November 15, 2006
Symantec to Apple: "You are not a beautiful or unique snowflake"
So,
I just downloaded the
Symantec DeepSight report on OS X security after I came across
a headline about it
on SecurityFocus (which, just for the record, is owned by Symantec), and I have
to say that I have mixed feelings about it: mixed feelings because I usually
don't expect much from Symantec, and also because the document is not exactly
"chock full" of original content (much of the data/information is repackaging of
publically available material.) However, at the end of the day I have to
give this report a rating of "on the right track" because it does a good job of
calling out some of the mythology surrounding OS X.Of course, you have to take a minute to consider Symantec's goal in doing this - they're not the most unbiased party in the world. It financially benefits them to establish OS X as an attack-prone platform. So take the report with a grain of salt. However, as one Mac owner (and fan of user-choice) to another, I'm terrified by Apple's marketing: they keep banging the "Mac users don't need to care about security" drum - going so far as to advertise that message on national TV that Mac's don't get malware or get hacked. I've made the point again and again that the facts do not support this; Apple users need to pay attention to security just as much as other computer users. Apple's encouraging their user base to ignore security is a disservice. I would ask fellow Mac users this question: Apple advertises that Macs don't freeze or crash; if you use a Mac, compare that with your own experience. Do you think the "Macs don't need security" message is any different?
But, those things aside, here's some highlights from the report:
OS X is not BSD: So, we've all heard about about how Apple is more secure because it's based on BSD, right? From a marketing standpoint, it's pretty much "front and center" in Apple's OS X claims. You know, like when Apple says, "Beneath the surface of Mac OS X lies an industrial-strength UNIX foundation ... Time-tested security protocols in Mac OS X keep your Mac out of harm’s way." And it's effective marketing, too; users have picked it up and ran with it - occasionally saying things like "Simply put, Mac OS X is based on BSD, BSD == The most secure OS in the world hands down. You complete the equation." Anyway, Symantec scrutinizes this claim in detail in the section "System Design Weaknesses: Mixing Mach and BSD." Basically, the conclusion they reach is that BSD and OS X are different; and because they're different that you can't necessarily equate the two without taking the Apple-specific code into account. This makes sense to me. For example, if someone were to hypothetically use BSD code in development of a new component,, I don't think it would necessarily follow that that component (or the OS in general) are more secure because of it...
All Platforms Get Malware (i.e. "You are not special. You are not a beautiful or unique snowflake"): Apple has made a concerted marketing push to get folks to buy in to the "Mac's don't get malware" belief. Now some of us have tried to make the point that this is irresponsible on the part of Apple because it lulls users into decreased vigilance (and therefore makes them more likely to be impacted in the event they encounter a virus, rootkit, spwyare, worm or trojan.) Now, don't get me wrong - Symantec is biased... They have an OS X product. Clearly, it benefits them to establish that Mac does get malware. However, they do a pretty good job of outlying documented incidents of malware for the Apple platform.
Hackers Target OS X: Lastly, Symantec goes through how hackers are making use of the OS X platform; they describe rootkits that exist in the wild, the exploit development process, 0-day threats that have been documented, and why the OS X platform does not offer any extra protection in the way of defense against exploitation over and above an operating system like (for example) Linux or even Windows. In fact, at one point they make the assertion that the lack of a randomized address space makes the platform more susceptible to exploitation than some others (c.f. Vista.) Posted by Ed at November 15, 2006 10:56 AM | TrackBack
Comments
Post a comment