Apple Hires Former OLPC Security Director

imamac writes "It seems Apple is seeking to beef up security by hiring Ivan Krstic, the one-time director of security architecture at One Laptop per Child. 'Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security. His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it's rather trivial to launch exploits against the Mac.'"

So trivial there's only one

[SuperKendall (25149)]

So trivial in fact to launch an exploit on the Mac, that there's only one in the wild - and that's a trojan in a pirated application.

I guess the challenge of the PC ecosystem is what draws in the thousands of viruses and malware applications they get.

Re:

[abigsmurf (919188)]

Just because there aren't many around, doesn't mean it isn't trivial, it just means there are few malware developers who think it's worth their time.

Not entirely sure why. It may only be a 10% user base but you've more exploits being found for OSX than Linux and windows, fewer mechanisms to make it harder to infect a system through an exploit and a userbase that, is mostly connected to the internet with no anti-virus software

Re:

[MoonBuggy (611105)]

You're right, the number of exploits doesn't necessarily mean it's a more secure system, but the fact that (as you say) there aren't a proportionate amount to the size of the userbase does seem to imply decent security.

I personally haven't heard of any exploit in the wild except the trojan, for which the user has to be willing to provide their password to any old bit of software with unknown providence - to be honest I don't know how one could protect against that on any system. If there are other exploits

Re:So trivial there's only one

[Soubrause (1429687)]

The malware industry has barriers to entry just like anything else, until we can make $x it's not worth any investment. OSX user base isn't big enough to generate $x yet. Even after that when x is 20% of y why not get $y for the same investment.

Microsoft & their partners also advertise bounties on exploits encouraging people to try and find them first so they can be patched, this adds to what is found considerably. I've never seen Apple pay for but have seen them deny holes that were handed to them.

I've seen OSX exploits that didn't require any more interaction from a user than those aimed at windows in farm environments; no reason something similar isn't out there on a site we've never gone to.

Firewalls and proxies exist because some of us know better than to think our OS is secure.

Re:So trivial there's only one

[Anonymous Coward]

If the marketshare argument was true then there wouldn't have been any viruses for pre-OSX Macs either. But there were; lots of them.
There were also viruses for the Apple IIGS, hardly a market leader.
That's a tired old troll you have there, sir.

Re:So trivial there's only one

[Phroggy (441)]

If the marketshare argument was true then there wouldn't have been any viruses for pre-OSX Macs either. But there were; lots of them.

Malware was different in those days. Yes, there used to be Mac viruses. Nowhere near as many as DOS/Windows viruses, but a lot. They were mostly transmitted on physical media, not downloaded over a network; most of them were written before TCP/IP support was included in the OS. Most of the holes that allowed the old viruses to spread have been closed, and there just aren't that many holes that new viruses can take advantage of.

Old-school Mac viruses were created by people looking for a creative way to make a virus because it was a fun challenge and it might gain them a bit of notoriety; there was never any profit in it (and most of the viruses weren't deliberately destructive, although some of them were accidentally destructive due to bugs). Modern malware authors are in it for the money.

Since the OS itself is really pretty secure these days, the best way to spread Mac malware is to trick the user into deliberately executing your code for you, clicking through all the security warnings. If you're in it for the money, that's the approach you'll take. If you're not in it for the money, there's no technical challenge in that! Anybody could make a malicious application that looks like a fun toy, so what's the point?

And if you're in it for the money, there's more money to be made on Windows right now. As Macs grow in popularity and Windows users start keeping their antivirus software up to date, the balance will shift, but it hasn't shifted yet.

industry amnesia

[Gary W. Longsine (124661)]

"If the marketshare argument was true then there wouldn't have been any viruses for pre-OSX Macs either. But there were; lots of them. There were also viruses for the Apple IIGS, hardly a market leader."

These and other inconvenient truths of the malware "market" are ignored, universally, by the industry trade press, and a surprising number of "security experts". There were worms exploiting Microsoft SQL Server on web servers when Apache + any of several other db had as much or greater market share. Th

Re:

[el americano (799629)]

So they're only vulnerable to the hobbyist hackers... where are the successful malware examples from that group?

If the argument is that it's not worth anyone's time, then shouldn't you say that we don't know how vulnerable it is? I don't trust Apple implicitly, given how buggy early releases of many of their product seem to be, but this unfounded speculation does seem to be a popular troll that's used equally effectively against Linux. Try being a bit more responsible.

