MacDailyNews - Where Mac news comes first

Although the original article was mainly crap, I wish people would stop writing these articles about how secure Mac on Intel is without any real knowledge.

It is quite possible that the change to Intel chips will make Mac OS more susceptible for Buffer Overruns. Intel chips simply are more susceptible to buffer overruns than PowerPC chips.

It really doesn't do any good for Mac users (of which I am one) to be so complacent about this switch.

Also, I've had Linux machines infected by the various "worms" out there and rootkitted. It was a big f***ing pain in the ass, so my answer to "does it happen often enough to be an issue of concern?" is: Yes!

Not had a Mac hacked yet though, I must admit.

Speaking of buffer overruns, does anyone know if the Intel version of OS X supports the Execute Disable Bit. A look on Intel's site doesn't have it listed as one of the OSs that do.

Shame on you, eWeek. How can you report this crap and get away with it?

Signed,
Dan Rather

"eWeek". Yeh-heh-hehesssssss. There's no way they should be charging to advertise on that site. I've seen more accurate reporting in Monkey Monthly magazine. And that's run by chimps. Yeh-hesssss, the quality of information on eWeek is so bad it's like me trying to charge for my POOP!

eWeek should change their name to "freeWeek".

What are these people smoking???

http://www.g-zus.net/

pog... True! .. but what tells you that Apple Intel based computers are not Mac? Cause you clearly say: "Not had a Mac hacked yet though, I must admit."

I am sure Apple has checked the risks of this move and is willing to deal with what ever it needs to in order to keep its Intel base computer as secure as its PowerPCs.

You started your argument much better by recognizing this as a paradox due to the inaccessibility of the commentators to Intel base computers for real testing. Hold it right there until we all see the real deal.

Monkies COULD fly out of my butt too.

MW 'designed' as in Apple has designed OSX to be inherently more safe

Am I missng something else in this 'story'? The guy writes, "The shift to Intel processors from the Motorola Power PC processors..." [my emphasis].

I was under the assumption that it was IBM and Freescale that manufactured PPC chips... was I wrong all this time?

Always enjoy reading what Tera Patricks has to say - she knows her Mac.

These reports of OSX security weaknesses and susceptibilities seems to be of the "wishful thinking" category. Details are usually absent...

It's almost as if eWeek writer Paul F. Roberts is saying (under his breath) "Come-on guys, write a virus for the Mac, something, anything... Pleeeease"

Going on 22 years now, no viruses, no successful break-ins, no security breaches, nothing…even after I double-dog dared the entire planet and the sum of humanity. That alone tells me all I need to know.

MacDaddy: I don't own any Intel based Macs. However my PPC based Macs have been fairly invunerable.

I have some pretty hands on experience with Buffer Overruns however. We have some software at work that is so poorly written it basically buffer overruns itself and crashes. At least it does on Intel Linux.

On Macs in compiles and runs perfectly. I assumed this was an OS issue, so installed Darwin on an x86 box to test it out (it's an X11 app). Nope - crashed just as bad as on Linux.

Essentially the only difference between the Darwin machine and the Mac was the processor.

What happens if you put a different engine into a car? You may have to re-route some hoses or wiring. You may have to cobble some parts together to get them to fit just the right way. You may have to cut some mounting holes or add some bolts in the right places.

You have the same steering wheel, brakes, accelerator, transmission, windshield, roof, seats, doors, body, wheels, etc., etc., etc...

Does it make it any easier to break into or hotwire?

Same thing.

little man: a shockingly innaccurate analogy.

Reseach, research, research... if you're a tech journo, surely one knows to check these simple facts....<rhetorical>!

What the hell is this supposed to mean...

"It is quite possible that the change to Intel chips will make Mac OS more susceptible for Buffer Overruns. Intel chips simply are more susceptible to buffer overruns than PowerPC chips."

In what way are x86 chips more susceptible to buffer overruns? This is utter nonsense. Please put away the hash pipe before you pretend to be an ubergeek and astound us with your bigger-dork-than-thou wisdom.

Or back up your wild claim somehow.

