[Freeman]

I don't know if such a discussion had took place here before but I'm just curious about the two operating system of the the OSX and WinXP.

On the other day when I was reading the news "Macs not targeted by virus creator"
Of cause I was happy to heard such news but it prompt me to think of the security feature that Mac have against this virus creator.

What if it is the other way round when most of the computers in the world runs Mac OS, could we in the same shoe like the MS?

Since MS is such a rich company, why does it OS suck big time? Don't they have a better R & D then the Mac?

[JLL]

Here are two posts from MacCentral and AppleInsider:

I'll address several issues here. I'm a programmer by trade, and have been creating UNIX programs, filters, and drivers since '82. My name is in the '94 and '94 Yggdrasil Linux "Plug-and-Play" books, so I've obviously been a Linux hack since '92. I also write Windows programs using Visual Studio, and have been porting my tools from Linux to OS X since the beta. So, I think I *might* be qualified to say what I'm about to say.

Remember: a "virus" is a set of invasive routines which have been attached to a legitimate program. A "worm" is, in essence, a detached background process.

Creating a UNIX "virus" would require the writer to muck with program text and data segment pointers, and change the program initialization pointer from the "crt0.o" equivalent to something else. The degree of difficulty here is at least 9.5 on a scale of 1-10... even if you *do* have the source to the runtime invocation routines. Then, to screw up the system, you have to attain root privileges from within the attached routines in that user-privileged program, which is indeed quite a bit harder. It's not impossible with the default OS X install, but it ain't easy. The easiest way to defeat this is to create a root account with a scrambled password on *EVERY* *NIX system you use, and that includes OS X.

Writing a UNIX "worm" is easier. Any program can create a detached process. BUT, the same issues with user-level vs. root permissions exist. Worms will run on properly protected systems, but they may never be able to attain the privileges necessary to do significant damage.

Now, these are not easy tasks. It's *much* easier to write a simple script that fools Windows into thinking that an offending program is actually something the user *wants* to run. Windows does *NOT* have user-level protections - and that's why viruses and worms are so easy to invoke on Windows.

Lastly: each task on a *NIX program runs in its own virtual memory space. Programs running within these virtual spaces are not allowed to "touch" devices or other system resources. Instead, programs make requests to the system for system resources. Even the graphics subsystem runs as a task under OS X. Hence, a "buffer overflow" within the OS X desktop would cause the desktop to crash and restart, but shouldn't cause any other problems.

Windows has incorporated graphics routines into its kernel. Hence, a "buffer overflow" in one of the graphics routines causes the kernel to respond with a handler. If you write your virus properly, the handler will execute *virus code* as the handler... and the virus has now attained system-level capabilities. The Windows kernel thinks it is running legitimate code, but it is running the virus' code -- which just happens to now be running as the system-level error handler. And, without user-level privilege protections, you can do.... anything.

That's how it's done, folks.



--------


MS has several bedrock problems, which at this point sort of coalesce into one problem. First, and deadliest sofar, is the lethal alchemy between extraordinarily permissive interfaces (why, exactly, can Word macros delete system files?!) and commingled code. Second is their interpretation of user friendliness, which involves having all kinds of things going on in the background automagically - and this is as much of a problem as it is precisely because all the interfaces that make this happen are permissive. Third, features always trump security. This means on the one hand that (you guessed it) interfaces are permissive (so that there are fewer obstacles for software developers and power users - including dishonest ones) and also that many security holes come with built-in disincentives to plug them: There was a great deal of justified moaning when we ordered everyone in the office to turn off message previewing in Outlook, because it really is a nice feature. Lastly, MS still hasn't acted on the information that 90% of security lies in picking sensible defaults. This, again, is really another facet of the problem that every other point here is a facet of: It's convenient and featureful for all the services to be going, and a minimum of ports to be obstructed, and for interfaces to be permissive - so they are.

This set of attitudes has been codified into years upon years of legacy; into billions of dollars of investments, and into MS' strategy of mollycoddling developers. Even their half-hearted attempt at a competently engineered OS (NT/2000) went nowhere until they rolled in a lot of compatibility with Win9x - which is, and has always been, a security nightmare. So it doesn't really matter how many security experts they hire, because the experts are left with the unenviable task of turning a glass house into a fortress. That's not how security works: Fortresses are designed from the get-go to be fortresses, and for Microsoft it's years too late to go back to blueprints.

