gekko513 said:
It's a usb wireless card, I presume. He holds it up, flicks out the (usb) connector and plugs it into the left side of the Macbook. While he sticks in the card he says: "...we're using 3rd party hardware..."
I hope you're not referring to me when you say "people are so quick to call this an unfair attack on Apple".
Not referring to you at all, Gekko. You're adding the kind of informed discussion I look forward to here. And thanks for helping the "blind" and cluing me in on what was going on.
I'm finally out from behind the firewall and watched the video, which I have to say is very well done.
The title of the demo is "Device Drivers: Don't build a house on shaky ground." They are drawing attention to a serious problem and most people here are missing the point because all the blood rushed to their heads when they saw the Mac logo.
They clearly say this is not Apple's problem, it's because of buggy code in a 3rd party driver. They're using the Mac for a reason here-- they are specifically making the point that it doesn't matter how much trust you put into your OS vendor, you can get hosed by any poorly made USB thingy that you stick in the side.
Take that home with you-- Apple may have a more secure OS but all of that can go out the window with a bad peripheral. This could just as easily have been a video camera that had a malicious file loaded onto it and a bad driver. Or, it could have been a printer with a bad print driver and a bad Bluetooth implementation that let an attacker pass through the printer into your machine.
They didn't run this demo live because they didn't want anyone in the audience to sniff the traffic and release it into the wild. Very responsible to the verge of being paranoid.
If there is a problem here it with the Washington Post who didn't clearly explain the problem. Maybe they didn't understand it themselves...
Drivers are an achilles heel of any OS. They give direct access to the kernel and bypass any security the OS can try to provide. They almost have to do that if you're going to allow 3rd party hardware to work with the machine. It was also a poorly written driver that allowed the DVD encryption to be cracked-- the vendor left the keychain available in plaintext.
This is a very difficult problem to solve. MS has talked about only allowing "signed drivers" to be run-- meaning that MS has to approve anything before it's loaded and that caused a developer outcry because it made MS the gatekeeper of all new hardware.
One way to minimize the exposure is to rely on a small number of standard interfaces. Less interfaces mean less points of entry that need to be tested. Apple does this very well-- almost out of necessity. Ever notice how every new piece of hardware comes with a disc you need to install under Windows but just seems to work with your Mac? It's because Apple connects through a standard interface (say, Mass Storage, or Digital Camera) and the vendor tries to get fancy for Windows and roll their own. They do it for windows because they think it's worth the effort to "differentiate" themselves in that crowded market while Mac users can see that those bells or whistles aren't necessary.
The point of the video is to show that the bells and whistles can also be dangerous.