Road to Mac OS X Snow Leopard: 64-bit securityIn addition to the benefits detailed in previous articles in this series, the move to 64-bits in Mac OS X 10.6 Snow Leopard will enhance Apple's efforts to secure its operating system.
Over the last eight years, Mac OS X has enjoyed a tranquil existence in stark contrast to the high profile security threats and attacks suffered by mainstream Windows users. Microsoft's monopoly over the PC world has long meant that anyone interested in creating extensive, easily spread damage through software exploits would focus their efforts on Windows.
Microsoft's Security Efforts
Since Microsoft's OS was originally developed primarily for business computers sitting together in a trusted LAN environment, it was not only easy to exploit software flaws in the system but also trivial to find ways to fool the system into forwarding viral payloads to other systems. Once exposed to the open Internet, Windows didn't stand a chance.
Reinforcing the Windows PC to survive the onslaught of malicious exploits saturating the Internet would be a complex and expensive task, one Microsoft did not immediately recognize as a priority. However, once Windows started gaining a reputation for lax security after falling victim to a series of famous exploits in the late 90s and into the beginning of the current decade, Microsoft began reevaluating its priorities.
Longhorn, which was intended as a close successor to 2001's Windows XP, ended up being pushed off as the company was forced to initiate a major new effort to solve the outstanding security issues in XP. Toward the end of 2004, Microsoft shipped XP SP2, the product of extensive work within the company using code scanning, auditing, testing, and fundamental feature and architectural reviews, in addition to external source code auditing and penetration testing.
In addition to Microsoft's efforts to identify and patch flaws and vulnerabilities in its software, the company also initiated measures to make unknown vulnerabilities more difficult for attackers to find and exploit. This included having a firewall installed by default and requiring that RPC servers authenticate communications, so that remote attackers would need to present valid credentials before ever being given access to anything that might be attacked to allow entry.
Microsoft is now very public about its security efforts, and takes every opportunity to tout its recent security work as a defense against any criticisms of its past mistakes in taking a less than serious approach to security.
Apple's Security Efforts
In contrast, Apple has never experienced a security crisis related to Mac OS X. Virus writers have nearly zero financial motivation to create new attacks from scratch that target Macs. The theoretical potential of "hackers" attacking Macs for fame and glory, as imagined by pundits with a bias against Apple, has simply failed to materialize over the last half decade, despite their insistence that the threat is so alarmingly close as to be palpable.
Even in cases where exploits have been found or artificial attack installers have been designed, viral outbreaks haven't occurred because installations of Macs aren't ubiquitous enough to sustain the critical mass required for an acute network infection. Add in the fact that Mac OS X wasn't dragging along the same legacy of promiscuous LAN origins as Windows, and you have a series of factors that combined to give Apple a pass from focusing on security retrofitting in crisis mode.
Instead, Apple has had the luxury of planning Mac OS X releases to roll out security features incrementally. As with its other plans for feature enhancements in Mac OS X, the company has remained tight lipped on many of its security efforts. There's evidence the company has performed code security scanning, as simple buffer overflows have been cleaned out of many system libraries, according to a security expert familiar with the history of the OS.
Mac OS X 10.4 Tiger eliminated most of the easy local buffer overflows, while 10.5 Leopard has expanded upon that to remove many of them from remotely accessible network services. Leopard also incorporates stack protection, library randomization, a non-executable
stack, and sandboxing for some system processes. These features are incremental improvements in security that will be expanded upon in Snow Leopard.
Mac OS X's sandboxing is provided by the Mandatory Access Control (MAC) framework, an implementation of the MAC framework from TrustedBSD. Sandboxing imposes permission controls on processes that can, for example, limit them from connecting to a network, from writing any files, or from writing any files outside of specific directories. While sandboxing doesn't prevent a process from being attacked, it does limit the amount of damage malicious attackers can cause once they gain control of a sandboxed application.
On the iPhone, sandboxing is used to restrict each application from accessing anything outside of its own data files and preferences. Even apps that have access to the public networking APIs are restricted from direct access to the communications or networking hardware.
On page 2 of 2: Security in 64-bit Snow Leopard; and Security before it's needed.