Vista, Windows 7 Are More Secure Than Snow Leopard


Recommended Posts

Vista, Windows 7 Are More Secure than Snow Leopard

A prominent security researcher claims that released Snow Leopard is less secure than either Vista or Windows 7.

Preston Gralla, Computerworld

"Apple may be spending millions on ads touting that Macs are safer than Windows-based PCs, but a prominent security researcher claims that released Snow Leopard is less secure than either Vista or Windows 7. It's time for Apple to spend serious money on security, rather than marketing.

Computerworld reports that security pro Charlie Miller of Independent Security Evaluators, and co-author of the Mac Hacker's Handbook and the winner of two consecutive "Pwn2own" hacking contests claims that "Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7."

Computerworld reports that Miller claims that

Apple missed a golden opportunity to lock down Snow Leopard when it again failed to fully implement security technology that Microsoft perfected nearly three years ago in Windows Vista."

More details at PCWorld - http://www.pcworld.com/article/172197/vist...ow_leopard.html

Link to post
Share on other sites

I do think apple marketing does flaunt the Mac security a little to much. But the truth is that there are still no viruses or spyware effecting os x. Charlie has found and published many flaws with os x but no one has been able to infect os x without physical access to the computer. The only real exploit that was in the wild. DNS changer trojan was fixed shortly after being found and although the trojan could change the DNS hackers were not able to do anything with the exploit other then crash safari.

Link to post
Share on other sites

What I've always found funny is that the reason why Windows has all the Malware and crap is cause it's the most commonly used OS. If Mac's user base increases (well actually it already has), then more people are gonna start writing more malware for it. Then all the people that got suckered in by those retarded ads will be pissed to find out malware DOES exist on Macs.

Don't get me wrong. I'm not hating on Macs per se, but I am sick of all the misconceptions people have about either. And I hate the snob factor it creates in most people (no offense to anyone on here). I've come across too many people thinking they are so cool and better than me cause they own a Mac (and even funnier, half of them don't know jack about them or computers in general). "I've got a MacBook and you've got some Windows HP pile of junk"..... cram it. My HP's got Blu-Ray and I have a desktop I FRICKIN BUILT.

...... Sorry. Rant over now.

Link to post
Share on other sites

I find it interesting.. Charlie Miller has never gained Root access from his exploits.. and he does not claim that windows 7 is more secure than Snow Leopard.

what he does say is that Apple should have added Memory randomization to the OS.

one small thing being over looked. Memory Randomization has not fixed any windows security issues. so why is it touted to much.. answer: it is one more thing to get through.

Windows underling issue is not number of users or sales or any unrelated excuses. its account escalation. To do anything on windows you need to be admin (root in UNIX like Snow Leopard)

you can not install software, hardware or run a lot of games with out admin access. MS tried to fix this in Vista but decided to only go part way for compatibility issues, and get rid of most of it for windows 7 (that is why it is faster.. or at least in part)

on a UNIX system a user can install software with no elevation of privilege as it is for them, OS X does ask for a password but that is to make sure you are installing the software. if it goes to the entire system then you need root or put it someplace everyone can see.

this is the reason why malware is slow to move through a mac system, (insert linux and other Unix systems).

what Chris is talking about is it would be better to also have Memory Randomization, to make it even harder to get into. There is no argument that more protection is better. there is an argument that Memory Randomization may not really be any protection at all.

We have shown that services are more of an attack vector. and I believe on a Mac it is simple to turn off services you do not need. but most people do not know they need to .. so Apple does not turn alot on in the first place.

Windows it is not always easy to turn off services even when you know you need to.

case in point

http://www.itworld.com/security/78261/micr...protect-windows

Chris is a good hacker. .and his advice should not be thrown out.. but I stand by that he has acquired user access to the Mac OS but never root and he did that though the browser and Memory Randomization may have stopped that..

also Microsoft has turned this off by default in Windows 7 and in internet explorer 8

By the way apple has turned this on for some libraries but not the whole system

so as it stands.. with 32bit Vista and Windows 7 Microsoft and Apple implement this about the same.

so it begs the question .. how is Apple less secure.. or does it just make people feel better to say so with out knowing what this is.. Marketing..

and I agree no operating system is truly safe.. some are better out of the box than others.. for me that would be BSD, SELinux or Trusted Solaris... all other are suspect.

from wiki

Several mainstream, general-purpose operating systems implement ASLR.

OpenBSD became one of the first mainstream operating systems to support ASLR (and to activate it by default)[4]

Linux has enabled a weak[citation needed] form of ASLR by default since kernel version 2.6.12. The PaX and ExecShield patchsets to the Linux kernel provide more complete implementations. Various Linux distributions including Adamantix, Hardened Gentoo, and Hardened Linux From Scratch come with PaX's implementation of ASLR by default.

The Exec Shield patch for Linux supplies 19 bits of stack entropy on a period of 16 bytes; and 8 bits of mmap() base randomization on a period of 1 page of 4096 bytes. This places the stack base in an area 8MB wide containing 524288 possible positions; and the mmap() base in an area 1MB wide containing 256 possible positions.

