Charlie Miller, the security researcher most well known for his Safari exploits that earned him cash and free MacBooks in the last two Pwn2Own contests, sat down with Tom's Hardware for a lengthy interview. He detailed several areas where Apple could improve security for both Mac OS X and Safari, but ultimately, he still recommends Macs over Windows for most users.
Miller stressed that the exploits he has used took significant effort to develop. "Yes, I took down the Mac in under a minute each time," he told Tom's Hardware. "However, this doesn't show the fact that I spent many days doing research and writing the exploit before the day of the competition." He said if he were to sit down at a machine and be told he had two minutes to hack it, he wouldn't be that successful.
For browser security, though, he praised Google's Chrome for its per-tab process sandbox. "Sandboxing helps [security] quite a bit, if done properly," said Miller. "Basically, the attacker has to get code running and then figure out how to get out of, or break, the sandbox." Safari doesn't currently employ any such sandboxing techniques.
Further, said Miller, Mac OS X doesn't fully implement current security techniques such as "no execute" memory space protection or address space layout randomization. "The idea is there will always be bugs and vulnerabilities in software," he said. "But you can make it difficult for attackers to get code running on the system—and even if they do, limit the amount of damage that can be done."
Miller described the NX bit and ASLR techniques as tough to defeat if properly implemented. "Between these two hurdles, no one knows how to execute arbitrary code in Firefox or IE 8 in Vista right now," he explained. While Apple has adopted ASLR somewhat in Leopard, it's not as complete as the implementation in Windows. "In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me."
If pressed to recommend an OS between Windows, Linux, or Mac OS X to an average user, Miller would still choose Mac OS X. "I'd say that Macs are less secure for the reasons we've discussed here—lack of anti-exploitation technologies—but are more safe because there simply isn't much malware out there," concluded Miller. "For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them."
Listing image by TippingPoint DVLabs
reader comments
13