Dave

Continued from my last post:

Let's say Apple makes a car and Microsoft makes a car. The Apple car has a really good lock, the windows all roll up, and everything is secured. The Microsoft car has broken locks (which everyone has the same keys to), a window that won't roll up, a hole in the roof, and a door that you have to hold closed as you're driving it. The only way to improve this state in any way is to go to the auto parts store and buy a 3rd party upgrade which amounts to some duct tape and a roll of visqueen.

Does it really matter what engine is in what car?

pog,

In referring to the way in which the OS interacts with the processor and any security changes which would go along with it, how so?

Oh pog, I see you responded already. Anyway, let me assure you that you're wrong. That was an Apples and oranges comparison. There's no new greater susceptibility to buffer overruns on Intel than on PowerPC. Next topic.

pog... that is a fine test you did but I am sure if you would hear the same story from another person who has done this test you would not be satisfied by just assuming that it is the processor's problem... there is a whole architecture on a motherboard as you already must an expert of which includes also a bunch of masked logarithms and layers of programs written only for that BIOS and setup.

Think again... I am not rulling out possible vulerabilities of Intel based Mac but your argument is as possible as its anti-theory.

Go get 'em, Tera!


MW: "maybe"?

MacDaddy: I know for a fact that the crashes were caused by Buffer Overruns because I can see them in the code. The trouble is the project is so big and important it was cheaper to buy a Mac to run it on than to spend time porting the thing to Linux.

I'm quite happy about that however as it has lead to us moving to Macs on mass at work. However I do worry that when we upgrade to Intel Macs this code will no longer run.

In that eWeek article one of the guys quoted states that OSX allows any code in memory to be executable which suggests that Apple isn't using the no-execute bit. Anyone actually know if this is true.

Regardless of any of this, I don't think buffer overruns will lead to viruses as we know them on Windows, they don't on Linux. However the chances of being hacked are higher, especially local user root hacks (a big issue for people adminstering University computers).

Sum Jung Gai:

You can assure me all you like, but unless you can prove:

a) you have initimate experience of the workings of OSX Intel.

b) you know more about computer programming than I do and actually understand the buffer overflow issue as well as I do.

I'll choose not to take your word for it.

pog... I know I cannot ask for your code and what exactly the error was on the intel processors but again, the intel PCs have different BIOS and different architecture than Mac-Intel computers. I know if buffer-overrun occur on a platform with a poor code that can be used as a base for the attacker's code. Buffer overrun exploits can happen on Mac-Intel but it assumes that Apple has not managed to protect its memory properly.
This conversation will not go anywhere unless I see some code that causes such error on your intel based PCs.
As for your mass move to Apple hardware I can only say... damn you are lucky to work at such environment! Cause here at my work we have Micro$ucks "running" on my servers and the only thing we are secure about is our job until they move to Macs.

the 'F ' clearly stands for fu*kwit

The PowerMac with the Intel chip was released to developers seven months ago, the Intel iMac has been in people's hands for what, two weeks? No reports of "intrusions" to date. On the other hand how long was the Vista Beta in the wild before the first viruses appeared? I think it is safe to presume the problem does not come from the CPU but from the OS.

"don’t feed the literary monkeys"

I've seen those at the zoo.
They hurl pieces of paper with the word "poo" typed on them at passersby. Mean little simian literati!

No, no exploits will ever appear on Macs - ever. Please remind all Mac users that they have no need for any security - not now or ever. And while you're at it please send more hate mail to the IT security firms (Symantec, et al) so they just drop developing for the Mac - what a waste of money and effort! In fact, all security firms should drop the Mac OS from their portfolio of products and lay off all their Mac developers - yes, that's how it should go!

That would be a great scenario!

Pog:
Have you tried your code on a PPC-linux?
That could be a fun experiment...
http://www.penguinppc.org/about/distributions.php

"I've seen those at the zoo.
They hurl pieces of paper with the word "poo" typed on them at passersby. Mean little simian literati!"

And the word "poo" is usually mispelled, as well.

Here's how I explain Mac security to people.

5 basic ways to get hacked/a virus.

1. Brower runs bad programs (Switch to Firefox)
2. Email runs programs (Use Thunderbird)
3. CD autoruns (Can turn them off)
4. Services running (Can turn off)
5. Downloading and running manually.

