Confessions of a naked Mac user

Confessions of a naked Mac user

Summary: I caved in. I had all intentions of pre-emptively spending my $900 government handout on a $700 HP netbook this weekend. But I was pwned by a shiny little MacBook in about the time it took white hat Charlie Miller to hack its upscale brother, the MacBook Air.

SHARE:
TOPICS: Apple, Security
29

I caved in. I had all intentions of pre-emptively spending my $900 government handout on a $700 HP netbook this weekend. But I was pwned by a shiny little MacBook in about the time it took white hat Charlie Miller to hack its upscale brother, the MacBook Air.

So am I more secure now that I use a Mac without antivirus software than in my former life under a Windows machine with it?

The debate over Mac security compared with Windows is a long-running one. Apple considers Mac OS X so safe that late last year it removed a page on its site which Washington Post security blogger Brian Krebs had found.

Apple encouraged the "widespread use of multiple antivirus utilities" back then. Click it today, and you get the message as seen in the image below.

Apple-AV-Were-Sorry.JPG?system00

(Screenshot by Liam Tung/ZDNet.com.au)

Apple's reason for taking down the old message?

"It was old and inaccurate," Apple told Krebs. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box." It did concede that OS X wasn't bulletproof; antivirus (AV) "may offer additional protection," it said.

But how is that different to Windows Vista?

Since removing the article, Apple hasn't published a position on the issue, but Mac users on its support forum have closed the case on the matter: AV is unnecessary.

It's not surprising Apple would focus on its built-in technologies, especially when security researchers have begun paying more attention to them. Apple's growing user-base is still seen as a likely trigger for malware writers to start devising nasty payloads. Dino A. Dai Zovi, a buddy of Charlie Miller — the "prize" hacker who recently pwned a MacBook in 10 seconds — recently released his research on the subject.

Zovi's assessment was that while threats and the likelihood of attack are currently low for OS X, vulnerability is high. The chink in Leopard's armour is how it handles memory corruptions, such as a buffer overrun — a flaw that can be triggered by an attacker, which causes data to be stored beyond the boundaries of a "buffer". When that extra data is overwritten to a nearby memory location the process could crash, or allow malicious code to run.

One solution to this problem is known as address space layout randomisation (ASLR), which, according to Wikipedia, involves randomly re-arranging the positions of key data areas.

Microsoft took the lead, at least on ASLR, from the OS X cousin OpenBSD in this respect, announcing its use in the beta version of Vista in 2006.

Since then IBM security researcher Mark Dowd has tested Microsoft's implementation of defences against this type of attack in Windows Vista, looking at how Adobe Flash bugs could be used to beat them.

So am I more secure now that I use a Mac without antivirus software than in my former life under a Windows machine with it?

These defences don't stop, but reduce the likelihood of an exploit working. Dowd's work attempted to increase the likelihood of them working.

Today, OS X has fallen behind on several fronts, compared to Linux and Vista, says Zovi, whose research paper can be found here. His conclusion: "Mac OS X is significantly lacking in memory corruption defence features compared to other current operating systems like Windows Vista and Linux: ASLR, Non-eXecutable memory, stack and heap memory protections."

His proof? The CanSecWest hacking competition. Charlie Miller pointed out last week to Zero Day's Ryan Narraine about his latest exploit: "With my Safari exploit, I put the code into a process and I know exactly where it's going to be. There's no randomisation. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don't know where it is. Even if I get to the code, it's not executable. Those are two hurdles that Macs don't have."

It's interesting to see Microsoft has leapfrogged Apple on some very important counts (probably out of necessity), and that OS X could be hacked so quickly. But does any of this really matter to the user? Well, I think I'll just relish in my AV-less state for now, and enjoy the fact there aren't an army of Charlie Millers across the globe each with a $10,000 incentive to find more holes and devise payloads.

