Hackers are finding ways to hide inside Apple’s walled garden

Discussion in 'all things Mac' started by ronjor, Mar 2, 2021.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    109,613
    Location:
    Texas
    Patrick Howell O'Neill March 1, 2021
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    Interesting article! I'm also not sure what to think anout this. It's good that they make it harder for malware, but security tools should have the ability to inspect apps and the OS. This would make me reconsider if I will buy a Mac in the future. At least on Windows, security tools are still quite powerful and advanced.
     
  3. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    461
    Location:
    Dallas, TX
    Well, for one thing, the 1% attacks they are talking about that succeed are typically government-sponsored level hacking... against which almost everyone is essentially defenseless anyway. (The iOS attack example the article gave allegedly involved NSO Group, a company that self-describes itself as "creat[ing] technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe.")

    Secondly, while they mention that macOS is moving in the direction of iOS... I would argue there is a large gap between the two. There are definitely still security tools for macOS, although one process perhaps can't read the memory of another process quite as freely as on other operating systems (however I had thought Windows and Linux isolated memory access by process just as effectively, and the news that macOS is more secure in this regard is a bit of a surprise).

    Lastly, as the article points out, this is likely the trending direction for all operating systems...
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,333
    Location:
    Member state of European Union
    The OS does not know if a program is a security program or a malware. Every program is just a set of instructions.

    Many companies sell these kind of tools to different governments. Some don't discriminate against governments in oppressive, even totalitarian regimes.


    Stortz definitely hasn't looked recently at statistics of PC sales and demand. During pandemic work-from-home remote work era demand for PCs increased tremendously.
     
    Last edited: Mar 3, 2021
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    I'm not sure what you mean with this? I'm saying that security tools should have special permissions that allows them to get control over apps. The OS shouldn't cripple them.

    Yes exactly you can't do any serious work on smartphones.

    This was also news to me. And I must admit, if the macOS can succesfully block "process memory reading" it would be very cool. I believe in Windows it's still possible with Win32 apps, not sure about UWP apps. So I do support certain OS restrictions but not all of them.

    Also, I wonder if it will also block "process memory modification" because this is still a big problem on Windows, there are plenty ways to inject code. And if you read the article, they mention that the macOS isn't immune to in-memory malware, so security tools should be able to tackle this and shouldn't be crippled by OS restrictions.
     
  6. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,333
    Location:
    Member state of European Union
    Technically they use similar techniques, APIs etc. How would you automatically differentiate security tool from malware? You can't do that technically. Maybe some company-to-company agreements and background checks, but this would lead to very limited number of security vendors that could publish security tools for macOS. Even then they can't guarantee that these tools will not make any rogue things on the OS in future after some update or rule out possibility of private signing key leakage.
    To make things even more confusing sometimes they are both: remember Avast data collection problems? Avast was both a spyware and security tool at the same time.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    I have read this thread with great interest. I am not very knowledgeable in the areas being discussed. I do recall that, a while ago, Microsoft brick-walled certain areas of Windows such that my 3 favorite HIPS apps were killed by it. In any event, my 99.99987601% bullet-proof security for both Windows & Mac is primarily based on my imaging software. NOTHING beats restoring a clean image from an external hard drive. Nothing. Zero. Zip. Nada!
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    I believe this should be possible via code signing. So only security tools that are audited by Apple should be able to inspect the system on a deeper level. I would really hate it if security tools on the macOS would become crippled. On Windows, I don't believe this is the case, even after PatchGuard was introduced in Win Vista back in 2006, security tools can still be made quite advanced.
     
  9. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,333
    Location:
    Member state of European Union
    Audit is very costly and time consuming. You would also need to audit every single update to these products to be sure nothing wrong is not introduced. I believe this means greatly reducing number of vendors that can publish security tools. Apple would be limited by backwards compatibility for these tools, because if vendors do pay for an audit they would probably want to be sure these tools can function properly after more than 9 or 12 months.
    Maybe there is legal risk as well with creating that very limited ecosystem of security vendors.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    The thing is, there aren't even lots of security tools for the macOS at the moment. So it's not like they will have to audit many tools. And I wonder if it's even technically possible to make advanced tools like SpyShelter and Sandboxie for the macOS.
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    Of course it is -- assuming they ever become necessary.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    Well that's what the article is about, the OS has to provide certain API's otherwise security tools won't be able to monitor certain things. So it would be interesting to know if macOS provides the same API's as Windows does. For example SpyShelter is basically able to monitor app permissions and Sandboxie is using virtualization in order to protect the filesystem. I haven't seen any similar tools for the macOS.
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    Unnecessary, thus far. If such tools become necessary, I'm fairly certain that Apple won't sit idly by & watch MACs get wiped out by malware.

