Apple security: Myth or magic?
Recently, I had to do some work on a remote Linux server. Usually, in such cases, I get command-line access to the box through a Secure Shell session, using the free Putty client
for Microsoft Windows.
At the time however, someone had a Macbook notebook nearby, so I decided to use that machine instead. The nice thing about the newer Macs is, that, underneath the snazzy OS X user interface, they are built on the Darwin base operating system, which is a Unix OS based on the Portable Operating System Interface (POSIX), a set of standards that specify how an implementation of UNIX should operate. I could use the built-in SSH on this Mac.
Ultimately, I was foiled by the security features of the Mac. I found that SSH attempted to log me in as the account owner of the Mac itself, rather than letting me to supply my own log-in name and associated password. In effect, I couldn't log on as anyone except the owner of the Mac account, at least by default. Because I didn't have an account on that Mac and my friend with the Mac didn't have an account on my Linux box, I couldn't log in.
Sure, this was a roadblock for me, but I appreciated how the SSH was tied directly into the OS on the Mac. This could prevent someone else from possibly using this Mac as a launching point for other malicious activities. The Windows/Putty combo offered no such checks. (Windows' own Telnet client, which is a less secure version of SSH, does not supply the local log-in name to the destination).
While a small example, it nonetheless shows one way that Macs may in be more locked down by default, security-wise, than Microsoft Windows.
Are Macs inherently more secure than Windows? We hear this claim both from Apple and from Mac enthusiasts. But is it true?
"We like to think of OS X, both the client and the server, as being, by default, a very secure OS," Apple senior worldwide product manager Eric Zelenka told us in a recent interview. "By default" seems to be the operative phrase here.
Zelenka pointed to Mac's strict control of user permissions as an example of such security, which I had learned about first-hand in my aborted SSH sessions. Macs have a fine-grained set of permissions that determine which applications a user can run and which files and directories they can see.
Macs do not, by default, have a root account. A root account is the account you would use to make whatever changes you want on a computer. In contrast, all Windows accounts are root accounts by default. Of course, an administrator can easily configure a Windows computer to limit which actions a user can execute on computer. But Macs come like that out of the box. They follow the old Unix tradition of restricting users to their own workspaces, and keeping them — and any serendipitously planted programs operating within their accounts —- away from the sensitive parts of the OS.
"The system’s default configuration is one of the most important security features provided by Mac OS X," noted a OS X 10.3 security configuration guide posted by the National Security Agency. "The root account comes disabled in Mac OS X. Second, network services are all initially disabled. Third, the initial logging setup is consistent with good security practice."
Another advantage that Zelenka pointed out was how that underlying OS, Darwin, was open source. In theory that means more developers are combing through the source code and looking for incorrectly written code, which is a major source of vulnerabilities.
"It is not a closed-source environment where only Apple knows how the inner-workings of the OS and only Apple can improve it — it is available for the entire world to see," Zelenka said. Moreover, many of the programs and the utilities included within the OS package (such as SSH) also come from the open source community. They have been battle-hardened within the many Unix, Linux and Berkeley Software Distribution deployments out there.
Apple's security guide for OS X 10.5, mentions a number of other advanced security features designed to discourage unintended malicious activity, including sandboxing of applications within controlled environments, the use of mandatory access controls and the Keychain service to manage credentials.
But mitigating factors must also be considered as well. As Laura DiDio, principal at analysis firm Information Technology Intelligence Corp., pointed out, Macs have not been used as much as Microsoft Windows. Macs have not attracted the attention of neither the malicious hackers nor the more noble-minded security researchers, both of whom wish to make a name for themselves by finding new vulnerabilities in popular software products.
In other words, the reason that we don't see as many vulnerabilities in Macs as in Microsoft Windows is that less attention is being paid to them, not because they are inherently more secure.
This may change as Macs grow more popular. In fact, we are already starting to see this in play. In the upcoming Black Hat D.C. conference, at least one researcher will take aim at Macs. Italian security expert Vincenzo Iozzo promises to show how to have a Mac program execute entirely within the memory space of another program, thereby thwarting any efforts to detect the program through process tracing.
So only as Macs inch more and more into the enterprise will their mettle be truly tested.
Posted by Joab Jackson on Jan 30, 2009 at 9:39 AM