Topics: Apple, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

29 comments
Log in or register to join the discussion
  • guess again

    i've left you a little present on your desktop.
    anonymous
  • impressive

    wow you have done a lot of research on the ACMA blacklist!
    anonymous
  • @guess again

    Should i click on the link?

    Liam Tung
    ZDNet.com.au
    anonymous
  • actually

    if you could just delete all your data and then forward this email to all your friends :)
    anonymous
  • in trouble

    i'm done for. One week of Mac ownership and a blog and my sense of securuty is dead. :(

    Liam Tung
    anonymous
  • Mac with freezing of all functions!

    Thanks for the article Liam, which 'sort of,' gives me the avenue to forward to you and your readers a situation, which has and is still, frustrating me. Sorry in advance for the lengthiness of this.

    Please understand, this is an actual situation occurring now, and I am not a pro pc guy just dissing Macs. Also, this is simply my opinion, made, due to these circumstances.

    My son bought a MacBook Pro (his first Apple computer) for his first year at Uni, in January.

    He bought Apple believing them to be

    a) the most pro unit available
    b) a dependable product
    c) a reputable organisation who stand behind their product and clients.

    Upon receiving it and firing it up, it froze completely, for a short period. He put this down to teething problems and carried on. Over the next week it froze several times and soon after it was freezing more constantly and for longer periods.

    I have called Apple now about 6 times, had it to the local repairer (if you call 60 minutes round trip, local) twice, done multiple software and hardware tests, as well as reformats and a replacement logic board was fitted. But it still freezes. We even have recorded the freezing (all functions even time, frozen) on our handy cam.

    The last lot of tests Apple asked for were carried out on the 18 March and the results emailed to them as requested, that day. It is now the 26 March and no word from them at all.

    So since the unit is obviously faulty and we have only had it for around 8 weeks (three of those were spent in the repair shop and the other 5 problematic) do you think Apple will replace it? No of course not. I have asked on three occasions for a simple exchange.

    They appear to have no regard for the fact that my son is trying to fathom IT/computer science, using a computer which will freeze for no reason. Obviously making it impossible for him to concentrate on the job at hand.

    I have had to take my claim to the Office of Fair Trading (OFT) and get the authorities on the job for Apple to 'do the right and honourable thing'. We are now waiting to hear back from the OFT and Apple.

    As far as I am now concerned, since Apple refused replacement on a number of occasions, when that was all we wanted, a replacement is now unacceptable to us. A full refund is now the only alternative, as this unit is not what was promised or paid for. As such we no longer wish to remain Apple/Mac customers.

    This has been a disappointing foray into the world of Macs for us. So there's no need for me to tell readers what I think about Apple and which way I would go if I were them, buying.

    Any ideas, tips, similar occurrences?

    Thanks Steve
    anonymous
  • Yes, move to Japan

    My MacBook started playing up about 18 days after I bought it from the Apple Store Ginza in Tokyo. Called the Genius in the Shibuya Apple Store, got an appointment for the same afternoon, took it in, they looked at it, saw it was 18 days old and exchanged it on the spot with a smile and no questions asked.
    Someone, else I know with a problem MacBook that he bought in the USA just 1 week before moving to Tokyo had exactly the same experience—they changed it with a smile too.
    So your mileage varies according to where you live (and possibly the attitude you have when you speak with the Apple staff).
    anonymous
  • Thanks for verifying their unreliability

    I think most could see by the fact that I have rung, driven, tested, rung, driven, tested and so forth, it shows that I have been patient and most cordial. So the remark about attitude was quite unnecessary, particularlly under the circumstances. But thanks for the invaluable advice.

    My patience has been above and beyond what is actually necessary for a brand new, faulty piece of equipment, I can assure you.

    But thanks for your input too, as your testimony demonstrates that I'm not alone and that contrary to most reports, from our combined experiences Macs appear most unreliable (2 from 2 for you and 1 from 1 for me).

