Archive for the ‘OS X’ Category
While I’m not trying to only focus on security topics, they just seem to pop up more often than not, including today’s serendipitous discovery that TrueCrypt is available for OS X. Security isn’t just about maintaining system integrity (loosely defined as keeping malicious code from getting onto/running on your system). A critical component is ensuring that your valuable data is protected according to your risk appetite (loosely defined as confidentiality). Macs already have FileVault and secure disk images to handle basic encryption needs, so you may be asking why we need yet another utility for protecting information our systems (a fair question).
If you need/desire cross-platform compatibility, then TrueCrypt is a perfect choice. You can encrypt a virtual disk image onto a USB drive and take it from Windows to Linux to OS X and gain access to your all your secret data, something that is not possible with OS X secure disk images.
The other big “selling point” (difficult to use that term with a free & open source product) is the concept of plausible deniability. Until you go through the process of decrypting/mounting a volume, TrueCrypt file or disk volumes appear to consist of nothing more than random data (i.e. there is no “signature”). It is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted. This is an important point since we’re going down a very slippery slope (at least in the United States) where folks are now being forced to give up their secrets with full legal backing. You can rename a TrueCrypt file to “Family Vacation.mov” and be able to claim that it’s just a corrupted transfer from your video camera with no way for the authorities to prove otherwise. Similarly, non-boot volumes (which is not an option for OS X yet) have no identifiable tags, making it look like an unformatted partition with random data.
Sadly, one of the coolest features – creating a hidden volume within an encrypted volume – is also not available on OS X yet. This option would allow you to give up your keys/passphrase to an outer-encrypted volume, but have another hidden, encrypted volume within it that uses a separate set of keys/passphrase. This lets you give up some of your secrets but not all of them.
My attempts at downloading and installing TrueCrypt were woefully unsuccessful with Safari under Leopard (the download file was corrupted). It worked fine in Firefox and is available for 10.4 and 10.5, Intel or PPC. I’ll be putting the software through some tests over the next few days, so drop a note in the comments or forums if you have any questions or want to share your experiences with the product,
After blogging about the need to use and maintain an anti-virus solution for your OS X systems, an anonymous reply questioning the need to use security tools at all on OS X systems gave me pause. You do not need me to link to the numerous articles flying around the internets that report on how one reason switchers are flocking to OS X is because of the lack of prevalence of malware. Folks are tired of viruses, worms, trojans, etc. hammering their systems. They are even more harrowed by having to maintain vigilance over their anti-virus programs, hoping they are not too far out of sync with the current “DAT”. However, switching to run OS X to avoid running anti-virus programs may not be the wisest choice.
To answer the “do we really need security tools for OS X?” question in a slightly different way than you’ve seen from many technology pundits, I’d like to turn your attention to utility called rkhunter or “rootkit hunter”. As most TAB readers should know by now, OS X has it’s origins in Unix (the “darwin” base comes from FreeBSD), and most folks believe *nix variants (linux, FreeBSD, Solaris, etc) to be extremely secure, free of the problems that plague those sad, sad Windows users. If you fall into that camp, please take a moment and browse the Secunia FreeBSD 5.x artchives. Secunia reports show over 91 vulnerabilities, with critical ones impacting core services such as file sharing and remote access. This should not be surprising since Unix systems have been favorite targets for hackers as they provide such a powerful base to launch further exploits. One of the more gnarly hacks is the installation of a rootkit – a program that can take surreptitious control of your system. And, guess what: your Mac OS X workstation/server is susceptible to rootkits just like any other Unix system, even with Leopeard’s enhanced security features. How can you fight something you can’t even see? You need a tool to help. Modern anti-virus products can and usually do cover rootkits, but the rkhunter tool may cover additional rootkits and may update rootkit signatures more frequently than a traditional vendor.
I wouldn’t recommend trying to get rkhunter installed on your Mac since it will require some enhanced Terminal-fu. Thankfully, Christian Hornung understood the need for such a tool and built a wrapper for it called (surprisingly enough), OS X Rootkit Hunter [dmg], complete with installer. After installing the package, navigate to
Applications->OSXrkhnterand run the “Rootkit Hunter” app.
