documents,’ Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook, explained. ‘Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.’”

    ------------------------------------------------------

    That's quite an endorsement.

    Yet another reason to get Lion, folks. :)
     
  2. TheSideshow macrumors 6502

    Joined:
    Apr 21, 2011
    #2
    So now we admit Snow Leopard security wasn't up to snuff?'

    From the same article:
    Although ASLR made its OS X debut in Leopard, the predecessor to Snow Leopard, its implementation was woefully inadequate because it failed to randomize core parts of the OS, including the heap, stack, and dynamic linker. That meant entire classes of exploits were automatically immune to the protection.

    It also prompted many to wonder why Apple engineers bothered to put it into the OS in the first place, or didn't properly implement it with the introduction of Snow Leopard. Windows Vista and Ubuntu, by contrast, added much more robust implementations of ASLR years earlier.
     
  3. KingCrimson macrumors 65816

    Joined:
    Mar 12, 2011
    #3
  4. *LTD* thread starter macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
  5. Hellhammer Moderator

    Hellhammer

    Staff Member

    Joined:
    Dec 10, 2008
    Location:
    Finland
    #5
    All OSs are said to be super-secure until some hacker finds a massive security hole. It's not that important what Apple says and what has been added. The OS is as safe as its most vulnerable line of code.
     
  6. Steve121178 macrumors 68040

    Steve121178

    Joined:
    Apr 13, 2010
    Location:
    Bedfordshire, UK
    #6
    All new OS's claim to be the most secure ever. And they are because no ones started to exploit them yet! Talk about stating the obvious.
     
  7. *LTD* thread starter macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #7
    When someone like Charlie Miller says it, the person Apple naysayers like to turn to in glee, it's quite something.
     
  8. fat jez macrumors 68000

    fat jez

    Joined:
    Jun 24, 2010
    Location:
    Glasgow, UK
    #8
    I did notice that and I was quite surprised how positive he was about Lion's security.
     
  9. (marc) macrumors 6502a

    (marc)

    Joined:
    Sep 15, 2010
    Location:
    the woods
    #9
    I'm pretty sure OpenBSD is more secure than Mac OS X.
     
  10. Shrink macrumors G3

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #10
    Apparently it is impossible to be pleased by anything. It's called "making improvements".

    I think great that the security is improved. Just a little less to worry about - at least for the moment. ;)
     
  11. KingCrimson macrumors 65816

    Joined:
    Mar 12, 2011
    #11
    The thing is Microsoft has more people working on security so I expect Windows 8 to be the most secure non-Linux OS ever.
     
  12. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #12
  13. TheSideshow macrumors 6502

    Joined:
    Apr 21, 2011
    #13
    Are you trying to say OS X and iOS invented sandboxing?
     
  14. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #14
    if you understood how MS lockdown worked you would see that it puts Apples to shame in how strong it is.
     
  15. TheSideshow macrumors 6502

    Joined:
    Apr 21, 2011
    #15
    Charlie Miller never said it. That was quoting someone else.

    Charlie Miller just figured out he could install malware to Mac batteries and brick, destroy, or continuously infect/reinfect a mac with it.

    Nothing security wise is new in Lion that wasnt in another OS.
    Windows had ASLR, Drive Encryption, and sandboxing for a while now. Whether Lion is better implemented, we'll see.
     

Share This Page