Apple Engineers missed a key opportunity to implement an industry-standard technology in their latest operating system that would have made it more resistant to hacking attacks, three researchers have said. Known as ASLR, or address space layout randomization, the measure picks a different memory location to load system …
ASLR offers protection from vulnerabilities that have not been fixed and even not been published yet
I agree that full ASLR deployment would be better but the real advantage of ASLR comes into play when one has insecure code. Tilo Muller states in "ASLR Smack & Laugh Reference",
"ASLR is not a replacement for insecure code, but it can offer protection from vulnerabilities that have not been fixed and even not been published yet."
By insecure code one obviously means not just a piece of code but the entire design of the system. There are fundamental differences between the way Windows systems are built using heavily interlinked parts vs the OSX system. Hence code vulnerabilities lead to fewer exploits. OSX still has issues but they are not as systemic as on the WinX systems where you do want to randomize since there are already so many entry points.
Also, on 32 bit address architectures, address space randomizations are fairly ineffective.
from the paper "On the effectiveness of address-space randomization"
"The resulting exploit is as effective as the original exploit, although it takes a little longer to compromise a target machine: on average 216 seconds to compromise Apache running on a Linux PaX ASLR system. The attack does not require running code on the stack."
Essentially, there aren't enough bits to do an effective and thorough randomization on 32-bit machines.
I think 64-bit systems are up next ...
I guess that's one reason the upgrade is only $30.
Mine's the one without the Apple logo on the back.
Would that be the same DEP that Microsoft introduced with XP SP2, and that came with Vista from the start?
Does the shipped version of Snow Leopard support Blu-ray out of the box?
Does this really matter?
Next time you do an article about ASLR, can you provide real-world examples of why anyone should care about this? At the moment it just seems theoretical and abstract. I'd like to understand if there's a genuine, practical advantage to this technology, as opposed to it just being a thing that security researchers wank on about.
ASLR by M$
Probably the way M$ implemented ASLR will be cracked open thanks to their history of poorly implementing industry standards.
M$ security will be as usual: useful as a chocolate fireguard. Will see when Win7 is ahead of XP.
Does the shipped version of Windows support Exchange out of the box?
Regarding Blu-ray, the natural home of that niche product is on DRM-infested MS boxen. Who buys content on little plastic discs these days?
And it's probably a good thing that SL doesn't include DEP given the hundreds of thousands of XP exploits out there. Doesn't look very secure to me.
Re: Does this really matter?
Yes it does matter, the vast majority of vulnerabilities in software for the last decade have been buffer overflows which are made harder by technology like this.
ASLR = security theatre?
Look, if a run of the mill dynamically linked application being legitimately loaded by the OS can trivially find out where the DLL routines are that it needs to call, so can a selfcontained exploit looking for bits of code/data to abuse, even if the exploit uses a rather different mechanism to get its code loaded.
On that basis alone, ASLR is just pointless. Security pointscoring, that's all.
@AC ASLR = security theatre?
Please can we have more discussion of this? The thought occurred to be also. I spose it might make it difficult for the skiddies to do stuff easily, but the people who actually know how to hack? Doubt it.
I guess the scoreboard will tell
I don't know much about this, but I still haven't had any security problems with my Mac, ever. And neither has anyone else that I know of. On the other hand, EVERY Windows user I know has.
So I'm just saying.
No, ASLR isn't pointless. This is all about how the exploit enters the system. Of course if you could execute arbitrary code to do the DLL searches then exploits would be so much easier, but ASLR exectly tries to prevent execution of arbitrary code.
Jumping to conclusions like you do is what gives us the poor security.
And @ AC 08:08 about DEP: I think you misunderstood what DEP (Data Execution Prevention) is. It sounds like you're saying that if XP implements some security feature, everyone else should _not_ implement it. Consider what DEP is and you'll see that it makes perfect sense to implement from any security perspective if you have the means and ressources.
Why I'll be avoiding Snow Leopard thanks to Sony.
Some of the early adaptors I know have been bitten on the backside by the upgrade. I run a video production company and know a number of other people who work in the industry. Many of us now shoot onto Sony SxS media. This media inserts into the Expresscard slot on your Macbook and allows for fast transfer of HD footage.
Mate of mine buys Snow Leopard on day of release, inserts an SxS card and there is an immediate Kernal panic. Others report exactly the same thing.
Sony, as usual, are sitting on their hands and say there might be a driver update by the end of the year.
Now I'm reluctant to blame Apple on this occasion as this is Sony we're talking about who have a long history of badly written drivers so it should come as no surprise when their drivers fall over after an OS update. But shame on Sony for not pre-empting this with the Beta releases and then taking so long.
So video professionals with their £200 a throw cards and £6000 cameras have been hung out to dry by Sony.
It's because all their devs are working on the iPhone OS
They've just left a few chimps on OSX to turn out a basic service pack to keep the Mac fraternity happy.
Re: ASLR = security theatre?
ASLR is designed to make exploiting buffer overflows a statistical improbability.
Arbitrary code execution requires the attacker to place an address either on the stack or the heap. They can't use relative addresses. That address needs to point to either:
1) their exploit code; or
2) a known stable set of instructions that they can use as a trampoline into their exploit code.
Option 1 - with an executable stack ASLR makes it all but impossible to predict the location of your exploit code on the stack, because you don't know where the stack starts. With a non-executable stack your exploit code is almost certain to live on the heap. ASLR makes it all but impossible to know the location of the heap. In other words you might be able to redirect program flow but only to a random area of memory, so no arbitrary code execution.
Option 2 - with ASLR there is no address in memory where you can know the contents with certainty, because the OS randomises where it places its functions. Trampolining is therefore impossible, and even if it were you still have no idea where your exploit code is located as per point 1.
ASLR can't and won't protect against trojans etc but it makes buffer overflows very hard to exploit unless you can have many, many attempts which are much more likely to either draw attention to the attack or crash the target process leaving you nothing to attack.
OSX not implementing it fully is an odd decision if only because the poor programming of 3rd party app providers *will* reflect badly on Apple just as the poor programming of Win apps that result in exploits reflects badly on Windows. Implementing ASLR properly won't fix the programming errors (they're likely to result in crashes) but at least your OS holds the apps hand and stops it executing arbitrary code.
With the growth of OSX and the move towards ASLR aware Win programs expect a change in the apparant security of OSX vs Win as we see more OSX exploits and less WIn exploits.
"Does the shipped version of Snow Leopard support Blu-ray out of the box?"
Um... I dare say it doesn't offer any more support than XP or Vista out of the box, or do you mean out of the PowerDVD 9 box?
ASLR doesn't make much sense on a Mac!
It randomizes when the OS ist started, which happens once or twice a year on a Mac :)
Please restart your computer
"the measure picks a different memory location to load system components each time the OS is started."
so does that mean the more often you restart your machine the more secure it is? I guess my PC has just always known better than me after all
different machines => (mostly) different randomisations
I'm willing to concede that in all likelihood there's a hole somewhere that means an exploit can carefully watch and if it waits long enough manage to map out a route to the heap/stack, though I'd imagine that might take a suspiciously large amount of code to go unnoticed.
Re: I guess the scoreboard will tell
I *have* had security problems on my Mac: I recall the viruses like Scores, nVIR and WDEF in, um, 1987–1991 or thereabouts; none of them actually did anything malicious. Also I recall a few years back my Mac was suddenly appallingly slow and I realized I had accidentally turned on Windows file sharing: legions of zombies were trying to pwn my machine....... entirely unsuccessfully of course, aside from the performance hit that went away when I killed the service.
I'll be installing SL as soon as it comes out.
Re: ASLR doesn't make much sense on a Mac!
It doesn't matter much how often the randomization happens as long as there is SOME degree of randomization. Otherwise all machines running such-and-such-OS will have component X in memory location Y; with any degree of randomization this goes away regardless of the infrequency of the reboot. (My Mac has been rebooted about 10 times in the last year, because I sometimes carry it to the living room to watch movies.)
@ Mr C Hill
Fully paid member of the Mac Fan club here..
Which wazzock installs a new operating system on the day of release on a computer which pays the bills?
Please do not winge about 'specialist' kit not working, my Devonthink OCR software is also broken under Snow Leopard so I will take a breath and wait for it to be fixed before I upgrade like all other mac users with a brain.
