“One of the problems of computer security in practice is providing an easy mechanism for the user of a system to take advantage of the security features present in an operating system. A system may have significant security features, but absent an interface that allows the user to easily make use of those features the effective security of the system may be low.” Read the interesting PDF article at Sans.org.
MacOS X: User Friendlier Security for Unix
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
This has already been posted and discussed. It may be of interest to those discovering or rediscovering the subject to see what has been said about it here:
http://www.osnews.com/story.php?news_id=5406
>This has already been posted and discussed.
Heh, had too much wine I guess. ;D
while they compare much freebsb to macosx in the server environnement, they ONLY tested the client version of MacOSX!
Nothing bad with the review though, it’s fair etc, but they should have included macosx server too. it has a different setup than standard macosx.
Even though they hold such a small market share they seem to be able to afford some first class R&D and programming teams. OSX did something Linux is still nowhere near in a fraction of the time. Linux is many many years away from being as complete as OSX.
OS X is hardly complete. Its UNIX underpinnings are a decade out of date. Its 4.4BSD for god’s sake! Linux is much more up to date with respect to the guts of the OS, and its no more than a year or so to matching and beating the technology of OS X (courtesy of the FD.O X server), though its up for debate whether it will ever meet OS X on the UI polish front.
People dont often notice how clean the code is. People dont often realize when its 3% faster responsiveness etc… But people will take note when its easier to use and has a friendlier feel. Even when the technology behind it may be inferior. People will most certainly notice when their favorite game is not available for it. They will then base a decision of whether to use your OS on whether it suits their needs/wants/budget. Or they may simply grab the first option available not knowing any better.
Rayiner,
Get your facts right, MacOS X 10.3 is based on FreeBSD 5.0. Some simple research would allow you to find this out. ie. http://www.apple.com/macosx/features/unix/.
“Based on” and “integrates features from” are not the same thing.
OSX did something Linux is still nowhere near in a fraction of the time.
Yeah, they stole an open and free implementation of Unix and slapped a rigid GUI layer over it and called in OS X. Need I mention they can’t even keep up with the open and free implementation they are stealing from. Has it ever occured to you that OS X is an antiquated FreeBSD distro?
Oh, kindly replace the words “steal” with “used”, ma bad.
Linux is many many years away from being as complete as OSX.
But of course, no one ever said, it was going to be as complete as OSX. It wasn’t designed to be as complete as OS X. It’s just a freaking kernel damnit!
Get your facts right, MacOS X 10.3 is based on FreeBSD 5.0. Some simple research would allow you to find this out. ie.
No, prof, you get your facts straight. OS X is based on Darwin, Apple *claims* to have added some features from FBSD5 into Darwin. What features they added, we don’t know.
No, compared to the BSDs or Linux, Darwin is a humble pile of crap.
Well atleast its better than xp and you don’t need to be a nerd to run it like linux.
Certainly, your average (just go with me on this…)Linux user, in all it’s various distros and flavors, is by neccessity a more nuanced and technically educated computer user than your average Mac or Windows user. As far as comparing this version of BSD to that, what kind of kernel is being implemented, or how much Apple has stolen from the open source community, I will leave to you experts.
Speaking strictly from a consumer’s point of view. I run a small (and growing…) business from home. Through my Chamber Of Commerce I know many of the owners of small business’ and home-based outfits in my area. I’m the only one running OS X. Everyone else is on Windows. I don’t believe, correct me if I’m wrong, any of us could run our shows “smoothly” on ANY Linux distro. I mean run business software apps and business hardware without complications. Time is money especially when your a small fry. Windows and Mac just work… I have yet to encounter or fall victim to hacks or web virii. Most of my Windowed brethren have not been so fortunate. I know much of this reason is because of Apple’s tiny marketshare. So be it. I like that.
If I were a young guy not involved in running a small business, I could easily see the attraction of becoming Linux competent and looking down my nose at Mac and Windows users. However, I don’t have time to experiment with best distro. If it was up to hard core computer geeks, we’d all be looking at small monitors with black backgrounds and green type!
Must go to sleep now…
Sigh. OS X is most definately *not* based on FreeBSD 5.0. The core is Mach 3.0 (Rhapsody was originally 2.x, not OS X) and 4.4BSD-Lite2. Networking and filesystem code comes from FreeBSD. The I/O Kit is designed by Apple. The userland is mostly NetBSD and FreeBSD.
Note that the core is still Mach 3.0 (originally derived from 4.2BSD). That means that the VM and scheduler layers are very antiquated code. Since 4.4BSD, both NetBSD and FreeBSD have had huge changes to the VM (NetBSD got an entirely new one called UVM). In 5.x, had a major overhaul of the scheduler layer too.
