Another Mac Expert Adds Comments
Guest Blogger
Mac OS X Safety and Security (5-28-2005)
Howdy! I’m Robert Pritchett, MSCS, former MCSE (along with a few other “expired” Microsoft certifications), former RCDD LAN Specialist, and still a Computer Telephony Engineer, and currently the CEO of MPN, LLC, the Macintosh Professional Network and publisher of macCompanion magazine.
Our hearts bleed purple peanut butter for the many folks that have been turned off by computing due to bad experiences in the WinTel world relating to malware (applications designed to harm your computer system) issues. In a WinTel-centric world, networking is so difficult, that practicing safe computing is nigh near impossible! Turn on a new machine without a firewall between it and the Internet and “poof!” before you can count to 30, it has already been “owned” by the darkside. There is a multi-billion dollar business generated in combating evil online, whether the triad of Viruses, Trojans and Worms or the 4th dimension of SPAM with phishing being hardly reeled in. Malware eradication efforts combine to reduce the well over 1 trillion dollars in lost productivity annually, due to maliciousness online. This includes a new genre of software known as “Patch Management”. There are organizations dedicated 24/7 to eradicating online evil, but they are not winning the war. Man!
y folks have become battle-weary and are giving up the fight by not even logging on anymore. They have become the walking wounded. Something that was promised to make our lives so much easier has, in fact, done exactly the opposite. What is a poor mother to do?
Drum roll please.
Well, Apple, the mistreated and neglected Super Hero, has not gotten much respect in the past. But with Mac OS X, it has been able to show that it is possible, over the last 5 years to develop, maintain and use an Operating System that is free from the evil triad that has infected the WinTel systems worldwide. It does not profess to be all things to all people, in that it cannot be held responsible for the human element in regards to SPAM and phishing. However, it has tried to address part of those issues (SPAM with the Junk Folder in Mail.app). It can’t do much about us giving away our personal banking information or in combating identity theft. There is a lot it can do for us however.
Even with a class act of having 5 years free of malware, can Apple keep this record immaculate? And is it really true that Mac OS X is all Apple says it is with the body count numbering well over 90,000 (and counting) for WinTel platform miscreant activities? Are Apple platforms using Mac OS X still be a BIG FAT ZERO on the malware scoreboard? Is it true that because Apple commands “only” 5% of marketshare each month that it is not considered low enough hanging fruit for crackers and malware coders to even consider attacking?
Let’s investigate why many Linux users and system administrators who have quietly, secretly and without much fanfare over the last 3 years, have glided over to the Macintosh platform now and are proudly declaring it as THEIR system of choice with the release of Tiger. Those who bad-mouthed for so long the system they loathed and feared as it possibly taking away their jobs, now extol its virtues. Those of us who have known all along about the “superiority” of Mac OS X have been vindicated!
Malware and Mac OS X
First, let’s make something perfectly clear. Can Macs get malware and have rootkits (apps designed to control or “own” a system such as rootkit109 or “Opener”) been created to compromise the Operating System? Absolutely! Are Macs affected by such dark code? The answer is an unequivocal “No” for malware and “Sometimes” for rootkits. What happens is that if the Apple machines do not have anti-malware installed, the bad-nasties get passed on to other platforms that are adversely targeted and affected. Many who use the Mac get anti-malware applications, usually at a much higher premium cost than the Wintel crowd has to pay for the same protection. Why? Because those who are good netizens act as good netizens by not being either Typhoid Maries or do not indulge in the online social diseases that have maligned, nay, paralyzed, other platforms. Apple platform citizens do not want to be known as the source for spreading the online diseases. Instead, they go out of their way to not !
be a part of that sub-culture and revel in playing safe computing. The anti-malware apps are not for them alone. They install it to protect the ones they love.
Sweet soothing violin music.
Vulnerabilities and Exploits
Mac OS X was designed from the bottom up with security in mind. All services are turned off by default and you need to turn on the ones you want to use. Conversely it took Microsoft with the latest releases of XP Pro Service Pack 2 and Microsoft Server 2003 to finally come around and do the same thing, but only after duress and many legal rumblings and threatenings amongst Microsoft consultants.
Is Mac OS X perfect? No, but that is why Apple has created Software Updates under the Apple logo up in the left-hand corner of the screen. As each Apple app gets updated we know about it and can download accordingly. The Mac OS X system checks to see if we need any updates and then gives us the option to add those or not. The latest as of this writing, were the updates to Keynote 2 and Mac OS X 10.4 1 Tiger. (The link is listed under Resources.)
