Overclock.net › Forums › Industry News › Software News › [TT] Kaspersky says Apple is 10 years behind Microsoft in terms of security
New Posts  All Forums:Forum Nav:

[TT] Kaspersky says Apple is 10 years behind Microsoft in terms of security - Page 5  

post #41 of 210
Quote:
Originally Posted by ImmortalKenny View Post

How is this news? Captain Obvious wrote the article...

Well I suppose now it's been scientifically proven by Kaspersky. biggrin.gif
 
BloodFury Build
(30 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3930K @ 4.7GHz ASUS Rampage IV Extreme ASUS Radeon HD7970 ASUS Radeon HD7970 
RAMHard DriveHard DriveHard Drive
Corsair 32GB 2133MHz DDR3 RAM WD Caviar Green 3TB x4 - 12TB WD My Book 3TB WD My Book 2TB x2 - 4TB 
Hard DriveOptical DriveCoolingCooling
Crucial M4 512GB External optical drive Swiftech MCR420-QP 480 Radiator Yate Loon D12SL-12 1350RPM x15 
CoolingCoolingCoolingCooling
Alphacool VPP655 -T12 x2 Alphacool Repack - Dual Laing D5 - Dual 5,25 Ba... DangerDen Delrin 90° G1/4 connector EK-FB KIT RE4 - Acetal+Nickel EN 
CoolingCoolingCoolingCooling
EK-FC Bridge DUAL Parallel EK-FC7970 - Nickel EN Acetal x2 EK-FC7970 Backplate - Black x2 EK-VGA I/O bracket HD7970 x2 
CoolingCoolingOSMonitor
Feser Tube UV - HighFlow - 3/8 ID - 1/2 OD - BLACK Lamptron FC9 Fan Controller 4-channel 50W FC-9-... Windows 7 Ultimate x64 Samsung Syncmaster S27A750D x2 
MonitorMonitorKeyboardPower
IIYAMA G2773HDS-GB1 LG 37LF2500 Razer Blackwidow Ultimate Corsair AX1200W 
CaseMouseMouse PadAudio
Mountain Mods Ascension Razer Mamba Razer Goliathus Extended Control Edition ASUS ROG Phoebus 9.1 Soundcard 
AudioAudioOther
CM Storm Sirus 5.1 Headset Teufel Concept E 400 Digital Media 5.1 Surround... Canon MG6250 MultiFunctional Printer 
CPUMotherboardGraphicsRAM
i7 3930K C2 @4.7GHz ASUS Rampage IV Extreme/BF3 ASUS Radeon HD 7970 12GB Corsair Dominator 1600MHz memory 
Hard DriveHard DriveHard DriveCooling
Crucial M4 128GB 7 TB External HDDs 2.2 TB HDDs in Raid0 Black Ice GT Stealth 360 
CoolingCoolingCoolingCooling
Swiftech Apogee HD 7x Yate Loon D12SL-12 XSPC X2O 750 Dual Bay Reservoir+Pump Phobya Nano-G 14 Silent Waterproof 140mm - 1000rpm 
CoolingCoolingOSMonitor
10MM (3/8) Compression Fitting Gripz Style - G1... PVC Tube 3/8 ID (10mm ID -13 mm OD ) - 2 meter ... Windows 7 Ultimate LG 37LF2500 
KeyboardPowerCaseMouse
Logitech G15 Corsair HW 750W Cooler Master Cosmos II Razer Naga 
Mouse PadAudioOtherOther
Steelseries SK Gaming Mouse Pad Creative HS 1200 NZXT 12x Red LED Sleeve - 1M NZXT 12x Red LED Sleeve - 1M 
OtherOtherOtherOther
BitFenix PCIe 6-Pin to 6-Pin Cable - 45 cm - Pr... BitFenix USB 2.0 internal extension - 30 cm - P... BitFenix PCIe 8-Pin to 8-Pin Cable - 45 cm - Pr... Sweex US011 4-poorts USB Hub 
OtherOther
3-Pin Splitter naar 4x 3-Pin Fan - Sleeved UVRe... BitFenix Molex to 3x Molex 55cm - Premium Sleev... 
  hide details  
 
