CRN Dead Wrong About Macintel Exploits

CRN’s security analyst Kevin Finisterre seems to believe that Mac is "more hackable" on Intel… for the wrong reasons. 

Apple’s switch from PowerPC to Intel-based Macs could lead to more attacks and cross-platform exploits, according to some researchers and solution providers.OS X includes features that make it a target for malware, and the Intel-based Macs may be even more vulnerable than their PowerPC predecessors, according to security researcher Kevin Finisterre, who created the three recent versions of InqTana, a proof-of-concept worm that spreads through a vulnerability in the Bluetooth feature of OS X."I honestly think that the general "script kiddie" crowd is more familiar and comfortable on an Intel processor versus a PowerPC," said Finisterre. Simply moving from the 4-byte instructions that PowerPCs use to the 1-byte instructions Intel processors use lowers the bar for exploits, he added.

It’s been a while since I last had to cut and paste articles for debunking, but this one is an interesting article, comes from a well established source, and has a lot more to it than meets the eye.

Starting off with the most obvious fallacies in his statement, hackers write exploits, "script kiddies" download and run them. People don’t hack Mac because its not worth it, not because PPC makes it impossible to do. If you can write code for x86, you can write code for PPC. PPC is not bulletproof, and 4 bytes is not an impregnable armor… else the rest of the world would have used it too.

Vulnerabilities are in the OS.. and the major difference is not that Mac is "non-Unicode," it’s that Mac is Big Endian…. Google it. It’s nothing to do with the processor, its the way memory is written and read. The processor is just different in that it has to get the system to read/write it backwards (or forwards…. right or left, its all POV and makes no difference in the grand scheme of things.)

I am not suggesting that a switch to Intel means that Mac users can relax as they have been doing thus far. The recent success in booting XP an a Mac means that more users will buy it for style, hardware, and conformity than before, simply because they aren’t forced to use the Mac software just because the box has an Apple logo on it. However, right now I am just regurgitating what has already been said over and over: Mac on Intel is more vulnerable because it’s more popular.

That aside, it is true that exploit and virii writers will have an easier time working on it, but not by much. 4 bytes, 1 byte, Unicode or not, it makes no difference; but for the fact that most hackers and virii writers to date prefer to use x86 based operating systems such as x86 Linux or Windows, because in order to write code to infiltrate an x86 PC you have to use an x86 PC, which means that they will already be so much more comfortable with writing that type of code. However, that was but a minor obstacle in infiltrating PPC systems.

The greater difficulty lay in how radically different the PPC system treated code. It meant that the type of vulnerabilities used to infiltrate x86 machines could not be ‘ported’ over to PPC, and not that the number of weak links or possible entrances was any less on PPC than on x86.

The latter half of the article is pure propaganda as can be expected of any corporate write up. It focuses on the reasons why their (invalid) arguments above are not a fatal blow or all-you-can-eat- buffet for hackers; but the big mistake is, these "protections" they mention are not Mac exclusive. They are inherent to the x86 platform as a whole, and "Execute Disabled" (or XD as they call it) has been enabled in Windows XP since SP2, and are also present in AMD chipsets, not only an Intel, though that is where they first appeared.

The closing remarks of by David Salav are an obvious corporate advertisement for his company, his "description" of why OS X on Intel is secure are complete nonsense (or ‘hogwash’ in the wards of Scoble!). His "argument" falls apart at the seams, as he is describing software security approaches that have been in place for years on both PPC and x86 systems alike. 

Leave a Reply

Your email address will not be published.