As John Gruber has pointed out, a vulnerability can be described as like having an unlocked car. An exploit is where a thief steals the car. There have been vulnerabilities that have been exposed to the public mind, but Apple has closed them relatively quickly by both updating the Operating System and by distributing updates to iApps. So far, there have been no publicized exploits other than proof-of-concept examples such as Opener.
If you are concerned about network access from the outside, you can always check your system by using Steve Gibson’s ShieldsUP!! services to find out if you are running a stealth machine or not. Symantec also has a tool for testing if a system is left insecure.
Why Is Mac OS X More Secure?
As mentioned earlier, Mac OS X was designed with security as a basic component of the Operating System. How has Apple been able to do this? UNIX has a long history and Apple literally capitalized on it by using the FreeBSD version, then modifying it as a Darwin Open Source project when it was the OS for NeXT (an earlier company that Steve Jobs founded and Apple later bought), so anyone can view the source code and point out any discrepancies.
. The Mac OS X architecture uses the Common Data Security model the root user is not enabled by default so malware cannot attempt to install itself as root.
. Communications ports used by the system are the only ones open by default.
. A FileVault panel has been installed in the Preferences section to be used to encrypt/decrypt home folders.
. Keychain access is done through the Utilities folder in the Applications folder. It stores sensitive data for authentication services. Password data is protected using Triple Digital Encryption Standard (3DES).
. The integrated firewall is based on IPFW, another open source FreeBSD technology. A “stealth mode” has been added to block outgoing traffic not originating from the computer itself.
. Both the Mail.app and Safari browser use SSL2 and SSL3 along with Transport Layer Security for secure encrypted channeling.
. Mail.app uses Secure Multipurpose Internet Mail Extensions (S/Mime).
. LAN and Wireless can be secured using OpenSSL and OpenSSH.
. Virtual Private Networks can use Layer 2 tunneling Protocol or Point-to-Point Protocol.
. The 802.1X standard is used and all necessary settings are imported into the Internet Connect function for secure wireless communications.
. And of course, as previously noted, the Software Update function helps us stay current.
. Applications now are identified in the Finder so they can be examined before they are run.
. Safari examines content as it downloads and notifies if it is an application or not.
. Auto-install has been un-defaulted to avoid any possible widget auto-runs as they are downloaded and not automatically installed into Dashboard.
. Access Control Lists are enabled on a per-volume basis, but require manual manipulation in Terminal Mode.
. Fast User Switching has been enabled. (More than one user on a machine can log in quickly.)
The Anti-Virus manufactures have been caught more than once over the last 5 years trying to pour Fear, Uncertainty and Doubt (FUD) into the minds of those who use Macs, but for the most part, those manufacturers have been caught with their pants down around their ankles, as they keep trying to drum up business in the Mac community. Yes, those of us who use Macs do need to not become complacent when it comes to security, but we tend to ignore the “cry wolf” mentality we hear after one or two times. We are accustomed to not having malware issues with our machines. And believe me when I say that if any do attempt to trash Macs, we will be on it like white on rice.
You may try in vain to find the “37 Mac OS X vulnerabilities” report that Symantec posted last year. Frankly, much of it was smelly nonsense, so they removed it from their website after being taken to task, as far as I can tell. “The potential exists”, but should we be afraid of water, knowing that we could choke to death on a spoonful of it? We should treat Mac malware reports with healthy skepticism and consider the source. We also tend for the most part to ignore sensationalism from the same sources and those software developers that try to do that get hit with pretty nasty backlash from the Mac Community. “Burn me once, shame on you, burn me twice.”
Jaws2 Music.
Due Diligence
Now that we have pretty much burst the “Danger! Danger Will Robinson!” hysteria balloon regarding Mac Security and Safety, it is time for some due diligence. Yes, it is possible to choke to death on a spoonful of water, so it pays to take some preventative measures to reduce the choking hazard, right?
And like the Scout Motto says, it always pays to “Be Prepared”. So what can we do?
Matt Willmore addressed this nicely with 3 installments on complete Mac security in the Tutorial section of MacZealots, but his information was superceded by later updated versions of the Mac OS X with his 3rd installment still being left intact. Ming Chow also discussed some security enhancements over on O’Reilly:
. First, make sure the machine is in a safe location. Think 5-finger pickup and act appropriately. If you have a portable, make sure you have something like what Compute Security Products has available or the XTool computer tracker in case the system gets relocated without your knowledge.
. Second, make sure you have the login process enabled and not bypassed with auto-login. This is done through Apple > System Preferences > Accounts. Use the Fast User Switching function if more than one user works the machine.
. Third, enable FileVault by going to Apple > System Preferences > Security.