Then, of course, there's the monster under the bed that nobody wants to mention. All the armchair security analysts blathering on about how OS X is only defended by security through obscurity (ha!) should take note: MS CEO Steve Ballmer has come out and said, reluctantly, that Windows Messaging - the core of every version of every one of MS' operating systems - is a sieve, and if anyone found out just how to take advantage of that... well, do the math. Unfortunately, one of the things I learned talking at length to Microsoft developers is that large portions of that code are black boxes. The people who wrote them are long since gone, the code is ancient, nobody knows how it works. Whole swaths of Windows are built by attempting an implementation and hoping that it didn't break anything down in the pit of the OS. NT didn't change this. 2000 didn't change this. XP didn't change this. The security experts can't change it: first. you can't change what you can't understand; second, since Messaging is the foundation on which Windows is built, redesigning and reimplementing it would be an unfathomable nightmare (you'd have to test and make sure that nothing in Windows, or in Windows applications, broke!); last, the interface is permissive, and secure implementations of insecure interfaces are impossible - and again, all of Windows and all Win16 and Win32 apps assume that interface. The security experts are tasked with bandaging the Titanic.

I haven't even listed all of the ways Windows is insecure. This is just one example.

This is why MS is trying to keep the Messaging code hidden by all means, and protected by any number of big Federal laws with sharp teeth. But this is all still security through obscurity, and Federal laws mean nothing to hackers in, say, North Korea.

What nobody wants to face is the fact that 95% of the computing world is built on a house of cards, and the current epidemic of viruses and worms only hints at what could happen if someone really found the soft spots in the world's de facto operating system.

We can all hope that that day doesn't come.

[ASIMO]

Much thanks, JLL. Next time I am in your neck of the woods, allow me to buy you some Danish and coffee.

[JLL]

Originally posted by ASIMO:
Much thanks, JLL. Next time I am in your neck of the woods, allow me to buy you some Danish and coffee.

And the fun thing is that we call it Vienna bread here

[ASIMO]

Originally posted by JLL:
And the fun thing is that we call it Vienna bread here

I know. Just imposing my Americanism. You know, we are good at that.

By the way, I really enjoyed my brief stay there (sojourned in France).

[Millennium]

Originally posted by Freeman:
What if it is the other way round when most of the computers in the world runs Mac OS, could we in the same shoe like the MS?

Not quite to the same degree.

The thing is, there are essentially three aspects to security. Only one of those actually has to do with keeping The Bad Guy out. This is what people most commonly think of as "security". Microsoft has traditionally been pathetically weak in this area, though they are starting to improve.

The second aspect is alerting the user to potential problems when a user may have already broken in. Both Windows and Mac are still weak in this area. Few Unix operating systems actually have this built in, but you can get what are called intrusion-detection systems to cover over this. Some of these systems work on OSX as well.

The third aspect deals with minimizing the damage that a virus or hacker can do. Unix, and by extension OSX, have always been fairly strong in this area (there are operating systems which are even stronger, but their biggest users tend to be intelligence agencies). Microsoft, thanks to their friendliness=convenience delusion, has pretty much no measures in place. That's the real problem of Microsoft's approach: not only is it easy to get in, but once you're in you have basically carte blanche to do whatever you want.

But, of course, the weakest link in any system is the user, and in particular the default settings, because most users never bother to change those. This would be where Microsoft is worst of all, but JLL has elaborated on that subject more than enough.

Since MS is such a rich company, why does it OS suck big time? Don't they have a better R & D then the Mac?

Their R&D is the Mac.

Actually, that's almost literally true. Microsoft is not known for its original ideas; they usually scout around for ideas others have had, make a couple of superficial changes (which sometimes, but rarely, are actual improvements), release it as their own, and make it popular while taking all the credit.

[Wickedkitten]

well if you ask most windows users, they will say "well of course there are a lot of virii for windows, its used by 90% of the population"

personally I think there are more virii for windows than osx because of the simple fact that windows is inherently insecure. Seeing as how the first user account is an admin account in xp, and most users use admin simply because of the bother of "you have to run this as admin, please input an admin password or bog off" that its really easy for a virus writer with 2 minutes of time on their hand to exploit its security.