    You have been most helpful anonymous, especially the tip to move to Japan. Here it takes them over a week for things to get done?
    anonymous
  • Just complain

    Phone AppleCare and explain what has happened and that you're annoyed, disappointed and frustrated with the experience you've received. If they won't offer you a replacement ask to be put onto someone higher at AppleCare. Quite often if you get through to a higher up you are more likely to get a replacement, plus possibly some compensation in the form of an Apple Store gift voucher or free iPod shuffle or something along those lines.

    Macs are still computers and do have problems. Apple's support isn't infallible either. However, they do often do the right thing to try and make things right. My dad's first Powerbook had consistent problems throughout it's life. In the end Apple just replaced it with a brand new machine, 3 years after he bought the original.

    Some support problems can be fixed very quickly at the Apple Store. I've had the battery in my MacBook die because I hadn't charged it properly. I booked a genius bar appointment and went in. 15 minutes later I walked out with a brand new battery.

    The support you get can vary greatly depending on who you get on the phone, but generally it is one of the best support experiences around.
    anonymous
  • Mac reliability

    I started using a Mac Plus in 1986, and have ever since used Macs at work and at home. I have also bought Macs to my wife and children.
    Of the about 25 Macs purchased during these 23 years, none has had a problem upon delivery or later, and all but two still works, or worked until discarded as "obsolete and uninteresting". My eight year old G4 died last week, and an early Powerbook 500 had the infamous graphics card problem after 4 years of use... Besides clock batteries, crashed hard disks and worn out mice, no spare parts have been needed.
    Reliable? Yes, at least in my opinion...
    anonymous
  • how is sitting down in front of a computer a security threat?

    I don't think you realize that charlie's "hole" is nothing more than sitting down at his own computer and deleting data.... how is charlie going to delete data on YOUR COMPUTER without sitting in front of it? how exactly is this a security threat? are you concerned charlie or a his friend is going to walk into your front door?
    anonymous
  • Thanks

    Thanks will do.
    anonymous
  • Thanks

    Thanks for the info
    anonymous
  • Attitude

    Sorry Steve, but the comment on attitude was not directed at you and the story about Japan was to illustrate that the problem you face is with some low-level Apple Australia (if that is where you are) service staff who don't understand the concept of good customer service.
    I understand your frustration, but the headline "Thanks for verifying their unreliablity" just exaggerates the truth, probably irritates any Apple Australia staff who might want to help, and adds nothing to the rightness of your case. The fact is that your son and I both got faulty Macs out of the millions sold every year, not that 100% of Macs (2 for 2 and 1 for 1 as you put it) are faulty. We both got unlucky and that's all. As soon as the first fix failed, what he should have done was gone higher up the AA food chain until reaching a manager who could see the reasonableness of his request. If that failed, he should have sent the contents of your ZD Australia post and the videotape by registered mail to the head of Apple Australia and given him/her the chance to make it right. By elevating the dispute to the OFT and now demanding refund rather than replacement, you have pretty much tied AA's hands into waiting until the OFT comes back with a mediated solution and that could be more weeks of intense frustration.
    By the way, was the MBP bought from a reseller? I ask because the friend who bought his from a very large US PC and Mac reseller before coming to Japan discovered when he was at the Genius bench in Apple Store Ginza that it had been sold previously (and registered with Apple) to someone else who (presumably) had then returned it to the reseller who then resold it to him as new! Despite this very suspicious history and without the original sales receipt from the USA, Apple Japan changed it on the spot. The slowness of the AA response might be down to that "weekdays are just the days between weekends" ethic that can make Oz a fun place to live when you don't need something fixed in a hurry!
    I am sure you will get your money back and hope you don't have the same experience with any new PC.
    anonymous
  • Apologies

    Thanks.

    Due to my frustrations, I wrongly, read your mail as a snide remark at my expense, hence my verification remark, so my apologies.

    It was bought through Apple online here in Australia.

