Insecure Leopard???

[venky83]

While browsing through ZDnet Blogs came across this article titled Researchers pooh pooh Mac OS X Leopard Security by Ryan Naraine and thought of sharing it with you all:

Quote:

The first independent reviews of the security enhancements in Mac OS X Leopard are in — and they’re not entirely pleasant for the folks in Cupertino.

First up is Heise Security’s takedown of the new application-based firewall in Leopard, which Apple promises will specify the behavior of specific applications to either allow or block incoming connections.

However, Heise Security’s Jürgen Schmidt finds cause for concern:

The most important task for any firewall is to keep out uninvited guests. In particular, this means sealing off local services to prevent access from potentially hostile networks, such as the internet or wireless networks.

But a quick look at the firewall configuration in the Mac OS X Leopard shows that it is unable to do this. By default it is set to “Allow all incoming connections,” i.e. it is deactivated. Worse still, a user who, for security purposes, has previously activated the firewall on his or her Mac will find that, after upgrading to Leopard, the system restarts with the firewall deactivated.

In contrast to, for example, Windows Vista, the Leopard firewall settings fail to distinguish between trusted networks, such as a protected company network, and potentially dangerous wireless networks in airports or even direct internet connections. Leopard initially takes the magnanimous position of trusting all networks equally.

(More at Techmeme)

The new firewall in Leopard isn’t the only security feature being pooh-poohed by security researchers. According to Thomas Ptacek (right), co-founder of Matasano Security, Apple’s implementation of memory randomization in Leopard doesn’t make the operating system immune from virus and worm attacks.

[ SEE: Memory randomization (ASLR) coming to Mac OS X Leopard ]

For starters, Ptacek found that the dynamic linker library (dyld) is not randomized. “From what I can tell, ten different Leopard Macs booted at ten different times will have the same offset to dyld,” Ptacek said in a first-take on Leopard security.

“Can I say right now that you can exploit this to take over a Mac? No. But ASLR is either something you get right, or is simply a speed bump for attackers,” he added.

Ptacek said memory randomization, also known as ASLR (address space layout randomization), removes a talking point argument about Microsoft Windows Vista’s superior security, but doesn’t address the underlying point of that argument.

Cocoa programs running in Darwin are less secure than Win32 programs running under NTOSKRNL, and aren’t even in the same ballpark as Managed C++ or C# programs.

Ptacek’s analysis also found problems with Apple’s implementation of Sandboxing (systrace) without any documentation for developers.

[Vinpin]

Does it change your mind about buying mac with leopard installed on it?

Hilalours replies there for the article. someone wrote:

Quote:

Way to much POOH in the article and the replies...

[venky83]

except for the alarm over how leopard trusts every network , the other stuff is way too nerdy for me to follow

[Vinpin]

Better article is Here

Quote:

Well, yes and no. A careful reading of the review yields a mixed assessment of its validity. Some criticisms seem valid, but others appear to stem from misapprehensions. We'll walk through it and identify which concerns appear correct and where the review went astray.

[Magnus]

In my experience, if there are major security holes and problems, Apple will address them with an update.

[prajeethpj1]

I was browsing thru zdnet and I saw this article on Leopard & Vista.
» Leopard and Vista - More alike than you might think | Hardware 2.0 | ZDNet.com
Wanted 2 share with U all