BloodFury Build
(30 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3930K @ 4.7GHz ASUS Rampage IV Extreme ASUS Radeon HD7970 ASUS Radeon HD7970 
RAMHard DriveHard DriveHard Drive
Corsair 32GB 2133MHz DDR3 RAM WD Caviar Green 3TB x4 - 12TB WD My Book 3TB WD My Book 2TB x2 - 4TB 
Hard DriveOptical DriveCoolingCooling
Crucial M4 512GB External optical drive Swiftech MCR420-QP 480 Radiator Yate Loon D12SL-12 1350RPM x15 
CoolingCoolingCoolingCooling
Alphacool VPP655 -T12 x2 Alphacool Repack - Dual Laing D5 - Dual 5,25 Ba... DangerDen Delrin 90° G1/4 connector EK-FB KIT RE4 - Acetal+Nickel EN 
CoolingCoolingCoolingCooling
EK-FC Bridge DUAL Parallel EK-FC7970 - Nickel EN Acetal x2 EK-FC7970 Backplate - Black x2 EK-VGA I/O bracket HD7970 x2 
CoolingCoolingOSMonitor
Feser Tube UV - HighFlow - 3/8 ID - 1/2 OD - BLACK Lamptron FC9 Fan Controller 4-channel 50W FC-9-... Windows 7 Ultimate x64 Samsung Syncmaster S27A750D x2 
MonitorMonitorKeyboardPower
IIYAMA G2773HDS-GB1 LG 37LF2500 Razer Blackwidow Ultimate Corsair AX1200W 
CaseMouseMouse PadAudio
Mountain Mods Ascension Razer Mamba Razer Goliathus Extended Control Edition ASUS ROG Phoebus 9.1 Soundcard 
AudioAudioOther
CM Storm Sirus 5.1 Headset Teufel Concept E 400 Digital Media 5.1 Surround... Canon MG6250 MultiFunctional Printer 
CPUMotherboardGraphicsRAM
i7 3930K C2 @4.7GHz ASUS Rampage IV Extreme/BF3 ASUS Radeon HD 7970 12GB Corsair Dominator 1600MHz memory 
Hard DriveHard DriveHard DriveCooling
Crucial M4 128GB 7 TB External HDDs 2.2 TB HDDs in Raid0 Black Ice GT Stealth 360 
CoolingCoolingCoolingCooling
Swiftech Apogee HD 7x Yate Loon D12SL-12 XSPC X2O 750 Dual Bay Reservoir+Pump Phobya Nano-G 14 Silent Waterproof 140mm - 1000rpm 
CoolingCoolingOSMonitor
10MM (3/8) Compression Fitting Gripz Style - G1... PVC Tube 3/8 ID (10mm ID -13 mm OD ) - 2 meter ... Windows 7 Ultimate LG 37LF2500 
KeyboardPowerCaseMouse
Logitech G15 Corsair HW 750W Cooler Master Cosmos II Razer Naga 
Mouse PadAudioOtherOther
Steelseries SK Gaming Mouse Pad Creative HS 1200 NZXT 12x Red LED Sleeve - 1M NZXT 12x Red LED Sleeve - 1M 
OtherOtherOtherOther
BitFenix PCIe 6-Pin to 6-Pin Cable - 45 cm - Pr... BitFenix USB 2.0 internal extension - 30 cm - P... BitFenix PCIe 8-Pin to 8-Pin Cable - 45 cm - Pr... Sweex US011 4-poorts USB Hub 
OtherOther
3-Pin Splitter naar 4x 3-Pin Fan - Sleeved UVRe... BitFenix Molex to 3x Molex 55cm - Premium Sleev... 
  hide details  
post #42 of 210
Quote:
Originally Posted by UltraVolta425 View Post

I agree with this. They're behind because up 'till now there hasn't been any need for security.
I think hackers and evil folk are bored with MS and want another challenge, so I suppose Mac is the next step for them.
Sorry, but this isn't how the world works. When's the last time you heard about someone robbing a bank for a challenge?

