
How Snow Leopard can save Mac OS X from malware attacks - nickb
http://blogs.zdnet.com/security/?p=1325
======
rcoder
I don't disagree with the author, but I do think that the mechanisms he's
asking for, with the exception of the stronger sandbox enforcement, fall under
the header of "magic pixie dust" security. Randomizing memory layouts and
enforcing W^X may help prevent buffer-overrun attacks, but it won't help in
cases like the ARDAgent backdoor, or even in the case of something like the
current Ruby vulnerabilities.

(W^X is particularly useless when you're talking about a dynamic language
runtime -- the scripting code pretty much has to live in writable memory,
unless you're compiling everything to C first and using dlopen() and kin.)

The kauth framework and Scheme-based sandbox language already built in to the
XNU kernel from Leopard on allows a lot of work to happen _today_ , if
security vendors decided to get off their collective asses and offer a
comprehensive OS X security add-on.

Unfortunately, none of the major AV/anti-malware vendors have a reputation
worth a damn in the OS X community. They spent so many years selling "do-
nothing" AV products to Mac users that no one takes them seriously now.

------
bayareaguy
Having the setuid bit disable applescript would go a long way.