OSX on the other hand is just intrinsically more secure

[Spheric Harlot]

Originally posted by Wickedkitten:
well if you ask most windows users, they will say "well of course there are a lot of virii for windows, its used by 90% of the population"

personally I think there are more virii for windows than osx because of the simple fact that windows is inherently insecure. Seeing as how the first user account is an admin account in xp, and most users use admin simply because of the bother of "you have to run this as admin, please input an admin password or bog off" that its really easy for a virus writer with 2 minutes of time on their hand to exploit its security.


OSX on the other hand is just intrinsically more secure

From what I've read, that seems to be true.

Oddly enough, though, your example doesn't support that at all, because the first account on a Mac is an admin account as well, and you regularly have to input your admin password to authenticate sofware installers etc.

-s*

[Mediaman_12]

Originally posted by Spheric Harlot:
From what I've read, that seems to be true.

Oddly enough, though, your example doesn't support that at all, because the first account on a Mac is an admin account as well, and you regularly have to input your admin password to authenticate sofware installers etc.

-s*

Ahhh! but on windows Admin=root=do anything without question. The Admin created as you set up OSX isn't the Root, The Root isn't even an active account in a default OSX setup. It's because you aren't logged in as Root that the OS asks you for a password any time it needs to do anything potentially destructive.

[Millennium]

Originally posted by Mediaman_12:
Ahhh! but on windows Admin=root=do anything without question.

Actually, this isn't strictly true.

Windows NT uses a security paradigm known as capabilities. These capabilities define things which a given user is allowed to do, such as "act as part of the system" or "modify the registry' or things like that. The default Admin user is not as ludicrously powerful as Unix/Linux/OSX's superuser, but it is still quite powerful. It should be noted that OSX doesn't even allow you to log in as the superuser by default; instead you log in as a more or less regular user, with the ability to become root for some tasks with a password. This requirement of the password is actually one of the good points of OSX's security, because it serves as a warning to the user that something may be wrong.

In concept, the Capabilities security paradigm is actually better than the default Unix one, which includes a single all-powerful user and then a bunch of limited ones. I say "the default Unix paradigm" because some Unix flavors -though not OSX- implement a Capabilities-like paradigm. This is not standardized across Unices, however; a draft of a standard exists but this was never completed.

The problem with Windows is, Microsoft's execution of this paradigm is incredibly poor; while the first Admin user isn't as powerful as OSX's root, it still allows the user to do too much while requiring too little intervention on the part of that user, and setting it up to be secure is complicated enough that most users never do it (most don't even know that it's possible). This is a pretty major part of why viruses can do so much damage in Windows.

[clarkgoble]

Apple's security is only getting better too. I've heard that there were some significant improvements with passwords and the like with Panther.

The downside is that Apple still uses HFS+ which leaves disks somewhat problematic. However realistically if someone has access to your hardware you are in trouble. But with external firewire disks odd things can happen between Sys9 and OSX.

[Graymalkin]

It seems as if too many people think the Unix-like permission model protects a user from serious damage. Serious damage is a relative concept.

To the admin of a big data center having some malicious code wreak havoc on your important servers is serious damage. Every minute the servers are down money is being lost. Ergo the Unix-like permission model does a good job protecting the admin from serious damage. Malicious code on their systems would be limited in its scope and likely not tear the system apart.

To your or I on our home system malicious code doesn't need to damage the OS to cause damage. If malicious code is running with your permissions it can cause serious damage just by wiping out your home directory. Far too few users perform backups of any sort, let alone regular backups of their personal files. Losing your mailboxes, Quicken account, game saves, or term paper can all be considered serious damage.

[Brass]

Originally posted by Millennium:
Actually, this isn't strictly true.

Windows NT uses a security paradigm known as capabilities. These capabilities define things which a given user is allowed to do, such as "act as part of the system" or "modify the registry' or things like that. The default Admin user is not as ludicrously powerful as Unix/Linux/OSX's superuser, but it is still quite powerful. It should be noted that OSX doesn't even allow you to log in as the superuser by default; instead you log in as a more or less regular user, with the ability to become root for some tasks with a password. This requirement of the password is actually one of the good points of OSX's security, because it serves as a warning to the user that something may be wrong.

In concept, the Capabilities security paradigm is actually better than the default Unix one, which includes a single all-powerful user and then a bunch of limited ones. I say "the default Unix paradigm" because some Unix flavors -though not OSX- implement a Capabilities-like paradigm. This is not standardized across Unices, however; a draft of a standard exists but this was never completed.

The problem with Windows is, Microsoft's execution of this paradigm is incredibly poor; while the first Admin user isn't as powerful as OSX's root, it still allows the user to do too much while requiring too little intervention on the part of that user, and setting it up to be secure is complicated enough that most users never do it (most don't even know that it's possible). This is a pretty major part of why viruses can do so much damage in Windows.

So what capabilities does the Windows' default Admin user NOT have? Ie, what can the default Windows' admin user NOT do?

[Freeman]

So that mean, ultimately Mac is more secure then the PC. Since there is such a obvious advantage in Mac, why are there so many corporate still using MS? Shouldn't they be running Unix or Lunix or Mac? In the describe of the havoc by people who know how to hack the black box, can't these people see where the PC is going and not to mention how much it had already cost them every now and then when the virus attack their system? I wonder when will the wind blow in our direction.

[Neo.cmg]

Originally posted by Freeman:
So that mean, ultimately Mac is more secure then the PC. Since there is such a obvious advantage in Mac, why are there so many corporate still using MS? Shouldn't they be running Unix or Lunix or Mac? In the describe of the havoc by people who know how to hack the black box, can't these people see where the PC is going and not to mention how much it had already cost them every now and then when the virus attack their system? I wonder when will the wind blow in our direction.

Large corporations hire IT professionals to run and maintain their computer systems and networks. These same IT people have probably been educated to some degree specifically with Windows software since it is what they would encounter more frequently during their careers.

Furthermore, these people know that they will more than likely be in demand if the company they work for uses Windows-based PCs, rather than another platform, because of all the support and maintenance these machines will require. In other words they get to keep their job. Linux has started to become popular, because these same IT professiionals see it as another user-unfriendly OS alternative that will keep them in business. If they were to add something like G5s with Panther running on them (say in the future) they know that at least half of the IT department they work for would be laid off in time.

Neo.cmg

[gorgonzola]

Originally posted by Millennium:
The third aspect deals with minimizing the damage that a virus or hacker can do. Unix, and by extension OSX, have always been fairly strong in this area (there are operating systems which are even stronger, but their biggest users tend to be intelligence agencies).

Like what? Security-enhanced Linux from the NSA is the only one I've heard of; are there any others?

As for the rest of it, I wouldn't be surprised if the whole SoBig thing converts a few people. Microsoft patched that RPC hole a while ago but most Windows users just ignore Windows Updates. While you could chalk that up to user stupidity, when Windows is bugging you every two minutes to buy random crap like RealOne, you eventually just start ignoring everything it's telling you. Also, if MS didn't release security patches every 2 hours, people might be more likely to patch stuff when there was a problem. There are a lot of reasons why people aren't switching to Macs...perceived cost (as opposed to true total cost of ownership), lack of knowledge about the benefits of the system, large investments in Windows software, until recently the significantly slower hardware, etc.

[Arkham_c]

Originally posted by gorgonzola:
Like what? Security-enhanced Linux from the NSA is the only one I've heard of; are there any others?

Primarily, OpenBSD:

http://www.openbsd.org/security.html


OpenBSD has security as their number-one goal. It's a VERY secure OS.

[Graymalkin]

Originally posted by Neo.cmg:
Large corporations hire IT professionals to run and maintain their computer systems and networks. These same IT people have probably been educated to some degree specifically with Windows software since it is what they would encounter more frequently during their careers.

Furthermore, these people know that they will more than likely be in demand if the company they work for uses Windows-based PCs, rather than another platform, because of all the support and maintenance these machines will require. In other words they get to keep their job. Linux has started to become popular, because these same IT professiionals see it as another user-unfriendly OS alternative that will keep them in business. If they were to add something like G5s with Panther running on them (say in the future) they know that at least half of the IT department they work for would be laid off in time.