They just didn't bother since Macs were relatively scarce. Macs being inherently more secure than Windows is a myth.
Quote:
Originally Posted by Xenthos View Post

Exactly my point, Java is a slow language, it's cross-platform, but slow = overhead due to compatibility with several OS.
No.
Akiyama Mio
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6420 @ stock, 0.98v Asus P5N-E SLI Gainward GTX 460 1GB @ 800/1600/1900 2x2GB Kingston @ 800MHz 5-5-5-15 2T 
Hard DriveOptical DriveOSMonitor
WD 250GB, 320GB SATA/3, 16MB Cache, Seagate 1TB LG GSA-H62N 18x SATA Ubuntu 9.10 x86 & Win7 x86 Asus VW222U 
KeyboardPowerCase
Logitech Classic Corsair 650HX NZXT Apollo Black 
  hide details  
Akiyama Mio
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6420 @ stock, 0.98v Asus P5N-E SLI Gainward GTX 460 1GB @ 800/1600/1900 2x2GB Kingston @ 800MHz 5-5-5-15 2T 
Hard DriveOptical DriveOSMonitor
WD 250GB, 320GB SATA/3, 16MB Cache, Seagate 1TB LG GSA-H62N 18x SATA Ubuntu 9.10 x86 & Win7 x86 Asus VW222U 
KeyboardPowerCase
Logitech Classic Corsair 650HX NZXT Apollo Black 
  hide details  
post #43 of 210
This is no surprise to me. Looking around my college campus, the only non-apple laptops are the school's laptops. I own a MacBookpro and a regular windows 7 computer and they both have their good qualities.
Alpha dawg
(11 items)
 
  
CPUMotherboardGraphicsRAM
i3 2100 Gigabyte z68ma-d2h-b3 GTX 460 Hawk 8GB DDR3 1600 
Hard DriveOptical DriveCoolingOS
WD Scorpio Blue  Asus  H60 Windows 7 64x 
MonitorPowerCase
Asus 24"  Antec neo eco 620W  Corsair 650D  
  hide details  
Alpha dawg
(11 items)
 
  
CPUMotherboardGraphicsRAM
i3 2100 Gigabyte z68ma-d2h-b3 GTX 460 Hawk 8GB DDR3 1600 
Hard DriveOptical DriveCoolingOS
WD Scorpio Blue  Asus  H60 Windows 7 64x 
MonitorPowerCase
Asus 24"  Antec neo eco 620W  Corsair 650D  
  hide details  
post #44 of 210
The title, oh my. It makes me:

lachen.gif
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX & SAPPHIRE SAMSUNG 
Hard DriveOptical DriveOSMonitor
WD/ST LG WINDOWS LG/SAMSUNG 
KeyboardPowerCaseMouse
IBM CORSAIR THERMALTAKE LOGITECH 
Mouse PadAudio
ROCKETFISH ONBOARD 
  hide details  
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX & SAPPHIRE SAMSUNG 
Hard DriveOptical DriveOSMonitor
WD/ST LG WINDOWS LG/SAMSUNG 
KeyboardPowerCaseMouse
IBM CORSAIR THERMALTAKE LOGITECH 
Mouse PadAudio
ROCKETFISH ONBOARD 
  hide details  
post #45 of 210
Quote:
Originally Posted by Tarek k View Post

Source: http://www.tweaktown.com/news/23761/kaspersky_says_apple_is_10_years_behind_microsoft_in_terms_of_security/index.html?utm_source=dlvr.it&utm_medium=facebook

244
Quote:
I'm sure there will be plenty of people who get up in arms over this, but I tend to agree. Apple is years behind Microsoft in terms of security because they have never had to worry about it since no one ever bothered to write malware or viruses for Macs due to their small market share.

Sorry, but they apparently have amnesia or just a very short memory span. OS 9 with an extremely small user-base had quite a few viruses in the 90s. Yet even today, with over 50 million users, there hasn't been a single one for OS X. Other types of malware not being as prevalent on OS X compared to Windows is because of inherent design decisions, not purely market-share. The server market where the majority are Linux boxes, still sees most of the exploits being used on Windows Server machines. Even Android's less secure OS has more malware than iOS. There's a reason the government is offering $50k for iOS exploits and only $5k for Android exploits.
Quote:
Originally Posted by Coma View Post

Macs being inherently more secure than Windows is a myth.
Not by a long shot:



"1) Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default. Also, Windows has a far greater number of privilege escalation vulnerabilities that allow bypassing DAC restrictions even if DAC is enabled in Windows.

Much of the ability to turn these vulnerabilities into exploits is due to the insecurity of the Windows registry. Also, more easily being able to link remote exploits to local privilege escalation exploits in Windows is due to the Windows registry.

Mac OS X does not use an exposed monolithic structure, such as the Windows registry, to store system settings. Also, exposed configuration files in OS X do not exert as much influence over associated processes as the registry does in Windows.