So by default Windows has all 5 problems, but by default the Macs have #5. Really there will ALWAYS be #5, but that's hardly automated. Nothing will ever stop #5, all OS's have that problem... still with the first 4 not applying to Macs, it makes them much safer on the whole. Of course with the right setup a Windows PC can be just as safe. Most people are unaware HOW to do that however.

Pog:
I'd also like to hear about how your code runs on a iMac Core Duo or MacBook Pro (when they ship). If it doesn't crash on the Intel based Mac, can we then assume that the crashing is not the CPU's fault? Even run it under Rosetta, that should prove the point just as well, since ultimately the code is being translated for the Intel processor.

I heard somewhere that Rosetta even translates command line programs, not sure if this is the case for X11 programs like yours.

MDN: Do us a favour, please could you run a database of these fatuous predictions from moronic journalists who know nothing. Then run a page once a month or once a quarter with their email addresses so we can all email them and ask them if anything has materialed yet in accordance with their predictions.

I really want these idiot doomsayers and WinPC apologists to suffer...

Tera Patricks Rules!!!

Finally someone gets it right.

POG - Intel chips are no more susceptible to buffer overruns than any other chip
Bad code is bad code and a buffer overrun is a buffer overrun.
It would behave badly on any CPU

When he said " 'The shift to Intel processors from the Motorola Power PC processors will make it easier to create software exploits for Macintosh systems, and could result in a steady stream of Mac exploits in years to come," perhaps he meant that the hackers know how to write viruses and spyware for the Intel chip.

- Mark

No, Mark. Of the 100's of thousands of virus gems out there, you won't find any -attacking the chip - they all go through a hole in Windoze. We need to tell eWeek it's the old parody "It's the economy, Stupid!" morphing to "It's the OS, Stupid!" The OS provides an abstraction layer awaay from hardware. Windoze' abstraction was done with contented cows...

PPC is not even made by Motorola It's from IBM, isn't it?

<body>
charlie, Luke:

Here is a quick summary of the history of PPC:
PowerPC is a Reduced Instruction Set Computer (RISC) microprocessor architecture created by the 1991 Apple-IBM-Motorola alliance, known as AIM. RISC existed before the PPC. The story began with IBM's 801 prototype chip in the late '70s. This eventually evolved into the POWER architecture, introduced with the RISC System/6000 in early 1990. That led to the development of RSC (RISC Single Chip) in early 1991. IBM approached Apple with the goal of collaborating on the development of microprocessors based on the POWER architecture. Soon after, Apple, as one of Motorola's largest customers of desktop-class microprocessors, asked Motorola to join the discussions because of their long relationship, their more extensive experience with manufacturing high-volume microprocessors than IBM and to serve as a second source for the microprocessors. At this point Motorola already had its own RISC design in the form of the 88000 which was doing poorly in the market, and Apple already had 88k prototype machines running. Since the new POWER single-chip solution could be made bus-comparable at a hardware level with the 88000, that allowed both Apple and Motorola to bring better machines to market much faster since they would not have to redesign their board architecture. The result of was the PowerPC (Performance Computing) specification. (PS. not many know that there were PPC versions of Windows NT, Solaris, AIX Unix, and OS/2).
Now, in 2004, Motorola exited the chip manufacturing business by spinning off its processor business as an independent company called Freescale Semiconductor. Around the same time, IBM exited the personal computer market completely by selling its line of PC products (which used Intel processors) to Chinese computer manufacturer Lenovo and focused their chip designs for PowerPC CPUs towards game machine makers such as the Nintendo Revolution, Sony's PlayStation 3 and Microsoft's Xbox 360.
(Click here for more information, from which I got the above info, with modifications)

Man.

I am not a programer or even an Engineer, but I am a Tech analyst and I know when people are spreading useless and detrimental BS.

Sum Jung Gai:
What the HELL are you hopping to achieve by making completely baseless statements to answer REAL problems?
The difference in instruction set, Bus architecture, cache architecture and memory architecture makes the possibility of buffer over/under runs a real issue, despite your unsubstantiated statements to the contrary. (which by the way put you in the same league as that eWeek writer)

Just because the code is similar between the intel & PPC port, doesn't mean the OS will not be affected by the COMPLETELY different underlying architecture.