You stated - "Yes it does matter, the vast majority of vulnerabilities in software for the last decade have been buffer overflows which are made harder by technology like this."
Show me an instance where this has been a reported real world problem on a Mac, in the last decade.
It does reallly matter.
Did you read the part about how the last two winning Pwn2Own hacks would not have worked if this technology was in place?
What a load of BS
I am getting VERY fed up with the crap The Register drool out re Mac security.
Yeah Apple should listen to some jumped up p***k who wrote a book.
Yeah Apple REALLY need help with security. Look how awful OS X security is. lol
ABSOLUTE DRIVEL FROM START TO FINISH.
I really don't know why I bother with this site.
You poor little Windows-sufferers still desperately clinging to ANYthing that will stop the continual and inevitable gains OS X has made for years and will continue to make and take share away from you sorry losers. lol
Erm, why would you want to restart your computer on a regular basis?
Oh yeah, if your running windows you have to - silly me!
Since I got my shiny new MacBook, I haven't actually needed to reboot it. I close the lid, it sleeps, I open the lid and it immediately awakes. Macs are clever like that.
XP tries to do this and no doubt, Windows 7 has a good go and rousing from sleep quickly. Unfortunately, after a few days, Windows XP starts to slow down and crash, so the standard procedure is "Why don't you try and reboot, to see if that'll fix it?" - what a joke.
So yeah, there's not much point in ASLR for Macs, because most users rarely restart their OS - that's a windows concept.
Right, time to don my flame "retard"ent pants to deflect the inevitable remarks from people who haven't actually owned a Mac, but still manage to convince themselves that Macs are overpriced bunk, as they view the world through their telly-tubby Malware infected copycat OS.
(BTW, I use windows XP and Debian at work)
god damn it... when will all these mac tards realise that...
1) yes macs are not security hit (yet!).
2) if MAC OS was as widely used as much as a fu**ing windows OS, ie. home / business users... i guarentee it would be as much infested as windows as hackers / virus makers would have a purpose for making them..
3) there is no current need for mac viruses as viruses taget home users for their bank accounts / games usernames passwords to steal identities...
4) if you seriously think mac would be this secure, if it was ussed as much as windows, then you need to go hide behind your little bubble mummy wrapped you in and say there is no bad in this world.....
i ahte mac vs windows arguments........ its just like mobiles... no1 thought they would be hacked for criminal purposes, until they got as popular as they did!!!!!!
get a grip! mac is not targeted as it is mainly used by Graphic designers... and lets face it, what tsh point in hacjking a graphic desingers PC.. to hacking a windows PC that hosts millions of accounts..... see thep point now mac tards..
PS im not a windows bummer im just stating the obvious to all these losers
Are we missing the point?
I thought OS X was built on top of an open source BSD kernel? Given that ASLR is available in OpenBSD is there more to this than meets the eye? Maybe Apple are bypassing the kernel and/or need to know where things are in memory because the location is hard-coded?
You can blame Apple for many things, but upgrading an operating system on a Mac is so much simpler than with Windows. The Apple migration wizard for a new computer works really well, and so much better than on Windows. I say this from the viewpoint of a Windows desktop user / Ubuntu server maintainer. BUT Apple still have a long way to go to provide a proper networked environment, with centralised user accounts & profiles.
One day they will give us what we need, not what we want...
ASLR vs number of reboots
Wow, just wow. The fact that you only reboot once a month does NOT mean that ASLR is worthless. If you think it does then please stop reading any of the security articles, or at least stop posting comments on them.
If you *never* reboot your OS it's still massively advantageous to have ASLR because at least that way your Mac has a different memory layout to mine (and everone elses) so it's not possible to use the same code to exploit more than one machine. It's the stable environment that makes mass exploits possible - ASLR removes that stability and is valuable for any OS.
Oh good god!
This thread is painful!! Right, here we go, sorry if it's too much truth at once but:
* Windows has its insecurities, its advantages and its disadvantages
* Mac OS X has its insecurities, its advantages and its disadvantages
* Linux (*all* distros) has its insecurities, its advantages and its disadvantages.