Re:

[dhavleak (912889)]

I totally agree with you, but
grrr.. trust /. to degenerate the topic into "Macs are swiss cheese.." "no! widnows is swiss cheese".. etc..

I'm really interested in hearing about Krstic's security philosophy and it's merits/demerits. I found this talk on zdnet [zdnet.com] but there's only about 5 minutes of actual security architecture info in it at around 40:00 into the video. Oh, and there's also this BitFrost overview on Wikipedia [wikipedia.org]. I think there are some cool concepts there. The idea of sandboxing all apps into con

Re:

[imamac (1083405)]

Was hoping...we could all learn something.

You must be new here.

That argument was bullshit two years ago

[SuperKendall (25149)]

The malware industry has barriers to entry just like anything else, until we can make $x it's not worth any investment. OSX user base isn't big enough to generate $x yet.

Price out botnets of a few hundred thousand nodes. Now figure there are 20-30 macs around, which are to some degree homogenous systems and thus in theory easier to target.

Your argument goes straight to hell. When the number of intel macs in peoples homes crossed about five million, the "user base" argument went straight to hell from both

malware barrier to entry

[Gary W. Longsine (124661)]

The barrier to entry most commonly cited as the largest barrier protecting the Mac, prior to the CPU transition of the Mac platform, was Apple's use of the PowerPC, which allegedly required that malware authors know PowerPC assembly language. This argument ignored:

1. the fact that plenty of malware existed for the old "System 7" and Mac OS 8/9,
2. the fact that anyone who knows x86 assembly can buy a book and write a perl script to convert their egg from x86 to PowerPC, then clean the rest up by hand. They've got the skills. They've got the hubris. They've clearly got the time, particularly when so much malware was authored by people just trying to demonstrate their prowess and make pranks, and
3. the fact that with all this malware, a small fraction of cr@X0rz are actually proficient in assembly, and the eggs are used by legion skript kiddiez who do *not* know assembly, so there was plenty of PowerPC mad skilz available.

Those people are still around, plenty of them, even though the most widely discussed malware is now part of profit seeking black market enterprises. Some of them are writing remote systems management code which puts Tivoli to shame. (e.g. Some of them are clearly bright enough to learn Objective C in a weekend, as they already know C, C++, C#, and x86 assembly) They are writing malware for Symbian, even though the statistics indicate that iPhone dominates the mobile web market. (Symbian has more browser instances on the planet, but they are not actually used by people to access the web, so you're not going to capture many passwords infecting those phones).

In fact, it's time to really start wondering: Where's the Mac OS X malware?

At some point we security experts must begin to consider the possibility that Mac OS X might be protected by more than it's niche market share.

Re:

[dhavleak (912889)]

Sure. Here is a tip-of-the-iceberg paragraph [wikipedia.org] from Wikipedia that explains it.

Re:

[mdwh2 (535323)]

but the fact that (as you say) there aren't a proportionate amount to the size of the userbase does seem to imply decent security.

Not at all, that's a non-sequitur. Why are you assuming there would be a linear relationship between users and exploits?

If anything I would think it highly likely to be non-linear - if the vast majority of virus writers prefer to target the most popular platform (which does not seem unreasonable), then that means they choose Windows. That's true whether Windows's market share is

Re:

[nscheffey (1158691)]

I personally haven't heard of any exploit in the wild except the trojan, for which the user has to be willing to provide their password to any old bit of software with unknown providence - to be honest I don't know how one could protect against that on any system.

Luckily, Ivan Krstic knows how. From a CNET article [cnet.com] about Bitfrost:

Instead of blocking specific viruses, the system (Bitfrost) sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user. Viruses are left isolated and impotent, unable to execute their code.

Re:

[tenton (181778)]

Viruses are left isolated and impotent, unable to execute their code.

I have something in my inbox that can fix the impotency right up. At least that's what says it does.

Re:

[dhavleak (912889)]

Instead of blocking specific viruses, the system (Bitfrost) sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user.

Yep. This approach is super-interesting. He also claimed that there is a 0% CPU overhead from using this approach and some ridiculously low memory overhead. I forget the number - but I promise you it was ridiculously low :).

