DO> *All* of its features to disable imterrupt, restart and so on are easily DO> defeated by:1 . Pulling the power plug2. Holding down the shift key3. DO> Reapplying power to disable loading. 4. Removing the Machine Lock DO> extension from the Extensions folder. 5. Rebooting the mac in the normal DO> way.
How about if Machine Lock completely disables the usage of the shift key at startup?
DO> ANY Mac user with basic experience knows to attempt this method to bypass DO> extension-type lockouts. Again, I stand by my original statements that DO> security measures must be built-into the OS rather than tacked on as DO> applications to be truly effective. Another way of defeating this method DO> involves booting the CPU from another disk with an operating system, and DO> then mounting the "locked-out" disk for attack.
I don't deny this Daniel, but Machine Lock is at least a start to prevent nosy people from taking a casual look at the server. People who want to do serious damage etc can ALWAYS pull the plug--on any computer (without UPS!). If people are seriously converned about local access security, the phyiscal computer should be physically secured.
DO> 1. REAL security measures include the ability to totally protect files and DO> directories from reading, listing as being written to, linked to, or DO> otherwise modified. Other than the permissions within AppleShare, there DO> is no method within the MacOS to do this other than locking and hiding DO> files. Locking can be undone from the Finder on a local machine, and DO> hiding can be undone with many utilities. Therefore, disabling control of DO> the screen and keyboard I/O are used to prevent access to the Finder. If DO> files are not encrypted then they are accessible by defeating the lockout DO> as I described above, and plainly readible.
DO> If file/directory permissions, access control lists, and in-process DO> encryption, were implemented INTO THE O/S, the system would be MUCH MORE DO> SECURE from this type of an attack. Attempting to tack it on via an DO> application is a doomed proposition which further complicates other OS DO> operations such as file recovery in the event of a crash.
Yes, but don't shout at me.
;)
DO> 2. REAL security proviodes means to restrict program execution of system DO> processes by their owner and also limits monitoring of such processes so DO> that data is not revealed by "sniffing" the system.
The more observant readers will notice that you are a UNIX man, Daniel. In all your wise ideas, why not point out that this is how a UNIX system operates, and be done with it? Or, get a UNIX system and do away with the Mac, which will doubtedly ever have a fully secure operating system. Although, do remember that UNIX's security was added as an afterthought.
DO> The MacOS does NOT implement the concept of process ownership and is DO> therefore susceptible to attacks designed to tap into or hi-jack running DO> processes. Fortunately not many people currently know how to do this, but DO> tools for learning about the processes running on a CPU and what data is DO> involved in their operation do exist and can be used to break system DO> security.
Errm, excuse me. Please explain what you mean. I get the feeling that what you have written here is just designed to scare people. From an experienced Macintosh programmer, 'tapping into' and 'hi-jacking' running process is absolute nonsense.
Please don't take offense, but I feel you are exaggerating the problem somewhat.
Regards,
Jonathan Paisley, Sysop Highlander BBS Developer of MaxTF Utilities Modem: (+44) 141 561 7225 Internet: bbs.highlander.net.uk [TF/User and Telnet, both port 1474] WWW: http://www.highlander.net.uk/ mailto: jonathan_paisley@highlander.net.uk