It’s good practice to update the rootkit database (similar to a virus engine DAT update) before each scan since there may be new rootkit signatures from new or altered exploits. When you start the scan, you will see a password dialog – just as you would with any operation that requires additional privileges to run – since OS X Rootkit Hunter needs to look in places your normal account user account cannot. You will also see Terminal windows displaying a running report of what rkhunter has or has not found (since this front-end does not free you from all the gory details of what lies beneath Aqua).
While you can download and run OS X Rootkit Hunter, I would strongly suggest that less technical users obtain one of the commercially available malware scanners since the output from OS X Rootkit Hunter can be a bit daunting. The presence and history of this tool should be enough justification for the need to run security software on your systems.
The first stop is a little utility called
opensnoop. Leopard ships with something called DTrace that gives developers and administrators the ability to take a peek at what all running code is doing in a flexible and dynamic way. Giving DTrace the coverage it deserves is beyond a simple blog post, but there are some smaller utilities – like
opensnoop– that take advantage of the power of DTrace, but on a more targeted scale which are worthy of a minor exposition.The main purpose of the
opensnooputility is to provide a report of file opens as they occur. Curious as to what really happens when Safari opens a web page? Want to see what files are accessed from that latest program you downloaded? You can find the answers with
If you’re a Linux user who’s just been issued an Apple computer, you might want to look into a virtualization solution for Mac OS X. VMware’s Fusion, which was officially released from beta at the beginning of the month, works well for running Linux (or other x86/AMD64 OSes) on the Mac desktop, and provides a great solution for multi-OS users who need simultaneous access to all their operating systems on the same machine.
Mac OS X Leopard is now officially Unix, according to the Opengroup.” I know everyone out there was really worried about this one. Welcome to the August news vacuum!
Now that Parallels has released Desktop 3.0 and VMware released a feature-complete Fusion RC1, it’s time to take another look at them.
Apple Remote Tricks
Stephen Korecky has posted a bunch of handy Apple remote tricks over at MacInstruct. His post shows you how to pair your remote with a Mac, how to use the remote to send your Mac into sleep mode, and more. Who knew that holding down the remote’s Menu button produced the same disk-switching behavior on an Intel Mac as pressing the option key as you boot? Some of Korecky’s tricks are a bit obvious (flipping through iPhoto slideshows and controlling Keynote presentations) but most of them are gems.
Parallels today released a free update to Parallels Desktop for Mac to enhance its virtualization software with a new installation assistant tool, shared networking support, and official compatibility for Mac OS X 10.5 Leopard. The latest release of Parallels Desktop for Mac also supports Microsoft’s recently-released Windows Vista operating system, adds several additional features, and repairs numerous bugs. Parallels Desktop for Mac runs ‘guest’ operating systems inside a Mac by allowing that operating system to run alongside Mac OS X, managing system resources as the two systems co-exist side-by-side. The latest revision ensures that Solaris guest operating systems don’t hang after suspending or resuming, and includes an improved Parallels Tools package. Parallels Desktop now offers full support for OpenBSD 3.8 as a guest operating system, and ensures that the G4U hard disk cloning tool works in virtual machines.
My review of the new AirPort Extreme Base Station is up at Macworld: This lengthy review, aided by several colleagues at the magazine, covers a lot of the basics for home users. I gave the unit 4 1/2 mice for how well it lived up both to its potential and how well it works. I was able to see consistently high speeds in testing, in excess of 90 Mbps in a single direction over 802.11n to Ethernet (flooding packets from N to Ethernet), and about 50 Mbps when flooding from N to N via the base station. My conclusion is that the device really needs gigabit Ethernet to achieve its full potential. You’ll note that the AirPort Extreme is what I was referring to in a post a few days ago in which I described how I developed new testing methodology for Wi-Fi gateways. The Extreme has a minor flaw that won’t bite many people in its ability to pass traffic at full Ethernet speeds across its WAN port when network address translation (NAT) is engaged. Apple said they are looking into the problem, which is software based. A source unconnected with Apple provided convincing proof that the AirPort Extreme uses NetBSD as its embedded operating system, and that the network stack in that OS could be at fault. But it could be trivial to fix, too. I’ll be writing more soon about particular aspects of the base station, but for now, I’d like to direct you to the technical discussion about the Extreme’s use of IPv6, the next-generation Internet routing protocol that’s been “next generation” for something like eight or nine years now. IPv6 support is found throughout Mac OS X and is fully supported in the Extreme base station–so fully, Ars Technica’s Iljitsch van Beijnum reports, that by default every Mac OS X computer that connects to a new Extreme gateway will be fully reachable through tunneled IPv6 from the rest of the Internet….