. Fourth, Secure Disk Images by going to Applications > Utilities > Disk Utility > New Image. Set for AES_128 encryption and it will ask you to password-protect it.
. Fifth, Secure Empty Trash by going to the Finder > Secure Empty Trash. To really delete what is in there or elsewhere a 3rd-party cleaner probably should be used to erase free space.
. Sixth, in Safari, disable AutoFill.
. Seventh, if you haven’t done so already (and you should have, unless this is a fresh install), turn on the Firewall and turn off Filesharing by going to Apple > System Preferences > Sharing. And go into Advanced and turn on blocking UDP traffic, enable Stealth mode and enable Firewall logging.
That said, what is the platform of choice for those in the Computer Security Industry? Many are using Macs. If you don’t believe me, then go talk to Kelly Martin over at Security Focus. Or even Winn Schwartau at The Security Awareness Company. Why not use the system the security professional use for a living?
Resources:
Many of these have been “captured” in the macCompanion Blog under the category of Security:
A Simple Guide To Macintosh Security- Larry Loeb
Apple’s Big Virus - Kelly Martin
Apple Security Updates:
Be Prepared
Complete Mac Security, Part 3 - Matt Willmore
Detecting and Avoiding Malware and Spyware - Dr. Smoke
Enhancing Security and Privacy in Mac OS X Tiger - Ming Chow
Macintosh OS X Security (dated information) - Understanding the Platform and Usage - Nicholas Raba
Macintosh OS X Security - Second Lesson
Mac Malware Status? - Robert Pritchett
Opener, Closer and Watcher MacInTouch Reader Reports
Opener
Closer and Watcher
Security Cannot be Spun - John Gruber
Security, Reliability and Compatibility - Tiger Review
The Virus and OS X - Graham K. Rogers
Some Tools for Protection
Many of these have been reviewed in macCompanion. Just go there and add the item of interest to the search engine located there for more details.
ClamXav
Computer Security Products
Henwen -Snort on Mac OS X by Nick Zitzmann
Internet Cleanup
Little Snitch
MacAnalysis (no longer available for purchase)
ShieldsUP!!
Symantec Internet Security checker
XTool Computer Tracker
Robert Pritchett
CEO - MPN, LLC
Publisher - macCompanion
1952 Thayer Drive
Richland WA 99352
Mac OS X Safety and Security (5-28-2005)
Howdy! I’m Robert Pritchett, MSCS, former MCSE (along with a few other “expired” Microsoft certifications), former RCDD LAN Specialist, and still a Computer Telephony Engineer, and currently the CEO of MPN, LLC, the Macintosh Professional Network and publisher of macCompanion magazine.
Our hearts bleed purple peanut butter for the many folks that have been turned off by computing due to bad experiences in the WinTel world relating to malware (applications designed to harm your computer system) issues. In a WinTel-centric world, networking is so difficult, that practicing safe computing is nigh near impossible! Turn on a new machine without a firewall between it and the Internet and “poof!” before you can count to 30, it has already been “owned” by the darkside. There is a multi-billion dollar business generated in combating evil online, whether the triad of Viruses, Trojans and Worms or the 4th dimension of SPAM with phishing being hardly reeled in. Malware eradication efforts combine to reduce the well over 1 trillion dollars in lost productivity annually, due to maliciousness online. This includes a new genre of software known as “Patch Management”. There are organizations dedicated 24/7 to eradicating online evil, but they are not winning the war. Man!
y folks have become battle-weary and are giving up the fight by not even logging on anymore. They have become the walking wounded. Something that was promised to make our lives so much easier has, in fact, done exactly the opposite. What is a poor mother to do?
Drum roll please.
Well, Apple, the mistreated and neglected Super Hero, has not gotten much respect in the past. But with Mac OS X, it has been able to show that it is possible, over the last 5 years to develop, maintain and use an Operating System that is free from the evil triad that has infected the WinTel systems worldwide. It does not profess to be all things to all people, in that it cannot be held responsible for the human element in regards to SPAM and phishing. However, it has tried to address part of those issues (SPAM with the Junk Folder in Mail.app). It can’t do much about us giving away our personal banking information or in combating identity theft. There is a lot it can do for us however.
Even with a class act of having 5 years free of malware, can Apple keep this record immaculate? And is it really true that Mac OS X is all Apple says it is with the body count numbering well over 90,000 (and counting) for WinTel platform miscreant activities? Are Apple platforms using Mac OS X still be a BIG FAT ZERO on the malware scoreboard? Is it true that because Apple commands “only” 5% of marketshare each month that it is not considered low enough hanging fruit for crackers and malware coders to even consider attacking?
