7 Comments

Summary:

While no computer system will ever be secure in absolute terms, analyzing which routes toward security the two major consumer operating system vendors have taken, ought to provide some valuable insight as to why so many of us are staunch advocates of the Mac platform, and most specifically Mac OS X.

While no computer system will ever be secure in absolute terms, analyzing which routes toward security the two major consumer operating system vendors have taken, ought to provide some valuable insight as to why so many of us are staunch advocates of the Mac platform, and most specifically Mac OS X.

Security works in layers. From protecting a computer from other networked computers to protecting it from end-users, security quickly becomes one deeply layered onion.

Disabling ALL Network Services on a Default Installation

Since 2001 and the rampant spread of CodeRed and Nimda, one would have hoped Microsoft would have had the forethought to learn from their past mistakes and establish the first very basic layer of security for an end-user, regular consumer‘s desktop operating system: ensure all listening network services are turned-off on a default installation of their operating system. The vast majority of computer users unwrap their computer, plug it into their broadband modem and turn it on. Back in 2001, the whole concept of “always-on, broadband connectivity” was not exactly new. It had been around for a couple of years. Jump forward to 2004, until Service Pack 2 came out you could still buy a windows XP machine, plug it into an unprotected network and get infected by Sasser within seconds. How bad was it? Do a google search for “Surviving the First Day“. I’m having a hard time understanding why people were not infuriated by this. I can understand the challenges of establishing more complex layers of security surrounding user interaction, but for crying out loud, you wanna talk about an easy fix, a low-hanging fruit, the simplest, yet strongest first line of defense from worms? There is not a single consumer windows user out there who has had any need for services that were enabled by default on their operating system, WHY THE HECK were they ever enabled? How hard was it to just say “oops, we’d better turn that off by default”.

Contrast that with Apple’s Mac OS X. Through today, ever since its early beta releases in early 2000, no port has ever been turned-on on a default installation of Mac OS X. Flaws will continue to be found in various services, this holds true for all operating systems, but if those services are not running, you won’t get infected through them. It’s that simple.

Provided you’ve got this basic layer covered, infecting a networked end-user computer becomes a challenge greater by many orders of magnitude: It will require the help of the user of that computer.

Protecting the Computer from its Users

To this day, a consumer is all-too-often instructed to upgrade their Windows operating system by pointing their Internet Explorer web browser to http://windowsupdate.microsoft.com/. From this point, the web browser takes a life of its own, scours your hard drive for existing software and offers you a list of updates to install, at which point you are allowed to pick which packages you wish to install. The entire update process happens inside the web browser. No I didn’t download a piece of software which I subsequently saved to my desktop, before making the conscious decision to “double-click” an installer. Nor did I run some dedicated “Software Update” agent. I just a hit a website with the web browser, and it started instantly “doing things to my computer”, and somehow, I am taught “to be okay with that”. Microsoft has slightly improved this process by introducing an “update agent” that runs in the background in one of its past security updates. While a step in the right direction, the windowsupdate.microsoft.com site still exists, is linked from many places, and will still lean on the web browser to perform the system update.

How is a mere web browser able to take-over our Windows operating system?

Through the implementation of their “ActiveX” technology, Microsoft has blurred the line between “web browsing” and “running applications”. They’ve implemented a “certificate system”, whereby no website could arbitrarily do things to your computer without your prior, conscious consent. Here’s the big problem though: While conscious, this consent remains uneducated. The vast majority of internet consumers are grossly uneducated about the possibly dire consequences of clicking “Yes” to an ActiveX dialog prompt. After all, they remember doing something very similar when updating their operating system, why should they not allow this “very cool screen saver” to install itself? As far as they can tell, all they’re doing is browsing the web, how should THAT hurt their computer? Screen savers are just images, they should be harmless right? No matter how hard we try, we will not get users to understand that they can hurt their computer by simply interacting with a web page.

This results in consumers clobbering-up their systems with spyware, adware and various forms of “malware”, calling their Internet Service Provider’s technical support complaining about what they perceive as a lousy service, when in fact, they are victims of their own uneducated lust for “free stuff”.

Microsoft Windows does not exactly help protect a computer from its user.

On the other hand, Mac OS X’s web browser, Safari, does not enable websites to attempt to modify the operating system, or install components or applications. System updates are performed via an automated, enabled-by-default, separate, Software Update Application, which warns the user about available updates, and offers to trigger the installation. This mechanism is part of its own user-interface: While updates are downloaded, it is very clear to the user that what they are doing is not in any way related to web browsing.

Philosphies: Unix and Open-Source, Application Security

Defining very precise rules under which a given application may be executed and creating a protected environment for this application’s execution have been at the core architecture of Unix-based operating systems, which were designed, from the ground-up, as multi-user environments. Those systems have had decades to mature, and Mac OS X inherits its core architecture from them. The Open-Source movement, with which Apple has had a healthy symbiotic relationship, further promotes the accelerated maturation of software through transparency.

  1. I’ve always thought the IE Windows Update utility on PC’s was a bit risky…especially considering all the security issues with IE.

    Share
  2. We mustn’t forget that:
    – administrators are regular (read: limited) users, and only by providing an administrator password tasks may be run with root privileges;
    – Mac OS X has an helpful and complex Security Server that is native to it and allows application to both manage in-application tasks and ask the user for a password with a common user interface (without providing the application itself with the password, of course :D).

    Share
  3. Well put! It’s been a long time since I’ve come across such a good article. Keep it up! / pelle

    Share
  4. Chris,

    A good article but I noticed a few things right off the bat that aren’t quite correct. If you bought a computer from Dell today and plug it straight into the net you would not get Sasser as the PC would be patched and the XP firewall would be on by default. I agree that it took MS too long to realize services need to be off by default, but in all honesty, I think they get it now. Windows Server 2003 machines were not infected by Sasser or Blaster, a sign that since MS started their “Trustworthy Computing” initiative, they’ve made some positive changes. SP2 for XP has also made some great changes, and comes with a much better firewall than OS X and has stack buffer overrun protection, which OS X also does not have.

    I think Apple has a great security record and I applaud their foresight in OS X (not making default user root and having 0 open ports by default). But MS has actually done some great things in the past few years that I’m very pleased with.

    Both companies have a way to go, in my opinion. I periodically see buffer overrun patches in both OSes (come on, it’s 2005 guys!) but I’m happy with the security on both of my OS X and XP boxes.

    Share
  5. Anonymous guy: Thank you for your insightful remarks. I agree with you, it would appear they get it now. I think. I’ve slightly updated relevant portions of the article by placing some statements in the past.

    Share
  6. [...] est security patches should be doing OK. Operating system vendors need to distinguish between “Client” and “Server” distributions of t [...]

    Share
  7. Well put! It’s been a long time since I’ve come across such a good article. Keep it up!

    Thank you for share it!

    Share

Comments have been disabled for this post