New Patch Fixes 43 Flaws In OS X, Many Serious 2129

Out of respect for your.. concerns about being ignored, I will reply and not snip any content this time.

But this article *is* irrelevant; it deserves to be ignored. It does not advance any argument about Mac OS X having any sort of 'inherent resistance' to malware.

It is also very, very elementary. It is actually a rather cursory high level summary of some of the features of Mac OS X.

That you should post this strikes me as a tactic; you buttumed I would not read it, or respond to it, simply because it is very long (for Usenet). I guess that, had I ignored it, you would then point at it as 'unanswerable proof'.

I will therefore address it; but kindly do nothing of the sort again. It's a waste of time.

Note that out of the box, root is functional; it is not available as a conventional login but you can obtian a root shell using sudo, and in various other ways.

Some people get confused about this, and think that since root is "disabled", it is gone and can't be abused. This is not so.

This isn't true; Mac OS X is very clearly a NeXTStep derivative; it's kernel is Mach, it's userspace is built on AppKit.

They retrofitted some BSD code in there and got pretty good of BSD than Windows NT was when it had the BSD network stack in it. And of course it's not a descendant of the original AT&T Unix either.

I do not know what "power" is meant here, but features like memory protection are being provided by Mach.

Onward, then!

This is actually a mild oversimplifaction. A process may be buttocated with *two* users; that's what setuid does. A setuid process can flip back and forth between the 'real' user and the false one setuid provides.

This is important for security; it means that a setuid-root program can, when desired, shed its rootness and have normal protections enforced against it.

Of course, should such a program be subverted, it will certainly be made to resume its 'root-ness' before trashing your system.

The Windows approach is better; it divides the program into an unprivileged 'front end' and a privileged service; the front end may be compromised, but it has no special ability to become root, so this is harmless by itself.

This is all good.

This is, of course, why root is a defect of the Unix model- it is immune to security checks.

Apple knows this; that is why they prevent interactive log-on as root.

This part is all good.

This very limit arrangement is a clbuttic Unixism. This is all rather inflexible.

But Apple has been doing something about this; they now have an ACL system. Not exposed in the Mac OS X client GUI, but it's there all the same.

Because you can augment the filesystem with such a mechanism, 'permission bits' are not really as bad a fault as, say, root, or setuid.

snip- ls output

If I understand it properly, Apple still considers symbolic links too fragile, and implements aliases with 'alias files', as in Mac OS 9.

This is probably wise.

It's a somewhat limited selection of permissions, but servicable. For a Consumer Debt OS, it will do.

Though, of course, root still has access.

Not to put too fine a point on it, but this is getting really boring. This stuff is pretty much just a copy of the man page for 'ls', and I find it astonishing that you saw it as relevant at all.

Nevertheless, I do not excise it, since I do not want you to think I ignored it.

This is not really so; that is, modern Unix is deployed in this way but the original Unix was a time-sharing system. Very different.

It's come a long way since then, of course.

Must... resist... urge.. to... nap...

This is, of course, not so much a feature of Unix as of TCP-IP.

I may say this pbuttage uses the term "connection" very losely; a TCP connection is a much more complex sort of thing, and UDP does not really have connections as such.

This is unclear, but I know what he probably meant: computes that expose a larger attack surface are more vulnerable, all else being equal.

But it is a cardinal error to buttume that the attack surface is solely composed of sockings with daemons listening for connections. He may be making that error.

snip- bibliography

Such optimism! :D

Of course, Apple makes this first account the default. But Windows can't throw stones here.

This is part of the reason why Apple does not make these the default. This is, after all, a Consumer Debt OS.

Actually, sometimes the tools 'remember' that they were unlocked, even across a relaunch. I believe this is a configuration setting.

As I mentioned, this is an oversimplification.

This is all pedestrian, but I should mention that NFS may be the "standard" for file sharing in Unix, but it's a mess. It is, in particular, highly insecure.

And I am glad you didn't paste *that* in. :D

AFP is surely more secure than NFS, anyway. :D

This is misleading. FTP is a sort of file-sharing protocol; SSH is a secure shell mechanism- it provides an encrypted channel to access a shell. It does not, however, do "account authentication" at all.

Note that as soon as you get here, this article you've pasted in is arguing *against* the "inherent security" of Mac OS X; it's pointing out the flaws.

Of course this is a repeat.

This is not really much of a security measure; the protects your Mac from people with *physcal access* to your Mac.

But if they can pick it up and walk off with it, then none of the rest of this is going to matter much.

I do not see how this offers *any* security at all.

Apple has made their fireware commendably easy to use, but it is turned off by default.

VPNs do not secure your Mac but rather a network to which your is remotely connected. The relevance of this seems.. strained.

This is, again, a stretch. If your system is subverted, your logs may be erased at that point. Logs can, of course, alert you to *failed* attempts to subvert your Mac, if you like that sort of thing.

This is largely a question of UI; security cannot depend on malefactors confining themsevles to the Finder!

Sudo is, of course, another one of Unix's little security problems; it makes root available to users without knowing the root pbuttword.

It gets worse. Sudo (as configured by Apple) does not require the admin pbuttword on each use; for a few minutes after each use, you can use 'sudo' with no pbuttword at all.

Worse, any program running under your account can do so as well; it's a ticket to root.

'Sudo' can be configured to be less bad than this, but of course few Mac users know enough to do this.

I submit that any 'security tool' that requires 'a little programming work' is not really worth counting.

snip- bibliography