Neo.cmg

This is actually a very important aspect of Windows' dominance in corporate settings. Middle managers do anything they can to validate their pay checks. IT managers are especially adept at this. All the IT management I've seen in larger companies had tied the hands of the actual IT people on the floor. Doing anything meaningful usually requires a metric buttload of red tape and ridiculous paperwork. All middle management works that way. They realize their jobs are the least valid of anyone in the company and so do as much as they can to make it look like they are invaluable. If an IT department switched to computer systems that only ever needed automated maitenance the department would be trimmed to a skeleton crew.

[podragon]

Hi Freeman,

I don't know nearly enough about operating-system/network security, so I recently bought a few books and started reading up an the subject. One of the books recommended the following articles by Steve Gibson concerning "Denial of Service" attacks as "a good read":

The Classic DoS Attack Report
DRDoS

I thought they *were* a good read, and I mention them here because they are real life examples which I think illustrate and support many of the things* pointed out by others in the excellent replies to your original post.

I also learnt a lot from reading them.

[gorgonzola]

Originally posted by Arkham_c:
Primarily, OpenBSD:

http://www.openbsd.org/security.html


OpenBSD has security as their number-one goal. It's a VERY secure OS.

Oh...heh, I know OpenBSD fairly well...

Millennium seemed to suggest that there are some OS's that are basically used just for intelligence agencies and not used much outside, so OpenBSD didn't really seem to fit the description. Security enhanced Linux seems to be more along the lines of what he was talking about...unless I misunderstood.

[richardb]

Then, to screw up the system, you have to attain root privileges from within the attached routines in that user-privileged program, which is indeed quite a bit harder. It's not impossible with the default OS X install, but it ain't easy.

The other day my girlfriend complained her Mac had gone all funny. I noticed all her preferences were gone. Everything in Mail, Palm, iPhoto, the works - as you would imagine, was gone.

It wasn't long before I noticed that her Library folder had switched name to ','! Accidently she had renamed this vital folder. Luckily everything I had to do was to rename it to Library and trash the new one that had been created by the OS in its place.

I was surprised how easy it is to trash OS X. Changing the name of such a vital folder should demand administrators password. Most users don't even know they have a Library folder...

This led me into thinking OS X isn't that bulletproof. In fact, this weakness could be a possible virus exploit. Just open an malicious attached file in the mail and boom your Library folder is trashed...

Have I missed something here?

[Moose]

Originally posted by gorgonzola:
As for the rest of it, I wouldn't be surprised if the whole SoBig thing converts a few people. Microsoft patched that RPC hole a while ago but most Windows users just ignore Windows Updates.

SoBig.f is a virus that propagates through e-mail. Blaster is a worm that propagates through an RPC exploit. They are two different problems with two different causes, solutions, and workarounds. Their only similarity is that they hit in consecutive weeks.

While you could chalk that up to user stupidity, when Windows is bugging you every two minutes to buy random crap like RealOne, you eventually just start ignoring everything it's telling you.

No, but when you have reports in a most of the mainstream press saying, "This affects Windows NT, 2000, XP, and is the first known exploit for Windows Server 2003," you might want to pay attention. When GM issues a recall notice because your model car has a seatbelt defect, you take it in to the shop to get it repaired.

Also, if MS didn't release security patches every 2 hours, people might be more likely to patch stuff when there was a problem.

There have been 33 Microsoft security bulletins so far this year. This makes, on average, one every week or so, across all Microsoft products (the two most recent were for MDAC and Internet Explorer).

There are a lot of reasons why people aren't switching to Macs...perceived cost (as opposed to true total cost of ownership), lack of knowledge about the benefits of the system, large investments in Windows software, until recently the significantly slower hardware, etc.

A large number of people buy Windows PCs for home because that's what they have at work. My company has a "Personal PC Purchase" benefit which is an up to $3k, interest-free, payroll deduct loan over two years. The policy states that the computer has to be "compatible with the Company's systems," as one of the aims of the policy is to allow employees to become more familiar with computing technology (the policy was originally put in place in 1996 or so). Given my position within the company, I'm easily able to get a waiver, and, so far, have purchased two PowerBooks under this policy.

One of the hardest things for people to wrap their minds around is the difference between "I need these specific application packages" and "I need to perform the following tasks." People use computers to perform tasks. Applications allow users to perform specific tasks. OSes support certain applications.

