

Major overhaul makes OS X Lion king of security - ryannielsen
http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/

======
danieldk
The article overestimates the novelty of ASLR (nothing new compared to Linux
and Windows), and goes on to underestimate the importance of (iOS-like)
sandboxing.

Linux has sandboxing per SELinux. However, SELinux puts the burden of
sandboxing on the administrator, or in the case of a desktop OS on the user.
Apple, on the other hand puts the burden on the application developer.

Applications have to opt-in for Sandboxing [1]. Once an application opts-in,
it has no access to anything but its own home directory. File opening/saving
dialogs are handled through the pbox daemon, and are the only manner for the
sandboxed process to get access to the 'outside world'. Some privileges like
network access have to be retrieved through entitlements.

What we will see is the first, vendor-pushed attempt, to sandbox _every_
application on a mainstream operating system. And it will probably work,
because the burden is on the developers, not the users.

[1] Apple will probably make it mandatory in the future for new applications
sold in the App Store.

~~~
lurch_mojoff
It is actually much more than probable that Apple will require Mac App Store
apps to be sandboxed, it is certain — Apple have notified developers that come
Fall (I can't remember the exact month; October? November?) that requirement
comes into action.

And even if that was not the case sandboxing would still be understated — the
system provided segregation of common attack vectors, e.g. WebKit2's separate
HTML parsing processes, Quicktime's separate video decoding processes, the
segregated PDF parser, etc., is one of the bigger security enhancements of any
OS.

~~~
danieldk
_it is certain_

Isn't that NDA'ed information? ;) However, it seems it's out via Ars already.

~~~
mitchty
They already said November is when Mac apps will be required to have
sandboxing setup. Its not much stretch to see the lines in the sand shifting.

------
mahmud
I'll believe it when it survives one day of Pwn2Own.

------
thirsteh
I read the article, but I'm not sure I understand exactly what "makes OS X
king of security"? ASLR, privilege separation, and encryption aren't exactly
new things (at least in Linux/GCC/SELinux/AppArmor).

~~~
shriphani
Author's a fanboy. The entire body states that feature parity was achieved
with competing operating systems.

The title almost sounds like SHA256 was broken while Lion was written and
everyone else is vulnerable.

~~~
thirsteh
It's a funny thing, this "Apple effect" -- and, love it or hate it, you have
to have a little bit of respect for it. Shows how much brand matters.

Not a lot of companies can sell something like ASLR and basic application
restrictions this well.

~~~
danieldk
Apple has better marketing, but it is also more consumer-driven than some of
the competition. E.g. compare application sandboxing with the pain that is
SELinux (for the average desktop user).

In some other communities it's not well-understood that it's not just about
feature checkboxing. It's about shaping features in such a manner that they
are trivial to use.

I do realize that to Apple-dislikers I am well under the spell of the reality
distortion field ;).

~~~
shriphani
Oh my rant was not directed at Apple. OS X is the largest deployed unix client
and brings a lot of stuff that powerusers used to normal consumers and making
the leap from something like rsync -> time machine is very impressive.

It is just that people who use a computer for nothing more than generic stuff
like browsing / word-processing feel this need to defend their OS choice
(while potentially using the exact applications which they used on their
previous platform) with articles like this. Soon ASLR will become "the killer
feature" and Apple will be declared the first to invent it and the Linux/Win
fanboys will be pissed.

This of course is the circle of life in the tech industry. One just needs to
stand at a distance and enjoy.

------
saulrh

      Windows Vista and Ubuntu, by contrast, added much more
      robust implementations of ASLR years earlier.

I don't pay much attention to security, but I would be surprised if this were
the only feature that OSX is years behind on. I can imagine that OSX is better
than Windows, if only because I have a reflexively bad opinion of Windows, and
it's almost certainly better than previous OSX versions, but I'll believe it's
better than Linux when I see a lot of reports from a lot of real security
people.

~~~
rdl
10.7 is clearly the most secure _Mac_ OS ever. It's basically parity with
Windows 7 and mainstream Linux; inferior to security-specific Linux builds
(e.g. SELinux).

There are also various tools to security-harden Windows 7 and Linux which
don't (as far as I know) yet exist on OSX, or 10.7. One of the issues is the
lack of vPro/TXT/TPM on Mac hardware. Another issue is the lack of any
biometric or smartcard support in Mac hardware (you could add an aftermarket
USB reader, but that's a pain on something like a laptop).

The only TPM-like protections in Apple hardware are to prevent piracy of OSX
(hackintoshes), and you can see how efective those have been (existence of
hackintosh is kind of proof that they haven't been).

Apple's iOS devices _could_ be much more secure than they are, too -- they
don't actually have effective "erase after 10 tries" password protection, in
that it's possible to image the phone and then try to decrypt the image an
infinite number of times offline. That's kind of unforgivable as a design
flaw, IMO, and means you need to use a super long brute force resistant
passphrase to keep the phone secure (which only one person I know does).

~~~
othermaciej
I don't think Windows 7 or mainstream Linux distros have the level of
sandboxing provided by OS X. App sandbox plus the fact that many frameworks
now run their engine in a separate tightly sandboxed process is kind of a big
deal.

~~~
eropple
Mandatory Integrity Control provides an equivalent under Vista/7, but is not a
requirement for applications. (The only applications I can think of that use
it are IE8-9 and Chrome.)

~~~
othermaciej
Yes, Windows does have sandboxing APIs of sorts, but they are not used nearly
as much, either by the system or by third-party apps, as Lion sandboxing. This
is probably in part because the relevant Windows APIs are extremely course-
grained and therefore very hard to use.

~~~
rdl
Yeah -- I totally agree that Apple's done a better job making this usable for
developers and thus users, but that's what Apple does with everything.

I wish someone would do a great iris biometric app for the Mac and iPhone, and
would incorporate a hw tamper-resistant chip for password to key mapping (to
reduce all brute force attempts to "online" vs. "offline"). iCloud kinda
solves the latter by potentially letting you push auth out into the cloud.

------
lawlit
There is big difference between "safe" and "secure". OS X is safe. And Secure
? Nope.

------
brown9-2
For an article that claims that Lion has bested anything found in Windows or
Linux, it doesn't seem to bother to list the functionality that can be found
in Lion but not Windows/Linux.

------
colinprince
Hehe:

 _“I generally tell Mac users that if they care about security, they should
upgrade to Lion sooner rather than later, and the same goes for Windows users,
too.”_