Mac OS X Snow Leopard has contained only 4 elevation of privilege vulnerabilities since it was released; obviously, none of these were used in malware. Lion has contained 2 so far but one of these vulnerabilities doesn't affect all account types because of being due to a permissions error rather than code vulnerability.

The following link shows the number of privilege escalation vulnerabilities in Windows 7 related to just win32k:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k+7

More information about privilege escalation in Windows 7:

http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ -> guide to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities.

https://media.blackhat.com/bh-dc-11/Mandt/BlackHat_DC_2011_Mandt_kernelpool-wp.pdf -> more complete documentation about Windows kernel exploitation.

http://mista.nu/research/mandt-win32k-paper.pdf -> more complete documentation about alternative methods to exploit the Windows kernel.

http://threatpost.com/en_us/blogs/tdl4-rootkit-now-using-stuxnet-bug-120710 -> article about the TDL-4 botnet which uses a UAC bypass exploit when infecting Windows 7.

2) Windows has the potential to have full ASLR but most software does not fully implement the feature. Most software in Windows has some DLLs (dynamic link libraries = Windows equivalent to dyld) which are not randomized.

http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf -> article overviewing the issues with ASLR and DEP implementation in Windows.

Also, methods have been found to bypass ASLR in Windows 7.

http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf -> article describing bypassing ASLR in Windows 7.

Mac OS X has full ASLR implemented on par with Linux. This includes ASLR with position independent executables (PIE). DLLs in Windows have to be pre-mapped at fixed addresses to avoid conflicts so full PIE is not possible with ASLR in Windows.

Using Linux distros with similar runtime security mitigations as Lion for a model, client-side exploitation is incredibly difficult without some pre-established local access. Of course, this is self defeating if the goal of the exploitation is to achieve that local access in the first place.

See the paper linked below about bypassing the runtime security mitigations in Linux for more details.

http://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf

The author only manages to do so while already having local access to the OS.

3) Mac OS X Lion has DEP on stack and heap for both 64-bit and 32-bit processes. Third party software that is 32-bit may lack this feature until recompiled in Xcode 4 within Lion. Not much software for OS X is still 32-bit.

But, not all software in Windows uses DEP; this includes 64-bit software. See first article linked in #2.

4) Mac OS X implements canaries using ProPolice, the same mitigation used in Linux. ProPolice is considered the most thorough implementation of canaries. It is known to be much more effective than the similar system used in Windows.

http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf -> article comparing ProPolice to stack canary implementation in Windows.

5) Application sandboxing and mandatory access controls (MAC) in OS X are the same thing. More specifically, applications are sandboxed in OS X via MAC. Mac OS X uses the TrustedBSD MAC framework, which is a derivative of MAC from SE-Linux. This system is mandatory because it does not rely on inherited permissions. Both mandatorily exposed services (mDNSresponder, netbios...) and many client-side apps (Safari, Preview, TextEdit…) are sandboxed in Lion.

Windows does not have MAC. The system that provides sandboxing in Windows, called mandatory integrity controls (MIC), does not function like MAC because it is not actually mandatory. MIC functions based on inherited permissions so it is essentially an extension of DAC (see #1). If UAC is set with less restrictions or disabled in Windows, then MIC has less restrictions or is disabled.

http://www.exploit-db.com/download_pdf/16031 -> article about Mac sandbox.

http://msdn.microsoft.com/en-us/library/bb648648(v=VS.85).aspx -> MS documentation about MIC.

https://media.blackhat.com/bh-eu-11/Tom_Keetch/BlackHat_EU_2011_Keetch_Sandboxes-Slides.pdf -> researchers have found the MIC in IE is not a security boundary.

6) In relation to DAC and interprocess sandboxing in OS X in comparison with some functionality of MIC in Windows 7 (see #5), the XNU kernel used in OS X has always had more secure interprocess communication (IPC) since the initial release of OS X.

Mac OS X, via being based on Mach and BSD (UNIX foundation), facilitates IPC using mach messages secured using port rights that implement a measure of access controls on that communication. These access controls applied to IPC make it more difficult to migrate injected code from one process to another.

Adding difficulty to transporting injected code across processes reduces the likelihood of linking remote exploits to local exploits to achieve system level access.