“Well atleast its better than xp and you don’t need to be a nerd to run it like linux”
Exactly, and at least Apple supports the opensource community and welcomes them in, and gives code back, unlike MS, and indead Apple has become the biggest Unix dest-top OS distributor.
Question, how can you rip off something that’s free? MS rips off things that are others intellectual properties.
I will also add that Apple supports Linux on its high end programs,,,,,,,,Shake.
Thank you Rayiner Hashem.
I may not know loads about code, but if something has old code and it works does it matter?
I would rather use a stable OS than something in permanent beta.
Linux has its uses, and the Mac has done a damn fine job with its r&d dept.
I would say that anything that causes people to realise there are other OS’s other than Windows has to be a good thing eh?
Is it just me or do people just write some very stupid comments without ever checking whether what they spit out makes any sense or not ? First, OSX is based on BSD4.4 the same way FreeBSD is. Yes, it was forked from that relese but it contains some improvements. As for comments about stealing: you peple are complete fucktards. FreeBSD as the name implies is based on the BSD licencese which allows you take code from FreeBSD whithout ever contributing anything back or opening up your own code. To quote mr. Rayiner Hashem:
Linux is much more up to date with respect to the guts of the OS, and its no more than a year or so to matching and beating the technology of OS X…blah, blah
How so? Care to explain? Because I don’t see how GNU/Linux is better than OSX in desktop department. On server front, maybe, but it’s up to your personal perference. Quoting him again:
Sigh. OS X is most definately *not* based on FreeBSD 5.0.
And now a little quote from Apple.com:
FreeBSD 5 — Use the latest commands and libraries from the popular FreeBSD distribution..
Gee, well, I guess using apps and libs from and OS is not basing your OS on it. But hey, this comes from a guy claiming that OSX runs on Mach3.0 (it doesn’t, it uses it’s own kernel called Xnu). Get a clue.
The arguements on how awful and primitive MacOSX is and how so advanced Linux is are pointless.
Linux was never intended for desktop use and from the beginning MacOSX was made for the consumer. Then I see the funny postings on how Linux is catching up to MacOSX in a year yet these same arguments were made a year ago how Linux was catching up to MacOSX and a year later Photoshop and Office STILL don’t run on Linux. Linux has no mainstream i.e. consumer identity and companies like IBM and RedHat say that Linux is not ready for desktop consumption. Even Linus says that the Linux desktop is not ready and don’t tell me how WalMart shoppers are saavy about Sun Microsystems. These are the same people that trample their fellow shoppers.
Plain and simple Apple makes MacOSX easy and accesible for the beginner and expert to secure their OS without resorting to third party utilities.
First, OSX is based on BSD4.4 the same way FreeBSD is. Yes, it was forked from that relese but it contains some improvements.
>>>>>>>>>>>
You’re wrong on two counts. First, your lineage is off. FreeBSD forked from 386BSD in 1993. It was heavily overhauled with 4.4BSD code in 1995, though. You’ve also got the scale all wrong. All of the BSD’s, especially FreeBSD, have seen intensive development since they were forked early in the 1990’s. Darwin forked very late in the 1990’s, and has not seen nearly the same degree of improvement. The *BSDs (especially FreeBSD) have seen major overhauls of the kernel. Many components have been totally rewritten. Meanwhile, Darwin’s code substantially the same as 4.4BSD-Lite2. From the OpenDarwin FAQ:
“Mac OS X began life as a child of OpenStep 4.x. The first stage in the evolution was the move from OpenStep 4.x to Rhapsody, which was based on BSD Lite2, with a batch of NeXT-instigated changes. When we shifted to Mac OS X from Rhapsody/Mac OS X Server, we incorporated FreeBSD 3.2 changes for the networking piece. The rest of the BSD portion of the kernel remained more or less as it was.”
How so? Care to explain? Because I don’t see how GNU/Linux is better than OSX in desktop department.
>>>>>>>>>>>
I never said it was. That’s why I referred to “the guts of the OS.” And I was talking about the “guts of the OS” because someone spoke about how “complete” OS X was. Linux (or FreeBSD for that matter) is definately superior to Darwin with respect to the kernel. Benchmarks have shown that Darwin (as of OS X 10.2) is twice as slow at basic kernel-level tasks than Linux. Does mmap() latency matter to the desktop user? Hell no! Apple is perfectly justified in focusing their limited engineering resources on stuff the user can see. But that does mean that you can’t call OS X any more complete than Linux, its just deficient in different ways.