    Please don't get me wrong, the people I have spoken to at Apple have been quite nice and helpful, to a point. But as you say, I guess it's only those up the ladder who can make it happen.

    One young lady in particular at the Mac repairer was very knowledgable and helpful. Unfortunately though, the problem still exists.
    anonymous
  • In the meantime

    I know how you feel Steve. Since I fix PCs and Macs for a living and your son is CS student and needs a running Mac in the meantime, here are a few concrete suggestions that might pin down or even fix the problem.
    1. If he has a friend with a working intel Mac with the FireWire interface, with both machines off, connect them using a FireWire cable. Start the friend's Mac and immediately press and hold down the T key. This will boot that Mac into the Target mode and you will see a bouncing FireWire icon on the screen. Then start the problem MB Pro and immediately hold down the Option key (might be marked alt on an Oz keyboard). This will boot to a grey screen showing two hard disk icons—the internal HD and the friend's HD. Move the mouse to the friend's HD and click the arrow under it. The problem Mac will now continue the boot from the friend's HD. Once fully booted, see if the problem occurs by working normally for an hour or two running off the friend's boot disk. If everything seems normal, then the problem is in the hard disk—get it replaced. While it is running normally from the friend's hard disk, update the MB Pro firmware using the latest patch released by Apple today. This patch fixes know problems with graphics and who knows—it might fix the problem there.
    (You can run this same HD check from an external hard disk using either the FireWire I/F or USB I/F with a known good OS X install on it too).
    2. If the problem still occurs while running off a target disk (friend's machine or external), the problem is either RAM or the mainboard, which you say has been changed. The odds on two bad mainboards are millions to one against BUT the Apple service center MIGHT have reused the original RAM on the new motherboard, so download MEMTEST for OSX (free) and run it on the memory. This requires using the command line, but your son is a CS student so that should not be a problem. Allow it to run for 8 hours and see if it picks up a RAM problem. If it does, print out the report and show it to Apple. If MEMTEST shows up nothing, get hold of a copy of TechTool Pro (borrow from friend, etc.) and run it to check the various mainboard subsystems. I am not hopeful that it will show a problem but you never know.
    A very remote possibility is that the DVD drive is faulty in one of two ways: a. it is misreading the OS X installer disk and giving a bad install every time, or b. the bus interface on the DVD has gone bad and is causing bus conflicts with the hard disk. I have seen this before.
    Another very very remote possibilty is that your OS X installer DVD is bad. Borrow one from a Mac friend and try a new install.
    Both these problems should be considered possible if the machine boots and runs normally from a target or external hard disk.
    If nothing shows, then the fault is very subtle and requires troubleshooting in the ASC by a pro. You should definitely get a replacement unit.
    Hope these concrete suggestions help while waiting for the OFT to come back.
    anonymous
  • PS

    There is also a GUI version of Memtest for OSX called Rember that you can google for.
    anonymous
  • pwn2own winner says macs are safer...

    http://www.gizmodo.com.au/2009/03/winning_pwn2own_hacker_macs_are_safer_than_pcs-2.html
    anonymous
  • Bad service is not a Mac only problem, neither is bad hardware. Or bad users.

    Steve:

    The fact you state that based on 3 reported bad experiences with Mac mean 100% if macs are unreliable, sort of points at a flaw in logic.

    Actually I' say 2 of those experiences where the Macbookx were replaced quickly we're good experiences, if you will allow for the fact that sometimes batches of manufactured products go wrong. Which by the way happens with all products.

    LIke the 30 or so QLogic FC cards sold and tested to a client of mine by HP from a known faulty batch, this despite the client has paid HP to do the install, test the systems etc etc.

    The fact you are';t getting the service you want might be a problem nad it does suck Welcome to the year 2000, we collectively agree that we want good service, when we buy online.
    We get better prices and sometimes faster service, but we don;t get as good service - and certainly not after sales service when they have your money.

