|Home » Industry Watch
CUPERTINO (Rixstep) — There's lots of goodies and eye candy in Apple's latest iteration of their computer OS X but the real news is under the bonnet. Apple are already several laps ahead of the competition as regards security, but now they've distanced themselves even more.
Meeting Their Match?
Dan Goodin's article on Lion at the Register is informative but it's also misleading. The subheader is 'Windows 7, Ubuntu meet their match'.
All praise to Debian and Ubuntu but is Goodin seriously suggesting Windows 7 (or any Windows for that matter) is secure? And that others in the industry have catching up to do? Let's hope not. But Goodin corresponded with Dino Dai Zovi and Charlie Miller, and both were nearly lyrical about what's happened to the underbody of OS X.
Lion uses full ASLR, a cute acronym for address space layout randomisation. What does it mean? It means the hack code has a rougher time of it getting things to work. Code like that comes normally with fixed addresses - the code has to know where to search and where to go. Mix those addresses up a bit and the malware gets lost.
Microsoft have been using ASLR for years - they have no choice! And look how much it's helped them. For all their marketing campaigns and impressive security projects, they're still a mess.
What's so cool about the underbody of 10.7 Lion is that most of this stuff isn't really needed today for ordinary users but it's there still the same. Whereas on Windows, that's all you get.
Dino Dai Zovi describing Lion as 'Win7++' doesn't make it any better. If Win7 is that secure, then use it by all means!
A TDL-4 'Kad' command control centre. Hacking Windows is not only fun - it's big business.
But Win7 is no walk in park, and never will be, so it's not an issue. Dai Zovi also seems to be telling Win7 users to abandon Microsoft, so it gets really confusing.
'I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users too.'
That's something everyone can get behind. Windows users should by all means upgrade to Lion. And sooner than later too.
Charlie Miller went on with Goodin about Apple's 'augmentations' of ASLR - they now use 'sandboxes' to shield critical parts of the OS from attack. Safari - a single application and a single process - has been cloned into two processes so that the program (and the rest of the system) are shielded from the part that parses web content, a huge step forward.
It's called 'Safari Web Content'. Miller explains.
'Now you end up inside this restricted process that only does the web parsing and you can't do other things you might want to do as an attacker, such as write files or read a person's documents. Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.'
Bad news for hackers and security experts everywhere.
Full Disk Encryption
Concerned about your data falling into the wrong hands? You've been a dutiful shredder, right? How about adding full disk encryption to your safeguards? FileVault now operates at disk sector level, not file level.
Jon Callas of PGP fame is thought to be behind the enhancements, having already developed a similar product before joining Cupertino again.
Apple's star continues to rise, Adobe's continues to fall.
Not many people understand what's going on at Adobe, and certainly not their own confused engineers. Word has it they're still using Rosetta four years after the transition to Intel, probably still using 'Carbonised' projects, and then they're aghast their software starts breaking. Their bug page for Adobe products on Lion is massive. In addition to the more general reports about all their other stuff breaking all over the place, they discuss Acrobat, Adobe Drive, Contribute, Dreamweaver, Fireworks, Flash Builder, Flash Catalyst, Flash Player, Illustrator, Lightroom, LiveCycle, Photoshop, and Premiere Pro.
As for complaints their Flash is too slow on Lion: the world's already passed Adobe by. Poor management's meant they've stagnated. HTML5 runs rings around anything Adobe will ever do. No more overheated computers, thanks very much.
Some of the issues confronting Adobe are extreme to say the least. Or how about 'Crash reporter doesn't appear or only appears after long delays (10-15min), 'These older versions will no longer be supported as Apple removed Rosetta support with the 10.7 release', 'Adobe recommends you continue to use Safari 5.0.x and Mac OS X 10.6', 'unable to display additional folders or files that are located in a second level folder of a mounted drive', 'Contribute crashes when selecting text/highlight color outside the color panel in Firefox'?
The list is endless, a sadistic Hitchcockian nightmare.
Apple's OS X gets cheaper and cheaper, and will be available on USB thumbs towards the end of the summer for over double the current price, but it's still worth it. The eye candy might be appealing, but it's the all-out assault on security and Microsoft spin that's most appealing.
Adobe: Access hidden user library files | Mac OS 10.7 Lion
The Register: Major overhaul makes OS X Lion king of security
Adobe: Known Issues with Adobe products on Mac OS 10.7 Lion
Industry Watch: TDL-4 bypasses Win7 security by getting into MBR