Home > System >
Protecting Your System (Local Security)

Overview

Login security is not synonymous with overall security. Computer users want to know when they buy a computer and turn it on, will they be protected or will they need to take extra steps to make sure their system is secure?

No operating system is 100% secure. Both Mac OS X and Windows XP (or at least the components that make up the operating system) has security vulnerabilities. Hopefully operating system manufacturers patch vulnerabilities as soon as they are discovered and made public. However, it's the security model of an operating system that determines how easily its vulnerabilities can be exploited. Out of the box security is intended to look at the default security model of these two operating systems when you first turn them on.

Note: This section focuses mainly on the security features of the core system itself and not of the individual applications bundled along with it such as web browsers or e-mail clients. There are two reasons we do this. First, we have already discussed these features in their appropriate comparisons. Secondly, these features are only available when using these specific applications and are not helpful to those who decide to use alternative third party software.

Why not use software for schools for your very own homeschool on a new computer and save cash with these education grants too.

Mac OS X:

Revealing of Malicious File Extensions:
By default, OS X allows you to hide your file extensions in the Finder. Just check the box next to "Hide Extension" under 'Name & Extension' in the Finder's Get Info dialog.

security_file_extension1.gif
While you can still see the file extension in the Get Info dialog, it becomes hidden in the Finder

OS X offers safeguards against someone trying to spoof a file's extension to make it appear differently. OS X recognizes common file extensions and can detect when someone is trying to append a "fake" extension to the end of a file's name in the Get Info dialog. When detected, OS X will uncheck the "Hide Extensions" box in the Get Info dialog and disable it completely causing the file's "real" extension to become visible in the Finder revealing the spoofed extension.

security_file_extension2.gif

Furthermore, when you try to spoof the extension on the end of an application in the Finder when its real extension is hidden (changing iTunes to iTunes.jpg for instance), OS X will correct this by appending the .app extension again (iTunes.jpg.app).

There are some inconsistencies, though. Using the Finder's Get Info dialog allows you to change an application's extension completely without it adding .app at the end automatically like it does directly in the Finder. Now while some applications will not function at all without the ".app" extension, but some applications don't behave this way. Rename Firefox.app to Firefox.txt doesn't prevent the application from being executable. This is a potential security risk that seems to have been overlooked.

Limited Application Privileges:
On OS X, Applications do not automatically inherit the privileges of the user account in which they run in.

OS X will ask for permission when automatically launching an application (via double-clicking a file, clicking on a hyperlink, or through the process of another application) you have never opened before. You can grant permission, deny permission, or be shown the location of the application on your system.

application_open_authentication.gif

Also, application processes requiring administrative access (software updates or modifying system files for instance) must be explicitly granted permission with an administrator's password via an authentication dialog. Without a proper password, the application will not be able to continue.

admin_authentication.jpg
Authentication dialogs show what application is asking for permission

To see more details regarding what you're authenticating, click the arrow next to 'Details'. This will show the end user what application is requesting permission and what they are requesting permissiong for. Hovering over a blue label will display an arrow. Clicking the arrow reveals the location to the item's location on your system.

admin_authentication_details.gif
While these dialogs may still be too cryptic for the average user, it's at least a step in the right direction

Secure System Preferences:
All preference panes in System Preferences that contain system configurable settings (such as the built-in firewall) will display a lock icon in the lower left-hand corner of the window. When the preference pane is locked, the user is prevented from configuring any system-related settings.

system_preferences_lock.gif
Clicking the lock icon will toggle between "locked" and "unlocked".

Clicking the lock icon when a preference pane is locked will display an authentication dialog. You will be asked to enter in an administrator password. By default, all secure system preferences are locked for normal accounts and unlocked for administrator accounts. You can force System Preferences to always lock preference panes (where applicable) no matter what account a user is under. Go to System Preferences > Security and check the box next to "Require password to unlock each secure system preference".

Virtual Memory Encryption:
In our Encrypting Files comparison, we discuss OS X and XP's file encrypting abilities. There is one additional encryption menthod OS X offers for extra security.

You can encrypt the contents of your virtual memory.

Virtual memory are temporary files the operating system uses as secondary memory when your main memory begins to get full. The operating system will swap data that is not being currently accessed from main memory and place it into virtual memory to more room for new data. When the data that is in virtual memory is being accessed, the operating system will swap the data with inactive data from memory. That is why virtual memory is often referred to as your system's "swap file"

While virtual memory is temporary and is usually deleted when the user logs out of their account or restarts the computer, there is an inherent security risk. Sensitive data such as passwords, credit card numbers, bank account information, etc. may be possibly stored in virtual memory while a user is currently logged in. A malicious user could possibly access a system's virtual memory and extract this sensitive information.

OS X can prevent this by allowing a user to encrypt their system's virtual memory. Go to System Preferences > Security and check the box next to "Use secure virtual memory".

Windows XP:

While XP has been heavily criticized for its poor security in XP, Microsoft has made many improvements in Service Pack 2 to strengthen security and minimize malicious software attacks.

Security Center:
With Service Pack 2, XP now has a Security Center that aggregates all Internet security-related features. The Security Center offers users a central location for controlling all the security options on their computer. Security Center works alongside third-party security products, in addition to those provided by Microsoft. Firewall protection, automatic updates, and virus protection can is all easily accessible from the Security Center

security_center_xp.gif
Access all of XP's security settings from one spot

To access XP's Security Center, go to Control Panel > Security Center

Data Extraction Prevention (DEP):
From Microsoft's help and support documentation...

Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code malicious or notfrom a protected location, DEP closes the program and notifies you.

To turn on DEP:

  1. Open Control Panel
  2. Double-click on 'System"
  3. Click the 'Advanced' tab
  4. Click the settings button under 'Performance'
  5. Click the Data Execution tab

data_execution_protection1.gif

You can turn on DEP for essential Windows programs and services or for all applications. You can also specify which applications or services you don't want to have DEP protect. This is useful if DEP causes problems with certain applications.

There is no equivalent to DEP on OS X.

While DEP can protect against some types of malicious code, your computer will need to have a supported CPU to take full advantage this feature and offer stronger protection. Microsoft recommends upgrading your CPU if your current one does not offer execution protection features.

data_execution_protection2.gif
XP will notify you whether or not your computer's CPU fully supports hardware-based DEP

In his blog on ZDnet.com, George Ou offers a table of CPUs that support hardware-based DEP protection (January 23, 2006).

Despite these improvements, XP still is still insecure when it comes to file extensions and application privileges when compared to OS X.

Revealing of Some Malicious File Extensions:

XP hides extensions of "recognized" file types by default, revealing extensions of only "unrecognized" file types. By hiding "recognized" file extensions, XP users can still be fooled by "faux" extensions (Picture.jpg.exe appears as Picture.jpg for instance) unless they are in Tiles or Details view where they can see the a file's full attributes.

Not So Limited Application Priveleges:
Unlike OS X, applications automatically inherit the permissions of the user running it. Since most users run as administrator, applications automatically inherit those privileges, and can do whatever an administrator can do, WITHOUT explicitly asking for permission.

The difference between OS X and XP's security model is best explained by Microsoft in one of its MSDN Library's documents, Security in Longhorn: Focus on Least Privilege. Here's an excerpt:

"When you buy a copy of Microsoft Windows XP® Professional at your local software shop and install it on a PC, the setup wizard creates accounts for you and anyone else who will use the computer. After Windows XP boots, it displays a pretty welcome screen that shows each user's name and allows them to log in. Each of these users is by default an administrator of the machine. Why? Because the user experience would be poor if it weren't this way.

Users expect to be able to install software on their machines, but you can't install 90 percent of today's software unless you're an administrator. Users expect software to run without crashing, but 70 percent of software won't run properly unless the user is an administrator, and that's an optimistic number. Sadly, a large number of these applications fail in a non-administrative environment simply because they make poor choices about where to save application state. The Program Files directory is not intended as a place for storing state. It's a place for storing programs—executable files. The place to store application state is called the user profile, and for storing shared user state, the "All Users" profile suffices quite nicely. The Windows Logo Program guidelines explain this, but the vast majority of Windows software today was developed without consideration for Windows Logo guidelines.

But why, you might ask, should users want to run as non-administrators, especially home users? Well, if it were actually easy to do, the home user would reap loads of benefits. Malware (a virus, worm, or other malicious code) loves having administrative privileges. Surfing the Web or reading e-mail as an administrator is just plain dangerous these days. What about your kids? Wouldn't it be nice to allow them to install and play games on your home computer knowing that they won't accidentally break something, install spyware, or remove the content rating limitations you've imposed? Think about it this way: running as an administrator effectively turns off most of the security protections provided by Windows. Home and corporate users alike shouldn't be turning off these protections, especially when connected to the Internet, which has become a rather dangerous neighborhood.

Getting users and the programs they run to live happily in a least-privilege environment is going to significantly increase the security of the Windows platform."

Looking towards a brighter and more secure future...

Microsoft has recognized XP's weak security model when it comes to running applications and is fixing this issue in its upcoming Windows Vista operating system with features such as Least-Privilege User Account (LUA) and Application Impact Management (AIM). Both features are meant to improve security by restricting applications from modifying critical system components and files without explicit permission from an administrator.

OS X:

  • Software does not automatically inherit the rights of the account in which it is run: software requiring admin privileges must be explicitly granted access by the user, even if the user is already logged in as an admin
  • OS X ships with file sharing and related services turned off
  • Users cannot be fooled by misleading file extensions
  • Modified applications require permission to access passwords stored in Keychain
  • New applications require permission to open a file type for the first time
  • Authentication dialogs display the path to the application requiring authentication and the path to the item it needs elevated privileges for
  • No equivalent to XP's Data Execution Protection (DEP) feature

XP:

  • Windows Firewall is turned on by default
  • Security Center aggregates security-related settings into one location: Automatic Updates, Antivirus software, Firewall
  • XP actively educates and actively warns users users about security dangers
  • Programs cause XP to throw a yellow flag, and a red flag if unsigned.
  • Local Security Policy in XP Pro (not available in XP Home) can require users to make strong passwords, set password expiration times, and require miniumum length of passwords
  • In XP hidden "recognized" file extensions mean that users could be fooled by "faux" extensions (Picture.jpg.exe, where .exe is hidden) unless they are in Tiles view and looking for the full file information
  • Software automatically inherits the rights of the account in which it is run: since the default XP account is an admin account, software requiring admin privileges in this default account may run without the user's explicit permission
  • XP ships with File Sharing service and related services turned on
  • Windows Networking runs all file sharing and related services over the same ports (limited to the local subnet). "All the traditional Windows networking services ... file and print client, file and print server, messenger, login, and so on... all these services predate Windows use of TCP/IP. They used a LAN protocol that involved what are called "named pipes" to connect between services. Under TCP/IP, all these services run encapsulated (almost in a kind of emulation mode) under that old LAN environment. That encapsulation runs over a few common ports, so an IP-based firewall that allows a connection to the ports required for ANY of these protocols allows connections for ALL of these protocols." Thanks resuna
  • The "Trusted Zone" model of ActiveX objects is often circumvented, making ActiveX a delivery mechanism for viruses and spyware.

Mac OS X: 8
Windows XP: 6