As of OS X Lion, the XPC service has also been added to implement MAC (see #5) on IPC in OS X. http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html

7) Windows has far more public and/or unpatched vulnerabilities than OS X.

http://www.vupen.com/english/zerodays/ -> list of public 0days.

http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker -> another list of public 0days. (Most if not all of the Apple vulnerabilities in this list were patched in the latest Apple security update -> http://support.apple.com/kb/HT5002

http://m.prnewswire.com/news-releases/qihoo-360-detects-oldest-vulnerability-in-microsoft-os-110606584.html -> article about 18 year old UAC bypass vulnerability.

8) Password handling in OS X is much more secure than Windows.

The default account created in Windows does not require a password. The protected storage API in Windows incorporates the users password into the encryption key for items located in protected storage. If no password is set, then the encryption algorithm used is not as strong. Also, no access controls are applied to items within protected storage.

In Mac OS X, the system prompts the user to define a password at setup. This password is incorporated into the encryption keys for items stored in keychain. Access controls are implemented for items within keychain.

Also, Mac OS X Lion uses a salted SHA512 hash, which is still considered cryptographically secure. It is more robust than the MD4 NTLMv2 hash used to store passwords in Windows 7.

http://www.windowsecurity.com/articles/How-Cracked-Windows-Password-Part1.html -> article about Windows password hashing.


9) The new runtime security mitigation improvements to be included in Windows 8 have already been defeated.

http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/

To put this into perspective, methods to bypass the new runtime security mitigations in Mac OS X Lion are not yet available.

10)In regards to recent earlier version of Mac OS X:

The following image relates to varying levels of security mitigations in different Linux distros but it is applicable in revealing that the runtime security mitigations in some earlier versions of Mac OS X prior to Lion were far from inadequate.

264

source -> http://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf

The following section of that image represents a comparison of Mac OS X Leopard/Snow Leopard to Windows Vista/7.

59

While Mac OS X Leopard/SL lack full ASLR, Windows Vista/7 have stack canaries (aka stack cookies) that are trivial to bypass.

The following link shows the issues with stack canaries in Windows. -> http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf

So:

Windows Vista/7 = NX + ASLR
Mac OS X Leopard/SL = NX + stack cookies

59

The image shows that NX in combination with stack canaries is more difficult to bypass than a combination of NX and ASLR. "
Edited by PoopaScoopa - 4/30/12 at 11:16am
post #46 of 210
And as with every other thread that has the name "Apple" and/or "Microsoft" in its title, this has become yet another cesspool.


On a more serious note. Ignorance is bliss, maybe? There's really no such thing as a perfect OS, everything has its flaws. The same goes for comparing Operating Systems; it's always going to be a matter of self-preference.

Anyway, Apple better get something done or we're going to have mass hysteria among mac people.
    
CPUMotherboardGraphicsRAM
Intel Pentium E5400 G31TM-P31 (MS-7529) NVIDIA GeForce GTS 250 Kingston (generic 6-6-6-18 @ 400mhz) 
Hard DriveOptical DriveCoolingOS
Seagate 250GB (ST3250318AS) Liteon CD/DVD-RW x22 Cooler Master Hyper 212 Plus Ubuntu 10.10 x86 / Windows 7 Ultimate x86 Dual-... 
MonitorKeyboardPowerCase
Acer X193HQ Genius KB 110 Corsair HX450 Something Generic 
MouseMouse Pad
Genius Netscroll 120 $4 Mousepad from CD-R King 
  hide details  
    
CPUMotherboardGraphicsRAM
Intel Pentium E5400 G31TM-P31 (MS-7529) NVIDIA GeForce GTS 250 Kingston (generic 6-6-6-18 @ 400mhz) 
Hard DriveOptical DriveCoolingOS
Seagate 250GB (ST3250318AS) Liteon CD/DVD-RW x22 Cooler Master Hyper 212 Plus Ubuntu 10.10 x86 / Windows 7 Ultimate x86 Dual-... 
MonitorKeyboardPowerCase
Acer X193HQ Genius KB 110 Corsair HX450 Something Generic 
MouseMouse Pad
Genius Netscroll 120 $4 Mousepad from CD-R King 
  hide details  
post #47 of 210
The problem is that Apple is great at marketing. if they say that Macs can't get viruses, the general population will believe that. You can't tell them otherwise because they say "But the maker of the product says you can't get viruses/malware"
Blue Ice
(20 items)
 