This approach also results in an overall reduction (cleaning up?) of IPC mechanisms. So the approach doens't sound free/easy from an engineering standpoint -- it will either require apps to be re-authored or make exceptions for apps that need to use certain IPC mechanisms (or perhaps u

Re:

[Weedhopper (168515)]

That's a cute semantic game he plays with security and safety. You could switch the two words around and sell the same snake oil just as well.

John Gruber's wrong about the anchored shift selection, too.

Re:security vs. safety

[DECS (891519)]

In the dictionary that ships with Mac OS X:

Security is defined as "the state of being free from danger or threat" and Safety is similarly defined as "the condition of being protected from or unlikely to cause danger, risk, or injury."

Security comes from the Latin securitas or securus "free from care" while safety comes from the salvitas or salvus meaning "safe."

So if there were any real nuance of difference between being safe and being secure, then security would have the edge in meaning over "feeling safe", while safety could be said to imply actually "being safe." But the words are really interchangeable, and how you use them can suggest either.

The real discrepancy that needs to be pointed out between the Mac and Windows is that while Microsoft has recently invested more into building a fancy security infrastructure, Mac users continue to both feel safer and to actually be safer in the sense of being free from danger or threat.

There is clearly no immediate or impending threat to Macs, and there is little in the way of market forces or that wishful thinking pundit invention of "hacker pride" that will result in something to turn Macs into the disaster that has dogged Windows since the late 90s.

What pundits like to do is equate low risk, self-injury actions with high risk, difficult to escape from events. This is straight up misinformation mixed with fear, uncertainty and doubt. For example, nearly everyone is claiming that:

* Downloading iLife warez that pretend to be stolen software
* from a non-trusted source
* assigning it privileges to install on your system
* and then finding that you have installed a background process that does something ugly that you can trivially remove

is the same as:

* Trying to use Windows to browse the web and use email
* finding that you've been automatically infected with adware and viral malware without knowing it
* then finding that your PC is also self replicating attacks or sending spam on to other systems
* then realizing that the design of Windows' registry makes it difficult to clean things out
* then noticing how much of your CPU capacity is being used to protect you from all of these threats via malware and virus scanners
* then finding out how expensive it is to spend hours cleaning up the mess yourself, or alternatively paying some Nerd Patrol $300 to "diagnose" that your PC is hosed.

They are not the same, and only a liar would keep suggesting that Mac and Windows users face the same dangers and threats. If you're paying attention, you'll notice that those who keep suggesting this almost always work for an Anti-Virus company working to make money off of Mac users. This shouldn't require any help in dot connection.

Kaspersky Sells Mac AntiVirus Fear Using Charlie Miller... Mac AntiVirus Foe [roughlydrafted.com]

Re:

[someonehasmyname (465543)]

>> more exploits being found for OSX than Linux and windows

I don't believe that for Linux, and I certainly don't believe that for Windows.

Face it guys, OS X is built on a BSD userland with the same OpenSSH you all know and love. It uses the same owner/group/others file permissions. It ships with an excellent firewall, and no open ports by default.

IMO, it's as safe as Linux. The smart users will only ever see trojans and home-dir-deleting "viruses", and the dumb ones that type their

Re:

[v1 (525388)]

it just means there are few malware developers who think it's worth their time.

Because scammers are only interested in BIG payoffs, and would rather go hungry than to merely rip off a minority?

Last I checked, scammers aren't picky about who they take advantage of. They take advantage of anyone they can, every chance they get, however minor.

Re:

[macs4all (973270)]

Honest question, why are Apple releasing security updates if there are no security exploits in their software?

Honest answer: Because you are confusing a (theoretical) VULNERABILITY (which ALL OSes have), but which have not been "realized", and an EXPLOIT (which is deliberately malicious code RELEASED IN THE WILD that leverages a VULNERABILITY). The OP and the GP were obviously referring to OS X EXPLOITS circulating in the wild, of which there simply are NONE.

I know it sounds like I'm splitting hairs; but it is a VERY thick "hair"...

Re:

[obarthelemy (160321)]

for the same reason kids are getting shots against almost-disappeared illnesses ?