Nice write up about what happens when you boot your Mac.“Long gone are the days of OS 9, watching our Macs boot up with a series of extensions and control panels that we could always identify. Today with the Unix underpinnings of OS X, many users are entirely unaware of what is going on behind the scenes. So what exactly happens during the Mac OS X boot process? A segment at KernelThread carefully lists the sequence of events, from start to finish. It is fairly thorough and worth a read.
I really like OS-X especially since CLI is available.
I just feel the need to explain why I will not buy these new Apple products:
1) Apple iPhone:
A) SIM Locked/Contract Required. This reason only is good enough to say “NOT” to iPhone.
B) Should be a 3G phone (UMTS) with HSPDA capabilities
C) Not enough memory. 4 or 8 Gig? Steve must be kidding.
2) Apple TV (aka iTV)
A) DRM, DRM, DRM, one more time DRM.
B) Just an extension of the iTunes Music store.
C) No support for OTA, Cable, or Satellite feeds.
D) Only supports 720p. Steve Jobs have you heard of 1080i?
But, when I do get my tax refund I will possibly consider upgrading my PB for a MBP, see Steve you will still be able to add to your millions before the SEC goes after them.
“After heading off the top ten myths of the iPhone, Daniel Eran of RoughlyDrafted has written a series of articles looking ‘Inside the iPhone,’ exploring (1) why Apple didn’t target faster 3G networks, (2) a substantiated look at how the iPhone is indeed running OS X (contrary to reports that it isn’t), and (3) what it means to users and developers, and how ARM is involved, in Mac OS X, ARM, and iPod OS X, and why the supposedly ‘closed’ system Apple describes for the iPhone won’t preclude third party development.”
“Randall Stross makes a fresh and surprisingly accurate review of one of the biggest ”features“ in the upcoming iPhone and the iPod in general, ‘fairplay’. Stross writes, ‘If ”crippleware“ seems an unduly harsh description, it balances the euphemistic names that the industry uses for copy protection. Apple officially calls its own standard ”FairPlay,“ but fair it is not…. You are always going to have to buy Apple stuff. Forever and ever.’ Can mainstream media coverage help the battle over DRM or will this warning, like those of the past, continue to go unnoticed?”
“Arstechnica is running an article pointing out that while some pockets of the entertainment industry are experimenting with DRM-free distribution, Apple Inc, which announced that they have now sold over 2,000,000,000 songs on iTunes, is now the strongest pro-DRM force in digial media. From the article: ‘DRM is dying. It’s a statement being echoed with increasing frequency around the Web over the last few weeks, and is perhaps best articulated in this Billboard article. But there’s a powerful force standing in the way of this DRM-free panacea, and it might not be the one you expect: Apple, Inc.’”
Looking for an easier alternative to osascript that still runs in the command line? Check out AppleScript Shell from Hayne of Tintagel. It’s a Perl-powered script that lets you interactively execute AppleScript commands (including multi-line tell commands) as well as create interpretable scripts (via #!/usr/bin/env ash). There are a number of useful flags built in that can be used to execute commands from a specified file, echo values during execution, to display the current AppleScript, to repeat the most recent script, to call Unix commands, and so forth. e.g.
tell application “Finder” set theSelection to selection set n to number of items in theSelection -echo “number of items selected: ” & n repeat with i from 1 to n -echo “item ” & i & “ is ” & (item i of theSelection as alias) end repeat end tell
The script downloaded easily–although you do have to gunzip it and chmod it to make it executable. I pasted in one of my standard rename scriptlets and it ran perfectly, updating a playlist in iTunes. There were some strange echos during the execution trace, i.e. it listed the whole script up to the current line for every step along the way, but I’m guessing this could be turned off by one of the built-in flags or by editing the source itself, which is quite short.