  
CPUMotherboardGraphicsGraphics
3770k @ 4.5 ASUS P8Z77-V Pro EVGA 680 SC EVGA 460 1GB 
RAMHard DriveHard DriveHard Drive
Corsair Vengence 16GB OCZ Vertex 3  Western Digital  OCZ Vertex 4 
CoolingOSMonitorMonitor
Corsair H80 7 Ultimate x64 BenQ G2000w ViewSonic VA702b (x2) 
MonitorKeyboardPowerCase
Sony Bravia KDL-40W4100 Saitek Cyborg V.5 Corsair TX750 Fractal Design Define R4 w/ Window 
MouseAudio
Logitech Mx Revolution Antec Lansing 
  hide details  
Blue Ice
(20 items)
 
  
CPUMotherboardGraphicsGraphics
3770k @ 4.5 ASUS P8Z77-V Pro EVGA 680 SC EVGA 460 1GB 
RAMHard DriveHard DriveHard Drive
Corsair Vengence 16GB OCZ Vertex 3  Western Digital  OCZ Vertex 4 
CoolingOSMonitorMonitor
Corsair H80 7 Ultimate x64 BenQ G2000w ViewSonic VA702b (x2) 
MonitorKeyboardPowerCase
Sony Bravia KDL-40W4100 Saitek Cyborg V.5 Corsair TX750 Fractal Design Define R4 w/ Window 
MouseAudio
Logitech Mx Revolution Antec Lansing 
  hide details  
post #48 of 210
Quote:
Originally Posted by Coma View Post

No.

Yes.
post #49 of 210
Quote:
Originally Posted by PoopaScoopa View Post

Quote:
Originally Posted by Tarek k View Post

Source: http://www.tweaktown.com/news/23761/kaspersky_says_apple_is_10_years_behind_microsoft_in_terms_of_security/index.html?utm_source=dlvr.it&utm_medium=facebook

244
Quote:
I'm sure there will be plenty of people who get up in arms over this, but I tend to agree. Apple is years behind Microsoft in terms of security because they have never had to worry about it since no one ever bothered to write malware or viruses for Macs due to their small market share.

Sorry, but they apparently have amnesia or just a very short memory span. OS 9 with an extremely small user-base had quite a few viruses in the 90s. Yet even today, with over 50 million users, there hasn't been a single one for OS X. Other types of malware not being as prevalent on OS X compared to Windows is because of inherent design decisions, not purely market-share. The server market where the majority are Linux boxes, still sees most of the exploits being used on Windows Server machines. Even Android's less secure OS has more malware than iOS. There's a reason the government is offering $50k for iOS exploits and only $5k for Android exploits.
Quote:
Originally Posted by Coma View Post

Macs being inherently more secure than Windows is a myth.
Not by a long shot.



1) Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default. Also, Windows has a far greater number of privilege escalation vulnerabilities that allow bypassing DAC restrictions even if DAC is enabled in Windows.

Much of the ability to turn these vulnerabilities into exploits is due to the insecurity of the Windows registry. Also, more easily being able to link remote exploits to local privilege escalation exploits in Windows is due to the Windows registry.

Mac OS X does not use an exposed monolithic structure, such as the Windows registry, to store system settings. Also, exposed configuration files in OS X do not exert as much influence over associated processes as the registry does in Windows.

Mac OS X Snow Leopard has contained only 4 elevation of privilege vulnerabilities since it was released; obviously, none of these were used in malware. Lion has contained 2 so far but one of these vulnerabilities doesn't affect all account types because of being due to a permissions error rather than code vulnerability.

The following link shows the number of privilege escalation vulnerabilities in Windows 7 related to just win32k:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k+7

More information about privilege escalation in Windows 7:

http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ -> guide to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities.

https://media.blackhat.com/bh-dc-11/Mandt/BlackHat_DC_2011_Mandt_kernelpool-wp.pdf -> more complete documentation about Windows kernel exploitation.

http://mista.nu/research/mandt-win32k-paper.pdf -> more complete documentation about alternative methods to exploit the Windows kernel.

http://threatpost.com/en_us/blogs/tdl4-rootkit-now-using-stuxnet-bug-120710 -> article about the TDL-4 botnet which uses a UAC bypass exploit when infecting Windows 7.