    OSX's Linux-based system is much easier to protect than is true for Windows... or so I have been told by multiple sources. From the beginning, UNIX was designed to be secure in the first place, & the design of Linux followed suit. As for Windows, security was an after-thought, added in by bits & pieces.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    No, the discussion is not whether it's needed or not. It's about if it's currently possible to develop advanced security tools for the macOS and if it will stay this way in the future. And it's not like the macOS is immune for malware, it's just that it's less under attack. A good example is the Firefox exploit which was aimed at Coinbase employees. Also, I'm sure you remember that Apple decided to cripple firewalls like Little Snitch and LuLu but decided to "fix" this because of the bad press, see second link.

    https://arstechnica.com/information...used-to-install-undetected-backdoors-on-macs/
    https://twitter.com/patrickwardle/status/1349488392732491776
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    Of course it is possible for Apple to do so.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    Yes that's the thing, it shouldn't be possible for only Apple to do so. Here is another example of why we need more advanced security tools for the macOS, in these attacks hackers targeted software developers by exploiting Xcode in order to install backdoors on their system.

    https://labs.sentinelone.com/new-ma...gets-xcode-developers-with-eggshell-backdoor/
    https://www.trendmicro.com/en_us/re...are--infects-xcode-projects--uses-0-days.html
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    Microsoft's built-in Windows Defender and firewall have made all other AVs & firewalls redundant. Why shouldn't it be possible for Apple do the same for macOS? Answer: it is more than merely possible. The macOS already has security systems built-in. In the past and present, those systems have been upgraded & strengthened by Apple as needed. I believe Apple will continue to upgrade Mac's security to meet changing malware threats in the future.

    The Mac I recently purchased has been "ceded" to my granddaughter Kiana, who is a college student. Her Mac is running the latest macOS, Big Sur. She has used Macs since her freshman year in High School. Never has had a security issue. I fully expect this nice situation will continue.
     
    Last edited: Mar 21, 2021
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    Except for the fact that sometimes these OS security systems can be bypassed. So I would rather combine it with third party security tools. In the articles that I linked to you can read that hackers used advanced backdoors, so I would love to see anti-loggers for the macOS.

    OK cool, does she also use Apple Arcade? I wonder if it's any good. Also, I believe that most people don't have any malware problems on Win 10. But of course Win 10 users have a bigger chance of encountering malware.
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    No, she is a busy college student with little time for video games.
    My granddaughter says that nearly all the students in her computer science class are using MACs.

    IMO, another reason hackers pay less attention to MACs is because, compared to Windows users, a higher percentage of Mac users are computer adept.
     
    Last edited: Mar 22, 2021
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    OK I see, and yes I also get the impression that Macs are very popular with students. But I don't think that macOS is more secure than Windows, it's just that it's less attractive for hackers because of the amount of users. Windows 10 is just as secure as macOS in my view.
     
  21. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    461
    Location:
    Dallas, TX
    You are probably kind of right... nowadays the operating systems themselves are getting pretty secure and it's probably pretty rare to find a kernal-mode vulnerability or security bug. However, I suspect there is still a difference in overall perceived security due to third-party programming practices and what privileges the OS allows user-mode code. That is, nowadays it's often applications that have vulnerabilities, and it depends upon what rights the OS allows the application to determine just how big the impact crater will be from the blast.

    I would argue that Windows had a history of allowing broader rights to applications and, as a result, a few years ago it was not uncommon to have a vulnerability in Internet Explorer blow up an entire PC. That sort of thing has been much rarer in macOS. I can't say why exactly, but it's just a fairly strong empirical fact. I just don't know of any Mac users that have visited a website and then had all sorts of random popup windows, trojans, ransomware, and the like. Granted, that sort of thing is probably much rarer on Windows now as well... but there was a strong history of it about 10-15 years ago. That's largely where I think most of the perceived difference in security comes from.