MacDoctor:
I have also been Using MAC's since 84 and your statement of no Viruses on the Classic MacOS is factually wrong.
There where about 4,500 reported virus/exploits on the classic mac, some of which I had the pleasure to deal with as a network admin for a couple of University labs, as well as a publishing house.
This is no where close to MSWin's 75,000 or more viruses & trojans but saying they don't exist is completely false.

Everyone:
Freescale=Motorola SemiConductors.
PPC=created by AIM
AIM= Apple, IBM, Motorola

and.
Even as OSX is inherently more secure then Windows due to its UNIX separation of User vs Server space, it does have some of the same design problems as the Unices which underpin it.

Even as we are reveling at the lack of reported exploits, we should be conscious that as the number of informed Linux and OSX users rise, the number of educated and informed Unix hackers increases, theoretically raising the potential number of Evil Script writers with enough knowledge of UNIX security issues, to create problems for OSX.

(ESPECIALLY with the rise of Linux in China/India, the former USSR and Latin America)

It really doesn't help anyone to say "If not now, then Never".

BY the way, something really funny about eWeek, is that it actually used to be a weekly rag called MACWEEK, a Mac digital content creation professional tabloid, up till 97 or 98 when they changed their name to eWeek because of WindowsNT making great strides in the content creation market.
Around the same time the publishing of MacUSER-US was stopped by zdnet, and a number of other old Mac industry rags where put to pasture, as the corporate publishing industry had predicted the demise of Apple. (especially when Adobe, Quark and a number of 3D applications where ported or given Parity on WINNT4)

seabasstin....

Not to question your credentials, but I wonder where you arrived at the 4,500 number describing how many {classic} Mac viruses there were ...
I've been a Mac-head since the 68k Performa (OS 7) days .. and it seems to me I remember reading an article, back then that there was only something like 70 (or so) which Mac users had to contend with ...

(I had the one called "SevenDust" once ...that was a real pain)

It would be interesting if someone knew of of a list, somewhere which showed all the viruses which affected Macs through the years..

not sure how up to date this is ...
but just for the heck of it .. I Googled "Mac Virus" and found this list of viruses which affected the Mac ...

http://www.macvirus.org/database

I also found this comedy piece about the OSX "Opener Script"..

http://www.zdnet.com.au/news/security/0,2000061744,39164062,00.htm

But then, I just consider the source

mac dood,

That database only had 28 viruses in it... That definitely cannot be comprehensive.

And that other one was hilarious!

anyone know where I can get the 97 keynote?
impossible, right?

Oooookeeeey, just to put a damper on the Mac security lovefest we have here, but the x86 architecture does make it slightly easier to write exploits than PPC did. It's basically all to do with the endianness of the instructions. The Problem for hackers with PPC was that they had to make sure than any code they wrote didn't contain any Null-Characters, as these would be viewed as the termination of the value sent to the buffer, and the machine would ignore anything following. This requires a bit more skill when coding, so x86 should make it slightly easier. However, you still have the problem of finding an exploit, getting in and then spreading you payload, and it seems most malware writers nowadays are too dumb or lazy to do that, so they just create some script and attack the easy target - Windows.


PS: I'm not very knowledgeable at machine code, I just remember following a very interesting demonstration of how PPC buffer underruns could be exploited and what the differences were to x86, so the terminology might be a bit off, but you get the idea anyway.

MW: covered: have I covered evertyhing above?

Well the truth finally is leaked out. OSX is full of security holes just waiting to be used by hackers as things are moved to intel. This is truly the end of Apple. From the drop in sales of laptops to the stopping of production of computers to Steve Jobs dumping Pixar in a bid to get money to bail out Apple it is obvious that Apple is going out of business. The only thing holding them up is iTunes and as Napster and Yahoo take over the market over the next 12 months Apple will run out of money and have to file for bankruptcy.

The computing industry will all finally be running Windows Vista on Intel to produce a fast, efficient and secure computing platform. Finally an end to Apple and unix!

http://ciac.org/ciac/bulletinsByType/bul_vendor_list.html

The above is a comprehensive list. 4500 ? ROFLMAO, give me a break.