back to article Major overhaul makes OS X Lion king of security

With Wednesday's release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say. Unlike the introduction of Snow Leopard in 2009, which offered mostly …

COMMENTS

This topic is closed for new posts.

Page:

  1. Keith Crooks
    Stop

    But..

    My dad is bigger than your dad!

    Yeah but my dad is harder than your dad!

    Well my dad is a black belt in kung fu!

    So is mine! But my dad was a black belt before your dad so my dad is better!

    Yeah well ... your dad is a big stupid stinky poo!

  2. aThingOrTwo

    Research

    Many of the comments sound like people are happy to be uninformed/ignorant.

    People should be FORCED to read the are article** explaining how things like the XPC Services framework before adding all the “Windows has had that for years” comments.

    So many people seem to have seized the ASLR and run with it. That isn't the security story in Lion at all.

    ** http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#powerbox

  3. Henry Wertz 1 Gold badge

    No leapfrog but good progress

    @Mark 65, dropping support for systems is not a feature. Especially since Apple sold 32-bit-only Intel boxes less than 5 years ago (THAT was the mistake IMHO -- they should have gone straight to the 64-bit capable Intel chips.) Windows is a joke, but continuing to provide a 32-bit version isn't a reason for it being a joke; there's no reason for Ubuntu to stop providing a 32-bit version either.

    So, obviously adding features that Ubuntu and even Windows to a lesser extend have had for years is only leapfrogging to a fanboi. But, still, nice that they have full ASLR and such.

    @Giles Jones, not true at all, ASLR isn't useless if you don't reboot. Applications should be randomized every time they are quit and reloaded. The kernel of course won't keep getting rearranged without reboots, but it still will be rearranged once, which is already enough to stop kernel exploits that can involve modifying and jumping into the kernel, i.e. "This is OSX 10.7.1, so I'll make the code at byte 75338 naughty then jump into it" won't work.

  4. Henry Wertz 1 Gold badge

    MMUs and security

    @doperative, the MMU of course has enforced memory protection between processes at least since IBM started using them in the 1960s. ASLR prevents situations where someone subverts existing code *within* the application.. usually either overwriting a portion of the program, or jumping to a piece of code in the program, where it does something different when called "naughtily" than it was intended to do. Since the locations are randomized these become much more difficult.

    @Charles 9, no. Popularity doesn't help, but Linux doesn't have so few viruses just because of that. Frankly, Unix *used* to have pretty poor security. But, the Unix community had their "Nimda"/"Code Red" moments back in the late 1980s with Morris worm and the like! So they've been improving security for over 20 years, instead of the few years Microsoft has been taking it seriously. People do look through source code for security problems; Linux distros have much more frequent updates than Windows (no waiting til "patch Thursday", a.k.a. giving exploits 30 days free reign.) They don't include massive mounds of "legacy code" (stuff dating all the way back to Windows 3.1 or even older) the way Windows does. The security systems in Linux are *actually used*, whereas Windows has plenty of access controls that are not even used, resulting in plenty of apparent security that is actually implemented by the shell rather than kernel level. An important one, Linux (as with any UNIX) has an executable bit, so you can't just download some crap into a file and expect it to execute. Windows doesn't. Finally, a nice one, if Windows (or probably OSX for that matter) got a virus, how do you know if your system files are clean? You really don't. Linux distros have a proper package manager, so comparing the checksums between what is there and what is in the packages is easy, and in fact it's entirely possible (in fact easy) to just reinstall all packages instead of "wipe, reformat, reinstall".

  5. buff_butler

    huh?

    This ASLR thing has existed for so long on other OS's. This was like how Apple "revolutionalized" their iPhone development kit with step through remote debugging... in 2009.

Page:

This topic is closed for new posts.

Other stories you might like