2) Windows has the potential to have full ASLR but most software does not fully implement the feature. Most software in Windows has some DLLs (dynamic link libraries = Windows equivalent to dyld) which are not randomized.

http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf -> article overviewing the issues with ASLR and DEP implementation in Windows.

Also, methods have been found to bypass ASLR in Windows 7.

http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf -> article describing bypassing ASLR in Windows 7.

Mac OS X has full ASLR implemented on par with Linux. This includes ASLR with position independent executables (PIE). DLLs in Windows have to be pre-mapped at fixed addresses to avoid conflicts so full PIE is not possible with ASLR in Windows.

Using Linux distros with similar runtime security mitigations as Lion for a model, client-side exploitation is incredibly difficult without some pre-established local access. Of course, this is self defeating if the goal of the exploitation is to achieve that local access in the first place.

See the paper linked below about bypassing the runtime security mitigations in Linux for more details.

http://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf

The author only manages to do so while already having local access to the OS.

3) Mac OS X Lion has DEP on stack and heap for both 64-bit and 32-bit processes. Third party software that is 32-bit may lack this feature until recompiled in Xcode 4 within Lion. Not much software for OS X is still 32-bit.

But, not all software in Windows uses DEP; this includes 64-bit software. See first article linked in #2.

4) Mac OS X implements canaries using ProPolice, the same mitigation used in Linux. ProPolice is considered the most thorough implementation of canaries. It is known to be much more effective than the similar system used in Windows.

http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf -> article comparing ProPolice to stack canary implementation in Windows.

5) Application sandboxing and mandatory access controls (MAC) in OS X are the same thing. More specifically, applications are sandboxed in OS X via MAC. Mac OS X uses the TrustedBSD MAC framework, which is a derivative of MAC from SE-Linux. This system is mandatory because it does not rely on inherited permissions. Both mandatorily exposed services (mDNSresponder, netbios...) and many client-side apps (Safari, Preview, TextEdit…) are sandboxed in Lion.

Windows does not have MAC. The system that provides sandboxing in Windows, called mandatory integrity controls (MIC), does not function like MAC because it is not actually mandatory. MIC functions based on inherited permissions so it is essentially an extension of DAC (see #1). If UAC is set with less restrictions or disabled in Windows, then MIC has less restrictions or is disabled.

http://www.exploit-db.com/download_pdf/16031 -> article about Mac sandbox.

http://msdn.microsoft.com/en-us/library/bb648648(v=VS.85).aspx -> MS documentation about MIC.

https://media.blackhat.com/bh-eu-11/Tom_Keetch/BlackHat_EU_2011_Keetch_Sandboxes-Slides.pdf -> researchers have found the MIC in IE is not a security boundary.

6) In relation to DAC and interprocess sandboxing in OS X in comparison with some functionality of MIC in Windows 7 (see #5), the XNU kernel used in OS X has always had more secure interprocess communication (IPC) since the initial release of OS X.

Mac OS X, via being based on Mach and BSD (UNIX foundation), facilitates IPC using mach messages secured using port rights that implement a measure of access controls on that communication. These access controls applied to IPC make it more difficult to migrate injected code from one process to another.

Adding difficulty to transporting injected code across processes reduces the likelihood of linking remote exploits to local exploits to achieve system level access.

As of OS X Lion, the XPC service has also been added to implement MAC (see #5) on IPC in OS X. http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html

7) Windows has far more public and/or unpatched vulnerabilities than OS X.

http://www.vupen.com/english/zerodays/ -> list of public 0days.

http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker -> another list of public 0days. (Most if not all of the Apple vulnerabilities in this list were patched in the latest Apple security update -> http://support.apple.com/kb/HT5002

http://m.prnewswire.com/news-releases/qihoo-360-detects-oldest-vulnerability-in-microsoft-os-110606584.html -> article about 18 year old UAC bypass vulnerability.

8) Password handling in OS X is much more secure than Windows.

The default account created in Windows does not require a password. The protected storage API in Windows incorporates the users password into the encryption key for items located in protected storage. If no password is set, then the encryption algorithm used is not as strong. Also, no access controls are applied to items within protected storage.

In Mac OS X, the system prompts the user to define a password at setup. This password is incorporated into the encryption keys for items stored in keychain. Access controls are implemented for items within keychain.

