How to Save Mac OS X From Malware 222
eXchange writes "Well-known hacker Dino Dai Zovi has written an article at ZDNet discussing last week's discovery of a critical threat to Mac OS X, and another announcement of a Trojan horse exploiting this discovery. He suggests that Snow Leopard, or Mac OS X 10.6, should integrate more robust means of preventing malware attacks. Some of the suggestions he has include mandatory code-signing for kernel extensions (so only certified kernel extensions can run), sandbox policies for Safari, Mail, and third-party applications (so these applications cannot do anything to the system), and some lower-level changes, such as hardware-enforced Non-eXecutable memory and address space layout randomization."
Popularity brings the dummies (Score:5, Interesting)
It was always going to eventually happen. Given the increasing market share of OS X it was only a matter of time before the hackers got interested. Yet even they had to wait till a sufficient base of idiots got into OS X to make their job easier. I know people who significant other has trashed home PCs more than once opening attachments or running attachments even after all the pop ups. Note the more than once.
People forget or get in a hurry. Its the hacker's job to exploit that nature. That makes it difficult for the owners of the OS because even if you require a password/etc to execute something many people will just do that, type in the password regardless. Its like the story of the young girl who was a latch key kid, told to never ever let people in the house while mom was gone. Yet she did three times and even denied it until shown the film showing these people being let in. Worse, she didn't recall because it was so automatic. She was distracted by something else and that focus let her pass over doing what was right.
I look at it this way on my iMac, if that password prompt comes up and I didn't click initiate it from some update I know came from Apple or I was loading a package I downloaded I am going cancel the process. Yet I am quite sure my friends SO would dutifully type the password in. Can't be helped. Sometimes people cannot accept they did something wrong even when you show them
App Store vs. GPL (Score:3, Interesting)
Re:signed kernel modules would be good for apple t (Score:2, Interesting)
That's a pretty bi-polar way to look at it. Apple might be making a killing off their iPods but surely for many people their cross-pollination is a gateway drug into Macs and Thinking Differently (even though by default OSX gives you no room for customization, you're practically expected and heavily advised to use the stock proprietary software and they'll try their damnedest to lock any third party stuff out of what they can. See: iPhone).
They don't have to do anything to keep 'the Mac user friendly and intuitive' because OSX stands like a great monolith just begging you to try to mess with it and to see who's boss. Then you do, then things stop working, then you have to reinstall back to Graphite Monolith.
I hate proprietary software but for some damned reason I love Macs. Maybe it's the mind control rays that Apple has put so much work into in their secret labs.
That's it! Apple is like smoking! It's cool, it's addictive, it's rebellious, and you're sure to assault anyone who talks down to you for being into it with an ice pick.
Re:Summary For The Lazy (Score:5, Interesting)
It's not the interface's problem, it's the fact that 98% of computer users do not want to and will not learn anything about their computer. Some people will actively refuse to learn anything. So in light of that, the root of the problem is far, far deeper :(
Well then the solution's simple. Give people a license to use a computer. A computer is infintely more complex than a car, yet you need a driver's license for a car. Pending that, if a user decides to NOT get their "computing license", well they deserve to be infected by spyware, regardless of OS, browser etc.
Attempting to make products idiot-proof should not exist. If you want everything to be idiot-proof, you're ensuring that evolutions stops. Even the most hardliner christian can't deny the fact that some people are morons, dangerous or otherwise incapable of contributing to society.
Hence why we need to keep darwinism alive in some form or another. Unfortunately the US has too many lawyers that allow idiots to sue companies into making products idiot-proof, instead of letting idiots manage their population the only way they know how to: let the idiots be idiots and see which ones pull it through. They're either very lucky, or not that idiotic if they manage to not kill themselves.
Re:Summary For The Lazy (Score:3, Interesting)
Bullshit. How hard is it to create an interface that can easily and consistently show executables and data differently. Seriously, add a red ring around all executables, or something more subtle, just something that isn't duplicated by the icons for data. That would solve a myriad of security problems and I don't think it would be to onerous for users to learn. But instead we expect them to interpret hundreds of three letter codes indicating file types, codes which are sometimes visible and sometimes hidden and sometimes appear to be visible, but are really lies covering the hidden code. Yeah, blame the user for not memorizing hundreds of file extensions and learning the controls necessary for making sure they are always visible.
Re:Summary For The Lazy (Score:5, Interesting)
Having knowledge is having additional responsibility. It took me quite a while to arrive at that conclusion, but if people can claim they didn't know or don't understand something, they are therefore not responsible for it. This goes well beyond knowing about computers and into all facets of life. For me, knowledge has always been important and desirable, so it was really hard to understand why the majority of people don't want any. But I believe I've hit upon the precise essence of why people don't want to know anything... they don't want it to be their fault.
Re:Address space layout randomization (Score:3, Interesting)
UAC is as much about putting social pressure on application vendors to write applications that take advantage of the multi-user security as it is about backwards compatibility. It is more about both of those than it is about actual security.
Re:Summary For The Lazy (Score:2, Interesting)
Part of that can be resolved by sandboxing. Prevent screensavers, etc. from being able to access anything on the system outside of a small, well-defined set of resources; have the author define that list, and the system enforce it. Network access? Disk access? Safari RSS feeds? Require authentication and code signing.
Oh, and make code signing easy, so people don't have to fork out huge amounts of money to sign their code. Apple could provide a signing service, where you have to apply and go through a verification process, after which you get a certificate that you can use to sign your apps for the next six months.
This opens up a new set of options for security management as well. If a developer finds a security hole in his product, he can release a new version then invalidate the old version through Apple's service. Users can be provided a grace period to upgrade (for e.g. financial software) or be locked out of the service entirely (for e.g. Adium, Disco, etc.).
Alternately, if someone is distributing malware or can't be contacted to fix bugs (or just doesn't fix them) Apple could lock that app out so that it would no longer run.
Untrusted (that is, unsigned) apps could be sandboxed automatically, with the user having to opt-in to un-sandboxing them if they, for some reason, need it.
Re:Summary For The Lazy (Score:3, Interesting)
I only have an indirect answer: According to the vendors of some of the specialized hardware my clients and I use, the only way to use their hardware under Vista is for them to either get their drivers signed by Microsoft, or for them to rewrite their firmware and DLLs to allow using generic drivers. All of them chose to do the rewrite and use the generic driver. For example, several of the devices we use utilize the FT2232 USB microchip in the hardware. Originally, the vendors licensed the driver source from the manufacturer to make their own custom driver. Now, with the new firmware, the devices appear to Vista as generic USB serial ports (aka COM1, COM2, etc). The new DLLs figure out which serial port really are the special devices and implement new device protocols through the virtual serial ports.
Re:mandatory code-signing? (Score:1, Interesting)
Next thing you know, everything will pop up the "This application is unsigned, do you want to sign it?" and users will learn to automatically click "Yes".
Re:Immigration? (Score:2, Interesting)
"trust this code" ? huh i never meant that to force anyone into submitting their sources if they don't want to.
such a trust would require a full code review, doubtfully viable for anyone.
but like 100 USD / EUR for a proper address verification should be ok. nothing more nothing less.