Re:So trivial there's only one

[ihatewinXP (638000)]

Yeah I would say a citation is needed here. Zero day exploits exist - on every system - but as a Mac user since '99 and a Windows admin since I can tell you no matter the skill level of the user: Macs dont get viruses. Period. Full stop. Yes I saw the embedded trojan in iLife and the zero day sploit that got the guy a free laptop recently but as a person who has really seen a wide cross section of computers and users all the way up to Vista it is decidedly two different worlds.

Im glad Apple dropped the "100% virus free" moniker from marketing as has been pointed out it makes them a target - and good job on hiring forward thinking people in _all_ facets of the business. Now just get ZFS plugged in as the default file system and I will officially drown myself in kool-aid.

And I hate to even point this out but look at the submitters username. If you just got to /. since the mac ads came out you might want to sit back and listen for a few. Years. I know I did.

Re:

[phantomcircuit (938963)]

Macs simply do not have enough market penetration to be profitable. That is the only reason that they have less malware.

Re:

[abigor (540274)]

The number of Macs out there is orders of magnitude larger than the largest botnet. Yet no Mac botnets exist. Why is that?

Re:

[mdwh2 (535323)]

It doesn't matter, they're still harder to find due to being less common. You're also assuming that a hacker can take over 100% of machines he finds, which is unreasonable. It's not like they just round up the machines, they have to get their malware spread to machines - firstly it's easier to spread viruses with a vastly more common platform, secondly, you have much better penetration. Supposing I am only able to take over 1% of machines I attempt it on - suddenly having to find all those Macs seems a lot

Re:

[abigor (540274)]

How is it a lot more work? You scan massive blocks of ips and run your remote exploit (which the summary assures us is trivial) against them. As the botnet grows, it joins your scanning/exploiting effort. Even if you got only 1% of all Macs, that would still be completely enormous. You'd think SOMEONE would have tried it by now. But no. So maybe remote exploits aren't so trivial after all.

So maybe we have to resort to other malware. One of the main vectors into Windows is the classic malware-infested web pa

Re:So trivial there's only one

[Mr2001 (90979)]

So trivial in fact to launch an exploit on the Mac, that there's only one in the wild - and that's a trojan in a pirated application.

Cute. Does that mean PC defenders get to ignore all the computers that have been infected by trojans too?

According to that logic, I think we'd find that Windows is nearly as "secure" as OS X. Most infections happen because people are stupid enough to run any program that promises them free smiley-face cursors, not because of vulnerabilities in the OS.

Actually yes, sort of

[SuperKendall (25149)]

Cute. Does that mean PC defenders get to ignore all the computers that have been infected by trojans too?

Sort of, I would excuse all of the pirated stuff or things that get in by installing codecs to watch that "Special video". It's stuff that is only going to target a small percentage of users (unless you feel like claiming more PC users pirate stuff which may or may not be true).

Of course PC's also have categories of malware that act as desirable applications from the user to download over the web, and t

Flamebait summary

[GreyWolf3000 (468618)]

"His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it's rather trivial to launch exploits against the Mac."

Public knowledge? Public knowledge? I doubt the "public" really thinks it's trivial to launch an exploit against the PC.

I feel like I just listened to a 5 year old arguing to another 5 year old... "EVERYONE knows that YOUR operating system IS STOOOPED."

Re:

[CODiNE (27417)]

I feel like I just listened to a 5 year old arguing to another 5 year old... "EVERYONE knows that YOUR operating system IS STOOOPED."

Why can't his operating system stand up straight?

Re:

[clang_jangle (975789)]

Amusing that the Apple haters who drone on about how "insecure" OS X is don't have any malware they've written for the Mac they can demonstrate. But they sure can blow that hot air!

Can't we all just get along

[docbrody (1159409)]

Prediction:
This thread will soon devolve into a flaming argument between Apple Fanbois and Apple FanBoi bashers.

I am so tired of both sides arguing about Apple that I wish Slashdot would just remove the Apple section from the site.

let the games begin

And in other news...

[dave562 (969951)]

Apple execs have put down their glasses of marketing Kool-Aid and joined the real world. They're obviously trying to get out ahead of the potential security holes in their OS, and they recognize that, despite what the fanbois will say, OSX is just as vulnerable as most other topics. Luckily for Mac users, none of the system crackers seem to care about gay porn or graphic design files.