Gee, well, I guess using apps and libs from and OS is not basing your OS on it.
>>>>>>>>>>>>>>
Correct. To say that something is based on a component implies that the component is at the foundation of the sy stem. Apps and libs are *not* at the foundation of the system. Its nice that the parts of Darwin that do use FreeBSD code (networking and userland), have been synced with 5.0, but you cannot say that MacOS X is based on FreeBSD 5.0, anymore than you can say that installing Cygwin means that Windows is based on GNU/Linux.
But hey, this comes from a guy claiming that OSX runs on Mach3.0 (it doesn’t, it uses it’s own kernel called Xnu).
>>>>>>>>>>>>>
The OS X kernel is kind of schizo. It consists of Mach 3.0 handling low-level tasks, 4.4BSD handling most application services, and bits of FreeBSD handling networking. XNU is a cute name for this whole mass of code. Apple’s “Evolution of Darwin” page does a good job of explaining this:
“The Mach microkernel at the heart of Darwin (based on Carnegie-Mellon University’s Mach 3.0) manages processor resources, scheduling, and memory protection, and gives other OS layers a messaging-centered infrastructure.
Darwin wraps a customized version of 4.4 BSD-Lite2 kernel and userspace around Mach. It includes many of the POSIX APIs, exporting them to user-space, and abstracts Darwin’s file system and networking. Darwin’s BSD also provides the process model, basic security policies, and threading support for Mac OS X.”
True, some componets of linux and freebsd kernel are more advanced but Darwin is not running Mach3.
“Mac OS X began life as a child of OpenStep 4.x. The first stage … was the move from OpenStep 4.x to Rhapsody, which was based on BSD Lite2, with a batch of NeXT-instigated changes. When we shifted to Mac OS X from Rhapsody/Mac OS X Server, we incorporated FreeBSD 3.2 changes for the networking piece. The rest of the BSD portion of the kernel remained more or less as it was.”
In short, much of the kernel was rewritten.
http://www.opendarwin.org/pipermail/hackers/2003-April/001676.html
Link above explains what portions of OS are controlled by Xnu and BSD.
To quote from the link:
In the context of Darwin, this is not correct. Mach is not “the OS”; mach mechanisms are used in support of the BSD OS component; Darwin is a monolithic kernel
Not much left Mach i suppose
Darwin is not running Mach3.
>>>>>>>>>>
Darwin is running Mach 3.0 as much as NeXTStep ran mach 2.x, and Mach does what the Mach in NeXTStep did (well, except for what the IOKit now does), and the BSD code in Darwin does what the BSD server in NeXTStep did.
In short, much of the kernel was rewritten.
>>>>>>>>>>>
A “batch of NeXT-instigated changes” and a replacement of the network code does not amount to a rewrite. Justin Walker, the guy whom I (and you, apparently) quoted, basically said that aside from those two changes, the BSD code in OS X is largely unchanged from 4.4BSD-Lite2.
Link above explains what portions of OS are controlled by Xnu and BSD.
>>>>>>>>>>>>>
You took the link out of context. Allow me to quote the full link, including the question Justin Walker was responding to:
“> I understand that usually BSD is a server running on top of Mach.
In the context of Darwin, this is not correct. Mach is not “the OS”; mach mechanisms are used in support of the BSD OS component; Darwin is a monolithic kernel.”
When he says “Mach is not ‘the OS'” he is not minimizing the importance of Mach. Rather, he is making a reference to the classic Mach OS architecture, where Mach is the *whole* OS — it is the only thing running in kernel space. All high-level OS functions were provided by userspace programs called servers. In OS X, there are no servers. The BSD code runs in kernel space, and communicates with Mach using function calls rather than message passing. Thus, Mach is the lowest layer of the “XNU” kernel. However, Mach is still there as much as it is in NeXTStep or Hurd. It provides the same core services (virtual memory, process scheduling, hardware abstraction) in the same manner. This is the problem. Mach is widely considered to be a slow kernel, and contributed to giving microkernels a reputation for bad performance. Further, its scheduler and VM are far from state-of-the-art. Its VM, in particular, is the classic “BSD VM” and has several shortcomings. These are outlined nicely in Cranor’s UVM paper.
http://citeseer.nj.nec.com/cranor98design.html
Matt Dillon also wrote a paper “Design Elements of the FreeBSD VM” that talks about how the FreeBSD VM addresses the shortcomings of the BSD VM. And of course, Cranor’s paper gives a detailed overview of the totally new UVM design that went into NetBSD. To my knowledge, and according to the available information, no such drastic changes have been made to the Darwin VM.
