Invader's-rant
Public Service Announcement: DO NOT USE INTERNET EXPLORER!!!! Definition: MySpace [Mai' thpathe] (pronounced with a lithp), N. - 1. A shrine to Terrible teener web programming, the worst M$ driven Web2.sl0 has to offer.

2008-12-02

These were comments and my replies to those comments on the following /. story:


Apple Quietly Recommends Antivirus Software For Macs


Posted by timothy on Tuesday December 02, @08:59AM
from the wear-your-rubbers dept.
Security OS X Apple
Barence writes "After years of boasting about the Mac's near invincibility, Apple is now advising its customers to install security software on their computers. Apple — which has continually played on Windows' vulnerability to viruses in its advertising campaigns — issued the advice in a low-key message on its support forums. 'Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.' It goes on to recommend a handful of products." Reader wild_berry points out the BBC's story on the unexpected recommendation.


===================================================

I wish people would stop parroting this fallacy all the time. Market share has nothing to do with how easy it is to break into a system.

Look at AROS [sourceforge.net]! It has no security whatsoever, not even memory management between processes, so despite only having a hundred or so users, it must have zillions of virusses. But, of course, it DOESN'T. So far as I'm aware, nobody's bothered to write one, and it's unlikely any AROS virus would actually be effective.

All viruses require a reasonable level of market share to operate, because one of the principles they rely upon is a network effect, and you just plain cannot get a network effect without a decent market share. So marketshare is, very much, a pre-requisite for a successful virus. It's not the only one, but when people say "Mac OS X hasn't been attacked yet because it doesn't have enough marketshare", they're right. That's one fundamental reason. And unless you can show that any other reasons apply, it's likely to be the only reason.

If you have something like windows where security is bolted on after the fact, and OS that was never meant to be a multi-user OS connected to the internet (all these were added as features later on and done poorly) then you will have a system that is much harder to keep secure.

UNIX on the other hand was designed from day one to be networked multi-user OS, and security and separation of concerns was there from beginning.

It's frankly hilarious that Unix, on which the first worms operated, can be held up as some system that had security built-in from the start. It's also untrue that Windows, that is, the operating system known as Windows today, was "never meant to be a multi-user OS connected to the internet". Unless you're talking about Windows Me and its predecessors (98, 95, 3.1, et al), then that's completely false. Current versions of Windows (XP, Vista, 2003, et al) are derived from Windows NT, which was designed, from the beginning, to be "a multi-user OS connected to the internet".

In fact, Windows NT and its successors have a more advanced security model than Unix, allowing more than a separation of users and groups.

The issue with Windows is two fold. First, marketshare. And second, an over complex user-environment where too much functionality is available on the "user" side of the security wall. Both of these issues affected Unix up until the mid nineties, where its disproportionate share of Internet nodes and the amount of stuff running as the default user (which in Unix was root, which also happened to be the account with the most rights.)

There's little reason to believe that Mac OS X is protected from viruses by anything other than its low market share at this point. There's not a large enough group of users for network effects to take over. It is not an inherently secure operating system. The default user is generally set up with administration privileges, and it just takes a buffer overflow or other ordinary vulnerability in a client application like a web browser plug-in for a virus or worm to have complete access to the user's files, and enough access to be able to modify many of the applications the user is likely to run.

Fundamentally, Mac OS X has the same problem as Windows, and the same problem the "run-everything-as-root" Unixes did in the eighties and early nineties: too much functionality available to the default user. To fix this, you need to change the model somewhat. The very least Apple could do is set Mac OS X up so that the installer actively discourages setting up the default user as an administrator.





AFAIK, OS-X processes run as the (nonprivileged) user, and only during software installation and system changes are user actions run as root. HAL implementations and things allow user interactions, such as a user being able to execute a dialup operation or to mount media. When a system update or a new piece of software is to be installed, or a system setting such as en/disabling a service, a dialog asks for the user's permission. Most better linux distros do this through sudo or it's guified variants. I almost NEVER am asked for permission to do something because I almost never make changes to the SYSTEM.

To play devils advocate, the same may be said for Fista, but Fista asks permission for EVERYTHING!! The user is so often annoyed by the stupid mother%$#@%%^# UAC bull%$#% that they no longer pay attention to whats going on requiring a priv elevation and just click (I agree)(I agree)(I agree)(I agree)WTF!?(I agree)(I agree)Leamme alone willya(I agree)(I agree)STFU i keel you(I agree)(I agree)(I agree)AGGGGGHHHHHHH THE %$#@!?(I agree)[DOOMSDAY] %&^%% NO CARRIER

That implementation is a recipe for disaster. I actually ship all Fista installs with UAC Off because it does no good anyway, plus, most remote control implementations don't work for %$%# under it.

Now, anything prior to Winders Fista, it's practically a hard REQUIREMENT to run as admin. Even something as harmless as Acrobat Reader will not run well without God privileges.


Oh and trojans and worms require dumb users and exploits, respectively. Virii require homogeneous platforms with consumer accessible scripting languages and universal admin access... Thusly Windows is the most fertile platform for pestilence of any and all kinds, due to by-design perfect availability of all these conditions.

Windows is a Norway rat or a smallpox blanket.


===============================================

Except the GP didn't say that it was easier to break into the system - he said that more people are going to try. I think he neglects to mention an underlying assumption that no software is perfect, and given enough time and effort, the chances of finding a security flaw that can be exploited is greater than zero in ANY piece of software. While this assumption won't always be true, it's completely reasonable for us to make it when considering the security of our systems - for we don't really have any way of disproving it for any particular piece of software.
Agreed, however this is still news because the platform is under such control by Apple. They could quietly and easily put not only hardware and software in place. But implement more effective procedures in their software process to make security tighter. And we wouldn't be the wiser.



Since it IS under such an Iron Curtain by the Turtlenecked-One, they could also just as easily just paint on some secure looking interfaces and in reality only have lukewarm porridge behind the scenes..

They could implement more effective procedures, but skilled programming requires either programmers whose input is revered and who are justly compensated, or it requires an open development model based on a meritocracy and peer review where people won't get shot at for finding, documenting, and responsibly disclosing flaws.

I had a boss who always said, "Don't just come to me with a problem, come to me with a 'how things are' and a 'what to do about it'."


=====================================================

I think he neglects to mention an underlying assumption that no software is perfect, and given enough time and effort, the chances of finding a security flaw that can be exploited is greater than zero in ANY piece of software.

I don't believe this to be true if enough focus on security is made.

Software can be made secure at the expense of functionality. Now this doesn't ever solve the problem of local access, but if you made your OS into a glorified terminal server, you can prevent automated attacks by restricted what the user can do by default.

Of course the user might be hindered somewhat, but sometimes that is the price to pay.



They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
-Benjamin Franklin


Not to mention that implementations denying users privileges has been annoying at best (UAC on Fista (VISTA), destroyed and removed while OS still called Longhorn LOL ) and often disastrous (the crypto used on DVD and BluRay (cracked a few months and a few weeks post release, respectively).

Doing these things makes ordinarily whitehat power users seethe. We then violently crack the protection on general principal. Some two-bit weenie in Redmond or Cupertino is NOT going to tell me what I can and can't do with MY system!


=======================================================

No comments: