Leopard Security: Here Come The Promised Surprises

AHA! As Steve Jobs had promised, there are indeed surprise
features in Leopard! The list is slowly beginning to leak out of
Apple. Here are a few GREAT security features that have been on
people's wish lists over the past year:

<http://it.slashdot.org/article.pl?sid=07/10/18/1218247>

Apple Adds Memory Randomization To Leopard
Posted by kdawson on Thursday October 18, @08:37AM
from the shuffling-the-wormholes dept.

> .mack notes a ZDNet blog outlining some of the security features added to OSX
> Leopard (10.5). Here's Apple's brief description of all 11 new security
> features.
>
> "Apple has announced plans to add code-scrambling diversity to Mac OS X
> Leopard, a move aimed at making the operating system more resilient to virus
> and worm attacks. The security technology, known as ASLR (address space
> layout randomization), randomly arranges the positions of key data areas to
> prevent malware authors from predicting target addresses. Another new feature
> coming in Leopard is Sandboxing (systrace), which limits an application's
> access to the system by enforcing access policies for system calls."


<http://blogs.zdnet.com/security/?p=595>

October 17th, 2007
Memory randomization (ASLR) coming to Mac OS X Leopard
Posted by Ryan Naraine @ 2:31 pm

> According to Apple, the library randomization feature will allow Leopard to
> defend against attackers with no effort at all.
>
> > One of the most common security breaches occurs
> > when a hacker¹s code calls a known memory address
> > to have a system function execute malicious code.
> > Leopard frustrates this plan by relocating system
> > libraries to one of several thousand possible
> > randomly assigned addresses.
>
> Several open-source security systems ‹ OpenBSD, PaX and Exec Shield ‹ already
> implement ASLR in some form. Microsoft has also fitted ASLR into default
> configurations of Windows Vista.

You can read about how Microsoft messed up (big surprise) their
implementation of ASLR at:
<http://blogs.zdnet.com/security/?p=104>

> Apple also plans to add Sandboxing (systrace) in Leopard to limits an
> application¹s access to the system by enforcing access policies for system
> calls. The feature is aimed at restricing an app¹s file access, network
> access, and ability to launch other applications.
>
> Many Leopard applications ‹ such as Bonjour, Quick Look, and the Spotlight
> indexer ‹ will be sandboxed so hackers can¹t exploit them, Apple said.
>
> Strangely, the default Safari Web browser isn¹t listed as a sandboxed
> application.
>
> Some other security goodies promised in Leopard include:
>
> > Tagging Downloaded Applications ‹ Protection from
> > potential threats. Any application downloaded to
> > the operating system is tagged. Before it runs
> > for the first time, the system asks for the
> > user¹s consent ‹ notifying the user when it
> > was downloaded, what application was used to
> > download it, and, if applicable, what URL it
> > came from.
> >
> > Signed Applications ‹ A digital signature on
> > an application will aim at verifying the
> > identity and integrity of that program.
> > All applications shipped with Leopard will
> > be signed by Apple. Third-party software
> > developers can also sign their applications.

Hmm. I wonder what it will cost developers to have their apps
signed. The cost Microsoft charge is outrageously prohibitive and
very few developers bother. Wouldn't it be just like Apple to
make this service free? But we shall see.

> > Application-Based Firewall ‹ Leopard will
> > feature the ability to specify the behavior
> > of specific applications to either allow or
> > block incoming connections.
> >
> > Stronger Encryption for Disk Images ‹ Disk
> > Utility will now allow users to create
> > encrypted disk images using 256-bit AES
> > encryption.

Mac OS X Tiger offers 128-bit AES, which to be honest is already
considered unbreakable. Going to 256-bit essentially means even
'god' can't decrypt your files, aka overkill deluxe.

I was hoping Leopard would have some of the functionality of
LittleSnitch, which blocks unwanted outgoing network calls. Oh
well. Glad I own it. No phoning home or zombie spewing allowed on
my Macs, thank you.

All in all this is mostly catch-up on Apple's part to some
pre-existing technology. But considering the fact that Mac OS X
is UNIX, the process of tossing in Open Source UNIX based
security features is easy and I am glad Apple has added them.

:-Derek

--
Fortune Magazine 11-29-05: What's your computer setup today?
Frederick Brooks: I happily use a Macintosh. It's not been
equalled for ease of use, and I want my computer to be a tool,
not a challenge.
<http://money.cnn.com/magazines/fortune/fortune_archive/2005/12/12/8363107/>
[Frederick Brooks is the author of 'The Mythical Man Month'.
He spearheaded the movement to modernize computer software
engineering in 1975.]

"Jeffrey Goldberg" <> stated in post
on 10/18/07 9:37 PM:

> In <barmar->, Barry Margolin...:
>
>> Derek Currie <> wrote:
>>
>>> AHA! As Steve Jobs had promised, there are indeed surprise
>>> features in Leopard! The list is slowly beginning to leak out of
>>> Apple. Here are a few GREAT security features that have been on
>>> people's wish lists over the past year:
>
>> "leaking out"? I saw all of these in the "300+ New Features" page on
>> the Apple web site
>>
>> <http://www.apple.com/macosx/features/300.html#security>
>
> Anyway, many of these are fantastic. These will make the job of malware
> writers significantly harder. I've been a pessimist about Mac viruses,
> thinking that they were just around the corner. But reading that list
> makes me far more confident that five years from now we will still be
> saying that there are no Mac viruses in the wild.

Apple does tend to stay one step ahead of the malware cretins... not an easy
thing to do.
>
> Some of the measures will also help defend OS X against attacks that
> leverage flaws in third party software like Apache and PHP.
>
> Anyway, I consider this really good news. And for other reasons (Spaces
> and Time Machine topping the list) I've already ordered my Leopard family
> pack.

I will almost surely get it once I know Adobe products have been fully
tested on it.


--
If A = B and B = C, then A = C, except where void or prohibited by law.
Roy Santoro, Psycho Proverb Zone (http://snipurl.com/BurdenOfProof)

In article
<derekcurrie->,
Derek Currie <> wrote:

> > > Application-Based Firewall ‹ Leopard will
> > > feature the ability to specify the behavior
> > > of specific applications to either allow or
> > > block incoming connections.
>
> I was hoping Leopard would have some of the functionality of
> LittleSnitch, which blocks unwanted outgoing network calls. Oh
> well.

It doesn't say if it asks in real time, but isn't that what you want?

--
David J Richardson --
http://davidj.richardson.name/ - Dr Who articles/interviews/reviews
http://www.boomerang.org.au/ - Boomerang Association of Australia

David J Richardson wrote:
> In article
> <derekcurrie->,
> Derek Currie <> wrote:
>
>>>> Application-Based Firewall ‹ Leopard will
>>>> feature the ability to specify the behavior
>>>> of specific applications to either allow or
>>>> block incoming connections.
>> I was hoping Leopard would have some of the functionality of
>> LittleSnitch, which blocks unwanted outgoing network calls. Oh
>> well.
>
> It doesn't say if it asks in real time, but isn't that what you want?
>

Don't think so. LS lets you selectively block outgoing conections freom
apps permanently or for the session, and to choose to block certain
ports or even just one IP address for that app. And it makes it easy to do.

Andy