Let’s investigate why many Linux users and system administrators who have quietly, secretly and without much fanfare over the last 3 years, have glided over to the Macintosh platform now and are proudly declaring it as THEIR system of choice with the release of Tiger. Those who bad-mouthed for so long the system they loathed and feared as it possibly taking away their jobs, now extol its virtues. Those of us who have known all along about the “superiority” of Mac OS X have been vindicated!
Malware and Mac OS X
First, let’s make something perfectly clear. Can Macs get malware and have rootkits (apps designed to control or “own” a system such as rootkit109 or “Opener”) been created to compromise the Operating System? Absolutely! Are Macs affected by such dark code? The answer is an unequivocal “No” for malware and “Sometimes” for rootkits. What happens is that if the Apple machines do not have anti-malware installed, the bad-nasties get passed on to other platforms that are adversely targeted and affected. Many who use the Mac get anti-malware applications, usually at a much higher premium cost than the Wintel crowd has to pay for the same protection. Why? Because those who are good netizens act as good netizens by not being either Typhoid Maries or do not indulge in the online social diseases that have maligned, nay, paralyzed, other platforms. Apple platform citizens do not want to be known as the source for spreading the online diseases. Instead, they go out of their way to not !
be a part of that sub-culture and revel in playing safe computing. The anti-malware apps are not for them alone. They install it to protect the ones they love.
Sweet soothing violin music.
Vulnerabilities and Exploits
Mac OS X was designed from the bottom up with security in mind. All services are turned off by default and you need to turn on the ones you want to use. Conversely it took Microsoft with the latest releases of XP Pro Service Pack 2 and Microsoft Server 2003 to finally come around and do the same thing, but only after duress and many legal rumblings and threatenings amongst Microsoft consultants.
Is Mac OS X perfect? No, but that is why Apple has created Software Updates under the Apple logo up in the left-hand corner of the screen. As each Apple app gets updated we know about it and can download accordingly. The Mac OS X system checks to see if we need any updates and then gives us the option to add those or not. The latest as of this writing, were the updates to Keynote 2 and Mac OS X 10.4 1 Tiger. (The link is listed under Resources.)
As John Gruber has pointed out, a vulnerability can be described as like having an unlocked car. An exploit is where a thief steals the car. There have been vulnerabilities that have been exposed to the public mind, but Apple has closed them relatively quickly by both updating the Operating System and by distributing updates to iApps. So far, there have been no publicized exploits other than proof-of-concept examples such as Opener.
If you are concerned about network access from the outside, you can always check your system by using Steve Gibson’s ShieldsUP!! services to find out if you are running a stealth machine or not. Symantec also has a tool for testing if a system is left insecure.
Why Is Mac OS X More Secure?
As mentioned earlier, Mac OS X was designed with security as a basic component of the Operating System. How has Apple been able to do this? UNIX has a long history and Apple literally capitalized on it by using the FreeBSD version, then modifying it as a Darwin Open Source project when it was the OS for NeXT (an earlier company that Steve Jobs founded and Apple later bought), so anyone can view the source code and point out any discrepancies.
. The Mac OS X architecture uses the Common Data Security model the root user is not enabled by default so malware cannot attempt to install itself as root.
. Communications ports used by the system are the only ones open by default.
. A FileVault panel has been installed in the Preferences section to be used to encrypt/decrypt home folders.
. Keychain access is done through the Utilities folder in the Applications folder. It stores sensitive data for authentication services. Password data is protected using Triple Digital Encryption Standard (3DES).
. The integrated firewall is based on IPFW, another open source FreeBSD technology. A “stealth mode” has been added to block outgoing traffic not originating from the computer itself.
. Both the Mail.app and Safari browser use SSL2 and SSL3 along with Transport Layer Security for secure encrypted channeling.
. Mail.app uses Secure Multipurpose Internet Mail Extensions (S/Mime).
. LAN and Wireless can be secured using OpenSSL and OpenSSH.
. Virtual Private Networks can use Layer 2 tunneling Protocol or Point-to-Point Protocol.
. The 802.1X standard is used and all necessary settings are imported into the Internet Connect function for secure wireless communications.
. And of course, as previously noted, the Software Update function helps us stay current.
. Applications now are identified in the Finder so they can be examined before they are run.
. Safari examines content as it downloads and notifies if it is an application or not.
. Auto-install has been un-defaulted to avoid any possible widget auto-runs as they are downloaded and not automatically installed into Dashboard.
. Access Control Lists are enabled on a per-volume basis, but require manual manipulation in Terminal Mode.
