A Closer Look At Apple Leopard Security

Last week we discussed some of the security features coming in Leopard. This article goes into more depth on OS X 10.5 security — probably as much technical detail as we're going to get until the folks who know come out from under their NDAs on Friday. The writer argues that Apple's new Time Machine automatic backup should be considered a security feature. "Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X — perhaps in the history of Apple — from a security standpoint. It marks a shift from basing Macintosh security on hard outside walls to building more resiliency and survivability into the core operating system."

Delete Instructions

[BoldAC]

Deleting from Time Machine is as easy as deleting from any other folder in finder.
Here are some step-by-step directions if you really need it: Leopard Time Machine: Delete Files or Folders from Backup [tech-recipes.com]

AC

Re:WTF???

[wodgy7]

Just exclude your homemade porn folders from the Time Machine backup set. Easy. If you forget to do this, just delete the files on your Time Machine drive; it uses the standard .snapshot-style folder layout. No binary databases or big backup blobs that you can't parse and delete yourself. If you want public key encryption of the backups, set an encrypted DMG to be your Time Machine target. You can even use AES-256 in Leopard.

Re:Significance

[ChronoReverse]

I believe you mean no more cooperative multitasking. The modern desktop OS's are all preemptive IIRC.

Re:Code randomization a bad idea

[Potatomasher]

"Virus writers will write something that searches around for the right place to patch"

No, they won't be able to do that. At that point, they haven't gained execution yet.
Buffer overflows require you to jump to code which is in a known place in memory (usually libraries), which in turn slingshots you back to the exploit code stored on the stack (or other). Without knowing where to jump to, your malicious code will just sit there in memory, not doing anything.

Re:Code randomization a bad idea

[Lally Singh]

- Which class of bugs depends upon the memory layout of your libraries? E.g. what kinds of bugs happen or don't happen depending on that layout?

- Do you have any idea how less vulnerable you are to an attack when the attacker can't get you in 1 hit? A networked-based attack would essentially have to flood you to get the right address, and bandwidth limitations could prevent them from ever doing it (searching through a multi-gigabyte address range a few dozen bytes at a time takes a *long* while when you're doing at least one packet per try). Local attacks to local processes are only threats to suid programs, of which there are *very* few, and which can sound an alarm pretty easily if they were getting queried thousands of times/sec.

Comment removed

[account_deleted]

Comment removed based on user account deletion

TM has that option

[SuperKendall]

Watch the Apple leopard video. I believe in there, they talk briefly about how TM has the option to permanently remove all versions of a file. It should also be mentioned on the TM feature page Apple has on the web site... in any case it's possible.

It's such an obvious feature it's no surprise it's included. This is versioning 101 stuff.

Re:Significance

[Just Some Guy]

Talk about a false dichotomy! Do you really think the two are at all related?

Definitely. The old OS model allowed certain shortcuts such as hacks that directly patched the code segments of other programs that were running to change their behavior. The new protected memory model flat-out makes that hackery impossible, so it was up to programs to add explicit support for message passing and other external control systems. There isn't a message passing system in the world that's as fast as just overwriting a destination application's buffers with new data.

That's just one example of why some things are inherently slower if done right. Sometimes it's just not avoidable. That doesn't mean that the new way is inefficient or bad, just different.

I was never into Macs back in the day so I can't comment on old vs. new Finder or spring loaded folders, etc., but I find it telling that the only people who seem to seriously dislike the new Finder are the ones who seriously loved the old one. To everyone else it's pretty spiffy and a reasonably good model of how such things are supposed to work. That is, I'm not at all convinced that the old Finder was actually superior; it's just that people liked it that way, darnit, and anything different is inferior by definition.

None of that has anything to do with multitasking or event loop handling and you know it.

You're right: it doesn't. I'm not sure why you even brought it up.

Re:hardlinks

[SuperKendall]

Okay try this one on for size. Make a hard link of a file. Now edit one of the hardlinks and save it (not save-as, just save). Now which one is the copy?

There are no "copies". You had one file that you modified. This would be reflected in Time Machine by simply re-creating the two hard links you had to the same file.

From the file systems POV the edited one will be a copy.

There are no copies, there is one file (from the filesystems point of view). Try it and look at BOTH hard links.

The save will sever the link.

Are you SURE you are using hardlinks? On what OS and filesystem? If you're on a mac and using Tiger (HFS+) you are not using hardlinks!

Leopard will support real hardlinks.

If you are using any other kind of link, and you create a new file that replaces a hardlink... then that is in fact a brand new file that would be backed up by TM.

Re:Significance

[abhi_beckert]

Did you intentionally chop off the last few words in your quote? The article actually says:

"Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X - perhaps in the history of Apple - from a security standpoint."

I think TFA is probably right, security has never been more than an afterthought for as long as I've been using mac os.

It looks like Apple has seen Microsoft's security struggle with XP, seen the strong-but-painful security in Vista, and is building up a security model that doesn't suffer from the same issues Microsoft is facing.

Re:Security

[anagama]

The venerability of my enemy is my friend.

The "worthy of respect" of my enemy is my friend? Perhaps you meant "vulnerability".

Re:Time Machine is not Volume Shadow Copy

[TheNetAvenger]

How freaking stupid can this get? The person that wrote the content at the link you provided knows NOTHING about what they are talking about, confusing terms, and not even 'getting' the context of what they are trying to argue. And you post links to technical articles you apparently don't even understand or you would realize how off track you were.

Here try this...
Instead of 'Volume Shadow Copy' introduced in WindowsXP/2K or 'System Restore' introduced in WinME and effectively in WindowsXP; Go look up 'Previous Versions', released in Windows 2003 Server and turned on by default on Windows Vista.

Previous Versions is NOT System Restore, and it is NOT Volume Shadow Copies.
http://technet2.microsoft.com/windowsserver/en/library/cfddaf10-24fa-4d6d-a34d-cfb84c5223781033.mspx?mfr=true [microsoft.com]

http://shellrevealed.com/photos/windows_vista/picture123.aspx [shellrevealed.com]

System Restore is an Application/OS restore tool, something OS X doesn't even offer.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx [microsoft.com]
FTA: (System Restore does not affect your personal data files!)

Volume Shadow Copies are a way to copy or backup 'in use' files, in basic terms.
And then go re-read the Volume Copy Service link 'you' provided, as it is another tool that OS and developers use, and is NOTHING the user ever deals with...

This is freaking stupid that Mac users can't even discuss the proper terminology or see a Vista user right click on a folder or document and bring up a 'time-line' of the folder and files, just like freaking time-machine on OS X.

Additionally...
Previous Versions is 'transparent' to applications unlike OS X that needs applications to be aware if they use 'special data stores', requires NO setup, and is working from the moment Vista is installed or the PC is turned on.

Previous Versions can be accessed in every Folder or File/Open/Save dialog box for every application running on Vista, all the way back to programs from Windows 3.1, and it works equally well on all of them.

A user can go back in the Vista Timeline on any file, folder, data store, etc. and all folders and files can be opened to view previous times, be dragged and dropped to the current time-frame.

Vista Previous Version also uses advanced FS level file and differential points so data is NOT stored 'as redundantly' as it is on OS X.

If OS X could have pulled off adding ZFS, they could have made time machine MORE like Vista with FS level snapshots instead of having to backup the files and folders to achieve a similar function.

Sadly, OS X's FS does not have the capabilities of ZFS or NTFS to do this, so data has to be actually backed up for Time Machine to work.

On Vista, there is NO Overhead of backing up 'Previous Versions' since it does work at the FS level. (See Vista doesn't technically have to copy the data each time a change is made, due to the way NTFS works. Go read more on this and ZFS to see why it is the only other FS that supports these types of transactions.)

Now I admit the OS X Time Machine interface is far more cooler than the Vista 'list' interface, but it is less functional, adds system overhead to maintain the backups,and wastes far more drive space.

So the functionality DOES EXIST in Windows, first appeared in the Windows 2003 Server Beta back in 2002, and has been around doing what Apple is just now catching up to in a less efficient way 5 years later. (4 Years if you count the Release date of Windows 2003 and not the Beta previews in 2002.)

Now take this information back to your Mac forums, and tell them they gave you crappy information and they have no idea what the hell they are talking about when it comes to comparing OS X and Vista.

Re:Security

[Qwerpafw]

Apple contributes a lot to the open source community. Safari/khtml is perhaps the best example of that, but they open source their kernel (darwin), quicktime streaming server (darwin streaming server), OpenDirectory, bonjour (mDNSresponder) and a number of other tools and software packages. Apple also owns CUPS, though they bought that and didn't develop it in house (it's GPL2).

On top of that Apple regularly credits security researchers and links to their websites in software updates when they report vulnerabilities to Apple. They work with the community, not against it.

You can work with Apple on these open source projects. The fact that you don't, and that you don't know about them in the first place probably means you aren't a programmer, and aren't really serious about contributing to open source. What you really like doing is feeling superior.

It's perhaps most telling that you use the iPhone as an example of why you're upset at Apple's lack of security. You have it all backwards. The issue with the iPhone was that there were security vulnerabilities. The iPhone was cracked with a buffer overflow exploit. Apple fixed the exploit, which broke hacked phones. They did not intentionally brick phones, and instead told people not to update if they had hacked phones. You're probably remembering the whole thing wrong because you were too smug to learn the facts. Hint: fixing buffer overflows is good security, not bad. Apple is under no obligation to preserve a buffer overflow on a product they ship. If you don't want a security hole patched, don't update the product.

Apple hasn't violated the terms of any open source license. They give back to the community. They maintain a number of open source products. You can be mad about the iPhone being locked, but that's a separate issue from security or open source.