    When you buy online you know you're going to get a call center monkey who can only deal with standard cases - anything different will take the movement of heaven and earth to get serviced.
    Same with telcos, banks, electric company, insurance etc etc.
    If you know the company has a call center to deal with customers, you can be fairly sure that the service will be mediocre at best and absolutely horrific if you have a real problem.
    The only place I have found this not to be the case is some US companies, typically smaller ones.

    .But you can deal with that by talking to consumer affairs or equivalent department in your state.

    Yup some retailers have crap service.
    Happens in all areas.

    Want the list of all the people I know who have had problems with wintel boxes out of the box?
    All of the people I know who've had bad service experience with wintel retailers?

    I believe you can take Apple kit to any Apple dealer for warranty repair.
    I'd take the Mac to a bricks and mortar dealer and get them to deal with it.
    Apple pays them for warranty work.

    But I'd make sure your computer science student hasn't done a little something to his mac before I got too upset.
    I've worked in schools, companies and currently in a large uni in the IT area (support and sys admin, not a manager).
    I've also been a computer science student.
    I know that a lot of problems occur because people "tweak" their system to make it "run better". Often without fully reading the instructions or having any understanding about what they are doing or it's effects - or even if it is suitable for their machine
    Fred did it, so I did it. Failing to raise that they while they run the same OS, they have completely different hardware. Or maybe not even the same OS)..

    And often when it goes wrong, they try and push responsibility to someone else, lie about what they've done (which makes it hard to fix and makes it take far longer than needed), then even when you have absolute take it to court evidence that they or at least someone using their account has busted it, will deny it
    I'm not saying that this is the case with your son, but I'm saying things aren't always black and white, and sometimes the user is not completely honest.
    anonymous
  • Re: sitting inf froon of PC security threat

    Liam:
    Apple does have *some* memory location randomisation.
    http://www.apple.com/macosx/features/300.html#security
    I think it is also mentioned inthe wikipedia article you reference.

    It is only ioin libraries at this stage, but that is where a lot of the real problems are, as you need to make library calls to get into privileged address space and therefore trash other processes.

    But if you follow best practice you won't need to worry about it.
    ( I'm not naive - I do understand that no-one follows best practise)


    PBKAC
    Problem between keyboard and chair.

    Most security problems result from someone doing something dumb.
    Not listening to warnings, not understanding warnings, or simply ignoring them.

    Most problems with security, even if the root cause is not the user's fault, e.g. bad code, can be avoided by understanding the threat and using the computer carefully, bearing the threat in mind.

    The problem is really that because most people can do stuff on a PC, they think they know enough.

    Or worse they know they don't know enough, but do things anyway.

    I believe that in this day and age, people need to take more responsibility for what they do with PCs (I mean PC in the generic sense, not the wintel specific sense).

    YOu pay your bill,s probalby store your credit card number, possibly your passwords for other sites etc on your pc.
    Kids trust people at the other end of a long piece of wire and maybe get damaged by that trust.

    In any other field in life where there is that much risk, you need license.
    Merely being able to put a car in motion or get a plane off the ground in good weather doesn't allow you to drive or fly.
    Having done a first aid course doesn't allow you to prescribe medicine.
    Having had a little bit of luvk in your investments doesn't allow you to become a financial adviosr.

    But I double clicked on the IE icon and typed in www.connbnk.com.au lets you give all your financial details to an organised crime syndicate, and wehn it all goes wrong possibly hundreds or thousands fo hours of investigation are required to fix it.
    In other cases your bank (i.e. their customers) picks up the tab.
    Not to mention hyour own financial loss.
    Or in the even more serious case, your kid gets abused, or you get lured ot a serial killers.

    No where else in life can you do so many potentially expensive or dumb/dangerous things with absolutely no training, no clue and no license.

    Except on a Internet connected PC.

    Yeah I think that sitting in front a a PC (regardless of platform) is a security threat and tis one most people, really don't understant.
    anonymous