Re:

[dave562 (969951)]

..vulnerable as most other OSes. (How I got "topics" out of OSes, and why I didn't preview before posting are left up to the imagination of the reader)

Re:

[99BottlesOfBeerInMyF (813746)]

Apple execs have put down their glasses of marketing Kool-Aid and joined the real world.

Apple has always been a bit erratic when it comes to security, owing to their odd blend of cultures. To suggest, however, that they've been ignoring security is more than a little misguided. Leopard included the addition of a MAC framework ported from TrustedBSD, an application signing framework, and ACLs restricting some exposed services (like zeroconf) that would have been vulnerabilities otherwise. Apple has done a very good job of shipping an OS hardened enough to deal with the level of worm and virus

Ha

[bonch (38532)]

despite public knowledge that it's rather trivial to launch exploits against the Mac.

It's not public knowledge, and the only exploit going around recently was one you had to download in a pirated application. Nice little troll slip in the summary there.

Re:

[Jeff DeMaagd (2015)]

There is a difference between active exploits and security holes. There are very few known active exploits, but there are holes as far as I remember, and given a little time, a hole will be exploited if not patched. I don't think the security hole where a contestant won in a MacBook in a recent Pwn-To-Own contest got fixed. I don't recall that one as requiring the user to run as administrator or root, unlike past Pwn-To-Own contests.

Re:Ha

[broken_chaos (1188549)]

Someone seems to be methodically modding down any comments that disagree with the submitter.

Re:

[H0p313ss (811249)]

Someone seems to be methodically modding down any comments that disagree with the submitter.

Must be the terrorists!

Re:

[imamac (1083405)]

WTF? I just realized that this is my submission verbatim, but it's someone else's name...

Re:

[imamac (1083405)]

Sigh. Nevermind. I'm going crazy.

Low hurdle

[argent (18001)]

When the competition is Windows, you don't need to be Marcus Ranum or Bruce Schnier to stroll over the hurdles... with crutches.

Re:

[bluefoxlucid (723572)]

Marcus Ranum would suggest you shut Windows Update off, completely, and never turn it back on [ranum.com]. Just use an ancient version of OpenBSD with no patches applied, running Apache from 1995. It's never had a security hole in anything because it doesn't suck.

Re:I am lost here . . .

[chuckymonkey (1059244)]

Let's see here. The guy that invented a good security system (nerd) is hired by a large corporation (news). So far we have nerd and news covered. Now let's see, how does this matter? As macs gain popularity they also garner the interest of people looking to make exploits for them. Apple is trying to head off the tide a little so they can still market as being more secure than their main competitor. Personally I'm a Freebsd/Linux fan, but for all the mac users out there I think that it matters. So there you have it, News for Nerds, Stuff that matters. Or maybe News about a Nerd, Stuff that Matters.

Re:

[bluefoxlucid (723572)]

Specialized security system, which can be easily evaded by replacing the kernel. kexec() is built into those kernels (I've raised this a few times, I don't think anyone cared) and last I checked (which was several months ago, mind you) it worked if you were root (trivial, no root password). The laptop's refusal to boot an unsigned kernel can easily be handled by an init script that kload()s a new kernel and kexec()s; the software mechanisms in place to protect the laptop are now moot. This is, of course,

Re:I am lost here . . .

[DragonWriter (970822)]

Pray tell the relevance of this article?

The Bitfrost system developed for OLPC (which is, AFAIK, completely open) is a comprehensive approach to security, data reliability, theft deterrence, and centralized management of computer systems designed for what amount to massive enterprises with extremely non-technical users.

Apple picking up the designer of that system could be seen as an indication of directions they may take in the future. Its "News for Nerds" even if its not entirely clear, obviously, how much it will turn out to be "Stuff that matters".

Re:I am lost here . . .

[caladine (1290184)]

Apparently they think now might be a good time to start battening down the hatches. They don't want to make mistakes like they did with the iPhone. Who seriously leaves a JTAG enabled and on the board of a production phone?

Re:

[orospakr (715849)]

How can threats from untrusted code (or vulnerabilities in trusted code) be able to exploit a JTAG header on the board of the device?

Unless, of course, you think that the owner of the device is somehow a "security threat"? I keep meeting people who think this, and I really don't understand it at all...

(actually, Krstic's Bitfrost system is *does* implement some local physical security, but that is to address a very specific threat: theft)