STANDING OVATION

[kickaha]

Yes, I am an unabashed Apple whore. Have been for years.

But this column is Dead Fricking On. No other company in any other industry would ever get away with it. Annoying.

Comments

[kickaha.livejournal.com]

2) Environment support for permissions safety
Task safety (deleting hard drive, renaming files randomly, other malicious acts) is something that is important, but best provided by user permissions in my mind. The real problem is one of social engineering... trojan horses, for instance, are nearly impossible to programatically defend against because it's never quite certain whether the task is one the user isn't aware of, or one they are trying to do on purpose. (Deleting a big chunk of their Documents folder, for instance - are they cleaning house, or did a trojan just get launched?) There are certain steps that can be taken to try and protect the user, but just as the developer can never be truly defended against themselves, neither can the user. Verification can be put into place, ("Are you sure you want to empty the Trash?") but more often than not, this ends up being in the way of the user after a time, and they grow to resent it. Resentment leads to click-through, click-through leads to accepting erroneous actions.

Verifiable programmatic task safety is a quagmire that I'm not positive will be resolved. The end user will always end up being the biggest hole in the system. The best we can hope for is making the obvious cases less destructive, or having the system adapt readily, such as sandboxing apps that start consuming resources rapidly. (Of course, even then it can get in the way - I had a research test run recently that was driving me nuts because yes, I really did want that one thread to be using 90+% CPU and requesting >600MB of RAM on a 512MB machine... it kept getting sandboxed and throttled back to <10%CPU when the vm determined it was a rogue process, while syslog filled with messages to that effect.)

In case you hadn't guessed by now, I don't believe that automatic verification or sandboxing is a panacea. :) Nothing can replace good design and proper idiom and pattern use, whatever the underlying technology. It is up to the designer of the system or language to facilitate that as much as possible.

With that being said, I've been quite impressed with the depth and breadth of security support design in MacOS X, from the user's interaction with the GUI down through the data structure security in the underlying APIs. Perfect? No. But given that it's gaining a nice reputation for being hard to get into, you would think that the malware folks would at least like a challenge. The best that anyone's been able to come up with so far is a couple of trojans that were rather clever, but the exploits plugged within a couple of days. I find it hard to believe that nobody is interested in making a name for themselves by being the first to crack an OS X box in a very big and public way.

Yes, I absolutely run a firewall. In fact, I run layers of firewalls from different vendors (an exploit on one won't propagate through), and I keep an eye on the logs. OTOH, I don't even *own* anti-virus software... there aren't any for it to take care of. Anti-virus software on the Mac is limited to the 37 viruses that were ever written for the original MacOS, and for people who want to be good citizens in corporate networks and not be a Typhoid Mary. Otherwise, it's a waste of money.

Between the open source core OS (Darwin) based on a number of other open source projects, the plethora of open source processes and apps included as major system services, and the strong security support at the API level for application developers, the only serious portion of the system that provide a home for hidden security holes are the frameworks themselves. While I concede absolutely that this is a concern, the obvious care that has been present in those frameworks for many years towards security is telling. The frameworks build on each other in well formed ways, and the developers at Apple do eat their own dogfood, using those same technologies. Either the security holes propagate, and you would expect to see many exploits across the system, or they are extremely unlikely to be present.