Also, Mac OS X Lion uses a salted SHA512 hash, which is still considered cryptographically secure. It is more robust than the MD4 NTLMv2 hash used to store passwords in Windows 7.

http://www.windowsecurity.com/articles/How-Cracked-Windows-Password-Part1.html -> article about Windows password hashing.


9) The new runtime security mitigation improvements to be included in Windows 8 have already been defeated.

http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/

To put this into perspective, methods to bypass the new runtime security mitigations in Mac OS X Lion are not yet available.

10)In regards to recent earlier version of Mac OS X:

The following image relates to varying levels of security mitigations in different Linux distros but it is applicable in revealing that the runtime security mitigations in some earlier versions of Mac OS X prior to Lion were far from inadequate.

264

source -> http://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf

The following section of that image represents a comparison of Mac OS X Leopard/Snow Leopard to Windows Vista/7.

59

While Mac OS X Leopard/SL lack full ASLR, Windows Vista/7 have stack canaries (aka stack cookies) that are trivial to bypass.

The following link shows the issues with stack canaries in Windows. -> http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf

So:

Windows Vista/7 = NX + ASLR
Mac OS X Leopard/SL = NX + stack cookies

59

The image shows that NX in combination with stack canaries is more difficult to bypass than a combination of NX and ASLR.

The past few hacker championships Macs have been hacked within 10 minutes. It generally takes 24 hours to hack Windows and Linux distro's (think usually they use Red Hat and Ubuntu).

Your beautiful post got demolished by professional hackers because Apple don't care.

Edit: there is a reason why there's an asterisk that then says: depends on environment factors and certain code flaws.
Edited by Liranan - 4/26/12 at 9:32am
post #50 of 210
Quote:
Originally Posted by PoopaScoopa View Post

Not by a long shot.
I'm not gonna analyze every part of your post, and it's honestly disheartening that you found it necessary to bring so many examples. I'll just say this - I never said Windows has always been as secure - fact is, Windows right now is very secure, and while it may not be exactly as secure, this is the case with any two operating systems. OS X is not bulletproof, and the only reason there's so much documentation about Windows exploitation is because it has been researched for a very long time, while OS X has largely gone under the radar - even Apple themselves give security research a low priority, while MS employs a large amount of security researchers.

I can guarantee you there is a very large number of vulnerabilities waiting to be found. You also mentioned several vulnerabilities were found that haven't been used in malware. How do you know? Contrary to popular belief, most malware attempts to remain under the radar. Using 100% CPU is not something malware authors do intentionally, and most of them certainly don't open popups and change your desktop background. The lack of OS X security research may mean that they just remain undetected, responsible perhaps for theft of personal and financial information.

You've made quite a few mistakes that show you don't understand some of the things you talk about, but I won't tear apart your post. Assuming you're safe is a grave mistake, and you will certainly be proven wrong in the future. It's only a matter of time before some super-common malware which managed to remain under the radar is caught, just like Stuxnet was caught because of a single computer in a reboot loop.
Quote:
Originally Posted by Xenthos View Post

Yes.
No. Do your research. Java can be faster than MSVC++.
Akiyama Mio
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6420 @ stock, 0.98v Asus P5N-E SLI Gainward GTX 460 1GB @ 800/1600/1900 2x2GB Kingston @ 800MHz 5-5-5-15 2T 
Hard DriveOptical DriveOSMonitor
WD 250GB, 320GB SATA/3, 16MB Cache, Seagate 1TB LG GSA-H62N 18x SATA Ubuntu 9.10 x86 & Win7 x86 Asus VW222U 
KeyboardPowerCase
Logitech Classic Corsair 650HX NZXT Apollo Black 
  hide details  
Akiyama Mio
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6420 @ stock, 0.98v Asus P5N-E SLI Gainward GTX 460 1GB @ 800/1600/1900 2x2GB Kingston @ 800MHz 5-5-5-15 2T 
Hard DriveOptical DriveOSMonitor
WD 250GB, 320GB SATA/3, 16MB Cache, Seagate 1TB LG GSA-H62N 18x SATA Ubuntu 9.10 x86 & Win7 x86 Asus VW222U 
KeyboardPowerCase
Logitech Classic Corsair 650HX NZXT Apollo Black 
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
This thread is locked  
Overclock.net › Forums › Industry News › Software News › [TT] Kaspersky says Apple is 10 years behind Microsoft in terms of security