PDA

View Full Version : Snow Leopard & Potential Security Improvements



decryption
27th June 2008, 10:23 PM
Remember that guy, back in 2007 who won a MacBook Pro by remotely gaining user level access to the laptop (http://daringfireball.net/2007/04/interview_dino_dai_zovi)? His name is Dino Dai Zovi and he recently wrote a column about what he'd like to see as potential upgrades to OS X's security in Snow Leopard (http://blogs.zdnet.com/security/?p=1325). Some good points are made:

Real ASLR (address space layout randomization).
Full use of hardware-enforced Non-eXecutable memory (NX)
Default 64-bit native execution for any security-sensitive processes.
Sandbox policies for Safari, Mail.app, and third-party applications.
Mandatory code signing for any kernel extensions.

Huy
27th June 2008, 10:38 PM
Those points remind me of Windows Vista and improvements made over XP.

Just saying. Snow Leopard is a bit like Vista in that way, under the hood changes. :)

matthewk
27th June 2008, 11:21 PM
Just saying. Snow Leopard is a bit like Vista in that way, under the hood changes. :)

Huy, but remember there are a couple of differences. First off 10.6 will improve upon OS X code, not Windows XP code.

And then there was Aero. Glass especially didn't run on much.

But those are a wish list of security features, hopefully Apple listen and implement all of them. We don't want to see OS X to be hacked into faster than Vista again (http://www.tuaw.com/2008/03/28/macbook-air-knocked-out-quickly-in-cansecwest-contest/).

Peter Mount
27th June 2008, 11:23 PM
Those points remind me of Windows Vista and improvements made over XP.

Just saying. Snow Leopard is a bit like Vista in that way, under the hood changes. :)

:eek:

Couldn't you have chosen a better comparison?

Alucard
27th June 2008, 11:38 PM
The problem is that vista also mucked around with the functionality of the OS, while snow leopard doesn't look like its going to try to do that.

The biggest problem is that vista asks you hundreds of times if you want to run something. Also, certain programs (like wow) need admin installation or something that isn't default, in order to run. Not sure if they fixed this.

I imagine snow leopard wont have a very noticeable change, and will result in a few people screaming that these should have simply being leopard updates. Just my prediction, based on not much at all.

AnthoMac
28th June 2008, 12:21 AM
I love the idea of Snow Leopard. Trim up the post 2000 OS X code and then as a result all the features should run much faster for the end user. Win situation towards developers and consumers.

As OS X gains popularity the emphasis to tighten security is paramount as more consumers go online and such.

The Goat
28th June 2008, 02:14 AM
GRUBER: Are there any precautions you think typical Mac users should take that they arenít now?

DAI ZOVI: I would recommend they make their primary user account a non-admin user, I think that is a reasonable compromise between usability and security. I would also recommend that more security-conscious users create a separate keychain with a 5 minute timeout for important passwords. Even if the user is using FileVault, a separate encrypted disk image for sensitive financial or personal documents is another simple and prudent measure to protect your personal information.

An interesting read thank you decryption and the recommendations above don't even have to wait until Snow Leopard.