Now can we all stop being win/mac/lin-tards and just see the bigger picture - security is important for every OS, no OS is above patching security flaws, implementing the latest security techniques and requiring AV software. Every machine, at some stage, is going to be targeted by some sort of malicious attack regardless of the OS its running. Some are harder to crack than others but lets face it - hackers love a challenge!
I'm sure some are wondering which OS this prophet of truth uses - I use linux at both work and home (fedora and AIX at work, and I used to use fedora at home but got a dell netbook so am stuck with ubuntu NR for a while).
"BUT Apple still have a long way to go to provide a proper networked environment, with centralized user accounts & profiles."
Now that's just plain fucking bullshit, have you even seen an OS X Server environment.
OSX uses a Mach based microkernel with FreeBSD based userland. So it's a little more difficult that lifting Free or OpenBSD's implementation of ASLR. Which doesn't excuse their present half-arsed effort.
As others have pointed out, ASLR is not much better than security theatre under a 32-bit OS (but better than nothing). However on a 64-bit OS it is a genuinely useful tool, but just that - another tool among many to be used to protect your systems. It is no magic bullet, anyone who claims that for any security technique is selling snake oil.
Lay off the strong lager. It makes your post look like it was typed while riding a cola roaster.
There is a real good reason few hacks are available for the Mac - no-one in their right mind uses one. Gartner shows 3% OS usage and Net Statistics shows nearly 5%, either way, going nowhere very, very slowly.
Mr. Jobs has always taken pride at the speed in which OS X boots and launches applications. As far as can tell from online technical documents, that is done using caching and pre-linking tricks that make address randomization impossible.
"XP tries to do this and no doubt, Windows 7 has a good go and rousing from sleep quickly. Unfortunately, after a few days, Windows XP starts to slow down and crash, so the standard procedure is "Why don't you try and reboot, to see if that'll fix it?" - what a joke."
Ever think that may have something to do with a poorly written third-party driver (if you've tried it on your Mac, the Boot Camp drivers to me seem incredibly poorly written), or a piece of hardware that doesn't implement sleep states properly? Apple can make everything work because they control everything - Microsoft only controls the software, and can't prevent crap third-party peripheral manufacturers from writing crap software which messes up the Windows UX.
As for another comment, which says that ASLR isn't needed because OS X is secure by design, you are talking a load of rubbish. Both Vista and 7 have been written using Microsoft's SDL for one, and have been written using a layered approach to security. The reason that ASLR is needed isn't as a primary defence against attacks - it's in case there happens to be insecure code (which there will be in any complex piece of software) and other defences fail. If a malware author has to try to jump through many different hoops to try to attack your machine then they're not going to bother. That's why most Windows malware now relies on making the user run an application as an administrator.
I'm surprised that no-one has pointed out that Snow Leopards ASLR is no worse than the ASLR that Linux ships with by default. And, yes I know there are more comprehensive implementations avaliable, but hardly any distro's uses them
Something strange in a register comment: Common Sense!
This is about security, not Mac vs PC
This article is about OS security, not a platform war. :-)
Any measures that any platform can use to reduce the methods hackers can use is always good. It is foolish to think that anyone is protected from all hacks just because they use a specific OS.
Apple shouldn't be attacked for not implementing this specific technique, perhaps they have their reasons. But any prudent user knows that you can never be too careful these days.
Regarding rebooting (and Windows).
I turn off all of my systems at the end of every work day, regardless of OS (XP, Vista x86 and x64, 7RC, 2003 and Kubuntu). I don't always do the same things each day on every computer so there is no reason to simply sleep the computer. Some of the computers I only use once a week for a few hours. And I'm never that childishly impatient that I can't wait 30 seconds for bootup in the morning.
And my off-site Internet Server which is running Server2003 runs 24:7:365 and maybe gets rebooted 3 times a year at most, so all this Windows hate is totally unfounded.
>but I still haven't had any security problems with my Mac, ever. And neither has anyone else that I >know of. On the other hand, EVERY Windows user I know has.
Good job you don't know me then, tight as a gnats chuff. On the other hand, my bro has an I-Mac that has had a couple of 'issues'.
Its not the computer/OS, its the user that is the weak point. Live with it and learn.
Never mind whether the system "requires" rebooting every day, my 'leccy bill was so high last month, I can't afford NOT to switch my computers off every night!