    I would also argue that Macs aren't just popular with students. That's true, of course, but it makes it sound like they are only useful to students and that once they graduate people step-up to a better OS. It makes it sound like macOS is training wheels, which is completely inaccurate, IMHO. I would argue that even among many computer professionals and professional software developers Macs enjoy an over-representation (i.e., if overall macOS user market share is something like 10%, I would suspect that the number of software developers that use Macs is elevated... say, 20-25% of all developers). Among the technically literate folks that I know, at least, that tends to be the case... more use Macs than would be assumed based upon statistical averages.

    However, on the other side, this perceived preference for Macs is weighed down by the fact that many developers are somewhat hostage to their target audience, target platforms, and corporate standards. That is, if your company wants you to develop a Windows program because 85-90% of their customers use Windows, then it only makes sense to perform your development on a Windows PC. Cross development isn't generally fun or worth the hassle. So the fact that I see so many professional developers and technical IT folks using Macs in the face of such pressure sort of speaks volumes. One reason they can do so is that Macs have fairly robust support for VMs and make it pretty easy to support macOS, Windows, and Linux on a single platform. I'm not saying that Windows doesn't also support VMs, it's just that this sort of thing is pretty clean on a Mac. It's tough to explain, but it is better than Windows... because Windows is pretty antithetical to Linux, while macOS not so much.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    From what I have read it's just as easy to get malware up and running on the macOS as it is on Windows. I haven even posted a few links in this thread. So it's a myth that macOS is more secure than Win 10 in my view. The difference is that it's less likely you will encounter malware on Mac computers. If MacOS had the same amount of market share as Windows it would be different.

    I didn't mean to say that it's only popular with students, I have even read that more and more companies are switching to Macs.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    And one reason why macOS may seem more safe is of course because of the "walled garden", is it true that most Mac users download software via the Apple Store? I actually see this as a disadvantage, I want to be able to download and install apps from any website. But anyway, we all know by now that app stores from Google and Apple aren't bulletproof, people have lost $1.6 million because of a malicious app that was available on Apple's App Store.

    https://www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million/
     
  24. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    461
    Location:
    Dallas, TX
    Yes, I would say it is probably true that most Mac users have downloaded at least some software via the Mac App Store (MAS)... however, that is not the same as saying most macOS software is installed from MAS. I'm sure it widely varies by person, but I would say that probably one-third (1/3) of my installed applications are from the Apple Store. It's definitely higher than on Windows, where I almost never use the Microsoft Store to download and install applications; but far less than the smartphone marketplaces where on an iPhone 100% of your software has to come from the iOS App Store.

    In general, there is no compulsion. Most macOS developers offer a direct download version and a MAS version of their applications. The versions are typically very much the same, although the MAS version is required to be sand-boxed so it often has a few more warnings, permission requests from the user (i.e., do you allow this application access to this directory?), and on occasion, a feature is missing as compared to the direct download version. Most people balance the convenience of MAS versus the feature-completeness of the direct download version... and make their selections accordingly. So, little add-on applications I tend to download from MAS for convenience; however the large productivity applications I tend to direct download from the vendor.

    I think one would have to be pretty foolish to assume that all software on MAS was completely safe. Yes, Apple vets the applications submitted, but they must get thousands of applications and version upgrades of applications per month, and most of the "vetting" is likely just an automated code review that checks for obviously malicious behavior. More detailed, human reviews probably only occur with the apps with significant numbers of downloads or expected to have significant numbers of downloads. And, of course, once Apple discovers a particular app is malicious, it removes it as soon as discovered. That is still better than no security, or the wild-west of the direct download public Internet where no one is culling malicious software. Is it perfect? No.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    OK thanks for this info, I didn't know about this. But I definitely prefer downloading apps directly from the developers site, I'm not into app stores. The Windows Store is pretty crappy, I tried to download a videogame, but it couldn't install, what a joke. And of course most of the time I download apps via well known software sites like Softpedia and SnapFiles who often link directly to the developer site.

    But on Windows 10, you should be easily able to stay safe with Win Defender and Win SmartScreen. Of course there is no such thing as 100% security so that's why I'm using extra protection tools like for example OSArmor, Sandboxie and SpyShelter. Not to forget about TinyWall, outbound control stays very important. I would do the same on macOS.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.