The article overestimates the novelty of ASLR (nothing new compared to Linux and Windows), and goes on to underestimate the importance of (iOS-like) sandboxing.
Linux has sandboxing per SELinux. However, SELinux puts the burden of sandboxing on the administrator, or in the case of a desktop OS on the user. Apple, on the other hand puts the burden on the application developer.
Applications have to opt-in for Sandboxing [1]. Once an application opts-in, it has no access to anything but its own home directory. File opening/saving dialogs are handled through the pbox daemon, and are the only manner for the sandboxed process to get access to the 'outside world'. Some privileges like network access have to be retrieved through entitlements.
What we will see is the first, vendor-pushed attempt, to sandbox every application on a mainstream operating system. And it will probably work, because the burden is on the developers, not the users.
[1] Apple will probably make it mandatory in the future for new applications sold in the App Store.
It is actually much more than probable that Apple will require Mac App Store apps to be sandboxed, it is certain — Apple have notified developers that come Fall (I can't remember the exact month; October? November?) that requirement comes into action.
And even if that was not the case sandboxing would still be understated — the system provided segregation of common attack vectors, e.g. WebKit2's separate HTML parsing processes, Quicktime's separate video decoding processes, the segregated PDF parser, etc., is one of the bigger security enhancements of any OS.
> [1] Apple will probably make it mandatory in the future for new applications sold in the App Store.
I think the most likely scenario is that Apple will use the steady stream of revenue from selling in the App Store as bait for the devs, then, after they're hooked, switch up the rules on them and require everything to be sandboxed. By that point they will be dependent on the App Store for the majority of their revenue and will have no choice but to comply.
I read the article, but I'm not sure I understand exactly what "makes OS X king of security"? ASLR, privilege separation, and encryption aren't exactly new things (at least in Linux/GCC/SELinux/AppArmor).
I read the article with the same skepticism, but it's worth noting the researchers named: Charlie Miller and Dino Dai Zovi. They have never been afraid of criticizing or pwning Apple (IIRC, Miller won pwn2own twice).
The article is typical El Reg, but the researchers aren't uncritically gushing.
Apple has better marketing, but it is also more consumer-driven than some of the competition. E.g. compare application sandboxing with the pain that is SELinux (for the average desktop user).
In some other communities it's not well-understood that it's not just about feature checkboxing. It's about shaping features in such a manner that they are trivial to use.
I do realize that to Apple-dislikers I am well under the spell of the reality distortion field ;).
Oh my rant was not directed at Apple. OS X is the largest deployed unix client and brings a lot of stuff that powerusers used to normal consumers and making the leap from something like rsync -> time machine is very impressive.
It is just that people who use a computer for nothing more than generic stuff like browsing / word-processing feel this need to defend their OS choice (while potentially using the exact applications which they used on their previous platform) with articles like this. Soon ASLR will become "the killer feature" and Apple will be declared the first to invent it and the Linux/Win fanboys will be pissed.
This of course is the circle of life in the tech industry. One just needs to stand at a distance and enjoy.
The title sounds a lot like the sort of press release republishing that goes on in games reviews.
Remember when XP came out? (oh god, did I just age myself) That was also chock-a-block full of press release style articles in the news about how impenetrable it was.
Mac is "king of security" only in the sense that it covers about 10% of the market and people aren't writing viruses for it.
Oh well... really "punchy" headline though got me to click.
Its not just those. There is application sandboxing too. The one good improvement is the separation of web form processing in safari into a different process and sandboxing it.
Windows Vista and Ubuntu, by contrast, added much more
robust implementations of ASLR years earlier.
I don't pay much attention to security, but I would be surprised if this were the only feature that OSX is years behind on. I can imagine that OSX is better than Windows, if only because I have a reflexively bad opinion of Windows, and it's almost certainly better than previous OSX versions, but I'll believe it's better than Linux when I see a lot of reports from a lot of real security people.
10.7 is clearly the most secure Mac OS ever. It's basically parity with Windows 7 and mainstream Linux; inferior to security-specific Linux builds (e.g. SELinux).
There are also various tools to security-harden Windows 7 and Linux which don't (as far as I know) yet exist on OSX, or 10.7. One of the issues is the lack of vPro/TXT/TPM on Mac hardware. Another issue is the lack of any biometric or smartcard support in Mac hardware (you could add an aftermarket USB reader, but that's a pain on something like a laptop).
The only TPM-like protections in Apple hardware are to prevent piracy of OSX (hackintoshes), and you can see how efective those have been (existence of hackintosh is kind of proof that they haven't been).
Apple's iOS devices could be much more secure than they are, too -- they don't actually have effective "erase after 10 tries" password protection, in that it's possible to image the phone and then try to decrypt the image an infinite number of times offline. That's kind of unforgivable as a design flaw, IMO, and means you need to use a super long brute force resistant passphrase to keep the phone secure (which only one person I know does).
I don't think Windows 7 or mainstream Linux distros have the level of sandboxing provided by OS X. App sandbox plus the fact that many frameworks now run their engine in a separate tightly sandboxed process is kind of a big deal.
Mandatory Integrity Control provides an equivalent under Vista/7, but is not a requirement for applications. (The only applications I can think of that use it are IE8-9 and Chrome.)
Yes, Windows does have sandboxing APIs of sorts, but they are not used nearly as much, either by the system or by third-party apps, as Lion sandboxing. This is probably in part because the relevant Windows APIs are extremely course-grained and therefore very hard to use.
Yeah -- I totally agree that Apple's done a better job making this usable for developers and thus users, but that's what Apple does with everything.
I wish someone would do a great iris biometric app for the Mac and iPhone, and would incorporate a hw tamper-resistant chip for password to key mapping (to reduce all brute force attempts to "online" vs. "offline"). iCloud kinda solves the latter by potentially letting you push auth out into the cloud.
> It's basically parity with Windows 7 and mainstream Linux; inferior to security-specific Linux builds (e.g. SELinux).
I am not aware that the kind of sandboxing Lion offers (and promotes, and encourages through things like the pbox daemon) is available on any consumer OS (apart from SELinux, and that's hardly a consumer OS), let alone with that attention to painlessness from the user's POV.
For an article that claims that Lion has bested anything found in Windows or Linux, it doesn't seem to bother to list the functionality that can be found in Lion but not Windows/Linux.
“I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”
Linux has sandboxing per SELinux. However, SELinux puts the burden of sandboxing on the administrator, or in the case of a desktop OS on the user. Apple, on the other hand puts the burden on the application developer.
Applications have to opt-in for Sandboxing [1]. Once an application opts-in, it has no access to anything but its own home directory. File opening/saving dialogs are handled through the pbox daemon, and are the only manner for the sandboxed process to get access to the 'outside world'. Some privileges like network access have to be retrieved through entitlements.
What we will see is the first, vendor-pushed attempt, to sandbox every application on a mainstream operating system. And it will probably work, because the burden is on the developers, not the users.
[1] Apple will probably make it mandatory in the future for new applications sold in the App Store.