Yes, but he also states that Darwin kernel is monolithic. From my understanding, he explains that Darwin is running a mixture of Mach and BSD as one. Mach and BSD mixed together create a monolithic kernel that is no longer the original Mach kernel which was designed to be a microkernel.
Apple has tons of money and experience, the open source community does not. That’s why Linux is behind MacOS X *on the desktop*. On the server side however, Linux is as good or better than OS X.
You Mac zealots enjoy flaming down Linux and praise OS X to heaven don’t you? Always the same “OS X is better than Linux yada yada” stories.
If you’re not just a Mac zealot/troll, then either contribute code or donate money instead of whining all day! Resources are limited, *especially* with so little money.
Face it: Linux still is the best, *free/Free* desktop system around. And believe it or not, it is *the best* Windows alternative on x86 (no guys, Apple will never port OS X to x86). For a free system that’s still very impressive, whether you want to admit it or not.
You miss a really important point. MacOSX is NOT free and on PowerPC, MacOSX is better than Linux for desktop use.
Why even compare the two OSs when they both have different uses and deployments? As an alternative OS to Windows which one has more mainstream apps?
I very much doubt Mac users are interested in a free-os but more in an OS that is easy to use on a day to day basis and it doesn’t mean that we are dumb. A lot of the OReilly writers and Arstechnica editors use Macs. Even among Linux users MacOSX is highly accepted.
Darwin runs BSD on Mach, plain and simple. Traditionally, BSD on Mach meant Mach in kernelspace and BSD In userspace — the traditional microkernel setup. In Darwin, it means Mach and BSD both in kernelspace, but its still BSD on top of Mach. Mach is still used for the same things and BSD is still used for the same things. Since no sources indicate that either Mach or BSD in Darwin is drastically different from Mach 3.0 and 4.4BSD-Lite2, the traditional weaknesses of those systems still apply.
Those of you who rail against Mac OS X for its underpinnings should be so enlightned that it came from a far newer beginning than Linux.
Linux is based on Minix, which was based on the AT&T version 7 UNIX code. Sure, things have changed, but they’ve changed on *both* sides.
The Mach 3.0 kernel is used as a base for Darwin/Mac OS X. There is a BSD layer which was just synchronised with FreeBSD 4.8, which is hardly 10 years old.
As far as being stolen, NeXTStep was a feature-rich operating system of its own and came to the market in the late 1980s. Since Apple owns everything from the former NeXT Computer, Inc., there is no theft involved.
“You Mac zealots enjoy flaming down Linux and praise OS X to heaven don’t you?”
You Linux, and windows do the same with your favorite flavor OS, and call mac people zealots, look in the mirror.
I hate when these boards resort to name calling. Reminds me of a 3rd grade playground!
Linux is based on Minix
>>>>>>>>>
No it’s not. Minix was not free at the time Linux was written. Linux was written from scratch, and major components have been rewritten as recently as this year.
which was based on the AT&T version 7 UNIX code.
>>>>>>>>>
Minix never contained any AT&T code.
Sure, things have changed, but they’ve changed on *both* sides.
>>>>>>>>>
Things have changed much more extensively on the Linux/*BSD side.
The Mach 3.0 kernel is used as a base for Darwin/Mac OS X. There is a BSD layer which was just synchronised with FreeBSD 4.8, which is hardly 10 years old.
>>>>>>>>>>
Ack! I must have said it at least three times! The BSD layer in OS X is 4.4BSD-Lite2. Its right there in the OpenDarwin FAQ, and Apple’s own tech docs! The parts that were synched with FreeBSD 4.8 are the parts that are based on FreeBSD code, namely networking and the userland.
>Note that the core is still Mach 3.0 (originally derived from 4.2BSD). >That means that the VM and scheduler layers are very antiquated code.
Just another fool who keeps repeating this “Mach is old, Mach is crap” stuff without providing any facts why. I haven’t seen any solid proof why Mach is worse (it’s not) than other Linux kernel.
And Linux is NOT operating system, it’s just a lousy kernel designed by an amateur. Kernel development should be left to professionals, not to some schools kids whe learned a little programming by using Commodore 64 or Amiga.
>Face it: Linux still is the best, *free/Free* desktop system around.
Free? Not so. Only for people who have fast connections, rest of the folks have still go to store and grab a Linux distro box and PAY for it. “Linux is free” is just another piece of misinformation speaded by Linux-zealots.
“Linux is obsolete”
-Andrew Tanenbaum