Snow Leopard security - The good, the bad and the missing Apple Engineers missed a key opportunity to implement an industry-standard technology in their latest operating system that would have made it more resistant to hacking attacks, three researchers have said. Known as ASLR, or address space layout randomization, the measure picks a different memory location to load system …
... has nothing to do with technology and everything to do with people. Others have pointed this out, but there seem to be far too many people missing it.
Every security system has the exact same weakness: human beings. *We* are the weakest link in the chain.
Now, I could bang on about how I've never had a single virus, trojan, etc. on ANY computer I've ever owned—and I've been using computers since the days when CP/M was still considered trendy. Why? Because, until the early '90s, just *getting* a virus or trojan was hard enough. But even with the rise of the Internet, the trick is *education*.
I've been writing code since 1981; I know intimately how computers work. I suspect many readers of El Reg are in a similar position. We don't "get" how people can be so "stupid". In fact, they're not being stupid. They're being *ignorant*, which isn't the same thing. The trick is to *educate* those users, instead of just swearing at them.
*
On a completely separate point: ASLR is, by definition, just another form of "security by obscurity". Either this is a Good Thing, or it's a Bad Thing. You don't get to have it both ways. Which is it?
*
On another completely separate point: Apple don't compete in the corporate sector. Microsoft do. (GNU / Linux tends to do well as a server OS too.) Therefore, pointing out that Microsoft has something like "90%" of "the market" is misleading. Microsoft have 90% of the *total* computer market, but at least 60% of that market is PCs sitting in office blocks the world over.
These market share statistics are missing something. That something is *context*.
Apple's focus is, and always has been, on the high-end *consumer* computing sector. Microsoft's share in that sector is rather lower. Strip away all that corporate stuff and Apple's share of their *target* market is actually pretty high—by my own research, I'd pin it at around 30-40% or so.
Apple's main rival in this sector is Sony, not Microsoft. Microsoft don't make home or office computers. They just sell some *components* for such computers. Like Broadcom, NVidia, AMD and Intel.
OK, maybe I am missing something in the explanation here but... every OS I have been exposed to zeros at memory at boot up time. This "bizarre" claim has me puzzled. IBM has done (on the mainframes) for eons (over 40+ years) DOS did it (both MS & IBM) and Macintosh has also done it.
*BESIDES* any decent OS always initializes memory to zero before allowing a write to the page. Now maybe non IBM OS's do not do it but the IBM OS's (z/os) does it.
@Loltards
"god damn it... when will all these mac tards realise that...
1) yes macs are not security hit (yet!)."
Yep, I've realised that my Macs are not security hit (yet!). I've also realised:
2) no-flying for whales
3) Jam not marmelade makes scone lovely fly butter side down.
"i ahte mac vs windows arguments........ its just like mobiles... no1 thought they would be hacked for criminal purposes, until they got as popular as they did!!!!!!"
You may "ahte" Mac vs Windows arguments but you seem desperate to be part of one.
Also, when you say it's just like mobiles - are you trying to say that Macs are now popular enough to be targetted by hackers? Your next piece of rant would seem to deny that:
"get a grip! mac is not targeted as it is mainly used by Graphic designers... and lets face it, what tsh point in hacjking a graphic desingers PC.. to hacking a windows PC that hosts millions of accounts..... see thep point now mac tards.."
You ARE retarded or a great big troll aren't you? Which one is it? Even if I only consider the Macs that I have seen in the workplace, none of them have ever been used by graphic designers. I've never seen a PC that hosts millions of accounts either. So, what is "thep point"? It seems to be getting more and more obvious...
"PS im not a windows bummer im just stating the obvious to all these losers"
What you're stating seems to be gibberish. Badly spelt gibberish at that. Full of typos too. Has the nurse not been delivering the correct medication? Do you have any interest in computer security? Do you have any interest in Snow Leopard? My guess is that the answer is no. What does that make you then? A troll. Or a "windows bummer". Probably both.
@Mectron.
"The number of maleware running on mac..."
Yep. "Maleware". Your arguments are going to be almost as good as Loltards, aren't they?
"is growing rapidly due to the fact that a large number of brainless zombies give in to Apple (toxic)smoke and mirror."
Yep, Dawn of the Dead but instead of slowly overrunning a shopping mall, they're buying computers via Amazon.
"But since Apple is proven to know nothing about security, prepare yourself for the fireworlk."
Apple probably know the meaning of "Security" but when I looked up "fireworlk" in the dictionary, it wasn't there. What should I prepare for?
It makes no difference how many times you randomise a number, at any given time the number will be equally random within the given scope.
In simple terms: If you have an OS component (X say) subject to buffer overflows etc. and you always load it into the same memory location then an exploit has a probability of 1 of finding that location.
However, say you have 10 possible locations (I know the number is much bigger, but hey this is simplified) on startup component X gets loaded into a random location. There is a 1 in 10 chance that any location you guess contains component X.
If you reboot then component X goes into a random location giving a 1 in 10 chance that any location you now guess contains X. However, if X is in space 1 and you reboot, there is still a 1 in 10 chance that component X goes into space 1 - so a reboot does not necessarily change the location of X. It probably will, but it might not. So at any given time X is in an equally random location, regardless of whether the computer is restarted or not.
So, assuming randomising component memory location is a Good Thing then it will be equally as good for your Apple you never restart as your Windows PC you also never restart.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