As everybody found out in the VisiCalc days, and Apple is relearning, applications ultimately drive computer sales.

[gorgonzola]

Originally posted by Moose:
SoBig.f is a virus that propagates through e-mail. Blaster is a worm that propagates through an RPC exploit. They are two different problems with two different causes, solutions, and workarounds. Their only similarity is that they hit in consecutive weeks.

Er, woops. I'm always mixing up viruses. I meant Blaster, not SoBig. My mistake. =\

No, but when you have reports in a most of the mainstream press saying, "This affects Windows NT, 2000, XP, and is the first known exploit for Windows Server 2003," you might want to pay attention. When GM issues a recall notice because your model car has a seatbelt defect, you take it in to the shop to get it repaired.

True. But unless you read the tech sections of your newspaper or at least glance at some tech headlines, it's possible to not really notice the coverage.

There have been 33 Microsoft security bulletins so far this year. This makes, on average, one every week or so, across all Microsoft products (the two most recent were for MDAC and Internet Explorer).

Obviously I was exaggerating with "every two hours," but they do release a fairly large number, and combined with all the other alerts and junk that you get in Windows, it can become overwhelming. 33 security bulletins in a little over half a year is quite a lot.

A large number of people buy Windows PCs for home because that's what they have at work. My company has a "Personal PC Purchase" benefit which is an up to $3k, interest-free, payroll deduct loan over two years. The policy states that the computer has to be "compatible with the Company's systems," as one of the aims of the policy is to allow employees to become more familiar with computing technology (the policy was originally put in place in 1996 or so). Given my position within the company, I'm easily able to get a waiver, and, so far, have purchased two PowerBooks under this policy.

True. Didn't think of that, but it's definitely got to be a big factor.

One of the hardest things for people to wrap their minds around is the difference between "I need these specific application packages" and "I need to perform the following tasks." People use computers to perform tasks. Applications allow users to perform specific tasks. OSes support certain applications.

Agreed.

[brachiator]

Originally posted by gorgonzola:
Oh...heh, I know OpenBSD fairly well...

Millennium seemed to suggest that there are some OS's that are basically used just for intelligence agencies and not used much outside, so OpenBSD didn't really seem to fit the description. Security enhanced Linux seems to be more along the lines of what he was talking about...unless I misunderstood.

Yeah, Millenium -- pony up. I want to know at least the names of these OSes to weave into my cocktail party banter.

Really though, this has been an extremely illuminating thread. I don't understand quite all of it, but the parts I do are intriguing -- plus provide plenty of ammo to use on my firm's IS crew. I'm the last of 3 mac using lawyers there, and I gotta represent!

[geekwagon]

Originally posted by richardb:
The other day my girlfriend complained her Mac had gone all funny. I noticed all her preferences were gone. Everything in Mail, Palm, iPhoto, the works - as you would imagine, was gone.

It wasn't long before I noticed that her Library folder had switched name to ','! Accidently she had renamed this vital folder. Luckily everything I had to do was to rename it to Library and trash the new one that had been created by the OS in its place.

I was surprised how easy it is to trash OS X. Changing the name of such a vital folder should demand administrators password. Most users don't even know they have a Library folder...

This led me into thinking OS X isn't that bulletproof. In fact, this weakness could be a possible virus exploit. Just open an malicious attached file in the mail and boom your Library folder is trashed...

Have I missed something here?

Yes, by definition, everything in the users home directory (preferences, documents, etc) are owned by that user. Otherwise, you would need to type a password in every time you changed your mail preferences or added a user to your address book. However, as you noticed the computer kept running just fine with these files missing. That's because anything that is in a users home directory is not required for the OS to keep running.

However, the system wide Library folder (the one that could cause the system to become un-bootable) is not writable by users without a password.

The difference is that everyone runs Windows as administrator by default, so any application launched by the user is able to trash the whole system. Applications run by a normal user should NOT be able to trash the computer, at least not without the consent of an administrator. The users documents and such are fair game though. This is the balance that has been struck.

[Thor]

Like what? Security-enhanced Linux from the NSA is the only one I've heard of; are there any others?

Check out:
http://www3.sympatico.ca/n.rieck/lin...#vms_stability