. Fast User Switching has been enabled. (More than one user on a machine can log in quickly.)
The Anti-Virus manufactures have been caught more than once over the last 5 years trying to pour Fear, Uncertainty and Doubt (FUD) into the minds of those who use Macs, but for the most part, those manufacturers have been caught with their pants down around their ankles, as they keep trying to drum up business in the Mac community. Yes, those of us who use Macs do need to not become complacent when it comes to security, but we tend to ignore the “cry wolf” mentality we hear after one or two times. We are accustomed to not having malware issues with our machines. And believe me when I say that if any do attempt to trash Macs, we will be on it like white on rice.
You may try in vain to find the “37 Mac OS X vulnerabilities” report that Symantec posted last year. Frankly, much of it was smelly nonsense, so they removed it from their website after being taken to task, as far as I can tell. “The potential exists”, but should we be afraid of water, knowing that we could choke to death on a spoonful of it? We should treat Mac malware reports with healthy skepticism and consider the source. We also tend for the most part to ignore sensationalism from the same sources and those software developers that try to do that get hit with pretty nasty backlash from the Mac Community. “Burn me once, shame on you, burn me twice.”
Jaws2 Music.
Due Diligence
Now that we have pretty much burst the “Danger! Danger Will Robinson!” hysteria balloon regarding Mac Security and Safety, it is time for some due diligence. Yes, it is possible to choke to death on a spoonful of water, so it pays to take some preventative measures to reduce the choking hazard, right?
And like the Scout Motto says, it always pays to “Be Prepared”. So what can we do?
Matt Willmore addressed this nicely with 3 installments on complete Mac security in the Tutorial section of MacZealots, but his information was superceded by later updated versions of the Mac OS X with his 3rd installment still being left intact. Ming Chow also discussed some security enhancements over on O’Reilly:
. First, make sure the machine is in a safe location. Think 5-finger pickup and act appropriately. If you have a portable, make sure you have something like what Compute Security Products has available or the XTool computer tracker in case the system gets relocated without your knowledge.
. Second, make sure you have the login process enabled and not bypassed with auto-login. This is done through Apple > System Preferences > Accounts. Use the Fast User Switching function if more than one user works the machine.
. Third, enable FileVault by going to Apple > System Preferences > Security.
. Fourth, Secure Disk Images by going to Applications > Utilities > Disk Utility > New Image. Set for AES_128 encryption and it will ask you to password-protect it.
. Fifth, Secure Empty Trash by going to the Finder > Secure Empty Trash. To really delete what is in there or elsewhere a 3rd-party cleaner probably should be used to erase free space.
. Sixth, in Safari, disable AutoFill.
. Seventh, if you haven’t done so already (and you should have, unless this is a fresh install), turn on the Firewall and turn off Filesharing by going to Apple > System Preferences > Sharing. And go into Advanced and turn on blocking UDP traffic, enable Stealth mode and enable Firewall logging.
That said, what is the platform of choice for those in the Computer Security Industry? Many are using Macs. If you don’t believe me, then go talk to Kelly Martin over at Security Focus. Or even Winn Schwartau at The Security Awareness Company. Why not use the system the security professional use for a living?
Resources:
Many of these have been “captured” in the macCompanion Blog under the category of Security:
A Simple Guide To Macintosh Security- Larry Loeb
Apple’s Big Virus - Kelly Martin
Apple Security Updates:
Be Prepared
Complete Mac Security, Part 3 - Matt Willmore
Detecting and Avoiding Malware and Spyware - Dr. Smoke
Enhancing Security and Privacy in Mac OS X Tiger - Ming Chow
Macintosh OS X Security (dated information) - Understanding the Platform and Usage - Nicholas Raba
Macintosh OS X Security - Second Lesson
Mac Malware Status? - Robert Pritchett
Opener, Closer and Watcher MacInTouch Reader Reports
Opener
Closer and Watcher
Security Cannot be Spun - John Gruber
Security, Reliability and Compatibility - Tiger Review
The Virus and OS X - Graham K. Rogers
Some Tools for Protection
Many of these have been reviewed in macCompanion. Just go there and add the item of interest to the search engine located there for more details.
ClamXav
Computer Security Products
Henwen -Snort on Mac OS X by Nick Zitzmann
Internet Cleanup
Little Snitch
MacAnalysis (no longer available for purchase)
ShieldsUP!!
Symantec Internet Security checker
XTool Computer Tracker
Robert Pritchett
CEO - MPN, LLC
Publisher - macCompanion
1952 Thayer Drive
Richland WA 99352
source: Another Mac Expert Adds Comments