The prelink tool implements randomization at prelink time rather than runtime, because by design prelink aims to handle relocating libraries before the dynamic linker has to, which allows the relocation to occur once for many runs of the program. As a result, real address space randomization would defeat the purpose of prelinking.

Microsoft's Windows Vista and Windows Server 2008 have ASLR enabled by default, although only for those executables and dynamic link libraries specifically linked to be ASLR-enabled.[citation needed] This did not include Internet Explorer 7 on Windows Vista prior to Service Pack 1; ASLR and DEP are both disabled for application compatibility purposes.[5] Newer versions, including Internet Explorer 8, enable these protections. A registry setting is available to forcibly enable or disable ASLR for all executables and libraries.[6] The locations of the heap, stack, Process Environment Block, and Thread Environment Block are also randomized. A security whitepaper from Symantec noted that ASLR in 32-bit Windows Vista may not be as robust as expected, and Microsoft has acknowledged a weakness in its implementation.[7]

Apple introduced randomization of some library offsets in Mac OS X v10.5,[8] presumably as a stepping stone to fully implementing ASLR at a later date. Their implementation does not provide complete protection against attacks which ASLR is designed to defeat.[9][10][11][12]

Link to post
Share on other sites
]Windows underling issue is not number of users or sales or any unrelated excuses. its account escalation. To do anything on windows you need to be admin (root in UNIX like Snow Leopard) you can not install software, hardware or run a lot of games with out admin access.

The underlying issue is application compatibility. The need to maintain application compatibility is driven largely by the size of the installed base.

there is an argument that Memory Randomization may not really be any protection at all.

Not a very good argument. <snark>Unless you're referring to Leopard's implementation.</snark>

Windows it is not always easy to turn off services even when you know you need to.

case in point

I think the goal there is to disable SMB2 without disabling the service. If you wanted to disable SMB completely I assume you could just turn off the sharing service(s).

also Microsoft has turned this off by default in Windows 7 and in internet explorer 8

AFAIK ASLR is enabled-but-opt-in by default in Win7, just like Vista.

Link to post
Share on other sites

ok

argument that ALSR is not a very good security mechanism in Windows

the PE header DLL Characteristics set to 0x40 turns on ALSR in windows vista SP1 and better and presumably in Windows 7. so using a hex editor its not hard to chaange or .. better. edit the ASLRdynamicbase.py from http://www.nynaeve.net/?p=100 could allow you to unset the bit in windows programs.. (if the user as admin.. which most out of the box are.. ) since WFP doesn't protect the PE header itself, only the image, resc etc.

not a good argument but it is one.. if it can be turned off, malware will turn it off.

Link to post
Share on other sites

which was my point at the top.. if everything needs administrative privilege to maintain backwards capability. it dose not matter what other protections you add. your already the admin..

so this media war about who is more secure does not come down who has the most features..

I also said it was not a good argument. :)

Link to post
Share on other sites
which was my point at the top.. if everything needs administrative privilege to maintain backwards capability. it dose not matter what other protections you add. your already the admin..

Right, it's privilege management that's the problem. Unfortunately, the problem doesn't seem to have solution. UAC was a good effort but I think Microsoft overestimated people's willingness to be slightly inconvenienced. Aggressive virtualization, something like IBM VM's 'every account is a virtual machine', might work but if it knocked even 1% off D3D performance it would be DOA.

Anyway, the problem is applications that need administrator privileges. The good news is that if don't use those applications it's not a problem. You can use a limited account and UAC or runas when necessary and everything works pretty much the way it does on OS X. And if you do that I wouldn't be surprised if NT 6 is more secure than OS X.

Link to post
Share on other sites

I would agree with that but...

now is see the Mac add

PC:

Windows 7 is as secure or more secure than Mac. but to run your games or CAD or some .net software you have to just do these easy steps

first you must create a new limited user on the computer (I know it came with out the need to log in )

then only login as that user..

then right click the icon of the software you want to run and select run-as

click the little circle and select a user or type in your user account with admin rights (see web site for definition)

enter password..

your done

Mac comes back and says..

in Snow Leopard you just click the icon..

fade to Mac Picture.

thought:

if viruses are based on market share and Symantec has reported in 2008 it counted over 1 million windows viruses (this does not count malware) should not Mac OS have at least its market share worth of Viruses.. With market share at around 10% or 100,000 viruses.. but according to Symantec they have 44 viruses, and all to date require you to give the program root privlages to run.

Link to post
Share on other sites
PC:

Windows 7 is as secure or more secure than Mac. but to run your games or CAD or some .net software you have to just do these easy steps

Click icon. If you get a UAC prompt, read the damn prompt and then take the appropriate action.

if viruses are based on market share

I wouldn't expect the number of viruses to be proportional to operating system market share. Related, but not proportional.

Link to post
Share on other sites
read the damn prompt and then take the appropriate action.

:poster_oops::o:D:lol:

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...