64 bit kernel?
This is somewhat off-tangent to the security issue, hope yous don't mind.
It would seem unless you know otherwise, the snow leopard _default_ boot kernel is the 32 bit one (Unless you run an Xserve).
Moreover, apparently only Mac Pros, MBPros 15/17 and some iMacs I believe get the ability to choose to boot into 64 bits.
So even if you have a 64 bit chip, you may not necessarily get the 64 bit kernel. Early (unconfirmed) rumours on Macintouch suggest even the new unibody 13 MBP cannot boot into 64 bits. Let alone the host of us who just have plain ol' MacBooks.
Why they choose to discriminate against MacBook people with 64 bit chips is beyond me.
" Ain't that a bit racialist ? "
The nerdiness factor of a 64 bit kernel is obvious.
Or are they planning to shoehorn 32 bit chips only into the lower end.... We gonna see Atoms in MacBooks soon?
Apple u R t3h F4iL
SIgh....when will Mac users learn from Win users
@ Mr Weekender - I have, i run one. Its shit. On afp shares alone I have to restart the fecking thing every few weeks because it has decided to reject all access for no reason. PC environments equivelant (Win2K3) hasnt had an issue yet. As for user accounts and profiles we tried it, again its shit. Went back to AD. I cant argue it has a very pretty desktop but it just sits there now as an extremely expensive 1.5TB storage module. Oh yes....almost forgot the bulk update that installs certain software you are constantly remove it. Apple....get a clue.....if we take it out we dont want it updating never mind being cheeky bastards and re-installing it. Any extra securtiy on any platform (I play with Solaris too) is always welcome.
Rant over back to the point of my comment title. In the past month XP user reported a pop up during a browsing session, they had promptly closed the session and called us straight away. Result was no malware installed and user ok to keep going. Where as a Mac user, fortunately not where I work, brought round a macbook. It seemed they had actively gone out and tried to get as much malware as possible loaded onto it. Had previously suggested they install ClamAV, they did then removed it because they found they updates annoying!!!!!!! They then stated that Mac's are safe and never get infected.
While most of us in this industry know how to keep ourselves safe, none of us can say the same of all of their users.
Troll because the ones above too stupid to understand my point will be ignorant to assume I am one
Market share malware myth
When will idiots stop making this bullshit claim that Apple's smaller market share is the reason there's so little malware for OS X?
Take note cretins, OS 9 and BeOS both had a much smaller market share than OS X, but many, many times more malware written for them. Linux powered iPods number in the thousands globally yet they had a virus in the wild. Crackers will attack any platform, even those with a tiny market share.
is Apple have no clue or concept of security. Apple product have always been of very poor design and very low quality and the same goes for the poor rehash of linux Apple call MacOS.
The number of maleware running on mac is growing rapidly due to the fact that a large number of brainless zombies give in to Apple (toxic)smoke and mirror. The more peoples use Apple's pathetic excuse for a computer the more flaw will be discovered in MacOS. But since Apple is proven to know nothing about security, prepare yourself for the fireworlk.
OK, there was no commercial for doing ASLR on the kernel because there is no evidence that anyone is cracking it. Keep the costs down guys.
What other specious reasons to criticise Apple can you come up with? 'It doesn't run norton anti-virus'? 'those one-click backup devices you can buy at airports don't work on apple'?
Don´t you people understand that MACs are way more secure than windowz. Mac dosen´t need any socalled industri standards as MAc is simply better than that. MAC is secure and there is no need to change that.
Re: whatever next?
"......no commercial for doing ASLR on the kernel because there is no evidence that anyone is cracking it......"
So, insecure by design then?
This attitude to secure code development is copyright to MS circa 1992. At least they've learned the bloody lesson that saving a few dollars by doing it the easy way is a short cut to a world of hurt.
"the poor rehash of linux Apple call MacOS."
well you're obviously an expert on this topic, I will listen to everything you say
It is odd ...
Because ASLR has been in Ubuntu since Hardy.
"The number of maleware (sic) running on mac is growing rapidly "
And what malware are you referring to exactly? There are maybe a handful of trojans (the user is the problem) and NO viruses. But hey, don't let reality intrude on your blind hatred of Macs.